[THIN] Re: Hold it!!!: There is no Citrix SSL Server configured on the sp ecified address.

  • From: "Joe Shonk" <JShonk@xxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 13 Mar 2003 08:26:57 -0800

Ugh, not sure where you are getting those idea, but it is never =
recommended to put the STA on the NFuse box.  Especially if it's in the =
DMZ.  Authenication/Ticketing should always be done internally.

The STA on the Metaframe Server is fine,  this is how most installations =
end up as who wants to dedicate a $2000 server for a simple function =
like STA.

NFuse/CSG combination is OK.. Many people are doing this.  This will be =
native for the next release of CSG(if I am allow to say that much).

-----Original Message-----
From: Alexander Danilychev [mailto:teknica@xxxxxxxxxxx]
Sent: Wednesday, March 12, 2003 11:55 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Hold it!!!: There is no Citrix SSL Server configured on
the sp ecified address.



--------------------------
Hey, guys, don't go nuts!
--------------------------

1. Get STA away from MetaFrame to NFuse box.
Secure "scripts" folder either by multi-homing or by IP restriction - =
STA=20
should be visible only by NFuse and CSG.
2. "Port sharing" is a bad term - do not use it (I guess it came from =
Citrix=20
marketing not tech guys) - STA as well as XML implementation without=20
listener runs in the scope of IIS, so no "port sharing" here.
3. XML service, that defaults to port 80 requires IIS, which makes since =

when you plan to use SSL to secure XML traffic and thus port 443, if=20
security is not a concern(?!) - use XML service with it's own listener =
(in=20
that case it actually runs as a service and you can see it among =
services=20
applets).

So:
--------------------------
1. Install STA on the same box as NFuse (use multi-homing when =
everything=20
works)
2. Install CSG on a separate box. My recommendation is to install IIS =
for=20
certificate installation and troubleshooting - disable IIS when starting =

CSG.
3. On MetaFrame side have IIS installed (if you do not like it - install =
XML=20
listener and run it as a service). I like IIS, since to secure XML =
service=20
otherwise you will need to run Citrix SSL Relay (remember that one?)

3 box solution (NFuse/STA, CSG and MetaFrame farm) - the easiest to=20
implement and do not confuse yourself by hiding STA behind DMZ - =
original=20
Citrix configuration is an overkill.

Again, STA should leave on IIS system where stateless connections are =
the=20
norm. Do not put STA or NFuse on boxes like CSG or MetaFrame where=20
connections are always on, unless users can tolerate dropped =
connections.=20
IIS on MetaFrames for XML is not an issue and is a better choyce for =
SSLed=20
XML.

ALEX


>From: "Chris Lynch" <lynch00@xxxxxxx>
>Reply-To: thin@xxxxxxxxxxxxx
>To: <thin@xxxxxxxxxxxxx>
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp=20
>ecified address.
>Date: Wed, 12 Mar 2003 22:10:53 -0800
>
>
>=3D20
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Ok.  I have run into this in the past, but I don't know if this is =3D
>causing your problem.  If you have XML port sharing on your MetaFrame =
=3D
>server, then you will need to disable this.  You will move your IIS =
port =3D
>from 80 to 81, and make sure that this rule has been changed in the =3D
>firewall to reflect this.  Also, to make sure you add this in the NFuse =
=3D
>page as http://servername:81/scripts/...  Also, reconfigure the CSG and =
=3D
>selected Advanced.  You will then be able to specify the port the STA =
is =3D
>listening on (default again is 80, change that to 81).  On your =3D
>MetaFrame box that hosts the STA, unregister the XML service =3D
>(CTXXMLS.EXE /U, or something like that), then re-register it with =
/R80.
>
>Then, try it again.
>
>I have seen this happen on a MetaFrame XPe server running FR2/SP2, and =
I =3D
>had to make this change for this to work properly.  I haven't taken the =
=3D
>time to investigate as to why, as I have installed CSG numerous times.  =
=3D
>Mainly, I have always had another server dedicated for the STA.  Oh =3D
>well.
>
>Let me know how it goes.
>
>Chris
>
>- -----Original Message-----
>From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On =
=3D
>Behalf Of Joe Shonk
>Sent: Wednesday, March 12, 2003 9:32 PM
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
=3D
>ecified address.
>
>
>
>Do you have a seperate website in IIS for CSG (to install the =3D3D
>certificate)
>You do have seperate IP addresses bound to the NIC.  Once for IIS and =
=3D
>=3D3D one for CSG? You have disabled the IIS website for CSG (after =3D
>installing the =3D3D
>certificate)
>You have disabled Socket Pooling for IIS (this is required to get NFUSE =
=3D
>=3D3D and CSG to both utilize port 443 on the same server)
>
>Joe
>
>- -----Original Message-----
>From: Chris Hardy [mailto:Chris.Hardy@xxxxxxxxxxxxx]
>Sent: Wednesday, March 12, 2003 9:17 PM
>To: 'thin@xxxxxxxxxxxxx'
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
=3D
>ecified address.
>
>
>
>I've got no hair left!!
>
>I may be going mad but these are my firewall rules, I'm sure this is =
all =3D
>=3D3D you need for a proper CSG solution.
>
>1. External access on port 443 to the Nfuse and CSG boxes (same box) - =
=3D
>=3D3D you can get to these boxes on 443 from anywhere 2. Nfuse and CSG =
box =3D
>has 80, 443 and 1494 access to Metaframe Server on internal network.
>
>I have checked and doubled checked that all ports and access is open =
and =3D
>working correctly.
>
>I dont need External access to my metaframe box, right?  That then =
=3D3D =3D
>defeats the purpose of CSG, right?  The only access to the metaframe =
=3D
>server is =3D3D from the Nfuse/CSG box in the DMZ.
>
>Like I said before, I can log in - get the published app. list (I know =
=3D
>=3D3D this is all done on XML - port 80) but the minute I click on the =
=3D
>publish app.
>
>Maybe its time to call Citrix themselves, I dont know what else to look =
=3D
>=3D3D at.
>
>- -----Original Message-----
>From: Chris Hardy
>To: 'thin@xxxxxxxxxxxxx'
>Sent: 13/03/03 9:01
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
=3D
>ecified address.
>
>
>Thanks Richard - will check on that - something I didnt even think of.
>
>- -----Original Message-----
>From: Manley, Richard [mailto:RManley@xxxxxxxxxxxxxxxx]
>Sent: Thursday, 13 March 2003 12:46 AM
>To: 'thin@xxxxxxxxxxxxx'
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
=3D
>ecified address.
>
>
>
>I can't remember now but when we set this up we had a problem where our =
=3D
>certificate authority issued the certificate  as csg rather than =3D
>csg.company.com.  I think we had issues with this that created the =
above =3D
>error
>
>- -----Original Message-----
>From: Steve Snyder [mailto:steven_snyder@xxxxxxxxx]
>Sent: 12 March 2003 06:04
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
=3D
>ecified address.
>
>
>
>In addition to using FQDN in the DNS, don't forget to
>have the domain name as part of the server's fully
>qualified name as well - System Properties, Network Identification, =
Full =3D
>Computer Name
>
>- --- Chris Hardy <Chris.Hardy@xxxxxxxxxxxxx> wrote:
> >=3D3D20
> > Thanks Roger.  I've been down that track.  The SSL
> > relay FQDN is right and
> > ofcourse the name/ip address of the metaframe server
> > is encrypted with the
> > STA and CSG stuff.
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Web Hosting - establish your business online =3D
>http://webhosting.yahoo.com
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D3D20
>Get 30-40% more users per server to save $$$ and time.=3D3D20
>Add users now! - not more servers. If you're using Citrix,=3D3D20 you =
must =3D
>learn about TScale!  Free 30-day eval: =3D
>http://www.rtosoft.com/Enter.asp?ID=3D3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D3D20
>set Digest or Vacation mode use the below link: =3D
>http://thethin.net/citrixlist.cfm =3D3D20 This e-mail and any =
attachments =3D
>are CONFIDENTIAL and may contain legally privileged information.  If =
you =3D
>are not the intended recipient of this e-mail message, please telephone =
=3D
>or e-mail us immediately, delete this message from your system and do =
=3D
>not read, copy, distribute, disclose or otherwise use this e-mail =3D
>message and any attachments. Although Heath Lambert believes this =
e-mail =3D
>and any attachments to be free of any virus or other defect which may =
=3D
>affect your computer, it is the responsibility of the recipient to =3D
>ensure that it is virus free and Heath Lambert does not accept any =3D
>responsibility for any loss or damage arising in any way from its use. =
=3D
>Finally, you should be aware that Heath Lambert reserves the right and =
=3D
>intends to intercept and monitor incoming and outgoing e-mail =3D
>correspondence, so you should not expect any e-mail communications to =
be =3D
>private in nature.
>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D3D20
>Get 30-40% more users per server to save $$$ and time.=3D3D20
>Add users now! - not more servers. If you're using Citrix,=3D3D20 you =
must =3D
>learn about TScale!  Free 30-day eval: =3D
>http://www.rtosoft.com/Enter.asp?ID=3D3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D3D20
>set Digest or Vacation mode use the below link: =3D
>http://thethin.net/citrixlist.cfm
>
>
>************************************************************************=

>MIMEsweeper has been used to check this email for security
>************************************************************************=

>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D3D20
>Get 30-40% more users per server to save $$$ and time.=3D3D20
>Add users now! - not more servers. If you're using Citrix,=3D3D20 you =
must =3D
>learn about TScale!  Free 30-day eval: =3D
>http://www.rtosoft.com/Enter.asp?ID=3D3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D3D20
>set Digest or Vacation mode use the below link: =3D
>http://thethin.net/citrixlist.cfm
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D3D20
>Get 30-40% more users per server to save $$$ and time.=3D3D20
>Add users now! - not more servers. If you're using Citrix,=3D3D20 you =
must =3D
>learn about TScale!  Free 30-day eval: =3D
>http://www.rtosoft.com/Enter.asp?ID=3D3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D3D20
>set Digest or Vacation mode use the below link: =3D
>http://thethin.net/citrixlist.cfm
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D20
>Get 30-40% more users per server to save $$$ and time.=3D20
>Add users now! - not more servers. If you're using Citrix,=3D20
>you must learn about TScale!  Free 30-day eval: =3D
>http://www.rtosoft.com/Enter.asp?ID=3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D20
>set Digest or Vacation mode use the below link: =3D
>http://thethin.net/citrixlist.cfm
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 8.0
>Comment: Public PGP key for Chris Lynch
>
>iQA/AwUBPnAg7G9fg+xq5T3MEQL7dACdH4B8lzsZ5I3C2m954XxqQeKaYD8AnR9Z
>qYVPtjY0YycV+o7iygnq3yQg
>=3D3DIckx
>-----END PGP SIGNATURE-----
>
>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.
>Get 30-40% more users per server to save $$$ and time.
>Add users now! - not more servers. If you're using Citrix,
>you must learn about TScale!  Free 30-day eval:
>http://www.rtosoft.com/Enter.asp?ID=3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
>http://thethin.net/citrixlist.cfm


_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* =20
http://join.msn.com/?page=3Dfeatures/junkmail

*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity.=20
Get 30-40% more users per server to save $$$ and time.=20
Add users now! - not more servers. If you're using Citrix,=20
you must learn about TScale!  Free 30-day eval:
http://www.rtosoft.com/Enter.asp?ID=3D79
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity. 
Get 30-40% more users per server to save $$$ and time. 
Add users now! - not more servers. If you're using Citrix, 
you must learn about TScale!  Free 30-day eval:
http://www.rtosoft.com/Enter.asp?ID=79
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts: