Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Citrix ICA fails to launch. Firewall?

Posted on 2013-11-27
4
Medium Priority
?
1,432 Views
Last Modified: 2013-12-05
We are putting in place a new firewall however when accessing external websites / services that require Citrix ICA client we receive the following error when launching the ICA via a web browser "Citrix Receiver- unable to launch your application contact your help desk with the following information. Cannot connect to the Citrix Xenapp server. There is no Citrix Xenapp server configured on the specified address".
TCP ports.

1494 TCP is permitted so unsure why this is occurring.
0
Comment
Question by:StratfrordDC
4 Comments
 
LVL 7

Accepted Solution

by:
Jayanta Sarmah earned 1500 total points
ID: 39682960
It seems the ports are not open correctly ,

1494 need to be opened to Citrix servers where application are hosted not to Web interface and 2598 if session reliability is used.

If your users are accessing the external citrix infrastructure where a CAG or secure gateways etc in place you may need 443 (SSL) opened to Secure gateway /CAG .

Best way will be to trace the packet where it is droping or telnet the required port on the destination from user workstation.

Hope this helps ...

Cheers
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39683043
usually? its a problem with the local proxy.

clicking on the launch link will download and execute a file ending in dot-ica which contains all the connection settings for the actual session. Log into the front end using a browser (such as firefox portable) which does not have the client plugin, and obtain the file by saving it instead of executing it.  Look inside the file - if there is a line directing you to use a proxy (such as a CSG) then that will override your own local proxy settings, and is the usual cause of the failure.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 39683334
The best approach is by using a CSG or a CAG over SSL (443).  Once the CAG/CSG receives the traffic to hand it over to the STA (Web/XML service) servers on port 8080.  This is the preferred method vs opening ICA ports on the firewall.
0
 

Author Comment

by:StratfrordDC
ID: 39699956
The ports were not open correctly.
I had a typo of 2958 instead it should have been 2598
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question