F5 10 LTM APM with XenApp CloudGateway

Actually you will need to use the web address uri which is going to be the store name plus the word web: GET /Citrix/storenameweb/ HTTP/1.1\nHost: xxx.xxx.com\nConnection: Close\r\n\r\n

 

 

A quick way to find out is to open the management interface for storefront and see what url is being used for "Receiver for web".

I have gotten the store name and added web to end of it. I have tried Citrix and Citrix Receiver for Receive string with neither making the monitor come up.

 

GET /Citrix/appsweb/ HTTP/1.1\nHost: xxx.xxx.com\nConnection: Close\r\n\r\n

 

Ok, can you confirm your monitor type (http/https) matches your pool members type (80/443). Also, verify your host address in your send string matches what your IIS binding has. example: your storefront IIS http binding should be either blank, or needs to be xxx.xxx.com. The alternative is to remove the host name from your monitors send string (GET /Citrix/appsweb/ HTTP/1.1\nHost: \nConnection: Close\r\n\r\n).

 

 

If that does not work try using curl to trouble shoot web connections from the bigip to the storefront server.

 

 

example:

 

curl --verbose --header 'Host:xxx.xxx.com' 'http://10.133.40.47:80/Citrix/appsWeb/'

 

 

note it is case sensitive and you should get a return of something similar to:

 

 

* About to connect() to 10.133.40.47 port 80

 

* Trying 10.133.40.47... connected

 

* Connected to 10.133.40.47 (10.133.40.47) port 80

 

> GET /Citrix/storefrontWeb/ HTTP/1.1

 

> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

 

> Accept: */*

 

> Host:citrix.xen.local

 

>

 

< HTTP/1.1 200 OK

 

< Cache-Control: private

 

< Content-Type: text/html; charset=utf-8

 

< Server: Microsoft-IIS/7.5

 

< X-FRAME-OPTIONS: DENY

 

< X-Powered-By: ASP.NET

 

< Date: Mon, 11 Mar 2013 21:50:02 GMT

 

< Content-Length: 4829

 

 

 

 

Citrix Receiver

 

 

 

Got the StoreFront health monitor working. The final piece was the service ports, http monitor type and the hosts in the pool were 443. Using the suggested get string and receive string with "Citrix" has the monitor up and healthy.

 

 

The VIP does not work with the template created HTTP Profile assigned. If I have HTTP Profile of "None", the page resolves. If I have the template created HTTP Profile the page does not resolve. Should I worry about using HTTP profile with this VIP? If so, what are some things to check for?

 

 

I also have to tackle the same for XML Broker health monitor. It is unhappy with the template created health monitor. This is the send string from the template created xml broker monitor (I have x's for the host name, user name, password, and domain). I have verified the user and password that was created for this and the receive string from the citrix team.

 

POST /scripts/wpnbr.dll HTTP/1.1\r\nContent-Length: 588\r\nContent-Type: text/xml\r\nConnection: close\r\nHost: xxx.xxx.com\r\n\r\npermissionsallica30contentxxxxrxxxxxxxxxCITRIX-STOREFRONT_xmlb_monitor0.0.0.0\r\n\r\n

 

 

Thanks!

Create a new http profile with x-forwarding enabled and attach it to both virtual servers; the content caching information used on the template generated http profile is not quite right for storefront.

 

 

Is what you posted the original xml template created monitor? Seems to be missing some content and should look more like:

 

 

POST /scripts/wpnbr.dll HTTP/1.1\r\nContent-Length: 569\r\nContent-Type: text/xml\r\nConnection: close\r\nHost: citrix.xen.local\r\n\r\npermissionsallica30contentuser1password1xenmy_XenApp__xmlb_monitor0.0.0.0\r\n\r\n

 

 

Where "citrix.xen.local" is going to be your host address, "user1" is your service account being used, "password" is the accounts password1, xen is your AD netbios domain name, and "my_xenApp__xmlb_monitor" is your monitor name. The tricky part is making sure you content length value is correct; post will include everything after "

 

For testing i would leave your receive string blank; that way, as long as you get a response the monitor will post as healthy. Once you get to that point you can add a correct receive string which should be a published app (case sensitive).

 

 

Might also check to make sure your monitor type and pool member values match correctly; might simply be your type is mismatched with your port value being used (make sure your xml broker is using the port the members are set as as well, older deployments used a default value 8080 rather then 80).

 

 

curl http://:8080 would be a quick way to test for a server response.

 

 

 

looks like the monitor info has been truncated from our posts - let me try posting using quotes.

 

 

POST /scripts/wpnbr.dll HTTP/1.1\r\nContent-Length: 569\r\nContent-Type: text/xml\r\nConnection: close\r\nHost: citrix.xen.local\r\n\r\npermissionsallica30contentuser1password1xenmy_XenApp__xmlb_monitor0.0.0.0\r\n\r\n

Since the StoreFront servers were setup with https and we are not currently SSL Offloading on the F5s, can we use HTTP Profile? If we are not terminating SSL would the system see this traffic because it's encrypted?

 

I did have host name, user account, password, and monitor name. I don't see ad netbios section in the monitor. I did read about the content value but not sure if I am adding up correctly. I have put x's in place of host name, user name, and password but I used the correct amount of x's to reflect the true characters. I am also not sure if I should be doing http or https monitor type.

 

I have tried to quote as well to see if you can see full monitor information.

 

POST /scripts/wpnbr.dll HTTP/1.1\r\nContent-Length: 594\r\nContent-Type: text/xml\r\nConnection: close\r\nHost: xxxx.xxxxxxxx.com\r\n\r\npermissionsallica30contentxxxxxxxxxxxxxxxxxxxxxcarilionCITRIX-STOREFRONT_xmlb_https_monitor0.0.0.0\r\n\r\n

The Bigip will decrypt ssl traffic form the client and then reencrypt the traffic before it is sent to the servers which allows it to enforce the applied http profile.

 

 

Are your xml brokers configured to use port 443 (encrypted traffic), your pool members in your broker pool are configured to use 443, and your monitor type is https?

For the HTTP profile to create, what should be used for parent profile? Then is "Insert X-Forwarded-For: Enabled" the only option to choose custom on?

 

 

I just verified with Citrix team that the xml brokers are configured for port 8080. Would that be monitor type http? Should I then change the service on the pool members to 8080?

Use http as the parent profile and only modify the x-forwarded option.

 

 

Monitor type will be http and members need to be set to use 8080.