Citrix Secure Gateway with NAT address

Posted on 2010-01-08
Last Modified: 2012-05-08
I'm running Citrix XenApp 5 on a Windows 2008 server. Since it's a small installation, I only have one server that hosts everything for this. The server is running Citrix, the Web Interface, the Secure Gateway, and the License Server. My server has an internal address ( and users can reach it from outside through a public address (citrix.myorg.ext) which is NAT'd on the router.

I initially had this installation setup for access through the Web Interface without the Secure Gateway piece and I got everything working. I had configured a site on the Web Interface to use the public address with the address at http://citrix.myorg.ext/Citrix/XenApp. I can access the server from outside the network via the public address and from the inside via the internal address. Now I'm trying to get the Secure Gateway working and this is where I'm running into my problem.

I've configured my Web Interface to use the Gateway Alternate address for the outside since I only want it to use the Secure Gateway when the server is being access from the outside. I configured the Gateway FQDN to the dns that points to the public address (citrix.myorg.ext.) I then set the STA's URL to the internal address ( and made sure that my Secure Gateway is configured to use the internal address as well.

The certificate was created using my own Organizational CA, so I exported out the CA's self signed certificate and imported to both the server and my external workstation.

So, on my external workstation, I open up my browser and i go to the website (http://citrix.myorg.ext/Citrix/XenApp) and I get the log in page. I'm able to log in and see my applications. However, when I try to launch one, I get an error message window that says:

Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. Protocol Driver error.

I normally only see the protocol driver error if Citrix on the server hasn't started yet or it can't communicate. I double-checked to make sure it's still working internally, and it does. Did I mis-configured something? Any ideas?

Any help is greatly appreciated. I'm so close to finishing this project! This is the last piece!

Thanks in advance.

Question by:hcyuan
    LVL 36

    Accepted Solution

    Use Gateway Direct not Gateway ALternate.

    Author Closing Comment

    OMG! 3 words was all it took to fix it! You are a GOD!!! Thank you so much!

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    #SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
    #Citrix #Citrix Policies #XenDesktop #VDI #POC #Citrix Univeral Printer Driver #Citrix UPD
    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now