TIDIProducts
asked on
XenDesktop 5 Web Interface Error 1030
Hello Everyone,
I have another issue that's really getting to me at this point. I've recently put a new server into my DMZ that is hosting the web interface for my Citrix XenDesktop 5 environment. The problem I'm having is that every time I attempt to connect to one of my desktops, from outside the network, I end up getting:
The connection to the desktop group failed with status 1030.
I've been through the Citrix forums, articles and some of the other similar articles here as well to no avail. It's frankly driving me nuts because I can't figure out exactly what's stopping it up.
Anyone have any thoughts on things to check out?
Regards,
Jason Klingberg
I have another issue that's really getting to me at this point. I've recently put a new server into my DMZ that is hosting the web interface for my Citrix XenDesktop 5 environment. The problem I'm having is that every time I attempt to connect to one of my desktops, from outside the network, I end up getting:
The connection to the desktop group failed with status 1030.
I've been through the Citrix forums, articles and some of the other similar articles here as well to no avail. It's frankly driving me nuts because I can't figure out exactly what's stopping it up.
Anyone have any thoughts on things to check out?
Regards,
Jason Klingberg
ASKER
Okay I checked the TMP files and they are not looking up by FQDN, they are looking up by IP. So in the file I'm seeing IP:1494. I checked the firewall and I have rules setup in there for it to be able to access the local LAN on 2598, 1494 and 443. Are there any others that I need in this case?
Xendesktop does not behave like xenapp. You can't just point a nat at the web interface and expect it to work on the WAN. Xendesktop needs to go through a proxy to function properly. Your going to need to setup secure gateway at a minimum.
There is a way to do this without a proxy but it's a nightmare and doesn't scale. You would have to setup a public ip for each desktop.
If this is mission critical deployment, you might want to consider getting a netscaler standard mpx or virtual netscaler vpx. They even have a free version on the netscaler vpx. I believe it can handle 5mbps of traffic which might suit you just fine depending on what your doing.
Netscaler will give you ica-proxy and intelligent load balancing and health checking of your web interfaces. Check it out.
There is a way to do this without a proxy but it's a nightmare and doesn't scale. You would have to setup a public ip for each desktop.
If this is mission critical deployment, you might want to consider getting a netscaler standard mpx or virtual netscaler vpx. They even have a free version on the netscaler vpx. I believe it can handle 5mbps of traffic which might suit you just fine depending on what your doing.
Netscaler will give you ica-proxy and intelligent load balancing and health checking of your web interfaces. Check it out.
ASKER
Thanks Adam. I will check it out and let you guys know how I make out with it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help Adam. That was the one piece that I was missing with it. I did use the Secure Gateway product but will take your advice and look at the access gateway / netscaler vpx options.
Thanks again!
Thanks again!
No Problem Jason. If you feel like diving into the Netscaler and get stuck, I'll be here =)
1) the correct firewall ports are opened between the DMZ and your internal network
2) DNS - if you see the error 1030, check your %Temp% folder. There will be .tmp files in there of about 2kb which are the actual ica files. In there you will find the actual dns name it is trying to resolve. It should be the FQDN of one of the desktops. You will need to make sure this is resolvable