Link to home
Start Free TrialLog in
Avatar of Tech_Me_More
Tech_Me_More

asked on

Cannot connect to the Citrix Xenapp server. protocol Driver Error)

Having difficulties accessing accessing Citrix Server / launching applications from the outside thru firewall.

I can get to the Cirtix Logon Screen from the outside but after inicial login / authentication when I try and launch application It does not function appropriatly. Cannot lauch any applications. Receive this error.  (Unable to lauch your application. Contact your heldesk with the following information. Cannot connect to the Citrix Xenapp server. protocol Driver Error)

The Website/Citrix is also using SSL Cert for HTTPS.

Having some issues setting this up correctly "Manage secure client access" in "Citrix Access Management Console".

I can access the Citrix environment from inside the firewall on the local network and access / launch applications without any issues running Citrix Apps from internal. Issue is only coming from public side.

Also only port 80 and 443 is open on our juniper firewall.

The Server is running (Windows 2008 Server 64-Bit, Citrix XenApp 5.0 Advanced Edition.

The Server is connected to local network 192.168.x.x all of the Cirtix Modules / Applications are running a on 1 single Server/Box.

Example: Private IP Internal 192.168.x.x NATs to 170.2.2.2
SOLUTION
Avatar of Carl Webster
Carl Webster
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
have you set the alternate address on the servert to it's NATed Address?
Are you using a Secure Gateway, Access Gateway, or NetScaler?  If not, you'll need 1494 open as well.  If you are using a CSG, AGEE, or NS you'll need 1494 opened between them and your XenApp server.
Avatar of Tech_Me_More
Tech_Me_More

ASKER

This is a Cirtix Test Server. Did not realize that the Secure Gateway was not installed after completing the overall installation. All of the Citrix Services / Modules are running on the same server. When It comes to the option Configure Inbound Client Connections it defaults Monitor all IPv4 addresses / TCP Port 443. It will not allow me to configure thet Secure gateway because port 443 is already being used which is currently being used by the Web Server IIS.
You'll want CSG running on 443 and the IIS site running on a different port (usually 444 to make it easy).  
The link I sent you earlier, will walk you thru all the configurations steps.
I followed all the steps in your documentation CarlWebster for Secure Gateway. Now when i try to access the https://  Citrix Site I get error page can not be found.. Now only internal http:// works.. Seems like the SSL / Connectivity for HTTPS:// has broken.
i didn't read through carl's documentation that you followed yet, but did you ensure that secure gateway is running on port 443 and IIS is on 444?  
iis-ssl444.JPG
Here is how I have it set in II6

citrix-IIS.bmp
This is IIS runing on Windows Server 2008
Since you are inside your network, the article I wrote says you need to go to https://fqdn:444
Right above Figure 10-81 (Page 6):

Open your Internet browser and go to https://FullyQualifiedDomainName:444.  
I can access from inside, but not able to access from outside. Here is an example on how it is set up outside vs inside:

Firewall Ports Open: 80/443
SSL Cert: citrix.acme.com

173.11.11.11 Outside:
https://citrix.acme.com (page not found error)

192.22.22.22 Inside:
Citrix Server

On a PC on inside
http://servername (works)
http://servername.domain.local (works)
https:// with and without :444 at end (does not work)

On Citrix Server on inside
If I go into IIS Manager and do a "browse" https:// will work
http://servername (works)
http://servername.domain.local (works)
https:// with server name or cert name (works) with and without :444 at end (works)

I'm sure it's something dumb I over looked... :)
WIndows Firewall on Citrix Server?  Disable and stop the Windows FW service.
Yep it was firewall! I can now get to citrix web page from outside and PC on inside. Here is the next bump in the road. From PC onthe inside I can now do https and launch published app. From the outside I can log into citrix login page, but when I click on publish app I get the following...

citrix-error.bmp
You don't have the WI Site secure access setup properly.
Sorry, hit submit too soon.

You should be using Gateway Direct.

You can have two options setup.  One for Gateway Direct if you want internal and external users to go thru the CSG.  If you want internal users to hit the WI Site directly, then you add a Direct option and use 192.22.0.0/16.
Ok I set the following:

192.22.22.0 255.255.255.0 Direct
Default Gateway Direct

Address (FQDN): citrix.acme.com
Port: 443
Enable Session Reliability (has a checked)

STA: http://servername.domain.local/scripts/ctxsta.dll

Still getting the same error that I just posted.... :(
In your original question you said you were using local IP 192.168.x.x and later you say 192.22.x.x.  WHich one is correct?
In CSG, what did you enter for the FQDN for the STA?

What is your XML port?
Citrix-Settings.doc

Oops apologize for that. All the IP Addreses / numbers I'm posting are fake numbers. We'll stick with the IP Numbers I posted last. But keep in mind that those are not the actual Private and Public numbers I'm using :)

I have attached some screen shots.
I tried "Gateway Translate" as well... I'm guessing this is what I should be using since the private IP is being NAT to a public IP, but still not luck... I bet it's a simple fix and I'm going to be kicking myself once this problem is fixed. :)
On my router/firewall I redirect all 443 traffic coming from citrix.websterslab.com to the internal IP of my CSG/WI server 192.168.1.105.  I use Gateway Direct and have never had a problem.  That is what I used in the article I referenced earlier.

FQDN - try just CTESTSVR1 (make sure you can ping CTESTSVR1 and CTESTSVR1.domain.local)

What is your XML port?  That is in your farm settings.

If you have a few minutes to troubleshoot, send me an e-mail to my e-mail address in my profile.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I disagree with you.  MY article specifically states on page 8 to use Gateway Direct with CSG.

http://www.dabcc.com/article.aspx?id=15055&page=8

I had to pay a Citrix Tech to help figure out what else was causing my issue.