[THIN] Re: There is no Citrix SSL Server configured on the sp ecifiedaddress.

  • From: "Alexander Danilychev" <teknica@xxxxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Wed, 12 Mar 2003 20:43:20 -0800

Any chance to turn IIS on on the same box as CSG?

If so:
1. Forget about NFuse and MetaFrame
2. Stop CSG, if IIS is not installed - install it (patches will be needed or 
you will be hacked in about 2 mins). After this test you can disable IIS - 
disabled IIS is completely harmless ;}
3. We are assuming MetaFrame, NFuse and STAs are on a different box(es) -- 
no funny stuff!
4. Apply the same certificate that you used for CSG to IIS.
5. Create a default page: <HTML><BODY>BLABLABLA</BODY></HTML>
6. Make sure you can display it over SSL via full FQDN

Now, do you have any problems?
a. Check certificate by clicking on it - do you see any certificate errors 
when you open it? Do it from external machine.

b. If problems exist, such as root authority is missing or FQDN is 
incorrectly listed by the certificate - fix it.
c. If you are good with IIS, disable it and go back to CSG.
7. Try CSG - if it does not work, try disabling ticketing and switch to 
relay mode. If this works - STA is a problem.
8. Ideal place for STA is on NFuse with a separate IP hidden from outside, 
unless you can afford another box and move it away from DMZ (as Citrix 
recommends).
9. Doesn?t work - email back and we see what else to do.

ALEX




>From: "Rowlandson, John" <John.Rowlandson@xxxxxxxxxxxxx>
>Reply-To: thin@xxxxxxxxxxxxx
>To: <thin@xxxxxxxxxxxxx>
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp 
>ecified address.
>Date: Thu, 13 Mar 2003 15:24:51 +1100
>
>
>Mallesons Stephen Jaques
>www.mallesons.com
>
>Confidential communication
>
>
>
>do you have the patch loaded on the csg server?
>
>-----Original Message-----
>From: Chris Hardy [mailto:Chris.Hardy@xxxxxxxxxxxxx]
>Sent: Thursday, 13 March 2003 3:17 PM
>To: 'thin@xxxxxxxxxxxxx'
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp
>ecified address.
>
>
>
>I've got no hair left!!
>
>I may be going mad but these are my firewall rules, I'm sure this is all =
>you
>need for a proper CSG solution.
>
>1. External access on port 443 to the Nfuse and CSG boxes (same box) - =
>you
>can get to these boxes on 443 from anywhere
>2. Nfuse and CSG box has 80, 443 and 1494 access to Metaframe Server on
>internal network.
>
>I have checked and doubled checked that all ports and access is open and
>working correctly.
>
>I dont need External access to my metaframe box, right?  That then =
>defeats
>the purpose of CSG, right?  The only access to the metaframe server is =
>from
>the Nfuse/CSG box in the DMZ.
>
>Like I said before, I can log in - get the published app. list (I know =
>this
>is all done on XML - port 80) but the minute I click on the publish app.
>
>Maybe its time to call Citrix themselves, I dont know what else to look =
>at.
>
>-----Original Message-----
>From: Chris Hardy
>To: 'thin@xxxxxxxxxxxxx'
>Sent: 13/03/03 9:01
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp
>ecified address.
>
>
>Thanks Richard - will check on that - something I didnt even think of.
>
>-----Original Message-----
>From: Manley, Richard [mailto:RManley@xxxxxxxxxxxxxxxx]
>Sent: Thursday, 13 March 2003 12:46 AM
>To: 'thin@xxxxxxxxxxxxx'
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp
>ecified address.
>
>
>
>I can't remember now but when we set this up we had a problem where our
>certificate authority issued the certificate  as csg rather than
>csg.company.com.  I think we had issues with this that created the above
>error
>
>-----Original Message-----
>From: Steve Snyder [mailto:steven_snyder@xxxxxxxxx]
>Sent: 12 March 2003 06:04
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Re: There is no Citrix SSL Server configured on the sp
>ecified address.
>
>
>
>In addition to using FQDN in the DNS, don't forget to
>have the domain name as part of the server's fully
>qualified name as well - System Properties, Network
>Identification, Full Computer Name
>
>--- Chris Hardy <Chris.Hardy@xxxxxxxxxxxxx> wrote:
> >=20
> > Thanks Roger.  I've been down that track.  The SSL
> > relay FQDN is right and
> > ofcourse the name/ip address of the metaframe server
> > is encrypted with the
> > STA and CSG stuff.
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Web Hosting - establish your business online
>http://webhosting.yahoo.com
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=20
>Get 30-40% more users per server to save $$$ and time.=20
>Add users now! - not more servers. If you're using Citrix,=20
>you must learn about TScale!  Free 30-day eval:
>http://www.rtosoft.com/Enter.asp?ID=3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=20
>set Digest or Vacation mode use the below link:
>http://thethin.net/citrixlist.cfm
>=20
>This e-mail and any attachments are CONFIDENTIAL and may contain legally
>privileged information.  If you are not the intended recipient of this
>e-mail message, please telephone or e-mail us immediately, delete this
>message from your system and do not read, copy, distribute, disclose or
>otherwise use this e-mail message and any attachments. Although Heath
>Lambert believes this e-mail and any attachments to be free of any virus
>or
>other defect which may affect your computer, it is the responsibility of
>the
>recipient to ensure that it is virus free and Heath Lambert does not
>accept
>any responsibility for any loss or damage arising in any way from its
>use.
>Finally, you should be aware that Heath Lambert reserves the right and
>intends to intercept and monitor incoming and outgoing e-mail
>correspondence, so you should not expect any e-mail communications to be
>private in nature.
>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=20
>Get 30-40% more users per server to save $$$ and time.=20
>Add users now! - not more servers. If you're using Citrix,=20
>you must learn about TScale!  Free 30-day eval:
>http://www.rtosoft.com/Enter.asp?ID=3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=20
>set Digest or Vacation mode use the below link:
>http://thethin.net/citrixlist.cfm
>
>
>************************************************************************
>MIMEsweeper has been used to check this email for security
>************************************************************************
>
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=20
>Get 30-40% more users per server to save $$$ and time.=20
>Add users now! - not more servers. If you're using Citrix,=20
>you must learn about TScale!  Free 30-day eval:
>http://www.rtosoft.com/Enter.asp?ID=3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=20
>set Digest or Vacation mode use the below link:
>http://thethin.net/citrixlist.cfm
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.=20
>Get 30-40% more users per server to save $$$ and time.=20
>Add users now! - not more servers. If you're using Citrix,=20
>you must learn about TScale!  Free 30-day eval:
>http://www.rtosoft.com/Enter.asp?ID=3D79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or=20
>set Digest or Vacation mode use the below link:
>http://thethin.net/citrixlist.cfm
>*********************************************************
>This Week's Sponsor - RTO Software / TScale
>TScale increases terminal server capacity.
>Get 30-40% more users per server to save $$$ and time.
>Add users now! - not more servers. If you're using Citrix,
>you must learn about TScale!  Free 30-day eval:
>http://www.rtosoft.com/Enter.asp?ID=79
>**********************************************************
>
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
>http://thethin.net/citrixlist.cfm


_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity. 
Get 30-40% more users per server to save $$$ and time. 
Add users now! - not more servers. If you're using Citrix, 
you must learn about TScale!  Free 30-day eval:
http://www.rtosoft.com/Enter.asp?ID=79
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

  • » [THIN] Re: There is no Citrix SSL Server configured on the sp ecifiedaddress.