Citrix Secure Gateway throwing error (1030) when connecting to one specific host

When our users try to connect to any app hosted on one specific host via the web gateway it times out and gives error 1030. We don't see an embryonic connection in the console.

All apps work internally to that server, it only throws the error when accessing it via the Secure gateway. Accessing the same app via a different host works just fine.

DNS to and from the Secure gateway from the host resolves fine, all servers including the gateway are on the same subnet, no windows firewall or otherwise is in place between them. IP's are pingable.

Which ports need to be answering on the server?

What else could be the cause?
LVL 1
PerimeterITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony JLead Technical ArchitectCommented:
Do you also use Web Interface? If so does the SSL certificate on Secure Gateway match the FQDN of the one in WI? More info on that issue is here: http://support.citrix.com/article/CTX124143

IIS all ok on the Secure Gateway? It's been a while since I did CSG but I seem to recall you have to change IIS SSL to another port from 443 - commonly 444 - so that CSG services can start properly.

Other than that, it'd help to have some versions of everything.

Two other things - has it ever worked? What does CSG post in its logs?
0
PerimeterITAuthor Commented:
It was working fine till last week, no idea what's changed since then.

Certificate is valid and matches the FQDN.

CSG works just fine for the other 2 hosts in the cluster, only this one host has issues. All 3 hosts the same applications and desktops.
Users can connect to the affected host internally just fine, it's only when you connect to it via the secure gateway that there is a problem.

CSG v 3.0
Citrix Xen App 5.0

Windows Event logs on the CSG server are clean, where are the logs for CSG v 3.0 ?
0
Tony JLead Technical ArchitectCommented:
From memory, the logs are in C:\Program Files\Citrix\Secure Gateway\logs

Check the event logs on the probelm server.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

PerimeterITAuthor Commented:
Event Type:      Error
Event Source:      Citrix Web Interface
Event Category:      None
Event ID:      0
Date:            07/10/2013
Time:            8:45:48 AM
User:            N/A
Computer:      NEW_WEB_VM
Description:
Site path: C:\CitrixWebPortal\Citrix\XenApp.

An error occurred while attempting to connect to the server 192.168.1.24 on port 8080. Verify that the Citrix XML Service is running and is using the correct port. If the XML Service is configured to share ports with IIS, verify that IIS is running. This message was reported from the XML Service at address http://192.168.1.24:8080/scripts/wpnbr.dll. This XML Service could not be contacted and will be temporarily removed from the list of active services. [Log ID: 537eb27e]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



I can telnet to that stated IP and port, so I know the service is up.
What else can I check?
0
Tony JLead Technical ArchitectCommented:
When you say you can telnet to that IP and port, is that from the Web Interface server?

Have you tried to restart the XML service on the .24 server?

Are you sure that the XML service is the only service listening on .24 on 8080? Try stopping it and telnet'ing again.
0
PerimeterITAuthor Commented:
I've tried to dismount and remount the XML service on the affected server and it keeps giving me the error that the port is in use.

ctxxmlss /u
ctxxmlss /R8080

I run a "netstat -a -b" to see what applications are bound to the port and it looks like a bunch of random ones. From client launched apps to the print spooler. Every time I kill an app something else takes its place!

During the next outage window I'll try to change the default XML port for all the servers in the cluster and see if that does the trick.
0
PerimeterITAuthor Commented:
I've changed the default XML ports on all the server to 4444.
The errors pertaining to this in the eventlogs are now gone, but I'm still having the exact same issue....
0
Tony JLead Technical ArchitectCommented:
Did you reconfigure Web Interface to use the new ports?
0
PerimeterITAuthor Commented:
yes, I can telnet to each CTX host from the web gateway on that port as well.
But the same issue as before. Connections via the web gateway work to all the hosts except one.
And that one host works fine internally, not using the web gateway.
0
Dirk KotteSECommented:
are you able to telnet to the .24 server with port 1494 and 2598 from the CSG server?
(1494 shold view "ICA" and 2598 a blank screen only)

can you try catch the launch.ica file while initiating the connection via CSG to a working server and a connection to the problem server?  
if you post the content (remove username/ticket/appname/...) we can see more about the connection-settings.
0
Tony JLead Technical ArchitectCommented:
Might be worthwhile removing the problem server from WI and CSG - it may have lost the STA settings for some reason.
0
PerimeterITAuthor Commented:
We ended up building an entire new Cluster from scratch on 6.5
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PerimeterITAuthor Commented:
No solution provided
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.