How to find ICA Gateway accessing log in nslog
Article ID: CTX578654
Updated On:
Description
This article is an analysis on nslog (/var/log/ns.log) for accessing CVAD environment via ICA gateway.
However, nslog will not include detailed logs for this process.
Please refer to analysis on "NetScaler Gateway+StoreFront+XenDesktop workflow" in the article in additional resources.
https://support.citrix.com/article/CTX227054/netscaler-gateway-storefront-and-xendesktop-integration-communication-workflow
Instructions
1. AuthenticationAccessing ICA gateway URL will not trigger any log.
After inputting credential and clicking on login button, the following logs display.
Sep 5 01:43:19 <local0.info> 10.158.238.11 09/05/2023:01:43:19 GMT 0-PPE-0 : default SSLVPN Message 193 0 : "AAAD API: aaad_authenticate_req: sending login req to aaad for <TestUser>, factor <>, auth type 0, trans id 226"
...
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default AAA Message 197 0 : "In update_aaa_cntr: Succeeded policy for user TestUser = x.x.x.100_LDAP"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN Message 198 0 : "marking authv2 session for user: <TestUser>"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN Message 199 0 : "get_session user: <TestUser>, aaa_info flags 40011 flags2 1f20000, new webview 0, sess flags2 200000, flags3 78040 flags4 400 ssoDomain <>, ssoUsername: <TestUser>, ssoUsername2: <TestUser>"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN Message 200 0 : "epaqs_session_report: Done initializing session; client_type 1, authv2 200000, flags2 200000, flags3 78068"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN Message 201 0 : "ns_auth2_post_auth_epa_report:****** ******* flags2 200000, flags3 78068, v2setclient 1 "
...
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default AAA Message 197 0 : "In update_aaa_cntr: Succeeded policy for user TestUser = x.x.x.100_LDAP"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN Message 198 0 : "marking authv2 session for user: <TestUser>"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN Message 199 0 : "get_session user: <TestUser>, aaa_info flags 40011 flags2 1f20000, new webview 0, sess flags2 200000, flags3 78040 flags4 400 ssoDomain <>, ssoUsername: <TestUser>, ssoUsername2: <TestUser>"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN Message 200 0 : "epaqs_session_report: Done initializing session; client_type 1, authv2 200000, flags2 200000, flags3 78068"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN Message 201 0 : "ns_auth2_post_auth_epa_report:****** ******* flags2 200000, flags3 78068, v2setclient 1 "
2. Enumeration
Client will get resources on StoreFront via ICA Gateway.
If Single Sign-On (SSO) is ON, Gateway will communicate with StoreFront without having to repeatedly enter StoreFront's login credentials.
The following logs will display, including Gateway sending the user’s info to StoreFront, forwarding list request from client, and Client getting the App/Desktop list from StoreFront, Enumeration will be completed successfully.
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN LOGIN 202 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip "Mapped Ip" - Vserver x.x.x.200:443 - Browser_type "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938." - SSLVPN_client_type ICA - Group(s) "N/A"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 203 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:20 GMT : SSO is ON : GET /Citrix/TestStoreWeb/ - -
...
Sep 5 01:43:22 <local0.info> 10.158.238.11 09/05/2023:01:43:22 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 213 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:22 GMT : SSO is ON : POST /Citrix/TestStoreWeb/Resources/List - -
Sep 5 01:43:23 <local0.info> 10.158.238.11 09/05/2023:01:43:23 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 214 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59406 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:21 GMT" - End_time "09/05/2023:01:43:23 GMT" - Duration 00:00:02 - Total_bytes_send 0 - Total_bytes_recv 438 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
...
Sep 5 01:43:24 <local0.info> 10.158.238.11 09/05/2023:01:43:24 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 217 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:24 GMT : SSO is ON : POST /Citrix/TestStoreWeb/GatewayAuth/Login - -
Sep 5 01:43:25 <local0.info> 10.158.238.11 09/05/2023:01:43:25 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 218 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59406 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:21 GMT" - End_time "09/05/2023:01:43:25 GMT" - Duration 00:00:04 - Total_bytes_send 0 - Total_bytes_recv 599 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
Sep 5 01:43:25 <local0.info> 10.158.238.11 09/05/2023:01:43:25 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 219 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:25 GMT : SSO is ON : POST /Citrix/TestStoreWeb/Resources/List - -
Sep 5 01:43:27 <local0.info> 10.158.238.11 09/05/2023:01:43:27 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 220 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59406 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:21 GMT" - End_time "09/05/2023:01:43:27 GMT" - Duration 00:00:06 - Total_bytes_send 0 - Total_bytes_recv 977 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
Sep 5 01:43:27 <local0.info> 10.158.238.11 09/05/2023:01:43:27 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 222 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:27 GMT : SSO is ON : POST /Citrix/TestStoreWeb/Authentication/GetUserName - -
Sep 5 01:43:28 <local0.info> 10.158.238.11 09/05/2023:01:43:28 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 224 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59405 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:20 GMT" - End_time "09/05/2023:01:43:28 GMT" - Duration 00:00:08 - Total_bytes_send 0 - Total_bytes_recv 343 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
Sep 5 01:43:20 <local0.info> 10.158.238.11 09/05/2023:01:43:20 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 203 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:20 GMT : SSO is ON : GET /Citrix/TestStoreWeb/ - -
...
Sep 5 01:43:22 <local0.info> 10.158.238.11 09/05/2023:01:43:22 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 213 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:22 GMT : SSO is ON : POST /Citrix/TestStoreWeb/Resources/List - -
Sep 5 01:43:23 <local0.info> 10.158.238.11 09/05/2023:01:43:23 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 214 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59406 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:21 GMT" - End_time "09/05/2023:01:43:23 GMT" - Duration 00:00:02 - Total_bytes_send 0 - Total_bytes_recv 438 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
...
Sep 5 01:43:24 <local0.info> 10.158.238.11 09/05/2023:01:43:24 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 217 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:24 GMT : SSO is ON : POST /Citrix/TestStoreWeb/GatewayAuth/Login - -
Sep 5 01:43:25 <local0.info> 10.158.238.11 09/05/2023:01:43:25 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 218 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59406 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:21 GMT" - End_time "09/05/2023:01:43:25 GMT" - Duration 00:00:04 - Total_bytes_send 0 - Total_bytes_recv 599 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
Sep 5 01:43:25 <local0.info> 10.158.238.11 09/05/2023:01:43:25 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 219 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:25 GMT : SSO is ON : POST /Citrix/TestStoreWeb/Resources/List - -
Sep 5 01:43:27 <local0.info> 10.158.238.11 09/05/2023:01:43:27 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 220 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59406 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:21 GMT" - End_time "09/05/2023:01:43:27 GMT" - Duration 00:00:06 - Total_bytes_send 0 - Total_bytes_recv 977 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
Sep 5 01:43:27 <local0.info> 10.158.238.11 09/05/2023:01:43:27 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 222 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:43:27 GMT : SSO is ON : POST /Citrix/TestStoreWeb/Authentication/GetUserName - -
Sep 5 01:43:28 <local0.info> 10.158.238.11 09/05/2023:01:43:28 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 224 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59405 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:20 GMT" - End_time "09/05/2023:01:43:28 GMT" - Duration 00:00:08 - Total_bytes_send 0 - Total_bytes_recv 343 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
3. Launch App/Desktop
After clicking on App/Desktop icon on StoreFront, the following logs will dispay,
including client sending ICA data, getting ICA file.
Finally, ICA session will be established successfully.
Sep 5 01:44:13 <local0.info> 10.158.238.11 09/05/2023:01:44:13 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 225 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:44:13 GMT : SSO is ON : GET /Citrix/TestStoreWeb/receiver/images/1x/spinner_5CF********8E.png - -
Sep 5 01:44:13 <local0.info> 10.158.238.11 09/05/2023:01:44:13 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 226 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:44:13 GMT : SSO is ON : POST /Citrix/TestStoreWeb/Resources/GetLaunchStatus/Q29udH*********kIFByb21wdA-- - -
...
Sep 5 01:44:14 <local0.info> 10.158.238.11 09/05/2023:01:44:14 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 229 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:44:14 GMT : SSO is ON : GET /Citrix/TestStoreWeb/Resources/LaunchIca/Q29ud******FByb21wdA--.ica?CsrfToken=C826****A381 - -
Sep 5 01:44:14 <local0.info> 10.158.238.11 09/05/2023:01:44:14 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 230 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59406 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:21 GMT" - End_time "09/05/2023:01:44:14 GMT" - Duration 00:00:53 - Total_bytes_send 0 - Total_bytes_recv 1186 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
Sep 5 01:44:33 <local0.info> 10.158.238.11 09/05/2023:01:44:33 GMT 0-PPE-0 : default SSLVPN ICASTART 231 0 : Source x.x.x.103:59509 - Destination x.x.x.102:2598 - customername - username:domainname TestUser:johnson.lab - applicationName Command Prompt - startTime "09/05/2023:01:44:32 GMT" - connectionId 2***9
Sep 5 01:44:33 <local0.info> ns syslogd: last message repeated 1 times
Sep 5 01:44:33 <local0.info> 10.158.238.11 09/05/2023:01:44:33 GMT 0-PPE-0 : default ICA Message 232 0 : "[Remote ip = x.x.x.103:59509][Username = TestUser] [CGP][ICAUUID=000********ac5ef7] Established connection to VDA successfully {vda=x.x.x.102:2598}"
Sep 5 01:44:13 <local0.info> 10.158.238.11 09/05/2023:01:44:13 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 226 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:44:13 GMT : SSO is ON : POST /Citrix/TestStoreWeb/Resources/GetLaunchStatus/Q29udH*********kIFByb21wdA-- - -
...
Sep 5 01:44:14 <local0.info> 10.158.238.11 09/05/2023:01:44:14 GMT 0-PPE-0 : default SSLVPN HTTPREQUEST 229 0 : Context TestUser@x.x.x.103 - SessionId: 1 - icagw.test.lab User TestUser : Group(s) N/A : Vserver x.x.x.200:443 - 09/05/2023:01:44:14 GMT : SSO is ON : GET /Citrix/TestStoreWeb/Resources/LaunchIca/Q29ud******FByb21wdA--.ica?CsrfToken=C826****A381 - -
Sep 5 01:44:14 <local0.info> 10.158.238.11 09/05/2023:01:44:14 GMT 0-PPE-0 : default SSLVPN TCPCONNSTAT 230 0 : Context TestUser@x.x.x.103 - SessionId: 1 - User TestUser - Client_ip x.x.x.103 - Nat_ip 10.158.238.13 - Vserver x.x.x.200:443 - Source x.x.x.103:59406 - Destination x.x.x.101:443 - Start_time "09/05/2023:01:43:21 GMT" - End_time "09/05/2023:01:44:14 GMT" - Duration 00:00:53 - Total_bytes_send 0 - Total_bytes_recv 1186 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - Access Allowed - Group(s) "N/A"
Sep 5 01:44:33 <local0.info> 10.158.238.11 09/05/2023:01:44:33 GMT 0-PPE-0 : default SSLVPN ICASTART 231 0 : Source x.x.x.103:59509 - Destination x.x.x.102:2598 - customername - username:domainname TestUser:johnson.lab - applicationName Command Prompt - startTime "09/05/2023:01:44:32 GMT" - connectionId 2***9
Sep 5 01:44:33 <local0.info> ns syslogd: last message repeated 1 times
Sep 5 01:44:33 <local0.info> 10.158.238.11 09/05/2023:01:44:33 GMT 0-PPE-0 : default ICA Message 232 0 : "[Remote ip = x.x.x.103:59509][Username = TestUser] [CGP][ICAUUID=000********ac5ef7] Established connection to VDA successfully {vda=x.x.x.102:2598}"
*Please be aware that the above log analysis is for reference only and Citrix Support does not provide any answers to special logs.
Additional Information
Was this article helpful?
Yes
No
Powered by
