1. Server A: All Roles Delivery Controller, StoreFront, Database-Server
2. Server B: VDA Windows Server 2012 R2
3. Server C: VDA Windows Server 2012 R2
We do not have an Netscaler Gateway because wo do not use external access.
Our problem now is that when Server B and C does not have Internet Access (HTTP, HTTPS) we are not able to login.
This mean we are able to login, Citrix Receiver presents Desktop Icon but when you click this Desktop Viewer starts, It seems you get the Background-Color of the desktop with no icons and then Desktop Viewer disappears without notice. In Eventlog of Server B I have the following Event logged:
I think this has something to do with misconfiguration of StoreFront - but I'm not sure:
a) Because you need a certificate we always used an public domain name to connect to the server. So there is a certificate for SERVER-A.REALDOMAIN.COM is issued from an external CA. Because we don't have our own CA and external CA doesn't sign certificates with .local Domains that was the solution
b) Our internal DNS Server knows this and returns correct A Record for SERVER-A.REALDOMAIN.COM with the internal IP of SERVER A.
c) We also added this to external DNS - but I think this doesn't matter.
Of course if you use nslookup on Server A, B, C you get the correct internal IP for all Names. Escapically SERVER-A.REALDOMAIN.COM -> Internal IP, also the internal DNS Names with and without domain Name.
On my research I went thru the Citrix Studio Configuration:
- Server B and Server C is listed on "Machines with Server-OS" as registered (Server A is unregistered); They are registered with internal DNS so server-a.mydomian.local
Question
Juergen Hartmann
Hello,
we have the following environment:
1. Server A: All Roles Delivery Controller, StoreFront, Database-Server
2. Server B: VDA Windows Server 2012 R2
3. Server C: VDA Windows Server 2012 R2
We do not have an Netscaler Gateway because wo do not use external access.
Our problem now is that when Server B and C does not have Internet Access (HTTP, HTTPS) we are not able to login.
This mean we are able to login, Citrix Receiver presents Desktop Icon but when you click this Desktop Viewer starts, It seems you get the Background-Color of the desktop with no icons and then Desktop Viewer disappears without notice. In Eventlog of Server B I have the following Event logged:
Protokollname: Application
Quelle: Citrix Desktop Service
Datum: 20.06.2020 14:06:29
Ereignis-ID: 1050
Aufgabenkategorie:Keine
Ebene: Warnung
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: SERVERB.mydomain.local
Beschreibung:
Verbindungsvalidierung in Domäne 'mydomain.local' für Benutzer 'xyz' fehlgeschlagen. Grund 'Deny'.
Ereignis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Citrix Desktop Service" />
<EventID Qualifiers="32768">1050</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-06-20T12:06:29.000000000Z" />
<EventRecordID>1474270</EventRecordID>
<Channel>Application</Channel>
<Computer>SERVERB.mydomain.local</Computer>
<Security />
</System>
<EventData>
<Data>mydomain.local</Data>
<Data>xyz</Data>
<Data>Deny</Data>
</EventData>
</Event>
I think this has something to do with misconfiguration of StoreFront - but I'm not sure:
a) Because you need a certificate we always used an public domain name to connect to the server. So there is a certificate for SERVER-A.REALDOMAIN.COM is issued from an external CA. Because we don't have our own CA and external CA doesn't sign certificates with .local Domains that was the solution
b) Our internal DNS Server knows this and returns correct A Record for SERVER-A.REALDOMAIN.COM with the internal IP of SERVER A.
c) We also added this to external DNS - but I think this doesn't matter.
Of course if you use nslookup on Server A, B, C you get the correct internal IP for all Names. Escapically SERVER-A.REALDOMAIN.COM -> Internal IP, also the internal DNS Names with and without domain Name.
On my research I went thru the Citrix Studio Configuration:
- Server B and Server C is listed on "Machines with Server-OS" as registered (Server A is unregistered); They are registered with internal DNS so server-a.mydomian.local
- On the delivery-groups page the StoreFront is https://SERVER-A.REALDOMAIN.COM
-Standardaddress for Storefront is also the external URL https://SERVER-A.REALDOMAIN.COM/Citrix/MyStoreWeb
- Config | Storefront the URL is also the external one https://SERVER-A.REALDOMAIN.COM
Under Citirx-Storefront in Studio
- I have MyStore active with Remoteaccess disabled. The URLs points to external URL (internal resoveable)
- There is a warning that tells me to add Gatewaydevices that users are able to use passthru-auth from netscaler!?
If iclick Manage Beacons:
- Internal Beacon is set to use Service-URL?
- External Beacons there are added two (I don't know who did this): First Beacon is to http://ping.citrix.com and second is http://www.google.com
We never had an issue with the configuration - but if we disconnect the internet access from server b and server c we run into this troubles...
So can any one of you help me with that?
- what is going on during logon to desktop and how to fix this so that it works without internet access?
- how do you deal with the certificates in this case - so what is a clean and recommendec configuration if you do not use external access?
regards
Tom
Link to comment
1 answer to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now