Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6516
  • Last Modified:

Secure ticket authority Citrix Xenapp 6.5 and web interface

Hi,
We have a Citrix secure gateway in comination with web interface 5.3 and it works fine. We host two sites. One is connected to a Xenapp 5.x environment with a secure ticket authority on a Xenapp 5.x server. The other site is connected to a Xenapp 6.5 server and that is working fine in combination with a xenapp 5.x secure ticket authority but when i connect to a Xenapp 6.5 secure ticket authority it is not working. In the eventvwr i see messages like "SSL handshake from client failed."and "Client IP sent bad ticket, connection dropped." and "Incoming Citrix Gateway Protocol downstream data could not be processed." What is wrong?
0
pkfwallast
Asked:
pkfwallast
1 Solution
 
Daniel BorgerSenior Citrix Engineer- CCEECommented:
any citrix server can be a STA, try changing to a different server in the XenApp6.5 farm. Windows firewall enabled on the STA?

Also, consider moving to storefront as web interface is going away.
0
 
joharderCommented:
Double check your WI config for the XA6.5 farm and confirm that the appropriate server(s) are listed as the STA(s).  It sounds like there might just be an error here.
0
 
pkfwallastAuthor Commented:
It is still not working. How can i check if a server is a STA and how can i check that it is working?
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
Dirk KotteSECommented:
all STA's used within a WebInterface Configuration should be listed within the CSG-Config.
The CSG configuration has to know every STA used within someone WI-Config. (the summary of all STA's)
you can check the STA with the CSG-check-tool (available from the CSG console) .
0
 
pkfwallastAuthor Commented:
I have just used the medevac tool form Citrix and when i perform a xml ticketing test a see the message "Failure unspecified" so the sta is not working but why.
0
 
Dirk KotteSECommented:
runs XML/STA IIS integrated or standalone (changed XML-Port "ctxxmlss.exe")?
with IIS integration you have a log file configured within c:\inetpub\Scripts\CtxSta.config
0
 
pkfwallastAuthor Commented:
Strange, i don't see the scripts directory in c:\inetpub.
Might this be the issue:
http://blog.samkendall.net/2012/01/06/fixed-citrix-xml-service-issue-after-fresh-xenapp-6-5-install/
0
 
Dirk KotteSECommented:
possible ...
do you check "integrate XML with IIS" while installing XenApp?
0
 
pkfwallastAuthor Commented:
In the Citrix Web Interface Management Console, in the Secure Access Settings the Secure Ticket Authority URL was not the same as in the Secure GateWay Configuration.

When we added the same Server(URL) we could login with the new Servers' STA ID.
0
 
pkfwallastAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for pkfwallast's comment #a40044568

for the following reason:

no one pointed me that those two had to be the same Servers/URL's
0
 
Dirk KotteSECommented:
see my Post ...  by: dkottePosted on 2014-02-05 at 14:14:25  ID: 39835402

"all STA's used within a WebInterface Configuration should be listed within the CSG-Config."
0
 
Dirk KotteSECommented:
see my Post ...  by: dkottePosted on 2014-02-05 at 14:14:25  ID: 39835402

"all STA's used within a WebInterface Configuration should be listed within the CSG-Config."
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now