CSG NFUSE AND Program Neighborhood!! HELP

[Hboogie]

Hi everyone,

i'm been an avid reader for several months and found numerous amount of helpful hints. I'm just stuck on this recent issue.

I've setup a CSG and NFUSE installation on the same machine. I haven't set the website to use HTTPS, mainly because all information transmitted from CSG to the CLIENT is encrypted and it reduces headaches ( cost ) with certificates and port 443. Acessing published applications via web site works beautifully. However i can't connect to any of the published applications via Program neighborhood.

I've tried using SSL/tls = HTTPS and i get " SSL not accepting any incoming connections" My csg box is not running in RELAY MODE neither, yet that's the only option i receieve when i access "firewalls" when setting up the Server location within the Program neighboorhood. Is there a change that needs to be made on NFuse in order for this to work? This setup is relatively new but i'm sure someone can assist.i've changed my xml port from 80 to 88 and NAT isn't running. There are direct routes from CSG/NFUSE to my internal metaframe box ( this will soon be adjusted to the prefeered setting by using altaddr and creating a external address to route to the internal) Ofcourse CSG/NFUSE are in the DMZ.

I need help connecting to my published applications via citrix program neighborhood and making sure the data is encrypted.

Please HELP!

Thanks,

 

[chjinmind]

Have you done what citrix recommends (have to do) as in the document CTX799332, to let IIS let go of its exlusive handle on port 443.

Explanation,
By default the IIS is grabbing a exclusive handle on port 443 on any NIC and ipadress on the machine running the service. This makes the CSG not getting through to be able to reply to requests on this port.

Also check on the server side configuration in NFuse, make sure that you use the correct adress translation.
(So that all your connections go through CSG if that is your intended function).

First, I thought my instalation ws fine but I "noticed" that the clients got a direct connection to the application server and not through the CSG, by the way clients were directed from NFuse.

Hope to have helped somewhat...

 

[Hboogie]

Thanks for the response.

I've looked into that document maybe about 100 times! The website isn't currently enforcing a HTTPS connection.

What do i need to change in NFUSE in order for Program neighborhood to work remotely over the internet? Additionally, how can i get program neighborhood to work using SSL?

I need help ASAP

 

[chjinmind]

For Program Neighborhood to work over the internetä (do you really want this?) you must be sure about all ports in firewalls and be sure about adress translations (NAT). Most probably your application servers have private ipadress and might need to configured with the altaddr utility to give correct response to the clients. From what I see here it seems to be a network specific issue.

I would say go for all internet connectivity via NFuse/CSG.


For Program Neighborhood to connect with only SSL (128 bit)
(locally) you have to config 2 things.

Server side:
ICA connection configuration.
-Advanced -> required encryption, set it to your wanted encryption level.

Client side:
In the created application set for your farm,
-Choose settings, tab "default options".
-Requiredä Encryption: set it to match the server side required encryption.

Verify by connecting to the server and open the ICA connection center (in systray) and look at the active connection to the server.

//Chris