Your app is not available. Try again later.

Oeyhope
Oeyhope used Ask the Experts™
on
Hello!

I am setting up a new citrix server with xenapp 6.5. Authentication is working fine and I am able to logon to WI.All my published apps are available here. But when trying to launch I recive the following errormessage: Your app is not available. Try again later.

In eventlog on Xenapp 6.5 server and webserver no errormessages is displayed.

When running qfarm /load on xenapp server load is reported to 0. Then running qfarm /load right after trying to launch a app load is reported to 100. This is normal?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Ayman BakrSenior Consultant

Commented:
Do you have hotfix rollup pack 1 installed?

http://support.citrix.com/article/CTX132122

Are you using Storefront?

Author

Commented:
I do not have any hotfix installed. Will try to install the rollup pack :)

Also not using storefront

Author

Commented:
Sorry, same problem after hotfix rollup. I have also opened all firewall ports between xenapp server and webinterface. Same problem.
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Author

Commented:
Are there any other log files I can check to try to find  where the problem is?
Ayman BakrSenior Consultant

Commented:
Did you restart the XenApp server after installing the hotfix?

Can you check whether you have properly configured the XML and security ticket authority on the web interface - provide screenshots
You will get this error whenever the port is blocked. Check for the port 1494 and 2598 port. Telnet from the machine from where you are launching the citrix application:

telnet <ip address of the server on which the application is published> 1494
telnet <ip address of the server on which the application is published> 2598

Author

Commented:
Mutawadi: Yes i restarted both xenapp server and WI

Attached is screenshots from XML and STA configuration
xml-service.png
sta.png

Author

Commented:
mlwa12144: I tried to telnet from web interface to xenapp server. Port 1494 responed with ICA in telenet windows. Telnet to port 2598 responded with a black screen. No text. But port is opened in firewall. Attached is my firewall settings between web interface and xenapp server. 192.160.30.20 is webinterface and 192.168.1.95 is xenapp server
citrix-firewall-ports.png
Ayman BakrSenior Consultant
Commented:
Your STA and XML configuration seem fine - my question would be: is Venus the same as the XenApp server, or web interface server or a separate one?

In the firewall the web interface IP shows 192.168.30.20  - however you said the IP is 192.160.30.20, but I guess the latter is a typo. However you need to note that you need to open those TCP ports 1494, and 2598 on the firewall between the clients and the XenApp servers. So if the clients are not in the same vLAn as the Web Interface then you need to open the ports on the firewall between the clients vLAN and the XenApp vLAN.

Author

Commented:
Thank you for your response Mutawadi

Venus is my XenApp server :)

Web inteface ip is 192.168.30.20, sorry about the typo. I authenticate using Citrix Access Gateway. This is working fine. So the firewall ports is open correct? Attached is another firewall config from traffic coming outside
firewall-ports.png

Author

Commented:
I have noticed after installing hotix rollup this error message in eventviewer on xenapp server: An error occurred when processing incoming CGP downstream data.
Senior Consultant
Commented:
If you authenticate using CAG then you need to open TCP port 443 between the clients and CAG and, I believe TCP ports 1494 and 2598, between the CAG and XenApp servers.

But as you are using CAG then ensure that you are using Gateway Direct on the Web Interface. From the previous screenshots, and as you are using CAG, why isn't your CAG URL configured with https?
Ayman BakrSenior Consultant

Commented:
Processing incoming CGP... downstream data, is a sign that the Maximum Access Gateway Users Allowed is too low on your CAG. Ensure that this value on the CAG matches the number of licenses.
Top Expert 2010

Commented:
If you have used NAT in the firewall, then also make sure you also set Gateway translated in the web interface console
Can u configure by pass the CSG if the apps launch sucessfully if no CSG . If so then drill down
to CSG , Aslo would u try IP directry instead of .local ?

Also You see all icons right ? if so right click any of icon and save as *.ica ...use a wordpad to edit it , check the config in details... can the application resolve the right ip and right locations ?

Try edit the wordpad parameter if you think related , save and click it until it laucnh the corresponding apps.

Author

Commented:
Thank you all for solutions. I will try these solutions when I get back to work in a couple of hours :)

Author

Commented:
I have tried bypassing the CAG, and same problem exists. So problem must be between xenapp server and webinterface.

Communication between CAG and Xenapp servers are open, since XenApp and internal inteface on CAG are on same network and not behind a firewall.

CAG is also setup at gateway direct. Should work even if CAG is not setup with https?

I am able to logon to webinterface and see icons. Here are a sample of a published notepad app. Only interesting thing here are the SSLProxyHost: citrix.example.com. This url is pointing to my cag. Is this wrong? Should it point to my webserver instead?

[Encoding]
InputEncoding=UTF8

[WFClient]
CPMAllowed=On
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=Off
VSLAllowed=On
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
Notepad=

[Notepad]
Address=;10;STA77A6F1EF8DC2;F0812E24B691A16B8237C7E2B64FE62C
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
ClearPassword=E42E791A498C50
ClientAudio=On
DesiredColor=8
DesiredHRES=0
DesiredVRES=0
DoNotUseDefaultCSL=On
Domain=\D3A12BD64D00B702
FontSmoothingType=0
HTTPBrowserAddress=!
InitialProgram=#Notepad
LPWD=0
LaunchReference=Yg3nKqDCJR6/Amn9+nYBR9DZzV6C062uXP41jGz23tc=
Launcher=WI
LocHttpBrowserAddress=!
LogonTicket=E42E791A498C50D3A12BD64D00B702
LogonTicketType=CTXS1
LongCommandLine=
NRWD=0
ProxyTimeout=30000
ProxyType=Auto
SFRAllowed=Off
SSLCiphers=all
SSLEnable=On
SSLProxyHost=citrix.example.com:443
SecureChannelProtocol=Detect
SessionsharingKey=-NsYhxgXU56oL2ZZ219PUeN
StartIFDCD=1346838632339
StartSCD=1346838632339
TRWD=0
TWIMode=On
Title=Notepad
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

Open in new window

1st thing u can check is off SSLEnable=off ...to make a real direct connecton to your notepad.
of course your should set notepad can accept any kinds of connection. if it work then
change your SSL proxy gateway and test again. something like csg.yourdomain.com:443


http://support.citrix.com/article/CTX115468

Author

Commented:
After som research on my firewall, I noticed this error shows up everytime I try to open a app on citrix

Deny IP spoof from (203.X.X.X) to 58.X.X.X on interface outside

The 203.X.X.X is my legitimate WAN address for those in the inside network where as 58.X.X.X would refer to the WAN IP for the Citrix web Inteface.
Commented:
Problem solved. Solution was to add range for ica access control list in cag. See screenshot Now external and internal users can open apps :)

Now as a last question. How can I have internal users not authenticate using cag? This is only needed for external users
ica-access.png

Author

Commented:
Solution was to add range for ica access control list in cag. See screenshot Now external and internal users can open apps :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial