• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1187
  • Last Modified:

Launch Public appl via WebInterface vs Custom ICA connection


I am trying to access some public applications via a custom ICA connection. I am getting the following error.

"Cannot connect to the Citrix Presentation Server.
The Citrix Presentation Server you have selected is not accepting connections."

But I can access all my published application just fine via the Web Interface, just not via custom ica settings.

Can anyone point me into the right direction here?


  • 6
  • 4
1 Solution
Try the following:

Check your firewall configuration - are you using alternate addressing - as Web Interface will apply the correct IP info to the ICA file whereas using PN you are required to enter the correct information.

Run RDP client (go to Start->Run->mstsc), if RDP client fails, you should check your Microsoft Terminal Services Licensing server and the number/availbility of TSCAL licenses.
Also it is worth asking the following questions:

Has it ever worked?
If yes then what has changed?
Does it work on any other PCs or for any other users?
If so what is different?
Are you using a personal firewall on your pc which is blocking the ICA client or ports?
TLANGIAuthor Commented:

It has actually never worked, I have never tried it. No I am trying to setup some thin clients and because of that I experienced that problem for the first time.
It only works on the LAN but for no one and from nowhere WAN sided.

Can you please give me some more details to your first reply: "Check your firewall configuration - are you using alternate addressing - as Web Interface will apply the correct IP info to the ICA file whereas using PN you are required to enter the correct information."

What do you refer to when you say "enter the correct IP" ?

Are there additional ports to open for using PN (besides 1494 and 80)?
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

So the custom connection works from the LAN?

But not from the WAN?

Do you use the Web Interface from the LAN only or via the WAN as well?
Which one does it work for?

You will need to work out how connections are made via the WAN...

Are you traversing a NAT Firewall?
Are you using a VPN to connect in?

Please confirm which methods are connecting successfully for which environments using which components.....
TLANGIAuthor Commented:
I found what is going on but don't know how to fix it.
I can browse the public applications via PNA but when I lunch any, the citrix server hands back the LAN IP and not the public IP, therefore the Launch fails. How can I fix that?

I am traversing a NAT firewall.

The WebInterface work from  the LAN and WAN side.
Did you setup the Web Interface and configure it for alternate addressing? This would assist the NAT FW traversal.

Unfortunately this is why you would use web interface - because it publishes the public address to you which is then translated at the NAT FW to the appropriate server...

I am not sure you could achieve the same using PN Agent - did you deploy PN Agent using web interface? I cannot remember if you can configure the agent for alternate addressing....
TLANGIAuthor Commented:
I did setup the web interface for alternate addressing.

So if I do understand your correctly, in order for the PNagent to work, I have to be on the local LAN first? e.g VPN ... ?

Right - I had to read up on this just to make sure....

When you set up the PN Agent site in the Access Suite Console in the Web Interface section, there are no configurations for Secure Client Access (such as DMZ Settings, Address Translations etc.) By default, PN Agent sites connect using the Direct access method, which means they work on the LAN out of the box.

You can configure PN Agent to connect over the WAN but you have to configure the conf file manually as PNA doesn't take the settings from the WI site. So if you need NAT to get to the servers, then you will have to reconfig the conf file for that manually.
You can compare the two files (WI conf and PNA conf) and get the details from there.
The webinterface.conf is in the Metaframe\Conf folder under IISroot\Citrix and the PNA conf file is in the PNAgent\Conf folder.

Or to get the same settings for PN and PN Agent, copy the C:\Inetpub\wwwroot\Citrix\MetaFrame\conf\WebInterface.conf to C:\Inetpub\wwwroot\Citrix\PNAgent\conf (probably wise to back up the old one, just in case), restart IIS to apply the changes, and everything should work.
This is a lot simpler then manually editing the WebInterface.conf file.....
You will have to do this whenever you make configuration changes to the PN site.......
This is of course assuming that you installed everything in the default locations.....

I am pretty sure that the AlternateAddress=mapped entry in the WebInterface.conf file under the PNAgent directory need to be changed to AlternateAddress=On.

Let me know how you get on...
TLANGIAuthor Commented:
You have solved my problem !!!
I used the export configuration option to export the WebInterface.conf file and imported it via the import function for the PNA site.
Restarted the IIS and vola.
Now there is just some finetuning left.

I can't thank you enough.

The Citrix Forum is usel... compared to EE.

No problem - glad I could help!

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now