Citrix MetaFrame XP On WIN2K3STD Error: The Citrix MetaFrame server you have selected is not accepting connections

I have the above installed, feature release 3 with sp3. Inside the network I can connect to the apps and desktops no problem, and can do the same externally via vpn to the server. But if I connect from an external machine to the citrix server using http and tcp/ip this problem happens. I have installed 5 cals for ts on the server. Citrix ports are opened on the firewall.

Any ideas?

Thanks.
dbcompAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mgcITCommented:
Are you connecting from a web interface or just using Program Neighborhood?

Have you set up an alternate address on the server using the altaddr command?

Please specify which ports you have open.
dbcompAuthor Commented:
I'm connecting in the program neighbourhood, with ports 2594 1494 tcp, 1604 udp open
could you point to or explain the correct altaddr command please?

Thanks in advance
mgcITCommented:
Yes, altaddr is a command you run on your citrix server to tell it what it's external IP Address.  Each citrix metaframe server must have it's own external IP.  

So from the command line you just run altaddr /set xx.xx.xxx.xxx

Then on your firewall you open the ports to point to this address.  You also need to open your XML port which you don't have listed there.  The default is 80 but it could be anything.  You can see this in the properties of your farm.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

dbcompAuthor Commented:
I ran that altaddr command and then pointed the firewall on 2594 2598 1494 1604 to that external ip but then got this error
An io (input/output) error occurred while your request was being processed
Seems like a timeout...
XML port is default, shared with IIS it says, 80, so that's pointed to the above external ip on the firewall
mgcITCommented:
>> 2594 2598 1494 1604

Why all of these?  You should only need 1494, 2598, and 80 (your XML port)
dbcompAuthor Commented:
I removed 2594 and 1604. Could you explain why you put the public external ip as the address to be forwarded to "inside" the firewall?
I put all wan traffic on 1494,2598,80 to forward to lan port with [external ip] instead of the internal ip of the citrix server, is this right

Thanks..
mgcITCommented:
you are basically just setting up a NAT'd address here.  So when someone hits your firewall from the outside (using the external address) the firewall will translate that to the internal IP Address of your citrix server.  So it would look like this:

60.70.200.150:1494 -----------> Firewall----------->192.168.1.10:1494-----------> Citrix server

I didn't mention before but make sure you set up the NAT on the firewall so it knows where to send the incoming requests to.

The altaddr command is just so that the server knows what it's external IP is.  Normally you don't worry about this and your firewall handles everything but for a citrix environment the server needs to know.  Basically when someone tries to make a connection to your farm the server will deliver back a launch.ica file to the client.  This file will have the IP address of the server listed in it.  And it will know that you are coming from the outside so the ip address listed will be the external address (which you have specified using the altaddr command). If you are connecting from the LAN it will give you the same launch.ica file but will just list the internal IP address instead since you will be able to communicate with that.
dbcompAuthor Commented:
Apologies for the delayed reply. That is the way I had Citrix set up on the firewall, with no luck. Any other ideas?

Thanks.
mgcITCommented:
yes see if you are able to telnet to port 1494 of your server from the outside.  you should get a response that looks something like this:

ICA..ICA..ICA.ICA

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dbcompAuthor Commented:
Have decided to stick with win2k3 ts as citrix's mf xp's speed is negligible over ts for what I need it for. mgcIT was the most helpful, thanks.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.