Access denied to STA, in the Citrix Web Interface forum on BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.

Access denied to STA, in the Citrix Web Interface forum on BrianMadden.com

rated by 0 users
This post has 4 Replies | 0 Followers

Not Ranked
Points 85
Flo Posted: Thu, Mar 2 2006 6:50 AM
We have an IIS6 on a W2k3 server with CSG30 and WI42 in our dmz. In the secured lan, there is a mfxp farm with fr3sp4.
Webinterface works inside the lan, but when the server is in the dmz and I will connect from outside I get the following error message:
Cannot connect to the citrix metaframe server. ssl error 4: the proxy denied access to ;10;STA[letters and numbers] port 1494.
I thougt that there is a problem with our old Citrix Version. But after installing a new PS4 server with STA integrated, it showed me the same message.
Does anybody have a good solution for my problem ?
Greets Flo


  • | Post Points: 20
Top 10 Contributor
Points 48,811
Normally, your STA should be using your XML port (80 by default), not 1494. I would check your WI settings.

Why is it called "Common Sense"? It doesn't seem all that common!

  • | Post Points: 20
Not Ranked
Points 85
Flo replied on Thu, Mar 2 2006 11:22 AM
Hello,
Can you tell me where I can set this setting ?
I can't find the option in the ps admin console nor sg config tool ?!

ps. the cs config tool runs without errors

thanks
  • | Post Points: 20
Top 10 Contributor
Points 48,811
In the Access Console, go into the site you created under WI and go to the "Manage secure client access" and select "Edit Secure Gateway settings". In there you should see the list of STAs, which typically looks like:

http://192.168.123.123/scripts/ctxsta.dll

If you are using a port other than port 80 for your XML service, it will look like this:

http://192.168.123.123:9876/scripts/ctxsta.dll

You can simply edit the entry to reflect whatever port you are using.
If the WI can authenticate the users and provide a list of apps, then your XML service is probably OK.

Why is it called "Common Sense"? It doesn't seem all that common!

  • | Post Points: 20
Not Ranked
Points 85
I checked the secure settings on my WI, all settings are right. I'm using port 80 for the xml service. Additionally I have the port 1494 open between the dmz and the sec lan.
I also get the apps after the WI authentication, the error message appers while the app is opening.

My apprehension is that it could be anything with the certificate and/or the fqdn ?!?

I'm not sure about one thing. I have one server with WI and SG. Is it right, that I need two IP's for the configuration ?
- One for the WI (on IIS6) and one for the SG (fqdn)

thanks in advanced
  • | Post Points: 5
Page 1 of 1 (5 items) | RSS