Solved

cannot connect to the citrix metaframe server.  There is no citrix metaframe server configured on the specified address.

Posted on 2008-09-30
13
16,475 Views
Last Modified: 2012-06-27
I am having a normal citrix setup , I used to connect to client locally thru the web interface i.e. http://test/Citrix/MetaFrame/auth/login.aspx and from internet i used to connect thru the link http://24.187.244.249:8067/Citrix/MetaFrame/auth/login.aspx   as natting is defined in the firewall .

The cleint are getting authenticated from local lan and even from the internet but at the time of launching the appliation its getting launched from the local lan and from internet its giving the following error
"cannot connect to the citrix metaframe server.  There is no citrix metaframe server configured on the specified address."
The Applications are linking like this from lan the address am getting upon clicking an application icon after logging to citrix web interface  "http://test/Citrix/MetaFrame/site/icons.aspx?id=GLIKCNJLABMNFLGIAIOJGGHLEEEIMKCH"  where as from the internet its showing the same application link as "http://24.187.244.249:8067/Citrix/MetaFrame/site/icons.aspx?id=GLIKCNJLABMNFLGIAIOJGGHLEEEIMKCH"  
I could not understand since 24.187.244.249:8067 is pointing to the local ip of test and we are getting the login prompt and getting loggin successfully and showing all published applications but why its not launching the application and giving this error. cannot connect to the citrix metaframe server.  There is no citrix metaframe server configured on the specified address.
0
Comment
Question by:AvalonicsInc
  • 7
  • 6
13 Comments
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 22615956
You'll need to edit your DMZ settings on your WebInterface config (in Access Management Console) to run as "Translated".

What is happening is that your clients are authenticating against your Citrix box, but the Citrix server isn't recognizing that they aren't on the local LAN and handing them an internal link to the application ("http://test/Citrix/MetaFrame.....")

With the translation turned on, your external clients will receive a link to the application that will use your External IP address in the link to the application.
0
 

Author Comment

by:AvalonicsInc
ID: 22632059
I have changed the settings from direct to translated but still not working. Even I created the address translations with internal and external ips but still problem persists.
0
 

Author Comment

by:AvalonicsInc
ID: 22632300
one more thing i need to ask is what are the ports we need to open on the firewall for citrix web interface for external network clients.
0
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 22633728
Hmmmm... Take a look here:  http://www.dabcc.com/article.aspx?id=1755

 Web Interface

o    Client connections - TCP 80/443 (configurable)
o    Server-to-server - TCP XML 80/8080, 443 (using SSL Relay)
o    Management console (partially IMA) - DCOM 135 (+ configurable high port range), IMA-TCP 2513, TCP 80/443
0
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 22634274
Also, another test you can do to verify your Translation configuration:
Log in to WebInterface from outside your firewall and then right-click on the app you want to run, select SaveAs and save the .ICA file to your desktop.  "Edit" the file to take a look at the settings inside the file.

Also, as a reference on configuring the address translation, take a look in the Web Interface Administrators Guide, p. 105
ref:  http://support.citrix.com/article/CTX111709
0
 

Author Comment

by:AvalonicsInc
ID: 22660481
when am saving and opening the launch.ica file its giving me the local ip of the citrix server not the public(natted) ip inside the file . please find below the lauch.ica contents and still same error even though i defined translation.

Encoding]
InputEncoding=ISO8859_1

[WFClient]
ClientName=WI_N8QJaUoyEmBwz7AlO
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=On
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
claculator=

[claculator]
Address=192.168.1.139:1494
AudioBandwidthLimit=2
AutologonAllowed=ON
ClearPassword=927F031BA3FF45
ClientAudio=On
DesiredColor=4
DesiredHRES=800
DesiredVRES=600
Domain=\3DB68889F4A87939
InitialProgram=#calculator
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLEnable=Off
SessionsharingKey=4-basic-basic-test-chrisp-avalonics
TWIMode=On
TransportDriver=TCP/IP
Username=chrisp
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 22660734
Ok, based on the .ICA file you show above, you need to configure the DMZ Settings noted in my previous post and set it for "Alternate" - and specify the internal to external NAT addresses.  Then the correctly formatted .ICA file should be created for your client connection.
0
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 22660862
Sorry, hit submit before I finished my though... you can also verify if you have a static Alt Address assigned on your Citrix box.
At a command line, type:   altaddr   and it'll show if you have anything set up.  If you're using DMZ Translation in your WebInterface, you shouldn't have anything set in your AltAddr - it'll just muddy the water...
Again, take a look around p.105 in the WebInterfaceAdmin Guide, noted above.
0
 

Author Comment

by:AvalonicsInc
ID: 22660979
now I have change the dmz settings to alternate and default to alternate now in the lauch.ica am getting the public ip of the citrix (natted) but still unable to login same error"cannot connect to the citrix metaframe server.  There is no citrix metaframe server configured on the specified address."
0
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 22661037
It's also throwing the connection port as 1494 (ICA), you may want to open that up on your firewall...

> [claculator]
> Address=192.168.1.139:1494
> AudioBandwidthLimit=2
0
 

Author Comment

by:AvalonicsInc
ID: 22661182
After changing to alternate find below the contents of my launch.ica

Encoding]
InputEncoding=ISO8859_1

[WFClient]
ClientName=WI_N8QJaUoyEmBwz7AlO
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=None
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=On
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
Adobe Contribute=

[Adobe Contribute]
Address=24.187.244.248:1494
AudioBandwidthLimit=2
AutologonAllowed=ON
ClearPassword=D7FF3A203D0FF4
ClientAudio=On
DesiredColor=4
DesiredHRES=800
DesiredVRES=600
Domain=\7EFC8EA1C77AB6FA
InitialProgram=#Adobe Contribute
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=None
SSLEnable=Off
SessionsharingKey=4-basic-basic-sbsava4-chrisp-avalonics
TWIMode=On
TransportDriver=TCP/IP
Username=chrisp
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

even though all the ports are opened on my firewall again its giving same error "cannot connect to the citrix metaframe server.  There is no citrix metaframe server configured on the specified address.", I am not using ssl as I dont have any certificate, am using only http so i didnot configured "Secured Gateway Settings".
0
 
LVL 13

Accepted Solution

by:
ScooterAnderson earned 500 total points
ID: 22662893
from a remote client workstation, open a DOS box and type:   telnet 24.187.244.248  1494

If you don't get a connection, either your firewall port isn't open or isn't NAT'd correctly...
0
 

Author Comment

by:AvalonicsInc
ID: 22667216
I  have a linux based firewall "UTANGLE" I did opened all the ports but when i do telnet 24.187.244.248 1494 its not connecting where as when i telnet from internal network to internal ip i.e. 192.168.1.139 1494 its connecting and showing ica in the command window.

even though all the ports are opened and even i again defined port 1494 in utangle but still its not connecting on port 1494.

suggestions are welcomed
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
Citrix XenDesktop 7.6 Citrix Policies Graphics
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now