Solved

Citrix ICA fails to launch. Firewall?

Posted on 2013-11-27
4
1,362 Views
Last Modified: 2013-12-05
We are putting in place a new firewall however when accessing external websites / services that require Citrix ICA client we receive the following error when launching the ICA via a web browser "Citrix Receiver- unable to launch your application contact your help desk with the following information. Cannot connect to the Citrix Xenapp server. There is no Citrix Xenapp server configured on the specified address".
TCP ports.

1494 TCP is permitted so unsure why this is occurring.
0
Comment
Question by:StratfrordDC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Accepted Solution

by:
Jayanta Sarmah earned 500 total points
ID: 39682960
It seems the ports are not open correctly ,

1494 need to be opened to Citrix servers where application are hosted not to Web interface and 2598 if session reliability is used.

If your users are accessing the external citrix infrastructure where a CAG or secure gateways etc in place you may need 443 (SSL) opened to Secure gateway /CAG .

Best way will be to trace the packet where it is droping or telnet the required port on the destination from user workstation.

Hope this helps ...

Cheers
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39683043
usually? its a problem with the local proxy.

clicking on the launch link will download and execute a file ending in dot-ica which contains all the connection settings for the actual session. Log into the front end using a browser (such as firefox portable) which does not have the client plugin, and obtain the file by saving it instead of executing it.  Look inside the file - if there is a line directing you to use a proxy (such as a CSG) then that will override your own local proxy settings, and is the usual cause of the failure.
0
 
LVL 8

Expert Comment

by:gsmartin
ID: 39683334
The best approach is by using a CSG or a CAG over SSL (443).  Once the CAG/CSG receives the traffic to hand it over to the STA (Web/XML service) servers on port 8080.  This is the preferred method vs opening ICA ports on the firewall.
0
 

Author Comment

by:StratfrordDC
ID: 39699956
The ports were not open correctly.
I had a typo of 2958 instead it should have been 2598
0

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question