Evil Twins- When Citrix Clones Collide

Who’s the real Slim Shady?

Your app is not available. Try again later.

We have been getting the aforementioned pop-up message in our shiny new Citrix XenApp 6.5 environment intermittently when users tried to access applications from outside the internal network. Users get to the Citrix Web Interface via Citrix Secure Gateway. The Gateway lives in the DMZ and passes communications to the Web Interface on the LAN. All users can login successfully, but they can’t start applications and are given the “not available” message via the Citrix Receiver.

Since I built the Citrix Farm from scratch in a VMware infrastructure and designed the whole thing, this problem should have been easily discovered. It had to be a misconfiguration somewhere that I was missing. I verified the following:

–          The SSL certificates were properly assigned and installed on all the servers in the Farm

–          The Citrix Receiver was the latest version and installed on the clients

–          The XML port was customized throughout the Farm and configured the same

–          All the ports from the DMZ to the LAN for Citrix were open

Still, the pop-up message persisted. Eventually, you can start an application, but you may have to battle the “not available” message 2-12 times. The perception that the environment was ready for remote access was shattered.

I went back to the Secure Gateway and rediscovered a problem that had occurred during the initial build. When adding STA (Secure Ticketing Authority) servers to the list on the Secure Gateway setup wizard, I realized I couldn’t add all four of my XenApp servers to the list. Normally, this wouldn’t be a problem as you really just need more than one. What was interesting is the reason I couldn’t add the servers: according to the Secure Gateway, the servers I was trying to add were already on the list.

The ID already exists in this list. Please enter a different one.

Of the four XenApp servers, I could only add the first and third that I had created. Numbers 2 and 4 could not be added to the STA list because they were already present. The servers are added to the list with their machine names, which were unique. I knew there was some kind of identifier conflict somewhere, but why? And what identifier had to be changed?

Cloning a XenApp Server

I had cloned servers 1 and 3 using “Approach 2” in the above link from Citrix when building out the Farm. What also got copied though was the UID (Unique Identifier) in the CtxSta.config file. What I got were clones with the same STA UID and different names. Servers 1 and 2 were twins, as were servers 3 and 4. This was the ultimate cause of the Secure Gateway not allowing them on the list.

After changing the UID in the CtxSta.config file on servers 2 and 4, I added them to the STA list on the Secure Gateway successfully. Immediately following the change, the pop-up messages vanished and all applications were available. The combination of unique names with identical UID’s caused confusion on the Secure Gateway and intermittent dropped communications.

The lesson here is, when cloning XenApp servers, make sure you change the UID in the CtxSta.config file afterwards.

Oh, and the one with the goatee is the real Slim Shady.


Categories: Citrix

Tags: , ,

1 reply

  1. Thanks for this article, this was the exact issue we were having.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Brad Hedlund

stuff and nonsense


Every cloud has a silver lining.

Live Virtually

A Storage and Virtualization Blog

Virtualization Team

VMware ESX/ESXi - ESX server - Virtualization - vCloud Director, tutorials, how-to, video


Just another WordPress.com site

VirtualKenneth's Blog - hqVirtual | hire quality

Virtualization Blog focused on VMware Environments


Virtually everything is POSHable

Gabes Virtual World

Your P.I. on virtualization

Yellow Bricks

by Duncan Epping

Wahl Network

Technical Solutions for Technical People

Joking's Blog

Phoenix-based IT guy with too much to say...

%d bloggers like this: