XenDesktop 5 Web Interface Error 1030

Hello Everyone,

I have another issue that's really getting to me at this point.  I've recently put a new server into my DMZ that is hosting the web interface for my Citrix XenDesktop 5 environment.  The problem I'm having is that every time I attempt to connect to one of my desktops, from outside the network, I end up getting:

The connection to the desktop group failed with status 1030.

I've been through the Citrix forums, articles and some of the other similar articles here as well to no avail.  It's frankly driving me nuts because I can't figure out exactly what's stopping it up.

Anyone have any thoughts on things to check out?


Jason Klingberg
Who is Participating?
AdamBNYCConnect With a Mentor Commented:
FYI the easiest way is with secure gateway as it's a windows based solution. You would just setup secure gateway on that same box that is in the dmz hosting the external web interface But also know that Citrix is phasing out secure gateway. The product is end of life. I think they will still support it for a bit longer.

This was their motivation to give a limited capacity netscaler vpx away. It's positioned as the secure gateway replacement.

There is also an access gateway vpx. The access gateway on the netscaler platform is considered the enterprise access gateway. While the access gateway vpx is the standard.

There is a bit more of. Learning curve on the netscaler, but I would recommend that above all else.
Two things to check:
1) the correct firewall ports are opened between the DMZ and your internal network
2) DNS - if you see the error 1030, check your %Temp% folder. There will be .tmp files in there of about 2kb which are the actual ica files. In there you will find the actual dns name it is trying to resolve. It should be the FQDN of one of the desktops. You will need to make sure this is resolvable
TIDIProductsAuthor Commented:
Okay I checked the TMP files and they are not looking up by FQDN, they are looking up by IP.  So in the file I'm seeing IP:1494.  I checked the firewall and I have rules setup in there for it to be able to access the local LAN on 2598, 1494 and 443.  Are there any others that I need in this case?  
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Xendesktop does not behave like xenapp. You can't just point a nat at the web interface and expect it to work on the WAN. Xendesktop needs to go through a proxy to function properly. Your going to need to setup secure gateway at a minimum.

There is a way to do this without a proxy but it's a nightmare and doesn't scale. You would have to setup a public ip for each desktop.

If this is mission critical deployment, you might want to consider getting a netscaler standard mpx or virtual netscaler vpx. They even have a free version on the netscaler vpx. I believe it can handle 5mbps of traffic which might suit you just fine depending on what your doing.

Netscaler will give you ica-proxy and intelligent load balancing and health checking of your web interfaces. Check it out.
TIDIProductsAuthor Commented:
Thanks Adam.  I will check it out and let you guys know how I make out with it.
TIDIProductsAuthor Commented:
Thanks for the help Adam.  That was the one piece that I was missing with it.  I did use the Secure Gateway product but will take your advice and look at the access gateway / netscaler vpx options.  

Thanks again!
No Problem Jason. If you feel like diving into the Netscaler and get stuck, I'll be here =)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.