Secure Ticket Authority (STA) Status Is Marked As DOWN on Citrix Gateway Virtual Server

Secure Ticket Authority (STA) Status Is Marked As DOWN on Citrix Gateway Virtual Server

book

Article ID: CTX132334

calendar_today

Updated On:

Description

The Citrix Gateway virtual server configured with Secure Ticket Authority (STA) is marked as DOWN, as shown in the following screen shot:

Resolution

Complete the following troubleshooting steps to resolve this issue:

  1. Ensure the STA is configured correctly. Refer to Citrix Documentation - To add the Desktop Delivery Controller as the STA and Configuring the Secure Ticket Authority on Citrix Gateway .

  2. Restart the XML and/or broker service on the STA server.

  3. Remove then add back the STA server to ADC.

  4. Ensure that the port 443 and 80 is open between ADC SNIP and STA servers.

  5. Ensure that StoreFront server, VirtualApp(VDA which has published applications) and STA are not on the same server and they are not using the same port 443.

  6. Ensure that STA server IP or FQDN are correctly entered without any typo.

  7. Ensure that if STA sever is added with FQDN then FQDN is resolvable through ADC. If not then create an address record for all the STAs or ensure that name servers are functional.

  8. Ensure that there is no IP conflict for ADC SNIP or back end servers.
    Enter ADC shell and navigate to /var/nslog directory and run the following command to verify if there is an IP conflict:
    nsconmsg -K newnslog -d consmsg | grep -i conflict

  9. Look for the following command in ns.conf file:
    add vpn nextHopServer

    For example "add vpn nextHopServer ctx01 10.x.x.x 443 -secure ON"
    If it is not a double hop environment. Ensure to remove the preceding command and verify STA status again.

  10. In a High Availability pair, If you're checking STA status on a HA Secondary node. Ensure that HA synchronization is working fine as Secondary node can ONLY get the status from primary node, if sync is not working, it will show STA DOWN too.

Problem Cause

STA cofigured on Citrix Gateway is marked as down.

Issue/Introduction

Secure Ticket Authority (STA) under NetScaler Gateway virtual server is marked as DOWN.

Additional Information

Overview of troubleshooting steps

User-added image
Additional steps :

  1. If you are using VirtualDesktop 5.x and VirtualApp 7.x or later, verify the XmlServicesEnableNonSsl or XmlServicesEnableSsl settings as per Citrix Documentation - Delivery Controller environment.

  2. If you are using VirtualDesktop version earlier to 5.x or VirtualApp version earlier to 7.x, to resolve this issue, update the SSLonly option to Off in the CtxSta.config file on the STA server with the status marked as DOWN. The setting SSLOnly=off means that both HTTP and HTTPS connections are accepted.


CTX101997 - FAQ: Citrix Secure Gateway/NetScaler Gateway Secure Ticket Authority
CTX140153 - Troubleshooting Methodology for NetScaler, StoreFront with XenApp and/or XenDesktop

Powered by Wolken Software