Citrix – Error 502 Bad Gateway

Today, one of our client was getting the below Citrix error when users are trying to access their applications using the browser.

Error 502 Bad Gateway

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET/Citrix/MetaFrame/auth/login.aspx
Reason: Error reading from remote server
If you think this is a server error, please contact the webmaster.

Looking at the Event Logs of the server, there wasn’t much useful errors on the server. We then ran the “Secure Gateway Diagnostics” test on the gateway server and saw some connection issues. There were a “red X” on the WI and the Authorized servers connections. Ping tests to and from those servers showed up fine. We were getting replied from it. Since no one can connect into the Citrix environment at all, we went ahead and restarted the Secure Gateway server and also the Web Interface server (in this environment, both roles are installed on the same server). Once the server is rebooted and up, we ran the “Secure Gateway Diagnostics” test again. This time all connections are showing a “green check” on them. We did a local test and browsed into the Citrix portal URL and the site loaded up and we were able to log into it. We then did an external URL test with users. Instead of getting the “Bad Gateway 502 error” page, they are getting a “Page Not Found” page. It is a strange problem. We reviewed all network and server changes for this client, and also checked firewall rules to see if traffic are blocked but found none.

Our last option was to redo the configuration settings for the server. Once we went through the “Secure Gateway Configuration Wizard” (with all the same settings as previously), ALL connections were starting to work again.

Afterward, we have reviewed some monitoring logs and it showed that the HTTPS protocol on this server was dropping or timing out for some time. Guess the connection finally breaks. But we think the issue was do to a local techie that worked at the client side ran the “Secure Gateway Configuration Wizard” and existed it out half way. Even though he didn’t save the settings, it some how corrupted the original settings. By running the configuration wizard and saving it re reestablish the connection.