Site stuck on /cgi/setclient?wica and does not load further.

[Hanré Van Rensburg]

Hi,

I have just installed NS VPX and configured an AGEE site that should just automatically pass through to WI. What I get at the moment is that when I browse to the site externally with a URL https://server.fqdn it redirects to https://server.fqdn/cgi/setclient?wica and it never goes anywhere further than that.

It is configured to go to WI 5.4.2 on IIS6 on a Windows Server 2003 x86 server.

Does anyone have any ideas on how to fix this?

Cheers,
Hanré

[Wee Sern Soo]

I've seen similar behavious with a partner organisation's Netscaler/virtual CAG EE to a 5.1 I think WI. It hangs at the setclient URL and then finally gets through after about 40 seconds. Not very user friendly nor help desk friendly. If you find the solution, please let us know what it is.

Edited by: soozws on 13/05/2012 7:08 AM

[Hanré Van Rensburg]

I managed to find the problem!

We got the same errors below when using WI on the NetScaler. What we didn't know is that TCP80 was not open between the WI vServer on the NetScaler for XML communication to work.

Once this port was opened up everything started working!

[john smith1709152637]

how can I open 80 port on the netscaler?

[Hanré Van Rensburg]

TCP80 or 8080 internally on the NetScaler is already as that is the port (TCP8080) it uses internally for Web Interface.

The port I was referring to is one on the FW we needed to open between the servers hosting XML services and the WI hosted on the NetScaler.

[Robert Zinnecker]

hi,

i have the same problem.

i have between no firewalls or other things.

please help!

[Afro Jalloh]

I had the same problem and had to capture traffic to figure out what was going on. I think there is an intelligence build in the Netscaler (in my case MPX 7500 build 9.2) that detect man-in-the-middle attack between itself and the web interface. It is nomally between client and Netscaler. If an alert is triggered it reset the TLS connect with the client by sending Encryption Alert message.The client would reconnect again. This cycle will continue until the browser times out

In my case the false positive was triggered because the IP address of the web interface was a windows NLB. The second case was a configuration setting of the network card teaming mechanism to load balance between 2 interface cards. When a Netscaler detect an asynchronous session it assumes a man-in-the-middle attack and reset the connection with the client. Firewalls, NAT can also cause asynchronous session

My solution
In case 1 we supplied the WI address instead of the NLB address.
In case 2 we reconfigure the teaming setting not to load balance between the interface.

Netscaler has a Loadbancing feature which can be used to achieve high availability of web interfaces.

[nitin chitkara]

Seems to be session policy issue.

 

http://citrixtroubleshootingsteps.blogspot.in/2015/03/hangs-on-setclientwica.html

[Pradeep Muni Gowreesha]

Refer to http://discussions.citrix.com/topic/347718-hangs-on-setclientwica/ to troubleshoot this issue.

[Mark Kroehler 2]

I'll second Pradeep's answer...