Jump to content
Welcome to our new Citrix community!

Workspace Discovery Not Working through Netscaler


Recommended Posts

Similar issue to prior posting:  https://discussions.citrix.com/topic/404149-workspace-discovery-not-working-through-netscaler/

 

Receiver discovery works internally, but not thru NetScaler (11.1 57.13.nc)..  Beacons are correct in Storefront (7.15 LTSR CU2; SF 3.12.2000.8) ; internal beacon not accessible externally.  External beacon:  https://remotetest.<domain>.org   No VDA on test machine, which is running Citrix Workspace 1812.  Session Policy does have Account Services address defined:  https://test-gateway.<domain>.org  Base URL of StoreFront is the same.

 

I enabled logging on Receiver on remote workstation.  Getting the following error logged:

 

Time: Wed Oct 30 16:26:34 2019 UTC
LocalTime: Wed Oct 30 11:26:34 2019
Type: Information
Module: Citrix Authentication Manager
Location: C:\Program Files (x86)\Citrix\ICA Client\AuthManager\AuthManSvr.exe
Version: 18.12.0.2 (Release)
Platform: Windows 10.0.9200 64-bit  SP Version: 0.0 SuiteMask: 256 ProductType: 1 IE: 11.1006.17134.0
Description: Citrix Authentication Manager terminating.

Time: Wed Oct 30 16:27:43 2019 UTC
LocalTime: Wed Oct 30 11:27:43 2019
Type: Warning
Module: Citrix Primary Authenticator
Location: C:\Program Files (x86)\Citrix\ICA Client\AuthManager\PrimaryAuthModule.exe
Version: 18.12.0.2 (Release)
Platform: Windows 10.0.9200 64-bit  SP Version: 0.0 SuiteMask: 256 ProductType: 1 IE: 11.1006.17134.0
Description: Unexpected protocol was received from the server.
Exception type: Protocol exception
Detail: Received an unexpected HTTP status 500 from the gateway
Context:
    During CAGLegacyAuthImpl::Authenticate to Gateway='https://remotetest.<domain>.org/'; current URL='https://remotetest.<domain>.org/cgi/login'


Time: Wed Oct 30 16:27:44 2019 UTC
LocalTime: Wed Oct 30 11:27:44 2019
Type: Warning
Module: Citrix Authentication Manager
Location: C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\AUTHMANAGER\AUTHMANSVR.EXE
Version: 18.12.0.2 (Release)
Platform: Windows 10.0.9200 64-bit  SP Version: 0.0 SuiteMask: 256 ProductType: 1 IE: 11.1006.17134.0
Description: Unexpected protocol was received from the server.
Exception type: Protocol exception
Detail: A protocol exception occurred during logon
Context:
    During RetrieveOrCreateAgSessionForGateway gateway=GenericGateway(LegacyEEGateway(url=https://remotetest.<domain>.org/, auth type=Domain, ssl client auth=None))
    During CGatewayServiceTransaction::SendAndReceive gateway='GenericGateway(LegacyEEGateway(url=https://remotetest.<domain>.org/, auth type=Domain, ssl client auth=None))' path='/AGServices/discover'
    CAuthManImpl::RetrieveGatewayDiscoveryImpl gatewayInfo='LogonPointUrl='https://remotetest.<domain>.org/', Edition=Enterprise (2), AuthenticationType=Domain (2)'

 

Not quite sure where to look next.

 

Works internally, but not externally.  I also downloaded the Store Provisioning file and attempted remote connection again.  Basically same info in the Receiver log:

 

Time: Wed Oct 30 19:12:35 2019 UTC
LocalTime: Wed Oct 30 14:12:35 2019
Type: Warning
Module: Citrix Primary Authenticator
Location: C:\Program Files (x86)\Citrix\ICA Client\AuthManager\PrimaryAuthModule.exe
Version: 18.12.0.2 (Release)
Platform: Windows 10.0.9200 64-bit  SP Version: 0.0 SuiteMask: 256 ProductType: 1 IE: 11.1006.17134.0
Description: Unexpected protocol was received from the server.
Exception type: Protocol exception
Detail: Received an unexpected HTTP status 500 from the gateway
Context:
    During CAGLegacyAuthImpl::Authenticate to Gateway='https://remotetest.<domain>.org/'; current URL='https://remotetest.<domain>.org/cgi/login'


Time: Wed Oct 30 19:12:35 2019 UTC
LocalTime: Wed Oct 30 14:12:35 2019
Type: Warning
Module: Citrix Authentication Manager
Location: C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\AUTHMANAGER\AUTHMANSVR.EXE
Version: 18.12.0.2 (Release)
Platform: Windows 10.0.9200 64-bit  SP Version: 0.0 SuiteMask: 256 ProductType: 1 IE: 11.1006.17134.0
Description: Unexpected protocol was received from the server.
Exception type: Protocol exception
Detail: A protocol exception occurred during logon
Context:
    During RetrieveOrCreateAgSessionForGateway gateway=GenericGateway(LegacyEEGateway(url=https://remotetest.<domain>.org/, auth type=Domain, ssl client auth=None))
    CAuthHttpRequestImpl::SendAndReceive

 

Some additional information . . . 

 

Wondered if this was related to the following post:  https://discussions.citrix.com/topic/376304-a-protocol-error-occured-while-communicating-with-the-authentication-service/

(see also:  https://support.citrix.com/article/CTX236727)

 

I checked the web.config in C:\inetpub\wwwroot\Citrix\Roaming and found there is  an entry under <add id=; however, the id is different than what is listed in either the foum posting or CTX article

 

    <tokenManager>
      <services>
        <clear />
        <service id="c79b1bb1-16e5-4a2e-b4e9-de7af1074580" displayName="Roaming Consumer">
          <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00">
            <clear />
          </relyingParties>
          <trustedIssuers decipherId="700d46a6-ae21-47b6-aafb-cdfadb29bcac">
            <clear />
            <add id="7650c9fb-7a27-411a-b9db-67e1484e0341" location="https://test-gateway.<domain>.org/Citrix/Authentication/auth/v1/token"
              verifyId="d59c8bb3-3dce-4880-bfa6-8b28d78ab2ca" />

          </trustedIssuers>
          <allowedAudiences>
            <add name="https-test-gateway.<domain>.org" audience="https://test-gateway.<domain>.org/" />
          </allowedAudiences>
        </service>
      </services>
    </tokenManager>

 

I tried removing the <add id= entry, but it didn't make any difference

Link to comment
Share on other sites

Some additional and clarifying information . . . 

 

Environment was recently built by someone who is no longer involved.  Issue we're encountering is very similar to this post:  https://discussions.citrix.com/topic/398332-cannot-tcontact-server-error-with-receiver/   Receiver Logs show that Receiver "thinks" it's on the INSIDE, but not sure why.  Only difference is we're encountering a response status=302, where other gentleman was getting a 404 response.

 

Quick Summary:. 

  • Receiver and Receiver for Web work INTERNALLY.  Receiver for Web works EXTERNALLY.  Receiver fails EXTERNALLY during discovery.
  • Internal and external domain names are different
  • Storefront SSL cert (from public CA):  *.<ExtDomain>.org
  • Internal Beacon:  https://<SFhostname>.<IntDomain>.org
  • External Beacon:  https://remotetest.<ExtDomain>.org
    • this address is NOT resolvable internally; only resolves to external IP address
  • Base URL:  https://test-gateway.<ExtDomain>.org  (resolves to Storefront server IP address; currently not load-balanced)
    • base URL is currently resolvable externally.  Working on getting that record deleted
  • NS vServer SSL cert (from public CA):  *.<ExtDomain>.org
  • No SAN certs; not concerned about email-based discovery at this time.
  • Host name field under IIS bindings is blank
  • Receiver Session Profile | Published Applications
    • Web Interface Address:  https://test-gateway.<ExtDomain>.org  (tried both with and without /Citrix/StoreWeb)
    • Account Services Address:  https://test-gateway.<ExtDomain>.org/  (tried both with and without trailing "/")

Excerpt from Receiver Log:

 
[2019-11-01 09:44:29:131] [10320] [genericworkqueue.cpp:998] CGenericWorkQueue::ARConfigureCRProcessing: URL based configuration started .. remotetest.<ExtDomain>.org
[2019-11-01 09:44:29:132] [10320] [configurationprovider.cpp:994] ConfigurationProvider::getConfigForURL :: START remotetest.<ExtDomain>.org
[2019-11-01 09:44:29:132] [10320] [configurationprovider.cpp:895] ConfigurationProvider::ValidateCertificate: START
[2019-11-01 09:44:29:137] [10320] [winsslvalidation.cpp:74] WinSSLValidation::PerformValidation(), initialized ConnectionManager.
[2019-11-01 09:44:29:382] [13032] [v1interfaces.cpp:137] In CSDKRegister::Register
[2019-11-01 09:44:29:382] [13032] [genericworkqueue.cpp:1760]  CGenericWorkQueue::QueueWorkItem wake up the dequeue thread as we have an item in the queue
[2019-11-01 09:44:29:382] [12356] [genericworkqueue.cpp:1511] DequeueThread: waiting on event
[2019-11-01 09:44:29:382] [12356] [genericworkqueue.cpp:1513] DequeueThread: Got reset event
[2019-11-01 09:44:29:382] [12356] [genericworkqueue.cpp:1527] DequeueThread:  active Workitem is not null 
[2019-11-01 09:44:29:382] [12356] [genericworkqueue.cpp:1539] DequeueThread:  active Workitem process the item normally 
[2019-11-01 09:44:29:382] [12356] [client.cpp:46] New client object (00AF5D68) created,  guid = {826AB1F5-F73D-43E9-AC5E-14A3AE8A8E15} name = Auth Manager pid = 14260
[2019-11-01 09:44:29:382] [12356] [genericclientregistration.cpp:159] Client Auth Manager  has registered.
[2019-11-01 09:44:29:382] [12356] [windowspluginstartup.cpp:338] Attempting detection for client {826AB1F5-F73D-43E9-AC5E-14A3AE8A8E15}, pid 14260, file C:\Program Files (x86)\Citrix\ICA Client\AuthManager\AuthManSvr.exe
[2019-11-01 09:44:29:383] [12356] [windowspluginstartup.cpp:348] Generated rule "reg:HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E934E7405296DB4EAB4C4CC18EEA7DC\InstallProperties\DisplayVersion" for "Citrix Authentication Manager" 19.8.200.110
[2019-11-01 09:44:29:384] [12356] [inventory.cpp:102] CInventory::AddPlugin entered
[2019-11-01 09:44:29:384] [12356] [inventory.cpp:104] Adding plugin Citrix Authentication Manager to Local inventory.
[2019-11-01 09:44:29:384] [12356] [inventory.cpp:162] AddPlugin: exits 
[2019-11-01 09:44:29:385] [12356] [windowsplatformfactory.cpp:1277] Running as Receiver Inside.
[2019-11-01 09:44:29:385] [2296] [windowspluginstartup.cpp:400] Started client exit monitor for {826AB1F5-F73D-43E9-AC5E-14A3AE8A8E15}, pid 14260
[2019-11-01 09:44:29:388] [1988] [v3interfaces.cpp:380] In CSDKControlHandler::Register
[2019-11-01 09:44:29:392] [13472] [v1interfaces.cpp:163] In CSDKRegister::UpdateStatus
[2019-11-01 09:44:29:392] [13472] [genericworkqueue.cpp:1760]  CGenericWorkQueue::QueueWorkItem wake up the dequeue thread as we have an item in the queue
[2019-11-01 09:44:29:392] [12356] [genericworkqueue.cpp:1511] DequeueThread: waiting on event
[2019-11-01 09:44:29:392] [12356] [genericworkqueue.cpp:1513] DequeueThread: Got reset event
[2019-11-01 09:44:29:392] [12356] [genericworkqueue.cpp:1527] DequeueThread:  active Workitem is not null 
[2019-11-01 09:44:29:392] [12356] [genericworkqueue.cpp:1539] DequeueThread:  active Workitem process the item normally 
[2019-11-01 09:44:29:392] [12356] [windowsplatformfactory.cpp:1277] Running as Receiver Inside.
[2019-11-01 09:44:29:823] [10320] [winsslvalidation.cpp:82] WinSSLValidation::PerformValidation(), got server Cert context: 040E44E8
[2019-11-01 09:44:29:898] [10320] [winsslvalidation.cpp:556] Revocation is not configured for certificate.
[2019-11-01 09:44:29:898] [10320] [winsslvalidation.cpp:96] calling GetCertDisplayDetails.
[2019-11-01 09:44:29:898] [10320] [winsslvalidation.cpp:98] returned from GetCertDisplayDetails.
[2019-11-01 09:44:29:899] [10320] [winsslvalidation.cpp:106] WinSSLValidation::PerformValidation(): setting org and root before return.
[2019-11-01 09:44:29:914] [10320] [windowsipc.cpp:171] CWindowsIPC::Connect CreateFile, GetLastError() returns 0
[2019-11-01 09:44:29:914] [10320] [clientcallback.cpp:79] Connected to client callback. Calling...
[2019-11-01 09:44:29:914] [10320] [configurationprovider.cpp:1139] ConfigurationProvider::IsAccoutServiceURL: Account url is succeed: url is: https://remotetest.<ExtDomain>.org/Citrix/Roaming/Accounts
[2019-11-01 09:44:29:914] [10320] [configurationprovider.cpp:235] ConfigurationProvider::getActualURL:: START
[2019-11-01 09:44:29:914] [10320] [configurationprovider.cpp:71] ConfigurationProvider::InitializeConnectionManager: initialize AuthManager ConnectionManager
[2019-11-01 09:44:29:929] [10320] [findwindowhandle.cpp:17] Process32FirstW() successful
[2019-11-01 09:44:30:521] [7864] [v8interfaces.cpp:149] In CSDKV8Handler::ARGetVpnCapability
[2019-11-01 09:44:30:522] [7864] [v8interfaces.cpp:179] In CSDKV8Handler::ARGetVpnCapability Capability = 0
[2019-11-01 09:44:30:524] [2224] [v8interfaces.cpp:192] In CSDKV8Handler::ARIsConfiguredVpnGateway
[2019-11-01 09:44:30:524] [2224] [v8interfaces.cpp:195] Gateway = https://remotetest.<ExtDomain>.org/
[2019-11-01 09:44:30:524] [2224] [ctxaccountprovider.cpp:948] CtxAccountProvider::GetPrimaryVPNInfo(SRGateway) START: 
[2019-11-01 09:44:30:524] [2224] [ctxaccountprovider.cpp:908] CtxAccountProvider::GetPrimaryVPNInfo(SRStore) START: 
[2019-11-01 09:44:30:524] [2224] [ctxaccountprovider.cpp:942] CtxAccountProvider::GetPrimaryVPNInfo END: 
[2019-11-01 09:44:30:525] [2224] [ctxaccountprovider.cpp:973] Primary account doesn't contain VPN info
[2019-11-01 09:44:30:525] [2224] [ctxaccountprovider.cpp:985] CtxAccountProvider::GetPrimaryVPNInfo(SRGateway) END: 
[2019-11-01 09:44:30:525] [2224] [logonmanager.cpp:313] No gateway configured for primary account. Checking legacy location...
[2019-11-01 09:44:30:525] [2224] [windowsplatformfactory.cpp:1277] Running as Receiver Inside.
[2019-11-01 09:44:30:525] [2224] [logonmanager.cpp:333] Legacy gateway configured: 
[2019-11-01 09:44:30:525] [2224] [v8interfaces.cpp:212] No gateway is configured
[2019-11-01 09:44:42:700] [10320] [configurationprovider.cpp:1142] ConfigurationProvider::IsAccoutServiceURL: Actual url:  and retVal false
[2019-11-01 09:44:42:700] [10320] [winhttpclient.cpp:66] SendHttpRequest: url=https://remotetest.<ExtDomain>.org/Citrix/Store/discovery
[2019-11-01 09:44:42:711] [10320] [winhttpclient.cpp:72] created request: 040F07B8
[2019-11-01 09:44:42:724] [14240] [v8interfaces.cpp:115] In CSDKV8Handler::ARGetConnectedVpnGateway
[2019-11-01 09:44:42:724] [14240] [v8interfaces.cpp:136] VPN is not installed.
[2019-11-01 09:44:42:726] [5732] [v6interfaces.cpp:124] CSDKLocationAwareness::GetNetworkLocationForStore, storeAddr https://remotetest.<ExtDomain>.org/Citrix/Store/discovery
[2019-11-01 09:44:42:726] [5732] [srprovider.cpp:521] SRProvider::GetStoreFromURL full store address not found, looking for scheme-host-port, shpAddress is remotetest.<ExtDomain>.org
[2019-11-01 09:44:42:726] [5732] [networklocation.cpp:320] Store can't be found. Returning default LAN location.
[2019-11-01 09:44:42:726] [5732] [networklocation.cpp:323] Location for url https://remotetest.<ExtDomain>.org/Citrix/Store/discovery is INSIDE
[2019-11-01 09:44:42:726] [5732] [v6interfaces.cpp:130] CSDKLocationAwareness::GetNetworkLocationForStore, network state:1
[2019-11-01 09:44:42:730] [11784] [v8interfaces.cpp:115] In CSDKV8Handler::ARGetConnectedVpnGateway
[2019-11-01 09:44:42:730] [11784] [v8interfaces.cpp:136] VPN is not installed.
[2019-11-01 09:44:43:94] [10320] [winhttpclient.cpp:102]     response: status=302
[2019-11-01 09:44:43:99] [10320] [configurationprovider.cpp:947] ConfigurationProvider::getConfigForLegacyProvider : not reachable for :  https://remotetest.<ExtDomain>.org
[2019-11-01 09:44:43:99] [10320] [winhttpclient.cpp:66] SendHttpRequest: url=https://remotetest.<ExtDomain>.org/Citrix/PNAgent/Config.xml
[2019-11-01 09:44:43:109] [10320] [winhttpclient.cpp:72] created request: 040F08A8
[2019-11-01 09:44:43:113] [2116] [v8interfaces.cpp:115] In CSDKV8Handler::ARGetConnectedVpnGateway
[2019-11-01 09:44:43:113] [2116] [v8interfaces.cpp:136] VPN is not installed.
[2019-11-01 09:44:43:115] [13852] [v6interfaces.cpp:124] CSDKLocationAwareness::GetNetworkLocationForStore, storeAddr https://remotetest.<ExtDomain>.org/Citrix/PNAgent/Config.xml
[2019-11-01 09:44:43:115] [13852] [srprovider.cpp:521] SRProvider::GetStoreFromURL full store address not found, looking for scheme-host-port, shpAddress is remotetest.<ExtDomain>.org
[2019-11-01 09:44:43:115] [13852] [networklocation.cpp:320] Store can't be found. Returning default LAN location.
[2019-11-01 09:44:43:115] [13852] [networklocation.cpp:323] Location for url https://remotetest.<ExtDomain>.org/Citrix/PNAgent/Config.xml is INSIDE
[2019-11-01 09:44:43:115] [13852] [v6interfaces.cpp:130] CSDKLocationAwareness::GetNetworkLocationForStore, network state:1
[2019-11-01 09:44:43:119] [13944] [v8interfaces.cpp:115] In CSDKV8Handler::ARGetConnectedVpnGateway
[2019-11-01 09:44:43:119] [13944] [v8interfaces.cpp:136] VPN is not installed.
[2019-11-01 09:44:43:337] [10320] [winhttpclient.cpp:102]     response: status=302
[2019-11-01 09:44:43:346] [10320] [configurationprovider.cpp:947] ConfigurationProvider::getConfigForLegacyProvider : not reachable for :  https://remotetest.<ExtDomain>.org
[2019-11-01 09:44:43:347] [10320] [genericworkqueue.cpp:1016] CGenericWorkQueue::ARConfigureCRProcessing:    retVal=9
[2019-11-01 09:44:43:347] [10320] [windowsipc.cpp:171] CWindowsIPC::Connect CreateFile, GetLastError() returns 0
[2019-11-01 09:44:43:347] [10320] [clientcallback.cpp:79] Connected to client callback. Calling...
[2019-11-01 09:44:48:885] [14516] [v7interfaces.cpp:94] In CSDKAutoDManager::CancelConfigureCR


Welcome any thoughts and suggestions.

Link to comment
Share on other sites

  • 9 months later...
  • 2 years later...

I am currently experiencing the same problem. This is a new environment.

Current Environment:
Citrix ADC version 13.1-33-52
Citrix Workspace App version 22.10.0
Citrix CVAD version 2203.1
Windows 10 version 21H2

 

Summary:
- Receiver and Receiver for Web work INTERNALLY.  Receiver for Web works EXTERNALLY.  Receiver fails EXTERNALLY during discovery.
- Internal and external domain names are different
- Internal Beacon:  https://<SFhostname FQDN>.  This address is NOT resolvable externally.
- External Beacon:  https://<GWhostname FQDN>.  
 
When configuring Workspace App with the Gateway URL is fails with a time out message. In the Workspace app AuthManSvr log i am seeing the following messages:

Exception type: Protocol exception
Detail: Received an unexpected redirect location from the gateway: location=/logon/LogonPoint/index.html
Context:
                During CAGLegacyAuthImpl::Authenticate to Gateway='https://gateway1.dummy.org/'; current URL='https://gateway1.dummy.org/'

Detail: A protocol exception occurred during logon
Context:
                During RetrieveOrCreateAgSessionForGateway gateway=GenericGateway(LegacyEEGateway(url=https://gateway1.dummy.org/, auth type=GatewayKnows, ssl client auth=None))
                During CGatewayServiceTransaction::SendAndReceive gateway='GenericGateway(LegacyEEGateway(url=https://gateway1.dummy.org/, auth type=GatewayKnows, ssl client auth=None))' path='/AGServices/discover'
                CAuthManImpl::RetrieveGatewayDiscoveryImpl gatewayInfo='LogonPointUrl='https://gateway1.dummy.org/', Edition=Enterprise (2), AuthenticationType=GatewayKnows (5)'

Exception type: Invalid parameter exception
Detail: The server URL supplied had invalid syntax or an unsupported scheme
Context:
                During CAuthManImpl::DetermineServerType url=gateway1.dummy.org

test.txt

Link to comment
Share on other sites

  • 5 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...