[THIN] Re: One-Hop Secure Gateway implementation
- From: "Jeff Pitsch" <jpitsch@xxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 8 Oct 2004 17:02:23 -0400
The easiest way to tell if a client is connecting through CSG (outside
of the SG MMC) is too look at the client and the Program Neighborhood
Connection Center. When you open it up, the application should say
\\Remote, 128-bit SSL/TLS next to it. That will tell you if your going
through CSG and if there is a problem with the MMC.
Jeff Pitsch
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Durbin
Sent: Friday, October 08, 2004 3:15 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: One-Hop Secure Gateway implementation
Do the performance stats show active connections? Do the CSG event logs
show
client connections/disconnections?
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of kevin.mcphail@xxxxxxxxxxx
Sent: Friday, 8 October 2004 10:48 a.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: One-Hop Secure Gateway implementation
Hi Jeff, I have confirmed that connections are going through the Secure
Gateway, although netstat -an is handier then using the IOS sh conn
command
at the firewall for getting to the information quickly. Users are able
to
use the gateway just fine and the only possible path through the
firewall is
from outside to SG to MPS. The only thing that is not working is the
display
of active connection in the mmc for SG (a nice feature that I would like
to
have working). Any other suggestions.
_____
From: Jeff Durbin [mailto:techlists@xxxxxxxxxxxxx]
Sent: Thursday, October 07, 2004 5:47 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: One-Hop Secure Gateway implementation
The first thing to do is verify that the clients are actually connecting
to
the MetaFrame servers through the SG. Use 'netstat -an' on each box to
verify the connections you're getting. On the SG/WI, you should see
inbound
TCP 443 connections from your clients and outbound connections to TCP
1494
on your MetaFrame servers. On the MetaFrame servers, you should see the
TCP
1494 connections from the SG/WI only.
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of kevin.mcphail@xxxxxxxxxxx
Sent: Thursday, 7 October 2004 1:07 p.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] One-Hop Secure Gateway implementation
Hi guys, I finally got around to upgrading to Secure Gateway 2.0 and WI
3.0.
After following the Citrix document of assigning 2 ip addresses to the
server and setting disablesocketpooling = true; then troubleshooting why
that did not work and finding that IIS 6.0 does not use that Boolean and
instead has a support tool for setting IIS to listen to only one
address;
then realizing that the Citrix document is outdated and no longer
necessary,
then trying to figure out how to undo everything I did, I finally got
Secure
Gateway and WI working on the same box and connections work great.
Unfortuantely the Secure Gateway MMC does not seem to work correctly.
Hopefully this is not because of one of the changes I made. Anyway when
I
look at http/s or ICA connections in the MMC the list is always empty.
If I
look at sh conn on the firewall I can see that the users are
establishing
connections to Citrix through the gateway just fine but for some reason
the
MMC tool is not registering this. Anyone have any suggestions? One of
the
things I was most excited about was the ability to easily see who is
connected through the gateway and it is broken. :-(
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
