We help IT Professionals succeed at work.
Research Question

I would like to create a Citrix LAB with external user access. Internal LAN user is able to access published applications using SF LB on NetScaler. But using NS Gateway, user unable to access app.

Murty M
Murty M asked
on
61 Views
Last Modified: 2020-11-08
I would like to create a Citrix LAB with external user access. Internal LAN user can access published applications using SF LB on NetScaler. But using NS Gateway, user unable to access app.
 Static IP got it from Broadband connection
  • Purchased Domain and Wildcard certificate
  • Prepared the below servers
    1. Active Directory (DNS)
    2. SQL
    3. vCenter
    4. CVAD
    5. StoreFront
    6. NetScaler
  • Installed *.<domainname.com> certificate in NetScaler
  • Created a Citrix Virtual Gateway
  • Verified the services locally and it’s working fine
  • But it’s not working via public network
Comment
Watch Question

Richy InnesSenior Consultant
CERTIFIED EXPERT

Commented:
Hi,

What error are you getting when you try to hit the Gateway portal page from external? Do you have a FW rule in place to forward port 443 to the Gateway virtual server IP?

Have you configured StoreFront with the appropriate Citrix Gateway settings under the 'Manage Citrix Gateways' option?


 

Might find some pointers here if something is missing from your configuration - Integrate Citrix Gateway with StoreFront.

Thanks,
Richard

Author

Commented:

Yes configured Storefront and NetScaler.
But when I have given credentials in ADC 11.1 Gateway URL, It's redirecting to SF URL and asking again Credentials. After given that as well, this error I am receiving.
Please suggest.
Richy InnesSenior Consultant
CERTIFIED EXPERT

Commented:
Do you have the 'Pass through from Citrix Gateway' checked as an authentication method on the StoreFront store?

Also have a look at the profile of the session policy on the Gateway to check that your single-sign-on domain is configured correctly with the fqdn of your AD domain under published applications.

When you get error above what is the full path of the URL in the browser, you can block out the domain name if required?

Richard

Author

Commented:
After added the Citrix Gateway option in Storefront it's working fine now
but when I am  trying to launch any application getting the below error

Richy InnesSenior Consultant
CERTIFIED EXPERT

Commented:
Which version of the Receiver/Workspace app are you using? Can you try updating to latest.

Which versions of OS are you publishing the applications from?Looks like an incompatibility somewhere for TLS connectivity 

Author

Commented:
It's not working after upgrade workspace
Workspace version: 20.8.0.46
OS version of publishing apps: Win 2008 R2
but same configuration we can launch application in same network
only when the requesting is coming via public getting the SSL47 error
Richy InnesSenior Consultant
CERTIFIED EXPERT

Commented:
It looks like TLS v1.2 is possibly disabled on the 2008 R2 session host. If you reference the following article - https://support.microsoft.com/en-gb/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows​​. 
Richy InnesSenior Consultant
CERTIFIED EXPERT

Commented:
Did you get this working? 

Author

Commented:
The registry key already there. Still, it's not working
Richy InnesSenior Consultant
CERTIFIED EXPERT

Commented:
Possibly the workspace app is trying to use tls v1.2 and it is being rejected. Which tls versions are enabled on the Gateway virtual server? Which ADC/Gateway firmware is your VPX running?

Author

Commented:
11.x and 12.x also tried
But same issue
Richy InnesSenior Consultant
CERTIFIED EXPERT

Commented:
Try Citrix Receiver 4.12 - https://www.citrix.com/en-gb/downloads/citrix-receiver/windows/receiver-for-windows-latest.html..

Also try turning off tls v1.2 temporarily on the gateway virtual server to see what the result is. 

Author

Commented:
ya, same settings. I have.
Richy InnesSenior Consultant
CERTIFIED EXPERT

Commented:
Which version of VDA are you running on 2008R2? Have you tried a newer session host such as 2012 R2, 2016, 2019?

Can you list the versions you are running in your Citrix site for StoreFront, Delivery Controllers, Sessions Hosts (VDA), ADC. It would make things a bit clearer as there must be an incompatibility somewhere.

Author

Commented:
StoreFront : 7.19
XenApp 6.5
NetScaler 12.x
Windows server 2008 r2
Senior Consultant
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION