Storefront site loading really slow.

[Ra Mo]

Hi,

I have a new Citrix farm with only 1 VDA, 1 Storefront combined with a Citrix Controller.

We have a new subnet for clients. If i try to reach the old storefront  xenapp 7.13 the login page pops up immediately.

 

With the new storefront it takes about 1 minute for it to complete loading so I can log on.

I cannot find any errors in the logs or anything blocked in the firewalls.

The only difference is that the new storefront uses HTTPS, with the old one uses HTTP. If it was blocked in the firewall it should never have loaded at all. 

I cannot reproduse this issue from another subnet. And I cannot reproduse it from the outside when logging in through the netscaler.

 

I am using version 2303 in the new environment.

 

Any tips on how I can troubleshoot this?

 

 

 

[Jeff Riechers]

If you connect to http instead of https does it render quickly?

 

Is the storefront behind a netscaler?

 

if you do a tracert to the old and new storefront are there extra hops on the new not seen on the old?

[Ra Mo]

Thanks for your answer.

 

I have tried with HTTP but it does not work either.

There is not a Netscaler between on the inside, only when connecting from the outside. And it works perfectly from the outside.

I cant do the trace until the 12th. But I will update the thread then.

[Ra Mo]

Hi again,

I ran a tracert to both the current production environment and the new storefront I am having issues with.

The only difference was that the current production environment came up with fqdn as hostname while the new one did not. Only the server name I traced.

When tracing the IP they are equal in jumps.

 

The other difference I can think of is that I am now using HTTPS and none of the subnets are allowed out on the internet. Maby a Certificate thing?

 

Any other tips? 

[CarlStalhood]

Does your client machine have access to the Internet? Maybe the browser is trying to access Certificate Revocation Lists (CRL) but it can't reach them. Some browsers let you disable CRL checking. But the better option is to allow Internet access to the CRL FQDNs.

[Ra Mo]

Neither the server or client has access to the internet. I just cheched the firewall logs and it is trying to go out on the internet towards godaddy servers.

As this is a secure government zone it cant have access to the internet. 

 

If this was an issue with it not being able to reach the CRL, is it not wierd that if I open 7 tabs and refresh a couple of times and maby wait 1-2 minutes then 1 will start working.

When 1 has started working they all work. Or does it have a timeout periode on cheking the CRL maby?

[Ra Mo]

I pleaded with the network guys and got them to open internet access from this specific thinclient and it worked perfectly. So this is a issue with not being able to reach the CRL.

 

Thanks guys! ?