[THIN] Re: CSG 3.1.2 and WI 5.2 - HELP!
- From: James Scanlon <scanjam@xxxxxxxxxxx>
- To: Thin <thin@xxxxxxxxxxxxx>
- Date: Thu, 3 Dec 2009 01:57:33 +1000
cert , dns and iis names are all the same.whats the best way to check the logs
- ?
Date: Wed, 2 Dec 2009 14:16:11 +0000
Subject: [THIN] Re: CSG 3.1.2 and WI 5.2 - HELP!
From: berny@xxxxxxxxxxxxxxxxx
To: thin@xxxxxxxxxxxxx
Are you accessing a different name externally? Does the name match the IIS
website?
What's in the IIS logs? Anything?
2009/12/2 James Scanlon <scanjam@xxxxxxxxxxx>
the names all match DNS and cert - its a godaddy certificate.
externally the CSG / WI auth page doesnt come up at all
internally i see everything and it all matches
its Firewall > 443 > Inside Server CSG + WI on same box > same LAN to Citrix
Servers / farm
In the past when terre were cert issues or whatnot we would still get a page it
woudl just say the certificate doesnt match - we are not even getting that far!
Sigh. :)thanks for your quick replies!
SCANJAM
Date: Wed, 2 Dec 2009 07:40:54 -0600
Subject: [THIN] Re: CSG 3.1.2 and WI 5.2 - HELP!
From: gareese@xxxxxxxxx
To: thin@xxxxxxxxxxxxx
are you using a public/commercial cert or one fro your own internal CA? If the
conencting user doesn't have happiness on the cert, they won't get anywhere.
They need to trust the CA that issued it, names have to match, there can be no
warnings on it. etc, etc
443 needs to be open to the CSG, preferably in the DMZ, then 1494, 80 (assuming
the default 80 for XML) from the CSG to the internal network.
is that how you have it?
On Wed, Dec 2, 2009 at 6:46 AM, James Scanlon <scanjam@xxxxxxxxxxx> wrote:
I have a new CSG and WI setup where it all works on the inside of the network
via CSG (users can all get the correct CSG address in the ICA files etc and
launch apps) then i see sessions running via csg
Both CSG and WI are running on the same box with WI configured as indirect mode
If however we try this from the internet with just port 443TCP forwarded we get
'this page cannot be displayed'
This is actually the second firewall we have tried both with the same result.
Testing the STA's i get http 400 - Bad request (shouldnt it be resource not
allowed?) though all green ticks in the ~SG Diagnostics
The Secure gateway was filling the logs with BAD tickets and other crap about
the server xml is not able to process requests - but this server was removed
AGES ago...?
HELP!! Our client is extremely p1ssed that they have replaced their firewall
for nothing and the CSG still isnt working...Surely if it works inside then it
must simply be a firewall / network issue?
And even if it is a citrix misconfig issue why doesnt the page load at all??
Usually we get the first page but then the apps wont launch or the user cant
log in?
SCANJAM
Check out the latest features today Get more out of Hotmail
Check out Domain Radar NOW! A world FIRST in property search has arrived!
_________________________________________________________________
A world FIRST in property search has arrived! Check out Domain Radar NOW!
http://clk.atdmt.com/NMN/go/157631292/direct/01/
Other related posts:
