[THIN] Re: CSG 3.1.2 and WI 5.2 - HELP!
- From: Greg Reese <gareese@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 2 Dec 2009 10:16:01 -0600
you want the raw IIS logs. It is defined in IIS. but usually something
like system32\logs\w3svc. They also default to GMT time which can make it
hard to read.
On Wed, Dec 2, 2009 at 9:57 AM, James Scanlon <scanjam@xxxxxxxxxxx> wrote:
> cert , dns and iis names are all the same.
> whats the best way to check the logs - ?
>
> ------------------------------
> Date: Wed, 2 Dec 2009 14:16:11 +0000
>
> Subject: [THIN] Re: CSG 3.1.2 and WI 5.2 - HELP!
> From: berny@xxxxxxxxxxxxxxxxx
> To: thin@xxxxxxxxxxxxx
>
>
> Are you accessing a different name externally? Does the name match the IIS
> website?
>
> What's in the IIS logs? Anything?
>
>
> 2009/12/2 James Scanlon <scanjam@xxxxxxxxxxx>
>
> the names all match DNS and cert - its a godaddy certificate.
>
> externally the CSG / WI auth page doesnt come up at all
>
> internally i see everything and it all matches
>
> its Firewall > 443 > Inside Server CSG + WI on same box > same LAN to
> Citrix Servers / farm
>
> In the past when terre were cert issues or whatnot we would still get a
> page it woudl just say the certificate doesnt match - we are not even
> getting that far!
>
> Sigh. :)
> thanks for your quick replies!
>
> SCANJAM
>
>
>
>
> ------------------------------
> Date: Wed, 2 Dec 2009 07:40:54 -0600
> Subject: [THIN] Re: CSG 3.1.2 and WI 5.2 - HELP!
> From: gareese@xxxxxxxxx
> To: thin@xxxxxxxxxxxxx
>
>
> are you using a public/commercial cert or one fro your own internal CA? If
> the conencting user doesn't have happiness on the cert, they won't get
> anywhere. They need to trust the CA that issued it, names have to match,
> there can be no warnings on it. etc, etc
>
> 443 needs to be open to the CSG, preferably in the DMZ, then 1494, 80
> (assuming the default 80 for XML) from the CSG to the internal network.
>
> is that how you have it?
>
> On Wed, Dec 2, 2009 at 6:46 AM, James Scanlon <scanjam@xxxxxxxxxxx> wrote:
>
> I have a new CSG and WI setup where it all works on the inside of the
> network via CSG (users can all get the correct CSG address in the ICA files
> etc and launch apps) then i see sessions running via csg
>
> Both CSG and WI are running on the same box with WI configured as indirect
> mode
>
> If however we try this from the internet with just port 443TCP forwarded we
> get 'this page cannot be displayed'
> This is actually the second firewall we have tried both with the same
> result.
>
> Testing the STA's i get http 400 - Bad request (shouldnt it be resource not
> allowed?) though all green ticks in the ~SG Diagnostics
>
> The Secure gateway was filling the logs with BAD tickets and other crap
> about the server xml is not able to process requests - but this server was
> removed AGES ago...?
>
> HELP!! Our client is extremely p1ssed that they have replaced their
> firewall for nothing and the CSG still isnt working...
> Surely if it works inside then it must simply be a firewall / network
> issue?
> And even if it is a citrix misconfig issue why doesnt the page load at
> all?? Usually we get the first page but then the apps wont launch or the
> user cant log in?
>
> SCANJAM
>
>
> ------------------------------
> Check out the latest features today Get more out of
> Hotmail<http://windowslive.ninemsn.com.au/hotmail/article/878466/your-hotmail-is-about-to-get-even-better>
>
>
>
> ------------------------------
> Check out Domain Radar NOW! A world FIRST in property search has
> arrived!<http://clk.atdmt.com/NMN/go/157631292/direct/01/>
>
>
>
> ------------------------------
> Check out Domain Radar NOW! A world FIRST in property search has
> arrived!<http://clk.atdmt.com/NMN/go/157631292/direct/01/>
>
Other related posts:
