Your app is not available. Try again later.
We have been getting the aforementioned pop-up message in our shiny new Citrix XenApp 6.5 environment intermittently when users tried to access applications from outside the internal network. Users get to the Citrix Web Interface via Citrix Secure Gateway. The Gateway lives in the DMZ and passes communications to the Web Interface on the LAN. All users can login successfully, but they can’t start applications and are given the “not available” message via the Citrix Receiver.
Since I built the Citrix Farm from scratch in a VMware infrastructure and designed the whole thing, this problem should have been easily discovered. It had to be a misconfiguration somewhere that I was missing. I verified the following:
– The SSL certificates were properly assigned and installed on all the servers in the Farm
– The Citrix Receiver was the latest version and installed on the clients
– The XML port was customized throughout the Farm and configured the same
– All the ports from the DMZ to the LAN for Citrix were open
Still, the pop-up message persisted. Eventually, you can start an application, but you may have to battle the “not available” message 2-12 times. The perception that the environment was ready for remote access was shattered.
I went back to the Secure Gateway and rediscovered a problem that had occurred during the initial build. When adding STA (Secure Ticketing Authority) servers to the list on the Secure Gateway setup wizard, I realized I couldn’t add all four of my XenApp servers to the list. Normally, this wouldn’t be a problem as you really just need more than one. What was interesting is the reason I couldn’t add the servers: according to the Secure Gateway, the servers I was trying to add were already on the list.
Of the four XenApp servers, I could only add the first and third that I had created. Numbers 2 and 4 could not be added to the STA list because they were already present. The servers are added to the list with their machine names, which were unique. I knew there was some kind of identifier conflict somewhere, but why? And what identifier had to be changed?
I had cloned servers 1 and 3 using “Approach 2” in the above link from Citrix when building out the Farm. What also got copied though was the UID (Unique Identifier) in the CtxSta.config file. What I got were clones with the same STA UID and different names. Servers 1 and 2 were twins, as were servers 3 and 4. This was the ultimate cause of the Secure Gateway not allowing them on the list.
After changing the UID in the CtxSta.config file on servers 2 and 4, I added them to the STA list on the Secure Gateway successfully. Immediately following the change, the pop-up messages vanished and all applications were available. The combination of unique names with identical UID’s caused confusion on the Secure Gateway and intermittent dropped communications.
The lesson here is, when cloning XenApp servers, make sure you change the UID in the CtxSta.config file afterwards.
Oh, and the one with the goatee is the real Slim Shady.