Citrix XenApp 7.6 accessing from Internet

Dear EE,

I have Citrix Xen App 7.6 in China Azure Cloud.
Configured all the components on the single server.

My network team published the IP and now I can access the Citrix URL from my country.

http://X.X.X.X/Citrix/StoreWeb

Page successfully opened there is no issue with it. Please see attached file.

I can successfully login there is no issue with it.

But when I click my published application it downloads ICA file.

And starts some processing please see attached file.

It gives me error please see attached file.

Your kind support is required.

Thanks
page.jpg
Processing.jpg
error.jpg
Netsol-NOSAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ganesh GuruduSenior ConsultantCommented:
this might not be the server issue.

this is client side machine issue. try in different machine by reinstalling with admin rights.
0
Netsol-NOSAuthor Commented:
I have got the solution.

I change the IP from local IP to live IP on the ICA file which Citrix download then save it and double-click it.
My application starts successfully.

14-Dec-17-6-54-20-PM.jpg

But the question is why I have to do this ?
0
Ganesh GuruduSenior ConsultantCommented:
Good. Enjoyyyyyyyyyy :)
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Dirk KotteSECommented:
the storefront server put the ip or the name of the destination-server to the .ica file you download.
(Normally there is more than 1 server within a farm)
These IP/name is reachable from directly within the LAN or the gateway can use it to translate the session.
If you use NAT, the storefront server don't know something from your external addresses.
With old versions you can configure a "altaddr" to send external IP instead the local IP to reach the server directly (via NAT).
But this is possible no longer.  (this is the change you made manually)

Today you should use some kind of gateway (netScaler Gateway ... or some firewalls with this option) to connect with secured protocols and these Gateway connects internally to the correct ip.
Also an VPN is possible to reach the server without NAT.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Netsol-NOSAuthor Commented:
Hi Dirk Kotte,

I have only one Citrix 7.6 Xenapp server on Azure Cloud. All are on the same server there are no other servers available.

I have installed Delivery Controller then VDA and regular rolls which Citrix normally installed during installation and of course SQL express edition.

Thanks
0
Dirk KotteSECommented:
ok, but you can't reach the IP presented from storefront within the ICA file.
I don't know option to manipulate these IP from within citrix without netscaler.

You can save the "corrected" .ICA file and try to take this file for every connection attempt.
(check the file for something like "remove ica file" and delete this line)
0
Netsol-NOSAuthor Commented:
Hi Dirk Kotte,
I got another issue now My DC got corrupted i make it new one with the same domain name.
RECONNECT my Citrix server with that.

now when i login the citrix server and start Citrix studio . it says give your controller address
0
Dirk KotteSECommented:
i think the database need the "old" user account.
Do you restore the old DC or build a new domain with same name?
if so ... users get new SID's and the database-access is not possible for studio services.
You should create a new question with high priority, because the new question get new specialists for the new problem...
0
Netsol-NOSAuthor Commented:
Hi Dirk,
i think the database need the "old" user account.
For that, i really do not know.
Do you restore the old DC or build a new domain with same name?
Yes, same Domain name with same DNS IP.
if so ... users get new SID's and the database-access is not possible for studio services.
You should create a new question with high priority, because the new question get new specialists for the new problem...
So you suggest me to request for delete this question.
0
Dirk KotteSECommented:
you should create a new question for the new problem.
if you think the initial question is answered (or enough hints have been given) you may  close the question and allocate points.
If you think the answers are useless you can delete the question.
0
Netsol-NOSAuthor Commented:
Dear Dirk Kotte,

Thanks for your reply.

Please find detail flow attached.

After ICA file download on user machine (even though Citrix receiver is already installed on their machines) they open the ICA file and search for the local Citrix IP of AZURE CLOUD and change it with live IP, save the file and double-click to run the application.


Thanks
22-Dec-17-10-16-24-AM.jpg
0
Dirk KotteSECommented:
as i stated before ... this may be a workaround.
I don't know a solution for this design.
0
Netsol-NOSAuthor Commented:
I am sorry to say but I am not agreed with you on this point that this may be a workaround.

When users click the application.
1) ICA file should not be downloaded because Citrix Reciever is already installed.
2) Why users need to change the Citrix local IP in ICA file when they access the Citrix URL with live IP.

Thanks
0
Dirk KotteSECommented:
i don't say it is a good workaround ...
1. Downloading .ICA file only (without executing them with wfc-engine) is a security setting from OS or Browser mostly. (your third problem)
2. as is stated before ... current citrix versions don't work without a gateway correctly. (changing the included IP from .ICA-File may work, but is a (bad) workaround only)
0
Dirk KotteSECommented:
Problem source recognised.
Solution proposed.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.