Murty M
asked on
I would like to create a Citrix LAB with external user access. Internal LAN user is able to access published applications using SF LB on NetScaler. But using NS Gateway, user unable to access app.
I would like to create a Citrix LAB with external user access. Internal LAN user can access published applications using SF LB on NetScaler. But using NS Gateway, user unable to access app.
Static IP got it from Broadband connection
Static IP got it from Broadband connection
- Purchased Domain and Wildcard certificate
- Prepared the below servers
- Active Directory (DNS)
- SQL
- vCenter
- CVAD
- StoreFront
- NetScaler
- Installed *.<domainname.com> certificate in NetScaler
- Created a Citrix Virtual Gateway
- Verified the services locally and it’s working fine
- But it’s not working via public network
ASKER
Do you have the 'Pass through from Citrix Gateway' checked as an authentication method on the StoreFront store?
Also have a look at the profile of the session policy on the Gateway to check that your single-sign-on domain is configured correctly with the fqdn of your AD domain under published applications.
When you get error above what is the full path of the URL in the browser, you can block out the domain name if required?
Richard
Also have a look at the profile of the session policy on the Gateway to check that your single-sign-on domain is configured correctly with the fqdn of your AD domain under published applications.
When you get error above what is the full path of the URL in the browser, you can block out the domain name if required?
Richard
ASKER
Which version of the Receiver/Workspace app are you using? Can you try updating to latest.
Which versions of OS are you publishing the applications from?Looks like an incompatibility somewhere for TLS connectivity
Which versions of OS are you publishing the applications from?Looks like an incompatibility somewhere for TLS connectivity
ASKER
It's not working after upgrade workspace
Workspace version: 20.8.0.46
OS version of publishing apps: Win 2008 R2
but same configuration we can launch application in same network
only when the requesting is coming via public getting the SSL47 error
Workspace version: 20.8.0.46
OS version of publishing apps: Win 2008 R2
but same configuration we can launch application in same network
only when the requesting is coming via public getting the SSL47 error
It looks like TLS v1.2 is possibly disabled on the 2008 R2 session host. If you reference the following article - https://support.microsoft.com/en-gb/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows.
Did you get this working?
ASKER
The registry key already there. Still, it's not working
Possibly the workspace app is trying to use tls v1.2 and it is being rejected. Which tls versions are enabled on the Gateway virtual server? Which ADC/Gateway firmware is your VPX running?
ASKER
11.x and 12.x also tried
But same issue
But same issue
Try Citrix Receiver 4.12 - https://www.citrix.com/en-gb/downloads/citrix-receiver/windows/receiver-for-windows-latest.html..
Also try turning off tls v1.2 temporarily on the gateway virtual server to see what the result is.
ASKER
ya, same settings. I have.
Which version of VDA are you running on 2008R2? Have you tried a newer session host such as 2012 R2, 2016, 2019?
Can you list the versions you are running in your Citrix site for StoreFront, Delivery Controllers, Sessions Hosts (VDA), ADC. It would make things a bit clearer as there must be an incompatibility somewhere.
Can you list the versions you are running in your Citrix site for StoreFront, Delivery Controllers, Sessions Hosts (VDA), ADC. It would make things a bit clearer as there must be an incompatibility somewhere.
ASKER
StoreFront : 7.19
XenApp 6.5
NetScaler 12.x
Windows server 2008 r2
XenApp 6.5
NetScaler 12.x
Windows server 2008 r2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What error are you getting when you try to hit the Gateway portal page from external? Do you have a FW rule in place to forward port 443 to the Gateway virtual server IP?
Have you configured StoreFront with the appropriate Citrix Gateway settings under the 'Manage Citrix Gateways' option?
Might find some pointers here if something is missing from your configuration - Integrate Citrix Gateway with StoreFront.
Thanks,
Richard