Monday, July 10, 2006

Citrix Secure Gateway: Can't connect using cable modem

A customer who has two Citrix servers in a load balance configuration and for failover has a secure access gateway server as a web front end for remote off-site ICA sessions to the two Citrix servers and the published apps on them. A really mysterious problem developed. Those of you in the field know about these types of problems, they 're the type that just suddenly start happening with no known changes to any systems having been made - they just suddenly start happening. As we all know, something is usaully changed that triggers a problem and especially the "mystery" problems. If it isn't an outright failure of a system or a component of the systems, it's generaly a configuration of something along the path of server and client.

This one is of those types of problems and on Citrix things are often much more complicated that the standard client server applciations. All equipment both networking , PC and server, nothing is known to have been altered. The problem happens when anyone tries to connect to the secure gateway which is the web front end to the citrix server using an optimum online cable modem Internet access. They never get the login prompt (page). Other desktops connecting using other Internet access providers connect with out a problem. It's just optimum online connections that don't work. This was established by remotely accessing desktops on other networks that I have access to and trying to connect to the gateway and then trying to connect to the servers from other networks that were using other ISP services (Internet Service Provider). This is a strange problem that will take some digging and a while to cure.

Tomorrow I'm going to place a network sniffer to monitor and collect information to see what's sending out and in to the server. I'm pretty certain the client request reaches the servers since there's a redirect to an HTTPS page once a connection is made to the server using the normal HTTP. This signifies that the request from the browser (Microsoft IE 6.0) reaches the server which tries to redirect to the secure page. A call will be placed to optimum online as well but I'm sure that will lead to nowhere. They and other providers don't readily admit to anything being wrong and even getting to the level of support where someone would actually know if there was a problem takes great effort. This could easily be a routing problem and not one that's on the Internet but rather an internal problem.