cert , dns and iis names are all the same.whats the best way to check the logs - ? Date: Wed, 2 Dec 2009 14:16:11 +0000 Subject: [THIN] Re: CSG 3.1.2 and WI 5.2 - HELP! From: berny@xxxxxxxxxxxxxxxxx To: thin@xxxxxxxxxxxxx Are you accessing a different name externally? Does the name match the IIS website? What's in the IIS logs? Anything? 2009/12/2 James Scanlon <scanjam@xxxxxxxxxxx> the names all match DNS and cert - its a godaddy certificate. externally the CSG / WI auth page doesnt come up at all internally i see everything and it all matches its Firewall > 443 > Inside Server CSG + WI on same box > same LAN to Citrix Servers / farm In the past when terre were cert issues or whatnot we would still get a page it woudl just say the certificate doesnt match - we are not even getting that far! Sigh. :)thanks for your quick replies! SCANJAM Date: Wed, 2 Dec 2009 07:40:54 -0600 Subject: [THIN] Re: CSG 3.1.2 and WI 5.2 - HELP! From: gareese@xxxxxxxxx To: thin@xxxxxxxxxxxxx are you using a public/commercial cert or one fro your own internal CA? If the conencting user doesn't have happiness on the cert, they won't get anywhere. They need to trust the CA that issued it, names have to match, there can be no warnings on it. etc, etc 443 needs to be open to the CSG, preferably in the DMZ, then 1494, 80 (assuming the default 80 for XML) from the CSG to the internal network. is that how you have it? On Wed, Dec 2, 2009 at 6:46 AM, James Scanlon <scanjam@xxxxxxxxxxx> wrote: I have a new CSG and WI setup where it all works on the inside of the network via CSG (users can all get the correct CSG address in the ICA files etc and launch apps) then i see sessions running via csg Both CSG and WI are running on the same box with WI configured as indirect mode If however we try this from the internet with just port 443TCP forwarded we get 'this page cannot be displayed' This is actually the second firewall we have tried both with the same result. Testing the STA's i get http 400 - Bad request (shouldnt it be resource not allowed?) though all green ticks in the ~SG Diagnostics The Secure gateway was filling the logs with BAD tickets and other crap about the server xml is not able to process requests - but this server was removed AGES ago...? HELP!! Our client is extremely p1ssed that they have replaced their firewall for nothing and the CSG still isnt working...Surely if it works inside then it must simply be a firewall / network issue? And even if it is a citrix misconfig issue why doesnt the page load at all?? Usually we get the first page but then the apps wont launch or the user cant log in? SCANJAM Check out the latest features today Get more out of Hotmail Check out Domain Radar NOW! A world FIRST in property search has arrived! _________________________________________________________________ A world FIRST in property search has arrived! Check out Domain Radar NOW! http://clk.atdmt.com/NMN/go/157631292/direct/01/