{"id":253,"date":"2008-12-19T11:25:17","date_gmt":"2008-12-19T03:25:17","guid":{"rendered":"http:\/\/www.jhouseconsulting.com\/?p=253"},"modified":"2008-12-19T11:33:52","modified_gmt":"2008-12-19T03:33:52","slug":"citrix-secure-gateway-csg-31-deployment-issue","status":"publish","type":"post","link":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/2008\/12\/19\/citrix-secure-gateway-csg-31-deployment-issue-253","title":{"rendered":"Citrix Secure Gateway (CSG) 3.1 Deployment Issue"},"content":{"rendered":"

Something I found after installing Citrix Secure Gateway (CSG) 3.1 on a server running Web Interface (WI) 5.0.1. It removed permissions from the “%ProgramFiles%\\Citrix\\Web Interface\\5.0.1\\Clients” folder and instructed it to inherrit from its parent.<\/p>\n

Therefore, only the Administrators local group had full control.<\/p>\n

This was causing problems for client updates and downloads via the CSG server.<\/p>\n

An error in the Application Event Log was…<\/p>\n

Event Type: Error
\nEvent Source: Citrix Web Interface
\nEvent Category: None
\nEvent ID: 0
\nDate: 19\/12\/2008
\nTime: 8:33:45 AM
\nUser: N\/A
\nComputer: NOT-TELLING-01
\nDescription:
\nSite path: c:\\inetpub\\wwwroot\\Citrix\\XenApp.<\/p>\n

Due to an error, the file watcher could not be created at the path C:\\Program Files\\Citrix\\Web Interface\\5.0.1\\Clients. [Log ID: e22724f9]<\/p>\n

This could be correlated to a Security Log event that was suggesting that the Network Service account could not traverse the filesystem.<\/p>\n

So after comparing it to a standard Web Interface 5.0.1 deployment without CSG 3.1 installed, I found that this folder had been given explicit permissions for the local Administrators, Authenticated Users and NETWORK SERVICE security principles.<\/p>\n

So I guess I just needed to add them back in with the appropriate access.<\/p>\n