Accessing Citrix farm across subnets

We are in the middle of a data center migration from DataCenter A to DataCenter B. We are migrating Citrix servers.

A subnet
B subnet

Citrix server farm consists of


To connect to Citrix users navigate to, which hits a public IP that NATs to Citrix-Gateway1 (in Datacenter A).

Users can click on App 1, that is a published desktop on host1 and 2. Or they can click App 2, which is a published desktop on host 3 and 4.

We have migrated Citrix-Gateway2, Citrix-SessionHost3, and Citrix-SessionHost4 to DataCenter B.

We have configured to point to public IP in DataCenter B, which NAT's to Citrix-Gateway2.

Datacenter A and Datacenter B have a Site to Site VPN configured, and all devices on subnet A are accessible from subnet B, and vice versa.

The problem:

When we are on local subnet and connect to, we can log in to the gateway server (which is on subnet B) and see the apps. When we click App2, it launches a published desktop from host 3 or 4. This is working when we are on local subnets (either of the two). However, when we externally access we still hit the gateway server in DataCenter B, but when we click to open an app we get the error message "Unable to launch your application. Cannot connect to the Citrix XenApp server. There is no Citrix XenApp server configured on the specified address."

So, we are hitting the gateway server on subnet B, who is accessing app published on host 3 and 4 which are on subnet B, but the main citrix farm server holding the sql database resides on subnet A. Internally, this works, externally, we get the error. I believe I need to make a change on the gateway server in the Citrix Web Interface Mangement console -> XenApp Web Sites -> Secure Access, but I do not know what to configure. Currently, the setting is "Direct".

Please assist in what needs to be configured so we can externally access Citrix-Gateway2, and launch an app. Thank you.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian CTXSupportCitrix ConsultantCommented:
Since you are using NAT, did you set an alternate address on the Citrix servers that were moved?  When you say NAT, you have a range of external IP addresses that are being translated to internal addresses?
CCtechAuthor Commented:
Hi Brian, the NAT is configured so external users can access the Citrix servers.

The Citrix Web Interface server is sitting behind a firewall, and is on the same subnet as other Citrix servers. If a user connects to the LAN IP of they will be directed to the Citrix Web Interface on Citrix-Gateway2, and can click and launch an app. The NAT translates 1 public IP directly to the LAN IP of, so external users can access the public IP.
Brian CTXSupportCitrix ConsultantCommented:
Did the external IP stay the same for the applicable Citrix servers?  If it changed, update the Alternate Address using the ALTADDR command.  If it didn't change, have the external facing router/firewall rules been update with the new internal address for the corresponding public IP?  Can you download the ICA file from WebInterface and see which IP address is configured in the ICA file?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

CCtechAuthor Commented:
Brian, the external IP changed. The server was migrated to a different data center, on a different subnet. The old subnet is still accessible via site to site vpn. So, it looks like I need to run the ALTADDR command as you mentioned. Which servers does this command need to run on? Can you provide the proper way to run the command please? Thank you.
Brian CTXSupportCitrix ConsultantCommented:
The command would need to be run on the Citrix session-host servers you are trying to connect to.

ALTADDR /set nnn.nnn.nnn.nnn

n=external IP address for that server

All of that said, I'd recommend deploying a NetScaler VPX or minimally, Citrix Secure Gateway (CSG) and move away from the NAT'd addresses.  In that case, you'd only need one external IP and you'd only pass 443 traffic from the internet.
CCtechAuthor Commented:
Found the issue. The error was:
"Unable to launch your application. Cannot connect to the Citrix XenApp server. There is no Citrix XenApp server configured on the specified address."
When diagnosing, we found that all of the servers we are migrating have hosts files. So, IPs were changing, and for whatever reason, the previous IT company decided to used host files instead of DNS. After correcting host files the issue was resolved.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CCtechAuthor Commented:
This was a DNS issue, resolved by changing hosts file.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.