[THIN] Re: Hold it!!!: There is no Citrix SSL Server configured on the sp ecified address.

  • From: "Chris Lynch" <lynch00@xxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 13 Mar 2003 11:03:49 -0800

=20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You cannot use an SSL accelerator with CSG.  The whole purpose of an
SSL accelerator is to process the SSL request on the cards CPU, off
loading it from the main CPU.  If you do this, then the CSG will drop
the packets because they are not wrapped with SSL.

If you have a Single PIII 1GHz with 2GB of RAM, you should be able to
support more than a few thousand client sessions at the same time
with one CSG box.

Chris

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Sevillano, Raul
Sent: Thursday, March 13, 2003 10:47 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Hold it!!!: There is no Citrix SSL Server
configured on the sp ecified address.


List,
Simple question
Do I need CSG if I have a SSL accelerator ....?=20


- -----Original Message-----
From: Alexander Danilychev [mailto:teknica@xxxxxxxxxxx]
Sent: Thursday, March 13, 2003 1:55 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Hold it!!!: There is no Citrix SSL Server configured
on the sp ecified address.



- --------------------------
Hey, guys, don't go nuts!
- --------------------------

1. Get STA away from MetaFrame to NFuse box.
Secure "scripts" folder either by multi-homing or by IP restriction -
STA=20
should be visible only by NFuse and CSG.
2. "Port sharing" is a bad term - do not use it (I guess it came from
Citrix

marketing not tech guys) - STA as well as XML implementation without=20
listener runs in the scope of IIS, so no "port sharing" here. 3. XML
service, that defaults to port 80 requires IIS, which makes since=20
when you plan to use SSL to secure XML traffic and thus port 443, if=20
security is not a concern(?!) - use XML service with it's own
listener (in=20
that case it actually runs as a service and you can see it among
services=20
applets).

So:
- --------------------------
1. Install STA on the same box as NFuse (use multi-homing when
everything=20
works)
2. Install CSG on a separate box. My recommendation is to install IIS
for=20
certificate installation and troubleshooting - disable IIS when
starting=20
CSG.
3. On MetaFrame side have IIS installed (if you do not like it -
install XML

listener and run it as a service). I like IIS, since to secure XML
service=20
otherwise you will need to run Citrix SSL Relay (remember that one?)

3 box solution (NFuse/STA, CSG and MetaFrame farm) - the easiest to=20
implement and do not confuse yourself by hiding STA behind DMZ -
original=20
Citrix configuration is an overkill.

Again, STA should leave on IIS system where stateless connections are
the=20
norm. Do not put STA or NFuse on boxes like CSG or MetaFrame where=20
connections are always on, unless users can tolerate dropped
connections.=20
IIS on MetaFrames for XML is not an issue and is a better choyce for
SSLed=20
XML.

ALEX


>From: "Chris Lynch" <lynch00@xxxxxxx>
>Reply-To: thin@xxxxxxxxxxxxx
>To: <thin@xxxxxxxxxxxxx>
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the
>sp ecified address.
>Date: Wed, 12 Mar 2003 22:10:53 -0800
>
>
>=3D20
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Ok.  I have run into this in the past, but I don't know if this is =3D=20
>causing your problem.  If you have XML port sharing on your MetaFrame =
=3D=20
>server, then you will need to disable this.  You will move your IIS=20
>port =3D from 80 to 81, and make sure that this rule has been changed =
in=20
>the =3D firewall to reflect this.  Also, to make sure you add this in =
the=20
>NFuse =3D page as http://servername:81/scripts/...  Also, reconfigure =
the=20
>CSG and =3D selected Advanced.  You will then be able to specify the =
port=20
>the STA is =3D listening on (default again is 80, change that to 81).  =
On=20
>your =3D MetaFrame box that hosts the STA, unregister the XML service =
=3D=20
>(CTXXMLS.EXE /U, or something like that), then re-register it with=20
>/R80.
>
>Then, try it again.
>
>I have seen this happen on a MetaFrame XPe server running FR2/SP2, and=20
>I =3D had to make this change for this to work properly.  I haven't =
taken=20
>the =3D time to investigate as to why, as I have installed CSG numerous =

>times.  =3D Mainly, I have always had another server dedicated for the=20
>STA.  Oh =3D well.
>
>Let me know how it goes.
>
>Chris
>
>- -----Original Message-----
>From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On =
=3D=20
>Behalf Of Joe Shonk
>Sent: Wednesday, March 12, 2003 9:32 PM
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp=20
>=3D ecified address.
>
>
>
>Do you have a seperate website in IIS for CSG (to install the =3D3D
>certificate)
>You do have seperate IP addresses bound to the NIC.  Once for IIS and =
=3D=20
>=3D3D one for CSG? You have disabled the IIS website for CSG (after =3D =

>installing the =3D3D
>certificate)
>You have disabled Socket Pooling for IIS (this is required to get NFUSE =

>=3D =3D3D and CSG to both utilize port 443 on the same server)
>
>Joe
>
>- -----Original Message-----
>From: Chris Hardy [mailto:Chris.Hardy@xxxxxxxxxxxxx]
>Sent: Wednesday, March 12, 2003 9:17 PM
>To: 'thin@xxxxxxxxxxxxx'
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp=20
>=3D ecified address.
>
>
>
>I've got no hair left!!
>
>I may be going mad but these are my firewall rules, I'm sure this is=20
>all =3D =3D3D you need for a proper CSG solution.
>
>1. External access on port 443 to the Nfuse and CSG boxes (same box) -=20
>=3D =3D3D you can get to these boxes on 443 from anywhere 2. Nfuse and =
CSG=20
>box =3D has 80, 443 and 1494 access to Metaframe Server on internal=20
>network.
>
>I have checked and doubled checked that all ports and access is open=20
>and =3D working correctly.
>
>I dont need External access to my metaframe box, right?  That then =
=3D3D=20
>=3D defeats the purpose of CSG, right?  The only access to the =
metaframe=20
>=3D server is =3D3D from the Nfuse/CSG box in the DMZ.
>
>Like I said before, I can log in - get the published app. list (I know=20
>=3D =3D3D this is all done on XML - port 80) but the minute I click on =
the=20
>=3D publish app.
>
>Maybe its time to call Citrix themselves, I dont know what else to look =

>=3D =3D3D at.
>
>- -----Original Message-----
>From: Chris Hardy
>To: 'thin@xxxxxxxxxxxxx'
>Sent: 13/03/03 9:01
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp=20
>=3D ecified address.
>
>
>Thanks Richard - will check on that - something I didnt even think of.
>
>- -----Original Message-----
>From: Manley, Richard [mailto:RManley@xxxxxxxxxxxxxxxx]
>Sent: Thursday, 13 March 2003 12:46 AM
>To: 'thin@xxxxxxxxxxxxx'
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp=20
>=3D ecified address.
>
>
>
>I can't remember now but when we set this up we had a problem where our =

>=3D certificate authority issued the certificate  as csg rather than =
=3D=20
>csg.company.com.  I think we had issues with this that created the=20
>above =3D error
>
>- -----Original Message-----
>From: Steve Snyder [mailto:steven_snyder@xxxxxxxxx]
>Sent: 12 March 2003 06:04
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp=20
>=3D ecified address.
>
>
>
>In addition to using FQDN in the DNS, don't forget to
>have the domain name as part of the server's fully
>qualified name as well - System Properties, Network Identification,=20
>Full =3D Computer Name
>
>- --- Chris Hardy <Chris.Hardy@xxxxxxxxxxxxx> wrote:
> >=3D3D20
> > Thanks Roger.  I've been down that track.  The SSL
> > relay FQDN is right and
> > ofcourse the name/ip address of the metaframe server
> > is encrypted with the
> > STA and CSG stuff.
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Web Hosting - establish your business online =3D=20
>http://webhosting.yahoo.com
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D3D20
>Get 30-40% more users per server to save $$$ and time.=3D3D20 Add users =

>now! - not more servers. If you're using Citrix,=3D3D20 you must =3D =
learn=20
>about TScale!  Free 30-day eval: =3D=20
>http://www.rtosoft.com/Enter.asp?ID=3D3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D3D20
>set Digest or Vacation mode use the below link: =3D=20
>http://thethin.net/citrixlist.cfm =3D3D20 This e-mail and any =
attachments=20
>=3D are CONFIDENTIAL and may contain legally privileged information.  =
If=20
>you =3D are not the intended recipient of this e-mail message, please=20
>telephone =3D or e-mail us immediately, delete this message from your=20
>system and do =3D not read, copy, distribute, disclose or otherwise use =

>this e-mail =3D message and any attachments. Although Heath Lambert=20
>believes this e-mail =3D and any attachments to be free of any virus or =

>other defect which may =3D affect your computer, it is the =
responsibility=20
>of the recipient to =3D ensure that it is virus free and Heath Lambert=20
>does not accept any =3D responsibility for any loss or damage arising =
in=20
>any way from its use. =3D Finally, you should be aware that Heath =
Lambert=20
>reserves the right and =3D intends to intercept and monitor incoming =
and=20
>outgoing e-mail =3D correspondence, so you should not expect any e-mail =

>communications to be =3D private in nature.
>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D3D20
>Get 30-40% more users per server to save $$$ and time.=3D3D20 Add users =

>now! - not more servers. If you're using Citrix,=3D3D20 you must =3D =
learn=20
>about TScale!  Free 30-day eval: =3D=20
>http://www.rtosoft.com/Enter.asp?ID=3D3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D3D20
>set Digest or Vacation mode use the below link: =3D=20
>http://thethin.net/citrixlist.cfm
>
>
>***********************************************************************
>*
>MIMEsweeper has been used to check this email for security
>************************************************************************=

>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D3D20
>Get 30-40% more users per server to save $$$ and time.=3D3D20 Add users =

>now! - not more servers. If you're using Citrix,=3D3D20 you must =3D =
learn=20
>about TScale!  Free 30-day eval: =3D=20
>http://www.rtosoft.com/Enter.asp?ID=3D3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D3D20
>set Digest or Vacation mode use the below link: =3D=20
>http://thethin.net/citrixlist.cfm
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D3D20
>Get 30-40% more users per server to save $$$ and time.=3D3D20 Add users =

>now! - not more servers. If you're using Citrix,=3D3D20 you must =3D =
learn=20
>about TScale!  Free 30-day eval: =3D=20
>http://www.rtosoft.com/Enter.asp?ID=3D3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D3D20
>set Digest or Vacation mode use the below link: =3D=20
>http://thethin.net/citrixlist.cfm
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=3D20
>Get 30-40% more users per server to save $$$ and time.=3D20
>Add users now! - not more servers. If you're using Citrix,=3D20 you =
must=20
>learn about TScale!  Free 30-day eval: =3D=20
>http://www.rtosoft.com/Enter.asp?ID=3D3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=3D20
>set Digest or Vacation mode use the below link: =3D=20
>http://thethin.net/citrixlist.cfm
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 8.0
>Comment: Public PGP key for Chris Lynch
>
>iQA/AwUBPnAg7G9fg+xq5T3MEQL7dACdH4B8lzsZ5I3C2m954XxqQeKaYD8AnR9Z
>qYVPtjY0YycV+o7iygnq3yQg
>=3D3DIckx
>-----END PGP SIGNATURE-----
>
>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.
>Get 30-40% more users per server to save $$$ and time.
>Add users now! - not more servers. If you're using Citrix,
>you must learn about TScale!  Free 30-day eval:=20
>http://www.rtosoft.com/Enter.asp?ID=3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:=20
>http://thethin.net/citrixlist.cfm


_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* =20
http://join.msn.com/?page=3Dfeatures/junkmail

*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity.=20
Get 30-40% more users per server to save $$$ and time.=20
Add users now! - not more servers. If you're using Citrix,=20
you must learn about TScale!  Free 30-day eval: =
http://www.rtosoft.com/Enter.asp?ID=3D79
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link: =
http://thethin.net/citrixlist.cfm



*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity.=20
Get 30-40% more users per server to save $$$ and time.=20
Add users now! - not more servers. If you're using Citrix,=20
you must learn about TScale!  Free 30-day eval: =
http://www.rtosoft.com/Enter.asp?ID=3D79
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link: =
http://thethin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch

iQA/AwUBPnDWFG9fg+xq5T3MEQIeGwCg17Ia3za7Xrb7wHXm4TApvmWhgOwAoNV9
JpieQ1c+K2X3CAWnud0u4nz3
=3DxiYI
-----END PGP SIGNATURE-----


*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity. 
Get 30-40% more users per server to save $$$ and time. 
Add users now! - not more servers. If you're using Citrix, 
you must learn about TScale!  Free 30-day eval:
http://www.rtosoft.com/Enter.asp?ID=79
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts: