Troubleshooting Steps for Secure Ticket Authority (STA) and Citrix Secure Gateway

1.0 Issues

1. Make sure that the administrator did not lock down IIS and remove any security access.

2. What account are you using to configure Citrix Secure Gateway?

3. Is IIS running on the STA?

4. Can you ping FQDN from NFuse to STA, Secure Gateway, and MetaFrame?

5. Can you ping FQDN from Secure Gateway to MetaFrame and STA?

6. What is the certificate?

7. Check the content of the log file from c:\winnt\System32\Logfiles\W3SCVC1.

8. Check the permissions of the Ctxsta.dll and scripts folder.

9. Check the scripts folder status. Is it set to scripts and executables?

In the ISM, verify the (expand the site directory)/. On the scripts folder/ right click properties/VirtualDirectory/Execute permissions has? “Scripts and executables.”

10. Make sure that the iusr_machinename has “modify permissions.”

In the ISM, verify the (expand the site directory)/On the scripts folder/ right click properties in directory security tab under anonymous, the configuration should read IUSER_Machinename.

11. Does the script directory have read and sufficient permissions?

12. Remove the assigned IP or FQDN on the Gateway Server from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\services\ctxsecgwy\TicketAuthorities\STA01 Value: Server:REG_SZ: .

13. If the above doesn’t show any errors, the next step is to packet trace on the STA server. Two captures are needed:

A. A user launching an application in NFuse

B. Configuring the Secure Gateway server with the STA details so that it produces the “invalid response from STA” error

14. Run the Citrix Web Server Debugging and Analysis Tool (CTX052061) from the STA server to detect common configuration problems.

15. Install the STA on a different server for testing purpose.