Citrix
--
Questions
--
Followers
Top Experts
There is no citrix ssl server configured on the specified address.
Hi
Im getting the error after I have logged in on the web interface, using username,password, and safeword.
I get to see my published applications. When i launch one of the applications from the internet, I get the error: "cannot connect to the citrix metaframe server. there is no citrix ssl server configured on the specified address".
Im thinking it could be a nat or firewall rule problem to the Secure gateway.
If I make a vpn connection to the firewall, and make a entry in my hosts file like this:
172.16.0.5 csg.mydomain.com
it will work.
I can see in the secure gateway performance statistics, that I only get packets back and forth from it, using this method.
I have the following ports forwarded:
externalip1:443 -> CSG -> 80,443,1494,2598 -> LAN
externalip2:443 -> WI:444
Here is some more detail:
Internet -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
| Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
|
|-> Citrix Servers 192.168.110.4, 192.168.110.5
[Snippet from launch.ica]
[Encoding]
InputEncoding=ISO8859_1
[WFClient]
ClientName=WI_J185ZbOMP2aA
ProxyFavorIEConnectionSett
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=
TransportReconnectEnabled=
Version=2
VirtualCOMPortEmulation=Of
[ApplicationServers]
Lommeregner=
[Lommeregner]
Address=;40;STAE7A35C69069
AudioBandwidthLimit=2
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
CGPSecurityTicket=On
ClearPassword=6986A7AE46B1
ClientAudio=On
DesiredColor=4
DesiredHRES=1024
DesiredVRES=768
Domain=\B04E617A64E9280A
HTTPBrowserAddress=!
InitialProgram=#Lommeregne
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLCiphers=all
SSLEnable=On
SSLProxyHost=csg.mydomain.
SecureChannelProtocol=Dete
SessionsharingKey=4-basic-
TWIMode=On
TransportDriver=TCP/IP
Username=mdaservice
WinStationDriver=ICA 3.0
[Compress]
DriverNameWin16=pdcompw.dl
DriverNameWin32=pdcompn.dl
[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll
[EncRC5-128]
DriverNameWin16=pdc128w.dl
DriverNameWin32=pdc128n.dl
[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll
[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll
Im getting the error after I have logged in on the web interface, using username,password, and safeword.
I get to see my published applications. When i launch one of the applications from the internet, I get the error: "cannot connect to the citrix metaframe server. there is no citrix ssl server configured on the specified address".
Im thinking it could be a nat or firewall rule problem to the Secure gateway.
If I make a vpn connection to the firewall, and make a entry in my hosts file like this:
172.16.0.5 csg.mydomain.com
it will work.
I can see in the secure gateway performance statistics, that I only get packets back and forth from it, using this method.
I have the following ports forwarded:
externalip1:443 -> CSG -> 80,443,1494,2598 -> LAN
externalip2:443 -> WI:444
Here is some more detail:
Internet -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
| Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
|
|-> Citrix Servers 192.168.110.4, 192.168.110.5
[Snippet from launch.ica]
[Encoding]
InputEncoding=ISO8859_1
[WFClient]
ClientName=WI_J185ZbOMP2aA
ProxyFavorIEConnectionSett
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=
TransportReconnectEnabled=
Version=2
VirtualCOMPortEmulation=Of
[ApplicationServers]
Lommeregner=
[Lommeregner]
Address=;40;STAE7A35C69069
AudioBandwidthLimit=2
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
CGPSecurityTicket=On
ClearPassword=6986A7AE46B1
ClientAudio=On
DesiredColor=4
DesiredHRES=1024
DesiredVRES=768
Domain=\B04E617A64E9280A
HTTPBrowserAddress=!
InitialProgram=#Lommeregne
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLCiphers=all
SSLEnable=On
SSLProxyHost=csg.mydomain.
SecureChannelProtocol=Dete
SessionsharingKey=4-basic-
TWIMode=On
TransportDriver=TCP/IP
Username=mdaservice
WinStationDriver=ICA 3.0
[Compress]
DriverNameWin16=pdcompw.dl
DriverNameWin32=pdcompn.dl
[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll
[EncRC5-128]
DriverNameWin16=pdc128w.dl
DriverNameWin32=pdc128n.dl
[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll
[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Hello. If you're forcing users to go to https://<CSG server>, then you can close port 444 to the WI server. In the CSG configuration wizard's "Access Options" page, you should have Indirect selected (uncheck the checkbox if WI is on another server (I couldn't tell if you just used 2 IPs for one server or not)), enter the FQDN of the WI server (or localhost if it's on the same server), and check the "Secure traffic between the WI and SG" checkbox and enter port 444.
Test by going to https://<YourExternalName>. At this point, everything is going through CSG.
Hope this helps,
Chris
Test by going to https://<YourExternalName>. At this point, everything is going through CSG.
Hope this helps,
Chris
Hi, I have other reasons for going to the WI first.
The reason is that the customer is actually 2 companys.
These sites have ssl certificates.
I have citrix.mycompany.com and citrix.mycompany2.com.
I have no problem logging in and authenticating. The problem appears when I press the application icon.
Users go to http://citrix.mycompany.com which forwards to https://citrix.mycompany.com on the iis
I use 3 IP's for one server.
Internet -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
| Web interface (172.16.0.4:444) cert = citrix.mydomain2.com
| Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
|
|-> Citrix Servers 192.168.110.4, 192.168.110.5
The reason is that the customer is actually 2 companys.
These sites have ssl certificates.
I have citrix.mycompany.com and citrix.mycompany2.com.
I have no problem logging in and authenticating. The problem appears when I press the application icon.
Users go to http://citrix.mycompany.com which forwards to https://citrix.mycompany.com on the iis
I use 3 IP's for one server.
Internet -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
| Web interface (172.16.0.4:444) cert = citrix.mydomain2.com
| Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
|
|-> Citrix Servers 192.168.110.4, 192.168.110.5
Ok, so you have port 80 opened as well from the outside (if they're getting to the page that redirects them to either WI1 or WI2, port 444). Within each site in IIS, do you have the IP address assigned to the respective site (the one in the dropdown)? I would assume yes, but wanted to verify. In the CSG configuration, are you using the one IP, or is "monitor all ip addresses" checked?
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Also, in the Web Interface console (for each WI site), are you using Secure Gateway Direct for the default method of access? (Manage Secure Client Access > Edit DMZ Settings.)
Woops yes port 80 is forwarded to the respective sites.
Everything is happening on one server in the dmz.
IP address assigned to the respective site. None of the sites has all unassigned. Default web site is stopped.
CSG is one ip listening.
On webinterface configuration it is set to Secure Gateway Direct
Everything is happening on one server in the dmz.
IP address assigned to the respective site. None of the sites has all unassigned. Default web site is stopped.
CSG is one ip listening.
On webinterface configuration it is set to Secure Gateway Direct
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
CSG config:
Metaframe Presentation Server -> next
Advanced -> next
Choosing csg.mydomain.com -> next
Protocol = SSLv3 & TLSv1, Cipher = ALL -> next
No check in monitor all IP adresses. 172.16.0.5 port 443 chosen. -> next
No outbound traffic restrictions -> next
Sta is set to the 2 fqdn of the presentation servers on the inside (only resolvable from dmz and inside) -> next
No connection timeout, and connection limit 250 -> next
None exluded from logfiles.
Direct Access option chosen
All events logged including informational
Metaframe Presentation Server -> next
Advanced -> next
Choosing csg.mydomain.com -> next
Protocol = SSLv3 & TLSv1, Cipher = ALL -> next
No check in monitor all IP adresses. 172.16.0.5 port 443 chosen. -> next
No outbound traffic restrictions -> next
Sta is set to the 2 fqdn of the presentation servers on the inside (only resolvable from dmz and inside) -> next
No connection timeout, and connection limit 250 -> next
None exluded from logfiles.
Direct Access option chosen
All events logged including informational
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Nothing is logged unless im connected through VPN. But then it all works.
Im beginning to think its the firewall somehow, although nothing is logged there either.
Im beginning to think its the firewall somehow, although nothing is logged there either.
Im totally lost here.
I opened everything to csg.mydomain.com and forwarded it to 172.16.0.5.
Nothing at all comes in on this ip.
I opened everything to csg.mydomain.com and forwarded it to 172.16.0.5.
Nothing at all comes in on this ip.
Found the problem!!
The company hosting the customers DNS made a typo in the IP address!!! AAarrrrgh, when I get my hands on that guy I dont know what im gonna do! More than 2 days of seaching for a citrix error.... Grrrrr
I'll give you the points. I would never have spotted this even if you had asked me.
The company hosting the customers DNS made a typo in the IP address!!! AAarrrrgh, when I get my hands on that guy I dont know what im gonna do! More than 2 days of seaching for a citrix error.... Grrrrr
I'll give you the points. I would never have spotted this even if you had asked me.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Citrix
--
Questions
--
Followers
Top Experts
Citrix is the synonym for the virtualization and application infrastructure systems developed by the company of the same name. Main areas are application virtualization, Software-As-A-Service (SaaS), cloud-computing and networking. The two most well-known are Citrix XenApp or Citrix CloudPlatform.