Saturday, December 20, 2008

Can not reach company website from internal network

Our internal and external domain are the same, for this discussion let's assume that domain is "". We switched webhost and we started to have issues with not being able to reach our company website "" from the internal network. If your internal and external domains are the same, then your internal computers will look for "" to be inside your network, even if your DNS forwarders are working fine. If you are having same issue then you have to know that there are couple of things you have to do in your internal DNS so that your internal computers can resolve your website,

In your Internal Network on your DNS server create a new Forward Lookup Zone. Go through the new Zone creation wizard. When asked for name, name this Zone www
After the zone is created, created a Host (A) Record in this forward lookup zone that points to the IP address of the host that is hosting your website. You can leave the name blank, your host record would look something like this.


same as parent folder Host (A) (this is the IP address of the external host)

Please note, that if you know the FQDN (fully qualified domain name) of the host that is hosting your external website then you don't have to create the new zone, you can just create an Alias (Cname) record in the Forward lookup zone of your domain pointing to the FQDN of that host.



SSL Certificate Expiration error on Web Interface Server after renewing

Yesterday I renewed our SSL Certificate on Citrix Web Interface Server. I went through the drill of creating the CSR and then sending it to Entrust. After renewing the certificate in IIS, the user's were still getting the error that the Certificate was expired.

We have Citrix Secure Gateway installed on the WI server, turns out after you renew the certificate in the IIS, you have to run the CSG configuration wizard to replace the current certificate. When you run the CSG wizard there will be a step where you will be shown your old certificate and your new one, you just pick the new one and complete the wizard and that should take care of the above issue.

Friday, December 19, 2008

Renewing Certificate on Web Interface Site with CSG

I am running Citrix Secure Gateway on my Web Interface Server. When my SSL certificate expired on the site I renewed with the CA. After I installed the new certificate on IIS, I started having couple of issues.
First, the default site would not start. It was in a Stopped state and when i tried to start it, I receved the error:

" The process cannot access the file because it is being used"

This was because the default site had it's SSL port set to 443, and if you have CSG installed, by default it will use Port 443 for SSL, so change the SSL port in the Default site to 444. This resolved the issue for me and the default started with no error message.