[THIN] Re: CSG 3.1.2 and WI 5.2 - HELP!
- From: Berny Stapleton <berny@xxxxxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 2 Dec 2009 14:16:11 +0000
Are you accessing a different name externally? Does the name match the IIS
website?
What's in the IIS logs? Anything?
2009/12/2 James Scanlon <scanjam@xxxxxxxxxxx>
> the names all match DNS and cert - its a godaddy certificate.
>
> externally the CSG / WI auth page doesnt come up at all
>
> internally i see everything and it all matches
>
> its Firewall > 443 > Inside Server CSG + WI on same box > same LAN to
> Citrix Servers / farm
>
> In the past when terre were cert issues or whatnot we would still get a
> page it woudl just say the certificate doesnt match - we are not even
> getting that far!
>
> Sigh. :)
> thanks for your quick replies!
>
> SCANJAM
>
>
>
>
> ------------------------------
> Date: Wed, 2 Dec 2009 07:40:54 -0600
> Subject: [THIN] Re: CSG 3.1.2 and WI 5.2 - HELP!
> From: gareese@xxxxxxxxx
> To: thin@xxxxxxxxxxxxx
>
>
> are you using a public/commercial cert or one fro your own internal CA? If
> the conencting user doesn't have happiness on the cert, they won't get
> anywhere. They need to trust the CA that issued it, names have to match,
> there can be no warnings on it. etc, etc
>
> 443 needs to be open to the CSG, preferably in the DMZ, then 1494, 80
> (assuming the default 80 for XML) from the CSG to the internal network.
>
> is that how you have it?
>
> On Wed, Dec 2, 2009 at 6:46 AM, James Scanlon <scanjam@xxxxxxxxxxx> wrote:
>
> I have a new CSG and WI setup where it all works on the inside of the
> network via CSG (users can all get the correct CSG address in the ICA files
> etc and launch apps) then i see sessions running via csg
>
> Both CSG and WI are running on the same box with WI configured as indirect
> mode
>
> If however we try this from the internet with just port 443TCP forwarded we
> get 'this page cannot be displayed'
> This is actually the second firewall we have tried both with the same
> result.
>
> Testing the STA's i get http 400 - Bad request (shouldnt it be resource not
> allowed?) though all green ticks in the ~SG Diagnostics
>
> The Secure gateway was filling the logs with BAD tickets and other crap
> about the server xml is not able to process requests - but this server was
> removed AGES ago...?
>
> HELP!! Our client is extremely p1ssed that they have replaced their
> firewall for nothing and the CSG still isnt working...
> Surely if it works inside then it must simply be a firewall / network
> issue?
> And even if it is a citrix misconfig issue why doesnt the page load at
> all?? Usually we get the first page but then the apps wont launch or the
> user cant log in?
>
> SCANJAM
>
>
> ------------------------------
> Check out the latest features today Get more out of
> Hotmail<http://windowslive.ninemsn.com.au/hotmail/article/878466/your-hotmail-is-about-to-get-even-better>
>
>
>
> ------------------------------
> Check out Domain Radar NOW! A world FIRST in property search has
> arrived!<http://clk.atdmt.com/NMN/go/157631292/direct/01/>
>
Other related posts:
