Forum Discussion

Jim_43682's avatar
Icon for Nimbostratus rankNimbostratus
May 17, 2011

CAG to F5 to Citrix WI all over SSL, getting Token Error on WIs

In it's simplified setup. We have a CAG that runs Citrix Access Gateway for users to authenticate against Active Directory. The CAG forwards HTTPS requests to our F5s via a DNS delation to the GTMs. The LTMs Proxy the HTTPS connection to two Citrix WI. These WI are Server 2003 IIS boxes running the Citrix WI program.



The issue is when both IIS boxes are enabled in the pool and users connect via the CAG, the WI will spit out a Token Session Error(see attachment).



Oddly enough, if we bypass the CAG by using the GTM DNS definition for this configuration, it works perfectly.




CAG ( --> DNS( --> GTM(has profile for mycaglb) -->LTM --> 2 WI



Has anyone come accross this before?




2 Replies

  • Jim, can you explain what dns names and SSL certificates are set up where? I am stuck with an older CSG infrastructure, but can get with my Citrix contacts to see if there are any specific things to watch for in such a scenario. It sounds like some sort of cert mismatch is what is killing the communication.



    Having a GTM opens all kinds of doors for you. Have you considered having the GTM resolve the primary name to whichever CAG is best suited for your internet nexxus points? Also how are the dns records set up? As A records or Cnames?








  • We've seen this issue before, admittedly for us it was APM > LTM > WI



    But what caused this issue for us is when the WI got confused about authentication and thefore broke.



    So could there be an issue with the CAG's talking to the WI's?