Jump to content
Welcome to our new Citrix community!

Secure Ticket Authority - How to IIS load ctxsta.dll


SEIJI NOGUCHI

Recommended Posts

Hi All, I'm seiji,

Please Teach me,

 

The citrix gateway remains the same,
We are rebuilding StoreFront / Delivery Controller (OS version upgrade).

 

StoreFront/DeveliveryContoller is a separate server.

 

 

There is http://IPAddress/scripts/ctxsta.dll as a setting of DeliveryController from citrixgateway.

Please tell me the following.

 

1.

 

I just installed IIS on the Dellivery Controller. Do I need a setting to load ctxsta.dll?

 

2. 

Accessing http: //IPAddress/scripts/ctxsta.dll with a browser results in a 406 error. Is this correct?

I would like to know how to check if the settings are correct.

 

3.

 

Is there a way to check the Delivery Controller STAid from the command line from citrix gateway?

 

I want to confirm in advance whether the Delivery Controller STA can be obtained from Citrix Gateway.

 

 

I want you to help me in a hurry.

 

 

Link to comment
Share on other sites

STA is included with all Delivery Controller installations, whether you use IIS or not. You don't have to do anything.

 

On your Gateway vServer, add the STA server (Delivery Controller) address and see if it finds the STA ID.

 

The STA ID is at HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\DesktopServer\XmlStaIdentity

Link to comment
Share on other sites

>>I want to check if I can get STA from citrix gateway.

Do you mean that you want to check to see if you can access your STA from the ADC?

 

>>Before adding to vServer.

There is no harm in adding an STA to a vServer. You can also add your STAs globally, if you wish.

Go to NetScaler Gateway | Global Settings | Bind/Unbind Servers to be used by the Secure Ticket Authority.

1430555694_NetScaler-BindGlobalSTAa.thumb.jpg.0c622775fc6e32fe8c4e0b93f3983901.jpg

 

If the State is UP, then you are good to go.

62057261_NetScaler-BindGlobalSTAs2.thumb.jpg.9c422e3fcd6908a3e023a308779496c4.jpg

 

>>I want to check if there are any network settings or other setting errors.

>>Is there a command to check it?

You can check if you can ping the STA(s) from the gateway.

If you are using SSL, you can see if you can TELNET to port 443 on the STA(s).

Link to comment
Share on other sites

Thank you for all your greatest support!

 

> Do you mean that you want to check to see if you can access your STA from the ADC?

 Yes! But ,  I want to check if the STA of the ADC to be added can be acquired by a command such as telnet without setting it in the vserver.

 

 I am not using SSL. Port 80 on the STA(s). (DeliveryContoroller = STA meaning?)

 

Can I get STA if I can communicate with telnet?

 

> You can also add your STAs globally, 

 What is the difference between adding to a vServer and adding globally?

 

 

 

 

Link to comment
Share on other sites

>I want to check if the STA of the ADC to be added can be acquired by a command such as telnet without setting it in the vserver.

You can certainly try TELNET without adding it to a vServer.

 

> I am not using SSL. Port 80 on the STA(s). (DeliveryContoroller = STA meaning?)

In StoreFront, the STAs are set up under Manage NetScaler Gateways

 

>Can I get STA if I can communicate with telnet?

If you can TELNET to your STA, you should be good.

 

>What is the difference between adding to a vServer and adding globally?

If you had 2 or more gateway vServers, and they used the same STAs, if you add them globally, you only need to add them once - otherwise, you would need to add them once for each vServer.

Link to comment
Share on other sites

>You can certainly try TELNET without adding it to a vServer.

 

 I want to check if the correct STA value is obtained after connecting to telnet.
 Is there a way to check the value of STA after telnet connection?

 

 If you know the command, please tell me.

 

>In StoreFront, the STAs are set up under Manage NetScaler Gateways

  

  Storefront / Delivery Controller has separate OS.

   The server (STA) that is set as the Citrix Gateway vServer is StoreFront Server IPAddress? DeliveryContoller Server IPAddress?

 

>If you had 2 or more gateway vServers, and they used the same STAs, if you add them globally, you only need to add them once - otherwise,

>you would need to add them once for each vServer.

  

 Thanks! I understood.

 

Link to comment
Share on other sites

5 minutes ago, SEIJI NOGUCHI said:

Lastly, please teach me which server (STA) is set as the Citrix Gateway vServer.

(StoreFront Server IPAddress? The IP address of the Delivery Controller server?)

 

Just to clarify some things:

1) the STA is running on your VDC (Delivery Controllers).  To check the port in use, you can check the broker service.

2) Both StoreFront AND the Gateway need to know the STA's.

 

3) If you want to check if the Gateway can reach the STA and validate the STAID before updating your regular gateway (vpn vserver), you can spin up a temp vpn vserver (vpn vserver 2 with no ip address assigned, make it non-addressable). Then when you look at the Gateway vserver 2's config in the GUI, scroll down to the Published Resources section and configure your STA Urls there.  

After you click OK, you then re-open the vpn vserver 2 properties and confirm if the STA ID was retrieved for each STA, and if they are now in an UP state. You will also see valid or failed messages from built in probes in syslog.

 

4) You cannot configure STA's to be load balanced. The GAteway must see the individual STA's and it will choose which one to use to redeem a ticket based on the STAID in the ticket presented.  

 

When you configue the GAteway with the STA's:

ADd:

https://<controller1 fqdn or ip>/

or 

http://<controller2fqdn or ip>/

 

If you need an alternate port:

https://controller.demo.com:xxxx   where the x's are the port.

 

 

Edited by Rhonda Rowland
Added notes.
Link to comment
Share on other sites

12 hours ago, SEIJI NOGUCHI said:

Is there a way to check the Delivery Controller STAid from the command line from citrix gateway?

 

I want to confirm in advance whether the Delivery Controller STA can be obtained from Citrix Gateway.

 

 

I want you to help me in a hurry.

 

And to check your original gateway's STA configuration from cli:

Connect to the NetScaler/Citrix ADC over ssh:

# gets a list of vpn vservers

show vpn vserver

# gets property of existing vpn vservers; this will show you current sta configuration and their up/down status with STAID

show vpn vserver <vpn vservername>

# to get actual config command; will show configured sta's but not up/down status

show ns runningconfig | grep <vpn vserver name> -i

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...