troubleshooting Question

Citrix Access Gateway using .local internal domain and .com external domain

Avatar of MikeLeePIT
MikeLeePITFlag for United States of America asked on
CitrixNetScalerSSL / HTTPSActive Directory
3 Comments1 Solution290 ViewsLast Modified:
How you do configure the External and Internal certificates? Now let me state that when I am using .com for the internal domain, everything works, but when I try using a .local for the internal domain which most folks/companies would have in place, I run into all kinds of issues with the certs on the NetScaler and Storefront.
 
I purchased a wildcard cert from GoDaddy and installed in my Netscaler Access Gateway by the way I can hit my VIP, and it loads the older black web interface looking portal - that portion works.
 
When I attempt to log in, I get an HTTP 403 forbidden page right away. Now from the internal network I can navigation to my storefront site which is using a .local domain signed cert and can log in and display my resources with no issues.
 
After every login attempt from the external access gateway site, I get the following event error in the “Citrix Delivery Services” logs on my Storefront server -
 
Failed to run discovery
Citrix.Web.DeliveryServicesProxy.ConfigLoader.DiscoveryServiceException, ReceiverWebConfigLoader, Version=2.6.0.0, Culture=neutral, PublicKeyToken=null
An error occured while contacting the Discovery Service

 
 
I tried binding the internal .local domain signed cert to my Access Gateway virtual server together with the GoDaddy wildcard .com cert but got an error indicating only one binding can be present
 
The same thing for my internal IIS binding for the Storefront server “Default Wed site” can only bind the domain signed cert.
 
How does this work? I cannot find any documents on how to configure this. They all show the external and internal domains using the same .com fqdn domain name prefix.
 
Any help will be greatly appreciated. Thanks again,
ASKER CERTIFIED SOLUTION
Aanand Singh Karki
Associate Consultant

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros