I've been banging my head against the wall for an entire day now and will really appreciate some help.
I configured a new environment for a client, replacing old setup.
(old setup: CPS 4.5 in secured network, CSG and WI 3.0 in DMZ).
New setup is very simple: a single XenApp 6.5 (also running WI 5.4) in the secured network, CSG in the DMZ. (Unfortunately the client insists on having the WI inside their network).
When running the CSG wizard I get the infamous "the secure ticket authority specified cannot be contacted". I tried specifying FQDN and IP address with same results. Of course I used port 8081 but also tried 80.
Citrix XML port is 8081 and is specified in WI ("server farms" and in "Secure Access"). It is obviously not shared with IIS. It is registered.
Windows firewall on the XenApp server is off.
I can ping the XenApp/WI server from the CSG by name or address. Ports 80, 443, 1494 and 2598 are open between the DMZ and the secured network. I can telnet port 8081 from the CSG (get a blank screen, and when I type "get" I get the expected error).
When I browse to http://<XENAPPSERVERNAME>:8081/Scripts/CtxSTA.dll from the CSG I get "page cannot be displayed"
When I do the same on the actual XenApp/WI server I get the same.
I changed settings to share XML service with IIS (as per KB article) but had the same results.
I then reverted back to XML using port 8081 and continued troubleshooting.
In desperation I pointed the new CSG to the old STA (on the CPS4.5 server) and it connected immediately. I also tried to point the OLD CSG to the new STA (on the new XenApp server) but got the same infamous error above.
There are no errors in the event logs on the CSG or XenApp servers when running the CSG wizard.
I enabled STA logging but nothing is showing in the log file.
All the troubleshooting I performed lead me to believe the issue is actually on the XenApp server. Or the STA on the server.
I've been searching for hours and read almost every possible article. None helped.
Can anyone please help? I really need to complete this project and will appreciate any help.
review this just as a double-check
Thank you! This was helpful for better understanding of the process.
The problem is now resolved! Turned out the person who told me port 8081 was forwarded from the DMZ to the secured network did not do it properly. Once they corrected it I was able to see the STA from the CSG.
I still cannot get the proper reply when I web browse to /scripts/CtxSTA.dll , even on the XenApp server itself. But it doesn't matter to me as long as the system works.
Thanks again for your help!