Symptoms
A SSL 4 error when connecting to an application through Secure Gateway usually indicates a connection issue between one or more of the components that make up Secure Gateway.
Resolution
Set logging levels to maximum on the CSG server and the STA Server
Check the logs after SSL Error 4 occurs on the client machine.
On the CSG Server:
1. Ensure the client is connecting to CSG:
• If one sees a client connect in CSG logs, check the STA logs
• If there is no client connect, verify that the Secure Gateway is running and that the IP address it is bound to is the one that the client is resolving from the FQDN.
2. Check the Citrix Secure Gateway Servers Event Viewer’s Application, System, and Secure Gateway Logs. One installation showed some of the following:
"Event Type: Error
Event Source: Secure Gateway
Event Category: CORE
Event ID: 100
Date: 10/22/2007
Time: 7:45:43 PM
User: N/A
Computer: YourServerName
Description: An internal server error occurred."
"Event Type: Information
Event Source: Application Error
Event Category: (100)
Event ID: 1004 or 1000
Date: 10/22/2007
Time: 7:26:49 PM
User: N/A
Computer: YourServerName
Description: Reporting queued error: faulting application CtxSGSvc.exe, version 3.0.0.43994, faulting module libapr.dll, version 3.0.0.43994, fault address 0x0000cc7e.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 43 74 78 ure Ctx
0018: 53 47 53 76 63 2e 65 78 SGSvc.ex
0020: 65 20 33 2e 30 2e 30 2e e 3.0.0.
0028: 34 33 39 39 34 20 69 6e 43994 in
0030: 20 6c 69 62 61 70 72 2e libapr.
0038: 64 6c 6c 20 33 2e 30 2e dll 3.0.
0040: 30 2e 34 33 39 39 34 20 0.43994
0048: 61 74 20 6f 66 66 73 65 at offse
0050: 74 20 30 30 30 30 63 63 t 0000cc
0058: 37 65 7e "
"Event Type: Error
Event Source: Secure Gateway
Event Category: None
Event ID: 3299
Date: 10/22/2007
Time: 3:08:59 PM
User: N/A
Computer: YourServerName
Description: The Citrix service named Secure Gateway reported the following error:
>>> CtxSGSvc.exe: could not open document config file E:/Program Files/Citrix/Secure Gateway/conf/httpd.conf"
When NTSD was enabled, CTX105888 – How to Set the NT Symbolic Debugger as a Default Windows Postmortem Debugger, CtxSGSvc.exe trapped every time a connection was attempted. In this case, this was a new installation. CTX114059 – Hotfix SGE300W008 - For Citrix Secure Gateway 3.0 did not resolve the issue. Citrix Secure Gateway was uninstalled from E: and installed to C:. After the reinstall, Citrix Secure Gateway functioned as designed.
On the STA Server:
Check for Request Data successful for each Request Ticket successful
• If we see Request Data Successful CSG can connect to the STA
• If there is no Request Data Successful, CSG did not validate the ticket
• Check the Web Interface Configuration and the Secure Gateway configuration to verify they are pointing to the same STA server.
• Verify connectivity between the CSG server and the STA server using the transport protocol designated in the configuration (http / https)
Verify ICA Connectivity:
Verify that the CSG server can communicate to the MetaFrame server on port 1494 either by setting up an ICA client connection or doing a telnet to port 1494 of the server that was indicated in the STA log.
No comments:
Post a Comment