In its simplest form this is what we have :
A single 2008R2 XenApp Server with Security Roll-up Pack 1 installed. This server also has the Web Interface Role installed.
The Web Interface has a XenApp Web Site installed and XenApp Services Sites installed. Both using XML Transport HTTP and XML Port 80.
On the internal LAN the XenApp Web Site loads and runs all of the published applications without any issues at all.
However the problem comes in with external access.
There is a single public IP Address lets say 220.127.116.11 that is presented to our firewall.
Port 443 is opened on our firewall to direct traffic to the internal IP address of the XenApp and Web Interface server.
The XenApp server has an SSL Certficate installed.
The Citrix SSL Relay Configuration is enabled and is listening on port 443. Encryption standard is port TLS v1.
Its listening on 443, and relaying to the FQDN of the XenApp server and its IP address. Both ports 80 and 1494.
Sounds straight forward.
When we try to access the XenApp Site from outside the firewall, with the https FQDN its loads fine, active directory authentication is fine. The list of published applications is displayed correctly.
When you click on an application to launch it, it says starting application then displays the error "couldnt establish a connection with the remote host.
I suspect that the ica configuration may be trying to contact the internal IP address of the XenApp server and not the public IP address ????
I suspect that my secure Access settings for my XenApp Web Site are wrong.
Can someone recommend to me based on my scenario how I can get the applications to launch correctly and what the Secure Access settings should be and any other changes I should make.
I know Secure Gateway and other options are available to me but Id like to understand how to get this most basic scenario to work first.
Help would be very much appreciated.