davesnb
asked on
citrix firewall issue
Testing a third party fw issue and posting here as another admin is having issues configuring his fw. My question is, I can telent to port 1494 but cannot connect thru citrix client, gives "no connection to citrix xenapp server" despite establishing a socket on 1494 could there be an alternate fw rule to consider?
ASKER
Yes it is web portal. Can get on the site but when I click the desktop app, the client app launches but met with error described above
ASKER
Will try that, here is the latest log, it is trying to connect and failing on 6101, what service is on that port? Why is it trying to connect on that, I though it was port 10000
[4004] 03/09/11 05:45:40 BETCPConnection::LoopThrou ghListAndC onnect: Could not connect to remote address "192.168.32.201" Error:10061.
[4004] 03/09/11 05:45:40 @@@@@@@MyCloseSocket called with sockfd = 640(0x280) retval = 0
[4004] 03/09/11 05:45:40 BETCPConnection::CreateCon nectionFro mHostAndPo rt: Remote Host: "SQLBU": There were no addresses returned, belonging to family: IPv6
[4004] 03/09/11 05:45:40 BETCPConnection::CreateCon nectionFro mHostAndPo rt: Could not create a connection to "IASSQLBU" because attempts with both IPv4 and IPv6 protocols failed
[4004] 03/09/11 05:45:40 Could not create a BETCPConnection object from address: SQLBU error=An error occurred during a socket connect operation: Error Code: 10061, System Error Message: No connection could be made because the target machine actively refused it.
[4004] 03/09/11 05:45:40 NrdsAdvertiserThread: connect to target=SQLBU port=6101 failed
[4004] 03/09/11 05:45:40 BETCPConnection::LoopThrou
[4004] 03/09/11 05:45:40 @@@@@@@MyCloseSocket called with sockfd = 640(0x280) retval = 0
[4004] 03/09/11 05:45:40 BETCPConnection::CreateCon
[4004] 03/09/11 05:45:40 BETCPConnection::CreateCon
[4004] 03/09/11 05:45:40 Could not create a BETCPConnection object from address: SQLBU error=An error occurred during a socket connect operation: Error Code: 10061, System Error Message: No connection could be made because the target machine actively refused it.
[4004] 03/09/11 05:45:40 NrdsAdvertiserThread: connect to target=SQLBU port=6101 failed
ASKER
disregard previous post , wrong thread, sorry
ASKER
I am able to get on thru the program neighborhood application set creation process, however cannot get on via the web portal . The ports that are open where i am trying to connect is ;
8080/tcp open http Citrix Metaframe ICA Browser
1494/tcp open citrix-ica Citrix Metaframe XP ICA
443/tcp open ssl/http Microsoft IIS webserver 5.0
80/tcp open http Microsoft IIS webserver 5.0
541/tcp open osiris osiris host IDS agent
3389/tcp open microsoft-rdp Microsoft Terminal Service
He was merely changing the fw, the metaframe server did not change. However, cannot get on via web browser now that the new fw is in place. Here is the contents of the ICA file from web browser ,scrubbed version. Again, I can log into the sight , but when i click the application icon "admin desktop" the web error is "cannot connect to citrix xenapp server, no server configured on specified address" .
[Encoding]
InputEncoding=ISO8859_1
[WFClient]
Version=2
ClientName=domain-user9999
RemoveICAFile=yes
[ApplicationServers]
Admin Desktop=
[Admin Desktop]
Address=192.168.1.6:1494
InitialProgram=#Admin Desktop
LongCommandLine=
DesiredColor=2
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
AutologonAllowed=ON
Username=user9999
Domain=\ENCRYPTED
ClearPassword=\ENCRYPTED
DesiredHRES=800
DesiredVRES=600
TWIMode=Off
EncryptionLevelSession=Enc RC5-128
SessionsharingKey=2-rc5-12 8-none-dom ain-user99 99-citrixF arm
[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll
[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll
[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll
[EncRC5-128]
DriverNameWin16=pdc128w.dl l
DriverNameWin32=pdc128n.dl l
[Compress]
DriverNameWin16=pdcompw.dl l
DriverNameWin32=pdcompn.dl l
8080/tcp open http Citrix Metaframe ICA Browser
1494/tcp open citrix-ica Citrix Metaframe XP ICA
443/tcp open ssl/http Microsoft IIS webserver 5.0
80/tcp open http Microsoft IIS webserver 5.0
541/tcp open osiris osiris host IDS agent
3389/tcp open microsoft-rdp Microsoft Terminal Service
He was merely changing the fw, the metaframe server did not change. However, cannot get on via web browser now that the new fw is in place. Here is the contents of the ICA file from web browser ,scrubbed version. Again, I can log into the sight , but when i click the application icon "admin desktop" the web error is "cannot connect to citrix xenapp server, no server configured on specified address" .
[Encoding]
InputEncoding=ISO8859_1
[WFClient]
Version=2
ClientName=domain-user9999
RemoveICAFile=yes
[ApplicationServers]
Admin Desktop=
[Admin Desktop]
Address=192.168.1.6:1494
InitialProgram=#Admin Desktop
LongCommandLine=
DesiredColor=2
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
AutologonAllowed=ON
Username=user9999
Domain=\ENCRYPTED
ClearPassword=\ENCRYPTED
DesiredHRES=800
DesiredVRES=600
TWIMode=Off
EncryptionLevelSession=Enc
SessionsharingKey=2-rc5-12
[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll
[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll
[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll
[EncRC5-128]
DriverNameWin16=pdc128w.dl
DriverNameWin32=pdc128n.dl
[Compress]
DriverNameWin16=pdcompw.dl
DriverNameWin32=pdcompn.dl
Can the user get to your server at IP 192.168.1.6 from their location? I seriously doubt it.
ASKER
Good point, why is the ica file being generated have adderess as Address=192.168.1.6:1494 . i checked that against a working ica file to another site and address= a proper public ip. The ica file is telling my client to connect to 192.168.1.6 , which obviously i will not be able to connect to across the net.So how is this resolved?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
further info , NFuse_IPv4AddressAlternate I set the correct external ip in the template.ica file on web, that corrected it. In my case, we do not use the secure gateway.
If Web Interface you will need to open TCP ports 80 or 443.
If they are using Session Reliability, then you need TCP 2598 open.
Port 1494 is the standard ICA port.