[THIN] Re: Hold it!!!: There is no Citrix SSL Server configured on the specified address.
- From: "Alexander Danilychev" <teknica@xxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Thu, 13 Mar 2003 11:10:41 -0800
Yes, you do. As long as ICA is a proprietary protocol, do not expect third
parties to support SSL encapsulation for ICA. If you already have SSL
accelerator it will work for securing HTTP, i.e. NFuse, however if you do
not have one, benefit for NFuse versus IIS SSL is marginal.
ALEX
>From: "Sevillano, Raul" <SEVILLANOR@xxxxxxxxxxxxx>
>Reply-To: thin@xxxxxxxxxxxxx
>To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
>Subject: [THIN] Re: Hold it!!!: There is no Citrix SSL Server configured on
>the sp ecified address.
>Date: Thu, 13 Mar 2003 13:47:22 -0500
>
>List,
>Simple question
>Do I need CSG if I have a SSL accelerator ....?
>
>
>-----Original Message-----
>From: Alexander Danilychev [mailto:teknica@xxxxxxxxxxx]
>Sent: Thursday, March 13, 2003 1:55 AM
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Hold it!!!: There is no Citrix SSL Server configured on the
>sp ecified address.
>
>
>
>--------------------------
>Hey, guys, don't go nuts!
>--------------------------
>
>1. Get STA away from MetaFrame to NFuse box.
>Secure "scripts" folder either by multi-homing or by IP restriction - STA
>should be visible only by NFuse and CSG.
>2. "Port sharing" is a bad term - do not use it (I guess it came from
>Citrix
>
>marketing not tech guys) - STA as well as XML implementation without
>listener runs in the scope of IIS, so no "port sharing" here.
>3. XML service, that defaults to port 80 requires IIS, which makes since
>when you plan to use SSL to secure XML traffic and thus port 443, if
>security is not a concern(?!) - use XML service with it's own listener (in
>that case it actually runs as a service and you can see it among services
>applets).
>
>So:
>--------------------------
>1. Install STA on the same box as NFuse (use multi-homing when everything
>works)
>2. Install CSG on a separate box. My recommendation is to install IIS for
>certificate installation and troubleshooting - disable IIS when starting
>CSG.
>3. On MetaFrame side have IIS installed (if you do not like it - install
>XML
>
>listener and run it as a service). I like IIS, since to secure XML service
>otherwise you will need to run Citrix SSL Relay (remember that one?)
>
>3 box solution (NFuse/STA, CSG and MetaFrame farm) - the easiest to
>implement and do not confuse yourself by hiding STA behind DMZ - original
>Citrix configuration is an overkill.
>
>Again, STA should leave on IIS system where stateless connections are the
>norm. Do not put STA or NFuse on boxes like CSG or MetaFrame where
>connections are always on, unless users can tolerate dropped connections.
>IIS on MetaFrames for XML is not an issue and is a better choyce for SSLed
>XML.
>
>ALEX
>
>
> >From: "Chris Lynch" <lynch00@xxxxxxx>
> >Reply-To: thin@xxxxxxxxxxxxx
> >To: <thin@xxxxxxxxxxxxx>
> >Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp
> >ecified address.
> >Date: Wed, 12 Mar 2003 22:10:53 -0800
> >
> >
> >=20
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Ok. I have run into this in the past, but I don't know if this is =
> >causing your problem. If you have XML port sharing on your MetaFrame =
> >server, then you will need to disable this. You will move your IIS port
>=
> >from 80 to 81, and make sure that this rule has been changed in the =
> >firewall to reflect this. Also, to make sure you add this in the NFuse =
> >page as http://servername:81/scripts/... Also, reconfigure the CSG and =
> >selected Advanced. You will then be able to specify the port the STA is
>=
> >listening on (default again is 80, change that to 81). On your =
> >MetaFrame box that hosts the STA, unregister the XML service =
> >(CTXXMLS.EXE /U, or something like that), then re-register it with /R80.
> >
> >Then, try it again.
> >
> >I have seen this happen on a MetaFrame XPe server running FR2/SP2, and I
>=
> >had to make this change for this to work properly. I haven't taken the =
> >time to investigate as to why, as I have installed CSG numerous times. =
> >Mainly, I have always had another server dedicated for the STA. Oh =
> >well.
> >
> >Let me know how it goes.
> >
> >Chris
> >
> >- -----Original Message-----
> >From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On =
> >Behalf Of Joe Shonk
> >Sent: Wednesday, March 12, 2003 9:32 PM
> >To: thin@xxxxxxxxxxxxx
> >Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
> >ecified address.
> >
> >
> >
> >Do you have a seperate website in IIS for CSG (to install the =3D
> >certificate)
> >You do have seperate IP addresses bound to the NIC. Once for IIS and =
> >=3D one for CSG? You have disabled the IIS website for CSG (after =
> >installing the =3D
> >certificate)
> >You have disabled Socket Pooling for IIS (this is required to get NFUSE =
> >=3D and CSG to both utilize port 443 on the same server)
> >
> >Joe
> >
> >- -----Original Message-----
> >From: Chris Hardy [mailto:Chris.Hardy@xxxxxxxxxxxxx]
> >Sent: Wednesday, March 12, 2003 9:17 PM
> >To: 'thin@xxxxxxxxxxxxx'
> >Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
> >ecified address.
> >
> >
> >
> >I've got no hair left!!
> >
> >I may be going mad but these are my firewall rules, I'm sure this is all
>=
> >=3D you need for a proper CSG solution.
> >
> >1. External access on port 443 to the Nfuse and CSG boxes (same box) - =
> >=3D you can get to these boxes on 443 from anywhere 2. Nfuse and CSG box
>=
> >has 80, 443 and 1494 access to Metaframe Server on internal network.
> >
> >I have checked and doubled checked that all ports and access is open and
>=
> >working correctly.
> >
> >I dont need External access to my metaframe box, right? That then =3D =
> >defeats the purpose of CSG, right? The only access to the metaframe =
> >server is =3D from the Nfuse/CSG box in the DMZ.
> >
> >Like I said before, I can log in - get the published app. list (I know =
> >=3D this is all done on XML - port 80) but the minute I click on the =
> >publish app.
> >
> >Maybe its time to call Citrix themselves, I dont know what else to look =
> >=3D at.
> >
> >- -----Original Message-----
> >From: Chris Hardy
> >To: 'thin@xxxxxxxxxxxxx'
> >Sent: 13/03/03 9:01
> >Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
> >ecified address.
> >
> >
> >Thanks Richard - will check on that - something I didnt even think of.
> >
> >- -----Original Message-----
> >From: Manley, Richard [mailto:RManley@xxxxxxxxxxxxxxxx]
> >Sent: Thursday, 13 March 2003 12:46 AM
> >To: 'thin@xxxxxxxxxxxxx'
> >Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
> >ecified address.
> >
> >
> >
> >I can't remember now but when we set this up we had a problem where our =
> >certificate authority issued the certificate as csg rather than =
> >csg.company.com. I think we had issues with this that created the above
>=
> >error
> >
> >- -----Original Message-----
> >From: Steve Snyder [mailto:steven_snyder@xxxxxxxxx]
> >Sent: 12 March 2003 06:04
> >To: thin@xxxxxxxxxxxxx
> >Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp =
> >ecified address.
> >
> >
> >
> >In addition to using FQDN in the DNS, don't forget to
> >have the domain name as part of the server's fully
> >qualified name as well - System Properties, Network Identification, Full
>=
> >Computer Name
> >
> >- --- Chris Hardy <Chris.Hardy@xxxxxxxxxxxxx> wrote:
> > >=3D20
> > > Thanks Roger. I've been down that track. The SSL
> > > relay FQDN is right and
> > > ofcourse the name/ip address of the metaframe server
> > > is encrypted with the
> > > STA and CSG stuff.
> >
> >__________________________________________________
> >Do you Yahoo!?
> >Yahoo! Web Hosting - establish your business online =
> >http://webhosting.yahoo.com
> >*********************************************************
> >This Week's Sponsor - RTO Software / TScale
> >TScale increases terminal server capacity.=3D20
> >Get 30-40% more users per server to save $$$ and time.=3D20
> >Add users now! - not more servers. If you're using Citrix,=3D20 you must
>=
> >learn about TScale! Free 30-day eval: =
> >http://www.rtosoft.com/Enter.asp?ID=3D3D79
> >**********************************************************
> >
> >For Archives, to Unsubscribe, Subscribe or=3D20
> >set Digest or Vacation mode use the below link: =
> >http://thethin.net/citrixlist.cfm =3D20 This e-mail and any attachments =
> >are CONFIDENTIAL and may contain legally privileged information. If you
>=
> >are not the intended recipient of this e-mail message, please telephone =
> >or e-mail us immediately, delete this message from your system and do =
> >not read, copy, distribute, disclose or otherwise use this e-mail =
> >message and any attachments. Although Heath Lambert believes this e-mail
>=
> >and any attachments to be free of any virus or other defect which may =
> >affect your computer, it is the responsibility of the recipient to =
> >ensure that it is virus free and Heath Lambert does not accept any =
> >responsibility for any loss or damage arising in any way from its use. =
> >Finally, you should be aware that Heath Lambert reserves the right and =
> >intends to intercept and monitor incoming and outgoing e-mail =
> >correspondence, so you should not expect any e-mail communications to be
>=
> >private in nature.
> >
> >*********************************************************
> >This Week's Sponsor - RTO Software / TScale
> >TScale increases terminal server capacity.=3D20
> >Get 30-40% more users per server to save $$$ and time.=3D20
> >Add users now! - not more servers. If you're using Citrix,=3D20 you must
>=
> >learn about TScale! Free 30-day eval: =
> >http://www.rtosoft.com/Enter.asp?ID=3D3D79
> >**********************************************************
> >
> >For Archives, to Unsubscribe, Subscribe or=3D20
> >set Digest or Vacation mode use the below link: =
> >http://thethin.net/citrixlist.cfm
> >
> >
> >************************************************************************
> >MIMEsweeper has been used to check this email for security
> >************************************************************************
> >
> >*********************************************************
> >This Week's Sponsor - RTO Software / TScale
> >TScale increases terminal server capacity.=3D20
> >Get 30-40% more users per server to save $$$ and time.=3D20
> >Add users now! - not more servers. If you're using Citrix,=3D20 you must
>=
> >learn about TScale! Free 30-day eval: =
> >http://www.rtosoft.com/Enter.asp?ID=3D3D79
> >**********************************************************
> >
> >For Archives, to Unsubscribe, Subscribe or=3D20
> >set Digest or Vacation mode use the below link: =
> >http://thethin.net/citrixlist.cfm
> >*********************************************************
> >This Week's Sponsor - RTO Software / TScale
> >TScale increases terminal server capacity.=3D20
> >Get 30-40% more users per server to save $$$ and time.=3D20
> >Add users now! - not more servers. If you're using Citrix,=3D20 you must
>=
> >learn about TScale! Free 30-day eval: =
> >http://www.rtosoft.com/Enter.asp?ID=3D3D79
> >**********************************************************
> >
> >For Archives, to Unsubscribe, Subscribe or=3D20
> >set Digest or Vacation mode use the below link: =
> >http://thethin.net/citrixlist.cfm
> >*********************************************************
> >This Week's Sponsor - RTO Software / TScale
> >TScale increases terminal server capacity.=20
> >Get 30-40% more users per server to save $$$ and time.=20
> >Add users now! - not more servers. If you're using Citrix,=20
> >you must learn about TScale! Free 30-day eval: =
> >http://www.rtosoft.com/Enter.asp?ID=3D79
> >**********************************************************
> >
> >For Archives, to Unsubscribe, Subscribe or=20
> >set Digest or Vacation mode use the below link: =
> >http://thethin.net/citrixlist.cfm
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: PGP 8.0
> >Comment: Public PGP key for Chris Lynch
> >
> >iQA/AwUBPnAg7G9fg+xq5T3MEQL7dACdH4B8lzsZ5I3C2m954XxqQeKaYD8AnR9Z
> >qYVPtjY0YycV+o7iygnq3yQg
> >=3DIckx
> >-----END PGP SIGNATURE-----
> >
> >
> >*********************************************************
> >This Week's Sponsor - RTO Software / TScale
> >TScale increases terminal server capacity.
> >Get 30-40% more users per server to save $$$ and time.
> >Add users now! - not more servers. If you're using Citrix,
> >you must learn about TScale! Free 30-day eval:
> >http://www.rtosoft.com/Enter.asp?ID=79
> >**********************************************************
> >
> >For Archives, to Unsubscribe, Subscribe or
> >set Digest or Vacation mode use the below link:
> >http://thethin.net/citrixlist.cfm
>
>
>_________________________________________________________________
>The new MSN 8: smart spam protection and 2 months FREE*
>http://join.msn.com/?page=features/junkmail
>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.
>Get 30-40% more users per server to save $$$ and time.
>Add users now! - not more servers. If you're using Citrix,
>you must learn about TScale! Free 30-day eval:
>http://www.rtosoft.com/Enter.asp?ID=79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
>http://thethin.net/citrixlist.cfm
>
>
>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.
>Get 30-40% more users per server to save $$$ and time.
>Add users now! - not more servers. If you're using Citrix,
>you must learn about TScale! Free 30-day eval:
>http://www.rtosoft.com/Enter.asp?ID=79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
>http://thethin.net/citrixlist.cfm
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity.
Get 30-40% more users per server to save $$$ and time.
Add users now! - not more servers. If you're using Citrix,
you must learn about TScale! Free 30-day eval:
http://www.rtosoft.com/Enter.asp?ID=79
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
