mnovaci566 Posted November 5, 2014 Share Posted November 5, 2014 helou... I have a problem that I need to solve regarding my external users. I setup Xendesktop farm, and everything Works fine from inside. To make Storefront url be reachable to my external users, I implemented Netscaler 10.5 VPX Express (with 1 year trial license - yes, we plan to buy customer license). We enter all IP (NSIP, MIP... external IP which we bind to our virtual server for Storefront), we insert pem certificate (which is wildcard that we use for our Storefront url) and we configure virtual server guided by connection - Integrate with Citrix Products - XenApp and XenDesktop... And everything is green. But, when I try to reach to external URL which we configure on Netscaler virtual server, First, I got Netscaler VPN logon screen (which by the way I want to remove - I want for my users to have Storefront URL), and after I enter my domain credentials, I got Http/1.1 Internal Server Error 43531... I'm stuck here and I don't Know what to do... When I logon to Netscaler web interface, everything looks fine there... I suspect that there is a problem with session policies but I'm not so much in Netscaler... Any help would be much appreciated... Thank you in advance... Link to comment Share on other sites More sharing options...
CarlStalhood Posted November 5, 2014 Share Posted November 5, 2014 The DNS name for NetScaler Gateway must be different than the DNS name for StoreFront. See this article - http://support.citrix.com/article/CTX139963 Link to comment Share on other sites More sharing options...
mnovaci566 Posted November 5, 2014 Author Share Posted November 5, 2014 Yes, I checked that... We use different DNS names... But, I managed to solve this problem... It turns out that, since Netscaler iz our DMZ, my network guys didn't open SSL port to delivery controller at internal firewall... Now, when I try to open external URL, I receive Storefront screen, but I don't receive logon prompt. What I get is Cannot complete your request message... - Or should I open new topic for this? :) Anyway, thank you Carl for answering me... Link to comment Share on other sites More sharing options...
CarlStalhood Posted November 5, 2014 Share Posted November 5, 2014 That means there is something wrong with your callback URL. Check the event viewer on your StoreFront server. Link to comment Share on other sites More sharing options...
mnovaci566 Posted November 5, 2014 Author Share Posted November 5, 2014 Yes... I was just checking that... I get logon screen... But when I enter my credentials, nothing happens... My password dissapear, and that's it... In that time, I check event log at Storefront server and I saw two warnings: Source: Citrix Authentication Service Event Id: 1 Task Category: (2007)A request was sent to service 'Authentication Service' that was detected as passing through gateway. This service is configured with the gateways, but none of these matched the request. Request details: X-Citrix-Gateway: X-Citrix-Via: FQDN X-Citrix-Via-VIP: VIP address Remote Address: Storefront address X-Forwarded-For: Netscaler address and Source: Citrix Store Service Event ID: 1 Task Category: (2007) A request was sent to service 'StoreName' that was detected as passing through a gateway. This service is configured with the gateways, but none of these matched the request. Request details: X-Citrix-Gateway: X-Citrix-Via: URL X-Citrix-Via-VIP: VIP address Remote address: Storefront address X-Forwarded-For: Netscaler address Link to comment Share on other sites More sharing options...
mnovaci566 Posted November 5, 2014 Author Share Posted November 5, 2014 One more thing... I tried to logon with wrong password, and I get message that it is invalid, so, domain can check my credentials... And I'm using same wildcard certificate on Netscaler aswell as on Storefront IIS. It't public signed certificate... Link to comment Share on other sites More sharing options...
CarlStalhood Posted November 6, 2014 Share Posted November 6, 2014 In StoreFront, click Gateways. Edit your gateway. Make sure the Gateway FQDN matches what you enter in your browser address bar. Link to comment Share on other sites More sharing options...
mnovaci566 Posted November 6, 2014 Author Share Posted November 6, 2014 Yes, I did that and now I can get to my Citrix Resources (hosted shared desktop and apps). Thank You Carl. You've been helpful... Now I have minor problems, but I think that I can manage that... When I try to start app or desktop, during establishing connection, I get error "the connection failed with status (1110)"... But I think that we need to open some more ports to internal Citrix infrastructure, from Netscaler... Anyway, Thank you again. Link to comment Share on other sites More sharing options...
Edgar Eugênio Silva Posted June 10, 2015 Share Posted June 10, 2015 Hi, I need some help with the following topology: 1. NetScaler VPX Gateway 10.5 2. Citrix XenDesktop 7.5 When users access via external receive the following message "Http / 1.1 Internal Server Error 43531" This message appears after users access the URL, enter with credentials. What strikes me is not getting bring the StoreFront window. They could help me? Thanks, Edgar Eugenio. Link to comment Share on other sites More sharing options...
John Ward1709152622 Posted June 24, 2015 Share Posted June 24, 2015 I have found that missing DNS servers on NetScaler OR being unable to resolve the FQDN that Gateway is trying to reach in your session profiles will cause this code to appear. Link to comment Share on other sites More sharing options...
Maciej Domyslawski Posted December 7, 2017 Share Posted December 7, 2017 I had same error, strange started when old certificate expired while working on new one already. I found IIS site TCP 443 binding had empty certificate. Could be IIS was not rebooted after cert renewal as testing was showing new cert is effective and working already. Could someone finds that useful. Link to comment Share on other sites More sharing options...
Bartosz Tyrakowski Posted April 3, 2019 Share Posted April 3, 2019 I have seen this issue, when the Gateway is set to “ICA Only” and there is no session policy applied due to a policy filter by AD groups (i. e. in a multi domain environment, where the AD groups are used to apply different session profiles, with different Single Sign-on Domains). Hope this helps anyone. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.