Details about my environment and issue
I have installed latest version of Citrix Secure gateway(CSG)/WI server in Single Windows 2008 R2 server which is in Single ’DMZ’ zone and this server is in separate “Workgroup”, and its name is something like “CSG1”
My XenApp6.5 servers are in LAN and they are part of Active Directory domain, I am able to Ping or telnet to our Xenapp6.5 servers from CSG/WI without any issues.
I have installed SSL certificate in CSG/WI that has FQDN like “server1.domain.local” that is issued by our own company Certificate authority (CA) (for testing), as my CSG/WI is in separate ‘workgroup’ hence I have added entry in DNS that should resolve my CSG/WI server as “server1.domain.local” .
I have setup WI site that is configured for secured access as “Gateway Direct” as all users access this website from Internet. And I have configured the Correct STA in CSG configuration and run the CSG diagnostics found everything looks fine.
Before I explain everything let me tell you the issue, if I try to launch the published application from Internet I am getting error as “the Citrix XenApp server you have selected could not be found “users are able to access the site & authenticate without any issues and they can see the icons once they login to this website. Above said errors when they try to launch any applications.
And users can launch the published application within LAN without any issues for the same website.
I have NAT’ed my WI/CSG server with Public IP and allowed port no 443 and NAT ‘ed each Xenapp6.5 Servers in Internal firewall and allowed port no’s 1494,80,2598.
But still I am getting the same error “the Citrix XenApp server you have selected could not be found “from internet.
Is missing any configuration here?
I can see below warning messages in Secure Gateway Event log
“Event id 25: SSL handshake from client failed.”
I have attached CSG performance diagnostics for your reference.
Could someone please look into this issue? And help me to solve this problem?
Regards
Sreekanth
The most obvious thing is your users are coming in from the Internet, but your CA is not recognized by the user's PCs since it is internal to your company. So, it can't use the certificate and therefore can't launch the apps. When the WI portion returns the LAUNCH.ICA file, it will include the reference to the FQDN you are using, which won't resolve properly.
Dan
Why is it called "Common Sense"? It doesn't seem all that common!
Hi,
Users are accesing it from particular network, they have root certificates installed in their machine and moreover fqdn is resolvable in their network.
they can login to secure gateway and can see the icons however when they try to launch any application they get the said error message.
is it something that I am missing in NATing? I have already NAT securegateways & Xenapp servers address in firewalls.
Appreciate if you could help.
regards
If you are NATing, you'll have to configure an alternate address on your servers. otherwise, the connection will be attempted using its internall IP, instead of the NATed one.