The easiest way to tell if a client is connecting through CSG (outside of the SG MMC) is too look at the client and the Program Neighborhood Connection Center. When you open it up, the application should say \\Remote, 128-bit SSL/TLS next to it. That will tell you if your going through CSG and if there is a problem with the MMC. Jeff Pitsch -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Durbin Sent: Friday, October 08, 2004 3:15 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: One-Hop Secure Gateway implementation Do the performance stats show active connections? Do the CSG event logs show client connections/disconnections? _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of kevin.mcphail@xxxxxxxxxxx Sent: Friday, 8 October 2004 10:48 a.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: One-Hop Secure Gateway implementation Hi Jeff, I have confirmed that connections are going through the Secure Gateway, although netstat -an is handier then using the IOS sh conn command at the firewall for getting to the information quickly. Users are able to use the gateway just fine and the only possible path through the firewall is from outside to SG to MPS. The only thing that is not working is the display of active connection in the mmc for SG (a nice feature that I would like to have working). Any other suggestions. _____ From: Jeff Durbin [mailto:techlists@xxxxxxxxxxxxx] Sent: Thursday, October 07, 2004 5:47 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: One-Hop Secure Gateway implementation The first thing to do is verify that the clients are actually connecting to the MetaFrame servers through the SG. Use 'netstat -an' on each box to verify the connections you're getting. On the SG/WI, you should see inbound TCP 443 connections from your clients and outbound connections to TCP 1494 on your MetaFrame servers. On the MetaFrame servers, you should see the TCP 1494 connections from the SG/WI only. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of kevin.mcphail@xxxxxxxxxxx Sent: Thursday, 7 October 2004 1:07 p.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] One-Hop Secure Gateway implementation Hi guys, I finally got around to upgrading to Secure Gateway 2.0 and WI 3.0. After following the Citrix document of assigning 2 ip addresses to the server and setting disablesocketpooling = true; then troubleshooting why that did not work and finding that IIS 6.0 does not use that Boolean and instead has a support tool for setting IIS to listen to only one address; then realizing that the Citrix document is outdated and no longer necessary, then trying to figure out how to undo everything I did, I finally got Secure Gateway and WI working on the same box and connections work great. Unfortuantely the Secure Gateway MMC does not seem to work correctly. Hopefully this is not because of one of the changes I made. Anyway when I look at http/s or ICA connections in the MMC the list is always empty. If I look at sh conn on the firewall I can see that the users are establishing connections to Citrix through the gateway just fine but for some reason the MMC tool is not registering this. Anyone have any suggestions? One of the things I was most excited about was the ability to easily see who is connected through the gateway and it is broken. :-( ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm