Al Zabar
-
Posts
21 -
Joined
-
Last visited
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Al Zabar
-
-
Hi all,
What is the best way to allow repuation to resolve required addresses over the internet and download all packages. I do not have DNS configured on netscaler, but wonder if this can be achieved any other way, either by adding appropriate AAA records or any other way?
In my environment, I have created cache forward to my internal lan, which has a virtual server, load balanced google IP's, it might be solution to connect to this server?
Thanks
-
On 10/4/2020 at 10:33 PM, Al Zabar said:
All,
I have the following error when trying to load desktop via HTML5:
//
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: TRANSPORT DRIVER :|: TRYING FOR SOCKET CONNECTION ON Win10-01.xxxxxx.local : 443
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxx.local:443
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 0
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: TRANSPORT DRIVER :|: CHANNEL CGP
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: CGP SOCKET :|: INFO :|: Start Initializing CGP Socket
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: CGP SOCKET :|: INFO :|: Finish Initializing CGP SOCKET
[Sun, 04 Oct 2020 21:18:29 GMT] SESSION:|:ICA:|:TWI :|: ={{"seamlessMode":false}}=
[Sun, 04 Oct 2020 21:18:49 GMT] SESSION:|:ICA:|:WINSTATION:|:POLLSERVER: Server is inactive for : 1601846329.09 seconds and session should have been disconnected here.
[Sun, 04 Oct 2020 21:18:49 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:18:49 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 1
[Sun, 04 Oct 2020 21:19:09 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:19:09 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 2
[Sun, 04 Oct 2020 21:19:29 GMT] SESSION:|:ICA:|:TRANSPORT:|:DRIVER:|:close with code=1006
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTING :|: TRANSPORTDRIVER :|: CGP HANDSHAKE FAILED. TRYING ICA-Socks
[Sun, 04 Oct 2020 21:19:29 GMT] SESSION :|: CGP :|: STATE :|: CGP-CORE :|: Changing core state from :0 To 0
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTION :|: TRANSPORT DRIVER :|: TRYING FOR SOCKET CONNECTION ON Win10-01.xxxxxxx.local : 443
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 0
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTION :|: TRANSPORT DRIVER :|: CHANNEL SOCKSV5
[Sun, 04 Oct 2020 21:19:49 GMT] SESSION:|:ICA:|:WINSTATION:|:POLLSERVER: Server is inactive for : 1601846389.10 seconds and session should have been disconnected here.
[Sun, 04 Oct 2020 21:19:50 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:19:50 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 1
[Sun, 04 Oct 2020 21:20:10 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:20:10 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 2
[Sun, 04 Oct 2020 21:20:31 GMT] SESSION:|:ICA:|:TRANSPORT:|:DRIVER:|:close with code=1006
[Sun, 04 Oct 2020 21:20:31 GMT] ERROR:|:error =error-server,error-local-access///
My Setup:
VDA, installed on w10 as single session, with enabled SSL for VDA, as I understood this is requirement when you using HTML5 internally.
On Controller, SSL enabled as per Carl's guidance, https://www.carlstalhood.com/virtual-delivery-agent-vda-cr/#sslvda, added line to regedit to force xml for https. Wildcard certificate been assigned to IIS.
Same issue internally and via gateway.
Appreciate your assistance.
Hi,
Has anyone come across above issue and could share steps for resolution?
Thanks
-
Hi Dennis,
Just wonder, if you had below issue resolved, as I am experience exactly the same issue on SSL, but can't figure it out the cause?
SESSION:|:ICA:|:TRANSPORT:|:DRIVER:|:close with code=1006
On 3/14/2017 at 3:08 PM, Dennis Werner1709157957 said:Hey all,
i have Problems with my Netscaler and HTML 5 Receiver. It works fine (intern/interlly), but from outside through the Netscaler i get an error: (I`ve enable the Logging in Firefox / Console), unable to connect to the Server ... local Address of CTX VDA Server.... Port: 8008. But only from outside.
I`ve tried to telnet the Port from the Server, but it wont work. Then i`ve looked with netstat -an if there is a listen to the Port an it is. But i am not able to telnet the Port.
Anyone can help ?
PS: Installed is the newest Citrix Version (7.13) with Netscaler 11.1.
-
Hi,
Not sure if this pose any compatibility issues, but for some reason on citrix unified gateway I have HTML5 (2016 year) and on storefront (2020 year). Just wonder how should I update HTML5 receiver on unified gateway to match the one on storefront?
Thanks
-
All,
I have the following error when trying to load desktop via HTML5:
//
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: TRANSPORT DRIVER :|: TRYING FOR SOCKET CONNECTION ON Win10-01.xxxxxx.local : 443
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxx.local:443
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 0
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: TRANSPORT DRIVER :|: CHANNEL CGP
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: CGP SOCKET :|: INFO :|: Start Initializing CGP Socket
[Sun, 04 Oct 2020 21:18:29 GMT] INIT :|: CONNECTION :|: CGP SOCKET :|: INFO :|: Finish Initializing CGP SOCKET
[Sun, 04 Oct 2020 21:18:29 GMT] SESSION:|:ICA:|:TWI :|: ={{"seamlessMode":false}}=
[Sun, 04 Oct 2020 21:18:49 GMT] SESSION:|:ICA:|:WINSTATION:|:POLLSERVER: Server is inactive for : 1601846329.09 seconds and session should have been disconnected here.
[Sun, 04 Oct 2020 21:18:49 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:18:49 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 1
[Sun, 04 Oct 2020 21:19:09 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:19:09 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 2
[Sun, 04 Oct 2020 21:19:29 GMT] SESSION:|:ICA:|:TRANSPORT:|:DRIVER:|:close with code=1006
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTING :|: TRANSPORTDRIVER :|: CGP HANDSHAKE FAILED. TRYING ICA-Socks
[Sun, 04 Oct 2020 21:19:29 GMT] SESSION :|: CGP :|: STATE :|: CGP-CORE :|: Changing core state from :0 To 0
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTION :|: TRANSPORT DRIVER :|: TRYING FOR SOCKET CONNECTION ON Win10-01.xxxxxxx.local : 443
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 0
[Sun, 04 Oct 2020 21:19:29 GMT] INIT :|: CONNECTION :|: TRANSPORT DRIVER :|: CHANNEL SOCKSV5
[Sun, 04 Oct 2020 21:19:49 GMT] SESSION:|:ICA:|:WINSTATION:|:POLLSERVER: Server is inactive for : 1601846389.10 seconds and session should have been disconnected here.
[Sun, 04 Oct 2020 21:19:50 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:19:50 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 1
[Sun, 04 Oct 2020 21:20:10 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://Win10-01.xxxxxxx.local:443
[Sun, 04 Oct 2020 21:20:10 GMT] INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: Current Protocol Index is : 2
[Sun, 04 Oct 2020 21:20:31 GMT] SESSION:|:ICA:|:TRANSPORT:|:DRIVER:|:close with code=1006
[Sun, 04 Oct 2020 21:20:31 GMT] ERROR:|:error =error-server,error-local-access///
My Setup:
VDA, installed on w10 as single session, with enabled SSL for VDA, as I understood this is requirement when you using HTML5 internally.
On Controller, SSL enabled as per Carl's guidance, https://www.carlstalhood.com/virtual-delivery-agent-vda-cr/#sslvda, added line to regedit to force xml for https. Wildcard certificate been assigned to IIS.
Same issue internally and via gateway.
Appreciate your assistance.
-
On 9/19/2020 at 10:19 PM, Al Zabar said:
All,
I experience issue with Sharepoint page loading, which loads only partially, as per attachment.
Configuration steps were following:
- Created SP LB server on internal netscaler VPX, which works fine and opens all http sites correctly. Cache and FEO policy has been attached to internal LB
- On gateway, I used unified gateway wizard for configuration, created and attached SAN certificate as specified in the article https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/cvpn-overview/ng-connect-cvpn-policies-how-work-con/advanced-clientless-access.html.
- I understood, that SP2019 requires advanced clientless access as specified in the link above, therefore I enabled advanced feature in global settings and act session created by wizard.
- SP site URL has been added to clientless access, as HTTP and gateway DNS record pointing to internal netscaler LB
Assistance much appreciated
Has anyone experience similar issue? Sill can't get my head round this issue.
-
All,
I experience issue with SharePoint page loading, which loads only partially, as per attachment.
Configuration steps were following:
- Created SP LB server on internal netscaler VPX, which works fine and opens all http sites correctly. Cache and FEO policy has been attached to internal LB
- On gateway, I used unified gateway wizard for configuration, created and attached SAN certificate as specified in the article https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/cvpn-overview/ng-connect-cvpn-policies-how-work-con/advanced-clientless-access.html.
- I understood, that SP2019 requires advanced clientless access as specified in the link above, therefore I enabled advanced feature in global settings and act session created by wizard.
- SP site URL has been added to clientless access, as HTTP and gateway DNS record pointing to internal netscaler LB
Assistance much appreciated
-
1 hour ago, Charlie Ting said:
I have same issue accessing internally on my ADC 13.0 that I upgraded to today. The error is seen on my Gateway CVPN mode accessing the storefront. I followed Carl Stallhood's suggestion https://docs.citrix.com/en-us/citrix-adc/13/aaa-tm/enable-sso-for-auth-pol.html
add vpn trafficaction tf_act http -SSO ON
add tm trafficaction tf_act -SSO ON
Indeed, it does work as suggested by Carl.
Thank you, Carl & Rhonda for your support on this.
Could I please ask you to take a look at my other tiny issues on the below links:
https://discussions.citrix.com/topic/410350-external-access-to-exchange-server-lb/#comment-2070264
https://discussions.citrix.com/topic/410276-storefront-session-issues/#comment-2069995
-
All,
I based my exchange configuration on following article - https://citrixguyblog.com/2017/07/22/citrix-netscaler-loadbalancing-exchange-20132016-walkthrough-guide/. All has been deployed in my internal network, load balanced 2 exchange servers, to allow access for internal users. Now I must configure external access via netscaler gateway, where I have added service pointing to internal LB and bound to LB on 443 port, but receiving Http/1.1 Service Unavailable. Not sure if authentication or anything else is required on gateway.
Same issue with accessing sharepoint externally and all fine internally.
Much appreciate for your assistance
-
I have the same error "Cannot complete your request"
Regarding creating AAA groups, do they need to match up with groups in AD?
Gateway has above mentioned error on https://<shared fqdn>/Citrix/<StoreNameWeb>.
-
Rhonda,
Did the following changes today:
- created LDAP load balance with vip (located on my internal VPX) based on Carl's article https://www.carlstalhood.com/citrix-gateway-ldap-authentication/#action
- recreated integration with storefront with wizard, but this time without storefront authentication and bound too existing server, which has been created above.
- Policies has been created automatically, I just created LDAP policy located in Citrix Gateway/Policies/Authentication/LDAP/Policies and bound to existing LDAP server with binding to "Primary VPN Global Bindings"
- checked on storefront all seems fine and authentication set to domain and all works fine internally.
- finally run commend and got below error.
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[6033]: register_timer 0-12: setting timer 47
Thu Sep 10 20:28:57 2020
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[2130]: receive_ldap_user_bind_event 0-12: Got user bind event.
Thu Sep 10 20:28:57 2020
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_common.c[465]: ns_ldap_check_result 0-12: checking LDAP result. Expecting 97 (LDAP_R ES_BIND)
Thu Sep 10 20:28:57 2020
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_common.c[503]: ns_ldap_check_result 0-12: ldap_result found expected result LDAP_RES_ BIND
Thu Sep 10 20:28:57 2020
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[2139]: receive_ldap_user_bind_event 0-12: Bind OK.
Thu Sep 10 20:28:57 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[6110]: unregister_timer 0-12: releasing timer 47
Thu Sep 10 20:28:57 2020
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[2233]: receive_ldap_user_bind_event 0-12: User authentication (Bind event) for user Domain\Administrator succeeded
Thu Sep 10 20:28:57 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[4243]: send_accept 0-12: sending accept to kernel for : Domain\Administrator
Thu Sep 10 20:28:57 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[4159]: aaad_alloc_serialize_keyValue_attrs 0-12: Total attribute values to PE : 65 , email=Administrator@domain.comThu Sep 10 20:28:58 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing...
Thu Sep 10 20:29:08 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing...
Thu Sep 10 20:29:18 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 1 firing...
Thu Sep 10 20:29:18 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing...
Thu Sep 10 20:29:28 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing... -
Carl,
I am using latest ADC, 64.35.
Rhonda,
Will it be better then to change default policy from Storefront authentication to LDAP/RADIUS which will be new challenge for me. Is there guidance available to implement new authentication and should I remove existing storefront gateway to start all from scratch, or amend existing.
-
I get the following log:
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing...
Wed Sep 9 22:24:03 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing...
Wed Sep 9 22:24:11 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[962]: process_kernel_socket 0-2: partition id is 0
Wed Sep 9 22:24:11 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[6811]: ns_aaad_decrypt_auth_passwd 0-2: ns_aaad_decrypt_auth_passwd performed : status 0
Wed Sep 9 22:24:11 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[1231]: process_kernel_socket 0-2: call to authenticate
user :Domain\Administrator, vsid :11310, userlen 22
Wed Sep 9 22:24:11 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[1295]: process_kernel_socket 0-2: call to authenticate
user :Domain\Administrator, vsid :11310, req_flags 802
Wed Sep 9 22:24:11 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[5662]: start_cascade_auth 0-2: starting cascade authentication
Wed Sep 9 22:24:11 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[5859]: cascade_auth 0-2: Delegating storefront auth offload to kernel for : Domain\Administrator
Wed Sep 9 22:24:13 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 1 firing...
Wed Sep 9 22:24:13 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing...
Wed Sep 9 22:24:23 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing...
Wed Sep 9 22:24:33 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing...
Wed Sep 9 22:24:43 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 1 firing...
Wed Sep 9 22:24:43 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing...
Wed Sep 9 22:24:53 2020
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[757]: main 0-0: timer 2 firing... -
There are no issues in Citrix Delivery service log, all only for information purposes.
I setup Storfront Authentication when run netscaler wizard.
Passtrough for gateway, domain has been enabled for any domain, but not sure about single sign on domain.
The cat aaa.debug command returned - cat: aaa.debug: No such file or directory
below logs for
nsconmsg -K newnslog -d event
nsconmsg -K newnslog -d consmsg
0 PPE-0 MonServiceBinding_sharedFQDN:443_(tcp-default)(vpndbssvc_-368404201): UP; Last response: Success - TCP syn+ack received. Wed Sep 9 2020
1557 0 PPE-0 MonServiceBinding_internal storefront server:80_(sta)(vpndbssvc_770861475): UP; Last response: Success - Probe to STA server succeeded. Wed Sep 9 -
Rhonda,
When I run wizard on netscaler I haven't made any changes as they seems pointing to correct addresses.
"Cannot complete your request" pops out on /Citrix/mystore which looks like storefront server issue.
Gateway side:
My VIP is created on snip data network , with different FQDN which later has been replaced on storefront server to my shared FQDN.
I did run step by step with troubleshooting outlined above and all seems fine only syslog come back with one error listed below:
"0-PPE-0 : default AAA Message 5229 0 : "SSO : skipping sso trafficaction_flag 1, sso_type 5 state 0 ntlm_flags 0 user domain\administrator"
"0-PPE-0 : default AAA Message 5230 0 : "SSO FAIL forwading to client because of weak SSO user domain\administrator"
Founded couple of issues asper below:
7602 7649 PPE-0 MonServiceBinding_shared FQDN:443_(tcp-default)(vpndbssvc_-368404201): DOWN; Last response: Failure - Time out during TCP connection establishment stage
7603 0 PPE-0 'server_svc_internal_NSSVC_SSL_shared FQDN:443(vpndbssvc_-368404201)' DOWN
External Clients: <shared fqdn> must resolve to gateway VIP - it does resolve my public IP which is natted to gateway IP
Gateway itself: <shared fqdn> must resolve to storefront VIP/IP (usually via host file/local dns on Gateway to override the external dns that might apply) - it resolves my internal storefront server , as I only run single controller without load balancer
StoreFront itself: <shared fqdn> must resolve to gateway vip (but usually the gateway callback address will be used instead) - it doesn't resolve gateway IP as Internal DNS record points to internal server
; but still this must get storefront back to the gateway vip (for shared fqdn) and gateway callaback to the appropraite callback ip (if not the gateway vip, then a backend vpn vserver vip and not a snip). - callback resolves gateway IP
Internal users: <shared fqdn> must resolve to storefront VIP via internal DNS - it resolves storefront server IP
-
Hi Rhonda,
From the putty, on netscaler gateway, I can ping shared FQDN and it resolves internal storefront server IP.
Internally I have replaced my my gateway url with shared FQDN, which resolves internal storefront IP, added callback URL, which is different from shared FQDN and resolves vcerver IP on netscaler and finally added beacons as CNAME for shared FQDN which resolves internal storefront IP.
Still have the same issue.
-
All,
I experience weird issue with netscaler launching my storefront externally, whilst getting "cannot complete your request" after login.
My intentions are to use single FQDN for internal and external access. Internally I have no problems accessing storefront, this issue appears only externally. I followed the following articles:
https://www.carlstalhood.com/citrix-gateway-storefrontauth-and-xendesktop-wizard/
https://www.carlstalhood.com/storefront-cr-configuration-for-citrix-gateway/
First, I deployed virtual gateway via wizard, with different name than single FQDN, added SSL, following import gateway file to store gateway and uploaded SSL to ISS. Renamed citrix gateway URL to single FQDN, added callback URL an beacons and externally I have above issue. No error logs in the event viewer, therefore I can't think of any further steps.
I troubleshot as per below link, and there s no issues with ping apart my netscaler's url is single FQDN, therefore cannot ping as it resolves either internal or external vip address but not netscaler.
https://support.citrix.com/article/CTX207162
Any help appreciated.
-
All,
I am facing issues with launching desktop sessions on windows 10, with following error.
//SESSION:|:ICA:|:WINSTATION:|:POLLSERVER: Server is inactive for : 1599516471.30 seconds and session should have been disconnected here.
//:close with code=1006
//ERROR:|:error =error-server,error-local-accessNo errors shown in event viewer, all seems fine on the controller, but when I run VDA health tool on VDA workstation windows 10) it showing issues with RDS licensing and could have an impact on launching sessions.
Other pertinent details, my storefront controller is using internally HTTPS with SAN SSl installed on IIS,
On my controller I installed desktop licensing, uploaded 50 licenses, on VDA I changed gpo to point to my controller, but still showing licensing issue.
Any help appreciated.
-
On 7/9/2020 at 7:10 AM, Luca Ferraro said:
Hi,
Could you give us more details? What would you like to Load Balance? StoreFront Access, LDAP for Authentication etc. ?
As far as I understand, you have a route to 10.10.xx.xx via your router 192.20.x.5 which is correct. Be aware that service monitor originate from the NSIP address (i think unless you are direct attached to the subnet). So you should be able to connect from your management IP to 10.10.x.x. I would check route to this subnet and firewall ports.
Hi Iferrar200,
The main reason, is to load balance secure servers located on 10.10.xx.0/24 network, which are Sharepoint, exchange, vcloud director, just name a few.
Is there a way to troubleshoot routes, as all links and services are down, also I am unable to ping my VIP located on 171 network.
Thanks
-
Hi all,
My citrix knowledge quite limited.
I am trying to deploy load balancing on my simple network, which has been elaborated in attachment. Issue I have, my LB showing service as down and I can't figure it out what is causing this issue, but most likely routing issue. I have attached two interfaces where one is for management only and second interface (1/1) is used for data/traffic. 1/1 has been tagged on vcenter with vlan 1366 which i use for vlan 2011 as well. 1/1 interface has been set up for only tagged traffic and all these interfaces has been allowed.
Any help would be appreciated.
Thanks
Enable reputation resolution over the internet
in NetScaler Gateway
Posted
Thank you for you reply.
In that case I will setup a proxy server on my netscaler as per https://docs.citrix.com/en-us/citrix-adc/current-release/forward-proxy/proxy-modes.html and point reputation to VS server. I assume this is correct configuration?