Cannot connect to the Citrix XenApp server There is no Citrix XenApp server configured on the specified address

Is there a reason you haven't installed Citrix Secured Gateway (CSG) in the DMZ? Your current install is completely open for hackers and all traffic can be viewed by anyone with a freeware packet sniffer...

My suggestion would be to install CSG on your External facing Web Interface site and configure it according to these two links:
Pre-install checklist: http://support.citrix.com/article/CTX116427
Admin Guide: http://support.citrix.com/article/CTX116425
In the Admin Guide you want to follow Scenario A - Single Hop DMZ setup.

You can also follow these guides for setting everything up:
http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html
http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part2.html


Of course the above is just my very strong recommendation - should you chose to go forward as is make sure you are setup as follows:

This usually means that these servers need to have external IP address assigned, this can be worked around with NAT Assigned IP addresses on the firewall - but each server still needs it's own address.
For example (ips are just for examples):
Server A: Internal IP=10.0.0.1 Server B: Internal IP 10.0.0.2 Server C: Internal IP 10.0.0.3
Each server needs it's own address accessible from the Internet, so on your external firewall you would configure NAT address that translate public IPs to these internal IPs.
Server A: External IP=72.72.72.1 Server B: External IP=72.72.72.2 Server C: External IP=72.72.72.3
On each Citrix server you need to setup altaddr using the altaddr cmd (this tells Citrix it can accept requests sent to these addresses
Server A: altaddr /set 72.72.72.1
Server B: altaddr /set 72.72.72.2
Server C: altaddr /set 72.72.72.3

Now on the External Web interface, you would go to AMC > WI Site > Edit DMZ Settings > Use Alternate Address = Default, Direct = your internal IP Address Range (10.0.0.0/255.255.255.0 - from my example above).

Ports to open:
Internet to Web Interface: 80
Internet to Citrix Servers: 1494, 2598
Web Interface to Citrix Servers: 85 (your XML port)

After all this is setup you can test - but again I highly discourage that you install it this way - CSG should be included with your Citrix Software (check with Citrix to be sure) and the CSG setup cost you a simple SSL Cert every year... Well worth the investment.

pfcjoker:

Thanks for the information and I completely agree, however i am new to citrix and before is start setting up csg feature, I need to have remote offices working asap.  Having said that,

My citrix server only has one nic and has one to one nat translation setup on firewall. all ports are open and applications are enumerating "it says connection in progress and after that it crashes" any other suggestions?  Im sorry if i missed the point.  I do understand the security side but time is of the essence.

When you type altaddr on your one Citrix server what does it show?

From your client can you telnet to the following ports at your external facing IP:
1494
2598

Is your Web Interface server setup with Alternate Addressing as the default method? Does the direct connect have your IP/range?

Define crashes? Do you get a specific error? Are there any error/warnings in your Application/System eventlog on the Citrix server / Workstation at the time of "crash"?

altaddr:

localhost - 192.168.10.101
alt address - Public IP

Local telnet: (Everything works internally)
1494 - Response = ICA
2598 - Response = blinking dash

Direct is setup as follows:
192.168.10.0 Mask 255.255.255.0

Default access method is translated

Translation map:

192.168.10.101 int port 1494 external ip external port 1494
SETUP THE SAME FOR XML, 2598 AND PORT 80

Crashing was some what misleading, error is:

Cannot connect to the Citrix XenApp server There is no Citrix XenApp server configured on the specified address

Thanks again

Telnet from outside works the same

these are all tcp ports as per citrix docs

yes. and then I deleted firewall translation rules in manager just to make sure there arent any "conflicts", also when i had them in before for all the ports "type" was client since im not using a gateway. other option was gateway or both

Web works fine! I dont get it

So are you saying that when the use the web client they work fine but when they use a different client i(like PN) it doesn't?

yes, when they use the full client and not web plugin we get the error.

Ah that's because the Full Client also needs access to the XML service. If you plan on using a full client externally - you also should open your XML Port thought he firewall (and make sure it works via telnet to that server/port).

Thanks for staying on top of this...

Port 85 is xml and it is open. I do get a response from port 85.  Citrix WEB PN

I've never attempted to direct connect from the internet into a private NAT'd LAN IP - I'm not sure if the traffic will be routed correctly back to the client, in theroy the altaddr feature on the server should handle that, but it's hard to say. Short of contacting Citrix the only other thing I can think of is to either turn off session reliablilty if it's on and see if that helps.

ok im going to try the session reliability function. Also, browser is set for UDP....all my ports are tcp and I assume browser is used for finding applications on citrix server.  Also, i have set this up before and you are correct, alt address did address the problem before.  Will keep you posted.  Thanks

Sounds good, just let me know if that helps.