Jump to content


Photo

White load page ...cgi/setclient?wica

Started by Jared Grayden , 16 March 2017 - 01:55 PM
16 replies to this topic

Jared Grayden Members

Jared Grayden
  • 10 posts

Posted 16 March 2017 - 01:55 PM

I have setup a Netscaler VPX 11.1-50.10 (on ESXi) and installed XenApp 7.13 with Storefront on a single new 2012 R2 server. 

 

After logging in through the Gateway on the Netscaler VPX it just hangs on a white page https://netscaler.domain.com/cgi/setclient?wica

 

I know others have had this issue. I am not load balancing and I am just trying to get this to work internally first before even trying external access.

 

I can log directly onto Storefront and load my apps just fine. The problem comes when trying through the Netscaler. If I turn my base URL into http instead of https and update the session policy settings on the Netscaler it does work as it should. I need it to work, of course, with https.



Jared Grayden Members

Jared Grayden
  • 10 posts

Posted 20 March 2017 - 01:20 PM

Any suggestions at all?



Shalu Verma Citrix Employees

Shalu Verma
  • 29 posts

Posted 20 March 2017 - 01:36 PM

Hi Jared,

 

 

Refer to this link  http://discussions.citrix.com/topic/347718-hangs-on-setclientwica/ . It might help you.

 

Please ignore if already have a look at this.



Jared Grayden Members

Jared Grayden
  • 10 posts

Posted 20 March 2017 - 01:46 PM

Thanks for the reply Shalu. I have looked at that link: 

  1. The Netscaler can ping the storefront server by DNS name and IP address. There is no firewall between the two and the Windows firewall is off
  2. I have switched the Session policy from DNS name to IP address anyways
  3. I believe I followed step 3 correctly by making an 'Address Record' under Traffic Management>DNS>Records>Address Records but this also did not help


Shalu Verma Citrix Employees

Shalu Verma
  • 29 posts

Posted 20 March 2017 - 01:51 PM

Check for Use Source IP checked on NetScaler Modes under system > settings > Configure Modes.  

This is a setting on the global mode of the NetScaler which causes the NetScaler to use the Client IP instead of the SNIP when communicating with back-end resources.  If this is configured, it is a likely the cause of the problem.  When this setting is checked at the "Configure Modes" level, it will be used by the NetScaler Gateway, and new Services will have this mode checked automatically.  This setting can be toggled for Services on NetScaler, but the Gateway must rely on the global setting. If your NetScaler Session Policy points to a load balancer on the NetScaler, check the services bound to the load balancer to ensure that they are not set to use Use Source IP. This can be found under the "settings" section of the service on 10.5 and 11.0, and under "advanced" on the service for 10.1.



Jared Grayden Members

Jared Grayden
  • 10 posts

Posted 20 March 2017 - 02:05 PM

Thanks again for the reply. I did look and confirmed that the 'Use Source IP' box was unchecked.

 

Also, I have not setup or configured load balancing yet so the session policy shouldn't be pointing to any load balancer. 



Shalu Verma Citrix Employees

Shalu Verma
  • 29 posts

Posted 20 March 2017 - 02:47 PM

Just look at this link. It might help

 

http://discussions.citrix.com/topic/366624-netscaler-hangs-on-cgisetclientwica/

 

Please ignore if already have a look



Jared Grayden Members

Jared Grayden
  • 10 posts

Posted 21 March 2017 - 02:09 PM

I took a look at that link. Is there any documentation on how to setup a VIP as directed? I found the following website but am unsure if this is what I need to do: http://www.carlstalhood.com/storefront-load-balancing/

 

Lastly, what exactly do I change in the session profile to reference the VIP as is suggested at the link you provided?



Aparna Sharma Citrix Employees

Aparna Sharma
  • 22 posts

Posted 21 March 2017 - 02:25 PM

Hi Jared,

 

To setup a VIP for SF, in Session policy> Published Applications>Web Interface Address put in the VIP instead of the storefront server FQDN. For example- https://1.1.1.1/Citrix/StoreWeb, where 1.1.1.1 is your VIP.

 

You can follow the below article to create a NetScaler Load Balanced StoreFront Virtual Server

 

https://support.citrix.com/article/CTX202400

 

Regards,

Aparna



Jared Grayden Members
  • #10

Jared Grayden
  • 10 posts

Posted 21 March 2017 - 03:30 PM

Thanks Aparna, good news - I am able to access my storefront page when navigating to the VIP or DNS associated with the VIP. 

 

One question I have, does this actually route connections through the Netscaler Gateway? I never had to login or authenticate at the Netscaler Gateway - it skipped it and went right to Storefront. 

 

The whole point of this setup is to provide external access that has to authenticate at the Netscaler Gateway and then pass those credentials to Storefront. If I try to authenticate through Netscaler Gateway, it still hangs at /cgi/setclient?wica



Shalu Verma Citrix Employees
  • #11

Shalu Verma
  • 29 posts

Posted 21 March 2017 - 03:34 PM

Hi Jared,

 

In session profile you have to specify VIP for SF. Instead of putting the storefront FQDN you have to mention the VIP.

 

You can follow the article that Aparna has mentioned.



Jared Grayden Members
  • #12

Jared Grayden
  • 10 posts

Posted 21 March 2017 - 03:35 PM

Thanks! A positive development - I am able to access my storefront page when navigating to the VIP or DNS associated with the VIP. 

 

One question I have, does this actually route connections through the Netscaler Gateway? I never had to login or authenticate at the Netscaler Gateway - it skipped it and went right to Storefront. 

 

The whole point of this setup is to provide external access that has to authenticate at the Netscaler Gateway and then pass those credentials to Storefront. If I try to authenticate through Netscaler Gateway, it still hangs at /cgi/setclient?wica



Aparna Sharma Citrix Employees
  • #13

Aparna Sharma
  • 22 posts

Posted 21 March 2017 - 03:48 PM

Even if you put the VIP instead of SF FQDN, you should still go through NetScaler Gateway. The process remains the same as it would have been with SF FQDN in session profile, just that in case of reaching the SF directly, now the NetScaler Gateway will reach the SF through Load Balancing Virtual Server.

 

Can you confirm if you are accessing the SF through NetScaler Gateway IP/FQDN?



Jared Grayden Members
  • #14

Jared Grayden
  • 10 posts

Posted 21 March 2017 - 03:53 PM

Hi Aparna, I have tried to access SF through the NetScaler Gateway IP/FQDN and it still hangs at the /cgi/setclient?wica

 page. Thats the problem.

 

If I enter in the newly created VIP (or Storefront address), it goes directly to the StoreFront login page. This works, but as you stated I should be going directly through the NetScaler Gateway IP/FQDN and that is still not working.



Shalu Verma Citrix Employees
  • #15

Shalu Verma
  • 29 posts

Posted 21 March 2017 - 04:12 PM

Hi Jared,

 

Just wanted to confirm what is version of Storefront you are using?

 

While searching i found that If SF is 3.0 version you need to disable TLS 1.2

 

 Directed the gateway vserver to Lb vserver , and the lb vserver to the storefront server.



Jared Grayden Members
  • #16

Jared Grayden
  • 10 posts

Posted 21 March 2017 - 04:41 PM

I have SF 3.9.0.56

 

I have just disabled TLS 1.2 under BOTH Traffic Management>Virtual Servers AND NetScaler Gateway>Virtual Servers.

 

It still hangs on /cgi/setclient?wica



Aparna Sharma Citrix Employees
  • #17

Aparna Sharma
  • 22 posts

Posted Yesterday, 02:25 PM

Hi Jared,

 

Please confirm the following:

 

> On NetScaler, LB FQDN should be resolving to LB VIP

> On Storefront Servers, LB FQDN is resolving to itself. If not, please add a host entry on the servers to make it resolve to itself

 

Try accessing now and see if you are able to access. If not, try the following:

> On the NetScaler Gateway vServer > Session Profile > set the Web Interface Address to http://<IP_of_SF>/Citrix/Store

Check if the app enumerates now

If above test works, then we can narrow down to be an issue with SSL. We can try disabling TLSv1.1/1.2 on the Service/Service Group level and see if that helps.

 

Also, I believe the gateway certificates are installed on the Storefront. Try accessing the AG FQDN from Storefront directly and see if you get any certificate warning.

 

Also, I'd appreciate if you could check the Event Viewer for any errors around the time of issue.