[THIN] Re: [SPAM] Re: Hello me again!

Hi Al,

 

CSG proxies the ICA connections, so your client only needs HTTPS access
to the CSG server(s).

 

The CSG server(s) require the following...

-          HTTP access to the STA servers, typically port 80, although
it may be different in your environment

-          ICA (tcp 1494) access to all XenApp servers

-          CGP (tcp 2598) access to all XenApp servers, if using Session
Reliability

 

If your Web Interface is also on the same box, or in the DMZ, it
requires...

-          HTTP access to the STA servers, typically port 80, although
it may be different in your environment

-          HTTP access to the XML servers, typically port 80, although
it may be different in your environment

 

Some things may vary. But this is a typical deployment scenario.

 

You should enable STA logging on the XenApp servers to help you work
through this connectivity issue. This will help to identify firewall
rules, ticketing issues, etc.

 

Also, when you change IP Address of a CSG server, you also need to
re-run the CSG Configuration Wizard. You don't need to make any changes,
but you just need to run through it so that the settings are
reinitialised, and re-written to the configuration files.

 

Cheers,

Jeremy.

 

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of alan tropper
Sent: Friday, 12 February 2010 1:30 PM
To: thin@xxxxxxxxxxxxx; Gardiner, Jeffrey (H USA)
Subject: [THIN] Re: [SPAM] Re: Hello me again!

 

Hi All,

 

More info from checking my Citrix Secure Proxy server I can see
connections in netstat to my citrix app servers using both ports 1494
and 2598 so Im guessing I don't need to open 2598 between client PC and
the Citrix Secure Gateway, can anyone confirm this one way or another
that client will talk to CSG using port 80/443 only and that when a XML
connection has been made between client and app server then all
communication is only sent over port 443?

 

Cheers

 

Al

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of alan tropper
Sent: Friday, 12 February 2010 10:32 AM
To: Gardiner, Jeffrey (H USA); thin@xxxxxxxxxxxxx
Subject: [THIN] Re: [SPAM] Re: Hello me again!

 

Hi Jeffrey,

 

All citrix servers in my farm are running XenApp 4.5 R05, Win2003 Sp2.

 

In the web interface config settings I have selected 3 STA servers from
the farm, and in the Secure Gateway I have also selected the same
servers for the STA connections.

 

Cheers

 

Al  

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Gardiner, Jeffrey (H USA)
Sent: Friday, 12 February 2010 9:50 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: [SPAM] Re: Hello me again!

 

Alan,

 

What version of XenApp is running on you ticketing server?

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of alan tropper
Sent: Thursday, February 11, 2010 7:41 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: [SPAM] Re: Hello me again!

Hi Andy,

 

Firstly thanks for the reply!

 

I tried turning off Session reliability from the farm settings but this
didn't fix the issue as I was still getting the same errors as below
from the CSG, however session reliability was still enabled on the web
interface gateway settings, should I turn this off or do I need to open
up port 2598 between my CSG, CSP & WI servers?

 

Errors:

Event ID 100 - Client IP sent bad ticket, connection dropped (Source
Citrix Secure Gateway) (Cat: Ticketing)

Event ID 103 Incoming citrix gateway protocol downstream data could not
be processed (Source:Citrix Secure Gateway (Cat:CGP)

 

I can also telnet using port 2598 to my citrix application servers from
the WI server, is port 2598 used between the CSG, CSP & WI servers at
all or is this communication traffic all on port 443 as I cannot connect
to port 2598 between these servers at present?

 

The strangest part is that the server is just a clone of the production
server and has nothing of any difference apart from the WI versions so
Im confused why one works and the other doesn't?

 

Any input would be much appreciated from all J

 

 

 

 

 

________________________________

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Andy Friar
Sent: Thursday, 11 February 2010 10:29 PM
To: thin@xxxxxxxxxxxxx
Subject: [SPAM] [THIN] Re: Hello me again!

 

Switch off Session reliability or ensure that the firewall rules are
open.

 

Rgds

 

Andy

 

________________________________

 

________________________________

 

________________________________

 

 

 

Andy Friar

Technical Consultant

T

01260 292500

M

07720 470551

F

01260 292505

E

Andy.Friar@xxxxxxxxxxx

 

 

Novus Networks Ltd

 

The Old Corn Mill
Congleton Road
Siddington

Macclesfield

SK11 9JR

 

 

 

The information in this E-Mail is intended for the named recipients
only. It may contain privileged and confidential information. If you are
not the intended recipient you must not copy, distribute or take any
action or place reliance on it. If you have received this E-Mail in
error, please notify the sender immediately by using the E-Mail address
and then delete the message. The views expressed in this message are
personal and not necessarily those of Novus Networks. Company Reg No
3858005


Disclaimer added by CodeTwo Exchange Rules 2010
www.codetwo.com

 

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of alan tropper
Sent: 11 February 2010 14:19
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Hello me again!

 

Hi All,

 

Im hoping someone can save the day with this issue!

 

Basically I have a web interface server running WI4.5 and this hooks in
to a Citrix Secure Proxy Server that talks to the Citrix Secure Gateway
3.1.1.

 

I cloned the WI4.5 and upgraded to WI5.2 which looked great, I
configured it to download latest client 'CitrixOnlinePlugin.'

 

When I switched the clone to production for testing I ran the CSG
diagnostics and all worked fine, although I had to re-join domain for WI
clone.

 

When I would run the old citrix client software I received an error when
selecting a published application concerning a protocol error.

 

When I ran the new client software and tried to connect to a published
app I would not see any errors but would get errors as follows in the
CSG logs:

 

Event ID 100 - Client IP sent bad ticket, connection dropped (Source
Citrix Secure Gateway) (Cat: Ticketing)

Event ID 1-3 Incoming citrix gateway protocol downstream data could not
be processed (Source:Citrix Secure Gateway (Cat:CGP)

 

I tried to re-set the STA's in CSG3.1 and still no luck!

 

When I dropped the clone and put my old WI4.5 server back online all
worked again...any ideas to go on would be great??

 

Cheers

  

Al

 

------------------------------------------------------------------------
----
This message and any included attachments are from Siemens Medical
Solutions 
and are intended only for the addressee(s). 
The information contained herein may include trade secrets or privileged
or 
otherwise confidential information. Unauthorized review, forwarding,
printing, 
copying, distributing, or using such information is strictly prohibited
and may 
be unlawful. If you received this message in error, or have reason to
believe 
you are not authorized to receive it, please promptly delete this
message and 
notify the sender by e-mail with a copy to 
Central.SecurityOffice@xxxxxxxxxxx 
 
Thank you

 


#####################################################################################
Confidentiality and Privilege Notice 
This document is intended solely for the named addressee.  The information 
contained in the pages is confidential and contains legally privileged 
information. If you are not the addressee indicated in this message (or 
responsible for delivery of the message to such person), you may not copy or 
deliver this message to anyone, and you should destroy this message and kindly 
notify the sender by reply email. Confidentiality and legal privilege are not 
waived or lost by reason of mistaken delivery to you.
#####################################################################################

JPEG image

Other related posts: