[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 30588
  • Last Modified:

There is no citrix ssl server configured on the specified address.

Hi
Im getting the error after I have logged in on the web interface, using username,password, and safeword.
I get to see my published applications. When i launch one of the applications from the internet, I get the error:  "cannot connect to the citrix metaframe server. there is no citrix ssl server configured on the specified address".
Im thinking it could be a nat or firewall rule problem to the Secure gateway.

If I make a vpn connection to the firewall, and make a entry in my hosts file like this:
172.16.0.5 csg.mydomain.com
it will work.
I can see in the secure gateway performance statistics, that I only get packets back and forth from it, using this method.

I have the following ports forwarded:
externalip1:443 -> CSG -> 80,443,1494,2598 -> LAN
externalip2:443 -> WI:444


Here is some more detail:

Internet  -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
                                          |                  Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
                                          |
                                          |-> Citrix Servers 192.168.110.4, 192.168.110.5



[Snippet from launch.ica]

[Encoding]
InputEncoding=ISO8859_1

[WFClient]
ClientName=WI_J185ZbOMP2aAUN8cK
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=Off
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
Lommeregner=

[Lommeregner]
Address=;40;STAE7A35C69069E;588B7D50D019E925FDFB898D24FC201A
AudioBandwidthLimit=2
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
CGPSecurityTicket=On
ClearPassword=6986A7AE46B116
ClientAudio=On
DesiredColor=4
DesiredHRES=1024
DesiredVRES=768
Domain=\B04E617A64E9280A
HTTPBrowserAddress=!
InitialProgram=#Lommeregner
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLCiphers=all
SSLEnable=On
SSLProxyHost=csg.mydomain.com:443
SecureChannelProtocol=Detect
SessionsharingKey=4-basic-basic-NYTORV-mdaservice-Farm1
TWIMode=On
TransportDriver=TCP/IP
Username=mdaservice
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

0
tosse22
Asked:
tosse22
  • 6
  • 4
1 Solution
 
chrisnewman01Commented:
Hello.  If you're forcing users to go to https://<CSG server>, then you can close port 444 to the WI server.  In the CSG configuration wizard's "Access Options" page, you should have Indirect selected (uncheck the checkbox if WI is on another server (I couldn't tell if you just used 2 IPs for one server or not)), enter the FQDN of the WI server (or localhost if it's on the same server), and check the "Secure traffic between the WI and SG" checkbox and enter port 444.

Test by going to https://<YourExternalName>.  At this point, everything is going through CSG.

Hope this helps,
Chris
0
 
tosse22Author Commented:
Hi, I have other reasons for going to the WI first.
The reason is that the customer is actually 2 companys.
These sites have ssl certificates.
I have citrix.mycompany.com and citrix.mycompany2.com.

I have no problem logging in and authenticating. The problem appears when I press the application icon.
Users go to http://citrix.mycompany.com which forwards to https://citrix.mycompany.com on the iis

I use 3 IP's for one server.
Internet  -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
                                          |                  Web interface (172.16.0.4:444) cert = citrix.mydomain2.com
                                          |                  Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
                                          |
                                          |-> Citrix Servers 192.168.110.4, 192.168.110.5
0
 
chrisnewman01Commented:
Ok, so you have port 80 opened as well from the outside (if they're getting to the page that redirects them to either WI1 or WI2, port 444).  Within each site in IIS, do you have the IP address assigned to the respective site (the one in the dropdown)?  I would assume yes, but wanted to verify.  In the CSG configuration, are you using the one IP, or is "monitor all ip addresses" checked?  
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
chrisnewman01Commented:
Also, in the Web Interface console (for each WI site), are you using Secure Gateway Direct for the default method of access? (Manage Secure Client Access > Edit DMZ Settings.)
0
 
tosse22Author Commented:
Woops yes port 80 is forwarded to the respective sites.

Everything is happening on one server in the dmz.

IP address assigned to the respective site. None of the sites has all unassigned. Default web site is stopped.

CSG is one ip listening.

On webinterface configuration it is set to Secure Gateway Direct
0
 
chrisnewman01Commented:
It sounds like one option is off.  In the CSG configuration wizard's "Access Options" page, how do you have it configured?

Also check C:\Program Files\Citrix\Secure Gateway\logs.  This may help to find the cause of the problem.  I probably should've mentioned this folder before :-)
0
 
tosse22Author Commented:
CSG config:
Metaframe Presentation Server -> next
Advanced -> next
Choosing csg.mydomain.com -> next
Protocol = SSLv3 & TLSv1, Cipher = ALL -> next
No check in monitor all IP adresses. 172.16.0.5 port 443 chosen. -> next
No outbound traffic restrictions -> next
Sta is set to the 2 fqdn of the presentation servers on the inside (only resolvable from dmz and inside) -> next
No connection timeout, and connection limit 250 -> next
None exluded from logfiles.
Direct Access option chosen
All events logged including informational


0
 
tosse22Author Commented:
Nothing is logged unless im connected through VPN. But then it all works.
Im beginning to think its the firewall somehow, although nothing is logged there either.
0
 
tosse22Author Commented:
Im totally lost here.
I opened everything to csg.mydomain.com and forwarded it to 172.16.0.5.
Nothing at all comes in on this ip.
0
 
tosse22Author Commented:
Found the problem!!
The company hosting the customers DNS made a typo in the IP address!!! AAarrrrgh, when I get my hands on that guy I dont know what im gonna do! More than 2 days of seaching for a citrix error.... Grrrrr
I'll give you the points. I would never have spotted this even if you had asked me.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now