[THIN] Re: CSG/WI on same box.

  • From: "Jeff Pitsch" <jpitsch@xxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 16 Sep 2004 12:36:25 -0400

8010 will suffice.

1494 needs to be open to each server.

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Armstrong, Robert
Sent: Thursday, September 16, 2004 12:28 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: CSG/WI on same box.

I use port 8010 for my XML service, so do I need to open port 80 from
Secure
Gateway Server in the DMZ to the Citrix Servers for any reason or will
port
8010 suffice?

Also, do I need to open port 1494 between the Secure Gateway Server in
the
DMZ and each Citrix Server in the Farm?

Rob 

-----Original Message-----
From: Lambert, Ryan [mailto:rlambert@xxxxxxxxxxxxxxx] 
Sent: Thursday, September 16, 2004 11:19 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG/WI on same box.


Yep.

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Jeff Pitsch
Sent: Thursday, September 16, 2004 11:11 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG/WI on same box.

Just remember to not allow port 80 to the server from the Internet.  All
that needs to be open through the firewall is 443 to that server from
the
outside.

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Lambert, Ryan
Sent: Thursday, September 16, 2004 11:02 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG/WI on same box.

Jeff, 

Just removed it. Seems to be working okay.

Thanks for your help.

Everyone else, too. Appreciate it.

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Jeff Pitsch
Sent: Thursday, September 16, 2004 10:55 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG/WI on same box.

If you aren't using SSL on IIS (which you don't need to), you shouldn't
need
to move the 443 port.  After removing the cert, did you tell IIS not to
use
SSL?

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Lambert, Ryan
Sent: Thursday, September 16, 2004 10:50 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG/WI on same box.

Got it.

Had to move to SSL on IIS to 444 and manually put in a redirect.

All is well.

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Lambert, Ryan
Sent: Thursday, September 16, 2004 10:08 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG/WI on same box.

Hi Jeff,

So... I've removed the cert from my Default web site for WI, and only
have
csg.mycompany.com configured through CSG Service Configuration.

ie: No certificate set up in IIS.

I'm allowing anonymous access to my Default Web Site. Still being
prompted
with that Windows authentication box, and when I log in, redirected to
https://csg.mycompany.com/iisstart.asp


Blech.


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Jeff Pitsch
Sent: Thursday, September 16, 2004 10:01 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: CSG/WI on same box.

With CSG 2/WI 2 you only need 1 cert.  CSG 2 will proxy all https
communication to the WI.  Make sure the WI site is setup to allow
anonymous
access.

Jeff Pitsch

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Lambert, Ryan
Sent: Thursday, September 16, 2004 9:54 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] CSG/WI on same box.

Hey all,

 

We had this discussion in a different thread yesterday, and I've been
attempting to get CSG/WI 2.0 working on the same box in a lab. No luck!!

 

This is my setup:

 

IIS 5.0 on CSG/WI server.

CSG on ip1:443 (csg.mycompany.com cert, 1024)

WI on ip2:443 (citrix.mycompany.com cert, 1024)

STA on Metaframe Server inside secured network.

 

Looks good when I do Secure Gateway Diag, everything checks out.

 

However, when I connect to https://csg.mycompany.com
<https://csg.mycompany.com/> , I am prompted for a username and
password.
Odd.

 

When I enter the Admin username/password, I'm directed to a page that
says
no default document is set up. Again odd. I can hit
http://citrix.mycompany.com/Citrix/MetaframeXP and get the default NFuse
Page just fine. but IIRC, I'm supposed to be connecting to
https://csg.mycompany.com <https://csg.mycompany.com/>  via browser. I
know
that there is a certificate installed on my WI Website (under Default
Web
Site), albeit the machine is not answering on port 443.

 

The following error I see every time I issue 'iisreset':

 

The service could not bind instance 1.  The data is the error code. 

For additional information specific to this message please visit the
Microsoft Online Support site located at:

 

Seems to me that I am having a conflict with SSL?

 

I've tried issuing the command cscript adsutil.vbs set
w3svc/disablesocketpooling true, and it came back and acknowledged me.

 

Anyone have any thoughts on this, or can point me to a design document
detailing WI2.0/CSG setup?

 

Thx,

Ryan

 

 

 

 

 

 

 

********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running
on unsecured Terminal Servers, profile headaches, and application
performance problems? Join us and learn how you can have a less
demanding
on-demand enterprise! http://www.tricerat.com/?page=ents#register 
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running
on unsecured Terminal Servers, profile headaches, and application
performance problems? Join us and learn how you can have a less
demanding
on-demand enterprise! http://www.tricerat.com/?page=events#register 
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running
on unsecured Terminal Servers, profile headaches, and application
performance problems? Join us and learn how you can have a less
demanding
on-demand enterprise! http://www.tricerat.com/?page=events#register 
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running
on unsecured Terminal Servers, profile headaches, and application
performance problems? Join us and learn how you can have a less
demanding
on-demand enterprise! http://www.tricerat.com/?page=ents#register 
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running
on unsecured Terminal Servers, profile headaches, and application
performance problems? Join us and learn how you can have a less
demanding
on-demand enterprise! http://www.tricerat.com/?page=events#register 
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running
on unsecured Terminal Servers, profile headaches, and application
performance problems? Join us and learn how you can have a less
demanding
on-demand enterprise! http://www.tricerat.com/?page=ents#register 
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps
running
on unsecured Terminal Servers, profile headaches, and application
performance problems? Join us and learn how you can have a less
demanding
on-demand enterprise! http://www.tricerat.com/?page=events#register 
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

This message may contain confidential and/or privileged information.  If
you are not the intended recipient or authorized to receive this for the
intended recipient, you must not use, copy, disclose or take any action
based on this message or any information herein.  If you have received
this message in error, please advise the sender immediately by sending a
reply e-mail and delete this message.  Thank you for your cooperation.
********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps running on 
unsecured Terminal Servers, profile headaches, and application performance 
problems? Join us and learn how you can have a less demanding on-demand 
enterprise!
http://www.tricerat.com/?page=events#register
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: