Booches.nl

Citrix Web Interface 5.3: An error occurred while making the requested connection

I tried to configure a Citrix Web Interface 5.3 server in conjunction with Citrix Presentation Server / XenApp 4.0 and a NetScaler. It is possible to login, but I cannot launch an application. When trying to launch an application I receive the following error message:

An error occurred while making the requested connection

I found an related article on the Citrix website. This article applies to Web Interface 5.2, but also works for Web Interface 5.3 The symptoms in the EventViewer for Web Interface 5.3 are different, but gives me more specifications about the problem. In the event log of the Web Interface 5.3 server you will receive the following error message.

After changing the RequireLaunchReference parameter in \inetpub\wwwroot\Citrix\XenApp\Conf\WebInterface.conf applications can be launched without any problems.

Add On: if the above solution doesn’t work, then a second solution for this problem can be found here

Citrix Access Gateway: duplicate STA ID

I received complains from a customers who wasn’t able to add two new Citrix servers to his Citrix Access Gateway configuration. He could successfully add the first Citrix server, but he couldn’t add the second Citrix server, because the first was overwritten by the second. I looked at the problem and noticed that both Citrix server were using the same STA Identifier.

After asking some question about the installation of the Citrix server, I discovered that the second Citrix server was a clone of the fist Citrix server. That is why both servers have the same STA Identifier. The STA ID from a Citrix server can be changed by altering the file CtxSta.config. By default a Citrix server has two CtxSta.config files, located at the following destinations (default installation):

• C:\Program Files\Citrix\System32;
• C:\Inetpub\Scripts;

I had to change the STA ID in the C:\Inetpub\Scripts directory, because IIS was used to share port 80 on the server. The CtxSta.config file contains a UID, like the example below:

[GlobalConfig]

UID=STAA3D2D2970C9C

TicketVersion=10

TicketTimeout=100000

MaxTickets=100000

LogLevel=0

MaxLogCount=10

MaxLogSize=20

LogDir=c:\inetpub\Scripts\

; Allowed Client IP addresses
; To change, substitute * with client IP addresses. Use ";" to seperate IP addresses/address ranges.
; To specify a range of IPs always use StartIP-EndIP.
; For example, AllowedClientIPList=192.168.1.1;10.8.1.12-10.8.1.18;123.1.2.3

AllowedClientIPList=*

; SSL only mode
; If set to on, only requests sent through HTTPS are accepted
SSLOnly=off

I changed the UID on the second server and restarted IIS. I tried to add the Citrix server to the Citrix Access Gateway, which is now possible with the new unique STA ID. The last step is adding the second Citrix server to the Citrix WebInterface (server farm & STA ID).

Problem running ISA en IAS on the same server

Today I had some problems running ISA 2004 en IAS on the same server. At the beginning the customer was running ISA 2000 and IAS on the same server without any problems. By incident, the customer was forced to upgrade his ISA. They had a 2004 license, so ISA 2004 it was.

I noticed that ISA 2004 puts a “Default ISA policy” with the highest priority in the remote access policies. The rule blocks all RADIUS requests, so I had to manually remove the access policy. After the removal everything was working fine again.

I had to change the configuration in the ISA server again and the “Default ISA policy” came back in IAS. So I had to delete the rule again. I also tried to change the priority of the rule, but the “Default ISA policy” gets the highest priority again after applying a change in ISA.

I cannot find anything specific about this problem on the internet, so maybe someone experienced this before and can provide me with an answer to disable this behavior.

Geotrust 2048 bit Root Migration

Today I read about Geotrust upgrading their public root certificate from 1024-bit to 2048-bit. Geotrust is upgrading the root certificate with the following reason.

This change is in line with industry best practices that GeoTrust follows to ensure the highest level of security for customers. The move to 2048-bit root keys is an industry-wide initiative. Moreover, the U.S. National Institute of Standards and Technology (NIST) recommends transitioning to 2048-bit keys.
Browser vendors have begun requiring the use of 2048-bit keys – e.g., Microsoft is requiring the upgrade for any roots that it will include in its products. Microsoft will no longer be accepting 1028-bit roots after 12/31/2010.

You can read more about the migration on the Geotrust FAQ.

Funny bug in Cisco Cat. 3750 12.2(50)SE

A colleague experienced a funny bug with a Cisco Catalyst 3750 running IOS 12.2(50)SE. The bug is know under Bug ID CScsy79004.

Check the images below:

He was doubting his alcohol level, because he thought he didn’t drink during the weekend….LOL