• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1040
  • Last Modified:

Citrix Web Interface and Natted Address

Hi

we have users coming in over a firewall from another site to hit our internal web interface servers.

they can login in using the natted address of 192.168.244.110 ( http://WI/citrix/TEST) intenral is 172.22.240.24

they can login ok but when they try and fire up an application they get the error message "cannot connect to presentation server, there is no citrix presentation server configured on the specified address.

They only need to get to 1 server CTXSRV001 172.22.240.10   I have set this up with altaddr of 192.168.244.89

on the Web Interface

DMZ = Alternative
Address translation = 172.22.240.10  1494  192.168.244.89 1494

The web interface has 3 different access platforms.  These user will only connect to this test site the other 2 sites work fine and point to same data collectors as this does.

I am convinced the Web Interface is set up correctly but would any pointers.

the network traffice on port 1494 iis inbound only, I think this should be in both directions.. but firewalls say they cant see any traffice,
0
The_Waltzing_Shark
Asked:
The_Waltzing_Shark
  • 4
  • 2
1 Solution
 
BLipmanCommented:
Can you right click one of the apps, choose save as..., then save to the computer, open the file (called launch.ica) with notepad, and post the contents?  Do I hear you right when you say that the site works fine from within the 172 network?  

Post your ICA file and let's see if you are getting the proper address.  
0
 
The_Waltzing_SharkAuthor Commented:
Yes, works for the 172 sites that are all behinf firewall.  

I have been informed the Firewall performs NAT    The Prresentation server they will connect to has an alternative address.  On WI site i have remoced the translated address i put in there and left DMZ settings as default = alternative.

I will have to wait till tuesday now.  
0
 
The_Waltzing_SharkAuthor Commented:
Can anyone advise what ports will need to be open on firewall

, i got xml service on port 8080 & 1494 (session reliability not used)

Do both need to be opened inbound and outbound on firewall????
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
The_Waltzing_SharkAuthor Commented:
enclosed is the ICa file.

i got the ports open of firewall to be able to ping and pinged the following

Natted address of IP 192.168.244.110 ( http://WI/citrix/TEST) - worked fine

internal address of Citrix PS server - 172.22.240.10- expired in transit
alt addr of Citrix PS server - 192.168.244.89 -  timed out

below is ICA file

[Encoding]
InputEncoding=UTF8

[WFClient]
CPMAllowed=On
ClientName=WI_CBXLdNBvKATSbcHCO
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=On
VSLAllowed=On
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
Notepad - Test=

[Notepad - Test]
Address=192.168.244.89:1494
AudioBandwidthLimit=2
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
CGPAddress=*:2598
ClearPassword=26634CF40503F0
ClientAudio=On
DesiredColor=8
DesiredHRES=1024
DesiredVRES=768
DoNotUseDefaultCSL=On
Domain=\CABE1AF434C713A1
InitialProgram=#Notepad - Test
LPWD=16
Launcher=WI
LocHttpBrowserAddress=!
LogonTicket=26634CF40503F0CABE1AF434C713A1
LogonTicketType=CTXS1
LongCommandLine=
NRWD=16
ProxyTimeout=30000
ProxyType=Auto
SSLEnable=Off
SessionsharingKey=2119128539
StartIFDCD=1241694142315
StartSCD=1241694142315
TRWD=0
TWIMode=On
TransportDriver=TCP/IP
UILocale=en
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

0
 
The_Waltzing_SharkAuthor Commented:
anyone ???
0
 
BLipmanCommented:
It appears the site is still trying to use Session Reliability:
CGPAddress=*:2598

Suggestion 1: open 2598 and see if this fixes it
or
Suggestion 2: disable SR through the web interface (http://support.citrix.com/article/CTX108439)
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now