hcyuan
asked on
Citrix Secure Gateway with NAT address
I'm running Citrix XenApp 5 on a Windows 2008 server. Since it's a small installation, I only have one server that hosts everything for this. The server is running Citrix, the Web Interface, the Secure Gateway, and the License Server. My server has an internal address (citrix.myorg.int) and users can reach it from outside through a public address (citrix.myorg.ext) which is NAT'd on the router.
I initially had this installation setup for access through the Web Interface without the Secure Gateway piece and I got everything working. I had configured a site on the Web Interface to use the public address with the address at http://citrix.myorg.ext/Citrix/XenApp. I can access the server from outside the network via the public address and from the inside via the internal address. Now I'm trying to get the Secure Gateway working and this is where I'm running into my problem.
I've configured my Web Interface to use the Gateway Alternate address for the outside since I only want it to use the Secure Gateway when the server is being access from the outside. I configured the Gateway FQDN to the dns that points to the public address (citrix.myorg.ext.) I then set the STA's URL to the internal address (http://citrix.myorg.int/Scripts/CTXSTA.dll) and made sure that my Secure Gateway is configured to use the internal address as well.
The certificate was created using my own Organizational CA, so I exported out the CA's self signed certificate and imported to both the server and my external workstation.
So, on my external workstation, I open up my browser and i go to the website (http://citrix.myorg.ext/Citrix/XenApp) and I get the log in page. I'm able to log in and see my applications. However, when I try to launch one, I get an error message window that says:
Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. Protocol Driver error.
I normally only see the protocol driver error if Citrix on the server hasn't started yet or it can't communicate. I double-checked to make sure it's still working internally, and it does. Did I mis-configured something? Any ideas?
Any help is greatly appreciated. I'm so close to finishing this project! This is the last piece!
Thanks in advance.
Howard
I initially had this installation setup for access through the Web Interface without the Secure Gateway piece and I got everything working. I had configured a site on the Web Interface to use the public address with the address at http://citrix.myorg.ext/Citrix/XenApp. I can access the server from outside the network via the public address and from the inside via the internal address. Now I'm trying to get the Secure Gateway working and this is where I'm running into my problem.
I've configured my Web Interface to use the Gateway Alternate address for the outside since I only want it to use the Secure Gateway when the server is being access from the outside. I configured the Gateway FQDN to the dns that points to the public address (citrix.myorg.ext.) I then set the STA's URL to the internal address (http://citrix.myorg.int/Scripts/CTXSTA.dll) and made sure that my Secure Gateway is configured to use the internal address as well.
The certificate was created using my own Organizational CA, so I exported out the CA's self signed certificate and imported to both the server and my external workstation.
So, on my external workstation, I open up my browser and i go to the website (http://citrix.myorg.ext/Citrix/XenApp) and I get the log in page. I'm able to log in and see my applications. However, when I try to launch one, I get an error message window that says:
Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. Protocol Driver error.
I normally only see the protocol driver error if Citrix on the server hasn't started yet or it can't communicate. I double-checked to make sure it's still working internally, and it does. Did I mis-configured something? Any ideas?
Any help is greatly appreciated. I'm so close to finishing this project! This is the last piece!
Thanks in advance.
Howard
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER