Ra Mo Posted March 31, 2023 Share Posted March 31, 2023 Hi, I have a new Citrix farm with only 1 VDA, 1 Storefront combined with a Citrix Controller. We have a new subnet for clients. If i try to reach the old storefront xenapp 7.13 the login page pops up immediately. With the new storefront it takes about 1 minute for it to complete loading so I can log on. I cannot find any errors in the logs or anything blocked in the firewalls. The only difference is that the new storefront uses HTTPS, with the old one uses HTTP. If it was blocked in the firewall it should never have loaded at all. I cannot reproduse this issue from another subnet. And I cannot reproduse it from the outside when logging in through the netscaler. I am using version 2303 in the new environment. Any tips on how I can troubleshoot this? Link to comment Share on other sites More sharing options...
Jeff Riechers Posted March 31, 2023 Share Posted March 31, 2023 If you connect to http instead of https does it render quickly? Is the storefront behind a netscaler? if you do a tracert to the old and new storefront are there extra hops on the new not seen on the old? Link to comment Share on other sites More sharing options...
Ra Mo Posted March 31, 2023 Author Share Posted March 31, 2023 Thanks for your answer. I have tried with HTTP but it does not work either. There is not a Netscaler between on the inside, only when connecting from the outside. And it works perfectly from the outside. I cant do the trace until the 12th. But I will update the thread then. Link to comment Share on other sites More sharing options...
Ra Mo Posted April 13, 2023 Author Share Posted April 13, 2023 Hi again, I ran a tracert to both the current production environment and the new storefront I am having issues with. The only difference was that the current production environment came up with fqdn as hostname while the new one did not. Only the server name I traced. When tracing the IP they are equal in jumps. The other difference I can think of is that I am now using HTTPS and none of the subnets are allowed out on the internet. Maby a Certificate thing? Any other tips? Link to comment Share on other sites More sharing options...
CarlStalhood Posted April 13, 2023 Share Posted April 13, 2023 Does your client machine have access to the Internet? Maybe the browser is trying to access Certificate Revocation Lists (CRL) but it can't reach them. Some browsers let you disable CRL checking. But the better option is to allow Internet access to the CRL FQDNs. 2 Link to comment Share on other sites More sharing options...
Ra Mo Posted April 13, 2023 Author Share Posted April 13, 2023 Neither the server or client has access to the internet. I just cheched the firewall logs and it is trying to go out on the internet towards godaddy servers. As this is a secure government zone it cant have access to the internet. If this was an issue with it not being able to reach the CRL, is it not wierd that if I open 7 tabs and refresh a couple of times and maby wait 1-2 minutes then 1 will start working. When 1 has started working they all work. Or does it have a timeout periode on cheking the CRL maby? Link to comment Share on other sites More sharing options...
Ra Mo Posted April 13, 2023 Author Share Posted April 13, 2023 I pleaded with the network guys and got them to open internet access from this specific thinclient and it worked perfectly. So this is a issue with not being able to reach the CRL. Thanks guys! ? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now