CAG to F5 to Citrix WI all over SSL, getting Token Error on WIs
In it's simplified setup. We have a CAG that runs Citrix Access Gateway for users to authenticate against Active Directory. The CAG forwards HTTPS requests to our F5s via a DNS delation to the GTMs. The LTMs Proxy the HTTPS connection to two Citrix WI. These WI are Server 2003 IIS boxes running the Citrix WI program.
The issue is when both IIS boxes are enabled in the pool and users connect via the CAG, the WI will spit out a Token Session Error(see attachment).
Oddly enough, if we bypass the CAG by using the GTM DNS definition for this configuration, it works perfectly.
CAG (mycag.company.com) --> DNS(mycaglb.company.com) --> GTM(has profile for mycaglb) -->LTM --> 2 WI
Has anyone come accross this before?