Citrix: Update CAG 4.x to 5.0.2, no adminlogonpoint
Last week I upgraded two Citrix Access Gateways from version 4.6 to 5.0.2. The first CAG update went without any problems; I opened up the Access Gateway Management Tool, connected to the CAG and pointed to the update file download from Citrix.com. When the progress bar was done I had to restart the CAG and when it came up again I could reach it via https://oldipofcag/lp/adminlogonpoint instead of using the old tool.
After I run the update on the first CAG I used the same method to update the second CAG but this time I couldn’t connect to the adminlogonpoint. I received a 405 error in IE, so my first guess was that there was a process still running so I waited half an hour but after that it still wouldn’t connect to the adminlogonpoint. I asked my dear friend Google why I couldn’t connect to the adminlogonpoint and after some extensive search I found the following post on the Citrix Forums stating:
Folks, the URL is not the problem – the NIC configuration on the CAG is the problem…
When you install the CAG, you should create two NICS. These NICS are assigned identifiers eth0 and eth1. By default, eth0 is the “external” interface by which all public traffic enters the gateway. It usually will have the default route for the appliance pointing to a downstream gateway that is accessing the internet.
The eth1 adapter is set for the internal network to direct traffic from the public access to the internal network. However, if you create only 1 NIC, it is give the identifier eth0.
By default, the only NIC you may use to administrate the device is eth1. Therefore, you get the “No default logon point found” when you try to access the admin logon point via eth0
To fix, logon at the console of the access gateway (via VMWare or Xen Server) and then select express setup. One of the menu items allows you to set the admin interface to either eth0 or eth1. Once you get logged on to the admin logon point and access the GUI you can set it to be either or both.
Somewhere in the update the two nics got mixed up and my former management nic (which used to work) was not reachable anymore. So I had to connect to the console of the Access Gateway and use the express setup to correct the NIC.