[THIN] MSAM/CSG - 'Access is Denied'

• From: god like <nt_geek_2005@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Wed, 25 May 2005 03:49:15 -0700 (PDT)

Wow help would be much appreciated folks - this MSAM implementation is making 
me crazy.

Logon agent web page comes up but when I try to login get access denied.

Error is:
2005-05-25 08:20:07 10.0.0.234 POST /LogonAgent/Login.asp 
AS:dycom/kevin;AS:Connect:-2147221504:Cannot+create+MSSOAP.WSDLReader+object.+ActiveX+component+can't+create+object;
 80 - 10.0.0.234 
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.
NET+CLR+1.0.3705) 200 0 0

http://support.citrix.com/kb/entry!default.jspa?categoryID=250&entryID=2522&fromSearchPage=true
 has troubleshooting for this error but the error in the logs is not listed in 
this doc.

My colleague thinks the problem is with my certifcate setup. So...

CSG SERVER CONFIG

CSG has dbs-ts5 as a trusted root (my internal win2003 CA)
Cert shows OK in the MMC and in IE

The iis ssl port is on 444

CSG has a server certificate that shows dbs-ts5 in the cert path.
currently the server cert is for dbs-csg.dycom.com.au
I can ping dbs-csg.dycom.com from csg and msam servers

CSG diagnostic passes but does say the logon agent is using port 80 and isn't 
secured???



I'm issuing the certs to secure 443 on both servers.

MSAM SERVER CONFIG
IIS shows a valid server cert of dbs-ts6.dycom.dom
The IIS SSL port is on 444
In MSAM under Server Farm Properties I have in this order
1. 10.0.0.110 as Secure Gateway (address of the
csg box that I'm testing from)
2. 10.0.0.* internal network as normal
But doubt this is a factor because it only seems to apply one you're launching 
apps - I'm not getting that far.

The csg server name is correct: dbs-csg.dycom.com.au
The sta server names is correct: http://dbs-ts6.dycom.dom/scripts/CtxSTA.dll
and if I go to http://dbs-ts6.dycom.dom/scripts/ from the csg server I get a 
'access is forbidden' which is correct.


INTERACTION BETWEEN THE TWO SERVERS
msam works fine internally - can connect, logon and launch apps.

Can ping dbs-ts6.dycom.dom (the msam server) from the csg server.

Can't telnet 443 to msam from csg -surely I should be able to?


Can telnet 80 to msam from csg 
My CDA is called test
when i go to http://dbs-ts6.dycom.dom/test/authservice/authservice.asmx 
I get the authservice page. 


                
---------------------------------
Do You Yahoo!?
 Yahoo! Small Business - Try our new Resources site!

• Follow-Ups:
  • [THIN] Re: MSAM/CSG - 'Access is Denied'
    • From: Carl Stalhood

Other related posts:

• » [THIN] MSAM/CSG - 'Access is Denied'
• » [THIN] Re: MSAM/CSG - 'Access is Denied'

1. Home
2. thin
3. Archive
4. 05-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---