Can only connect locally, in the Citrix Web Interface forum on BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.

Can only connect locally, in the Citrix Web Interface forum on BrianMadden.com

rated by 0 users
This post has 8 Replies | 0 Followers

Not Ranked
Points 175
Heath K Posted: Wed, Jun 29 2005 5:46 PM
Running on box:
2K3 Server Enterprise
Presentation Server 4.0
Web Interface

Can connect locally to web interface and application, but currently cannot connect to either from internet. I was able at one point to connect to the web interface but I managed to screw that up in my attempt to get the application available.

I have, as suggested on another thread, run altaddr /set (public_ip) and configured WI for alternate address (as default), as well as opening port 2598, to no avail.

Port 80 is open to the correct machine, but the same port is open to my exchange server on the same public IP address, maybe that is causing the problem? I don't think it is as I did have it working before.

I'm using WI only as access to my application, not .ica clients so no need to open 1494 as far as I know.

I am not using CSG but I will be in the near future, is that something I should take into account before I set this thing up without it?

Also, I am not using any kind of encryption, at least to set this up, but I did set up encrytion originally. I'm not sure if that change made it so I could no longer see the WI from the internet or if I made that change before I was able to see the WI.

Any help would be greatly appreciated.
  • | Post Points: 5
Not Ranked
Points 175
OK, haha, stupid me. I removed the default gateway and DNS servers from my tcp/ip config on the nics. I think I was up too late...

Anyway, now I am able to reach the website, but I am still unable to open applications. "Cannot connect to the Citrix Metaframe server. There is no Citrix Metaframe server configured on the specified address."

So, given the scenario, any ideas on what's going on here?

Thanks!
  • | Post Points: 20
Top 50 Contributor
Points 3,910
This is the second mistake

Quote: run altaddr /set (public_ip)

Corect altaddr /set External_Wan_Address

You need also make a change in your WI
Izaak S
  • | Post Points: 20
Top 25 Contributor
Points 7,660
You still need port 1494 open

WI only works as an interface to show you your published applications (and direct your ICA client at them) the applications are still lauched as a normal ICA session.

port 1494 is used for standard sessions, while 2598 is used when session reliability is turned on.

CSG (or CAG/MSAM) is the only way to stop ICA traffic travelling over the internet (while still allowing access to the apps)

Suggestion: Use CSG :)

btw encryption ICA makes no difference to the ports/setup required

Sharing WI and OWA on the same external IP is fine if they are on the same server or separate ports.

@misbaku

Quote: run altaddr /set (public_ip)

Corect altaddr /set External_Wan_Address


whats the difference? your public ip is generally your external wan address (and in large environments you may not want it to be, so public ip is more correct)
  • | Post Points: 5
Not Ranked
Points 175
OK, I got everything working, thanks for the info. BTW, I do not have port 1494 open and have no issues, though I do have one issue that is not Citrix related, or doesn't appear to be.
  • | Post Points: 20
Not Ranked
Points 175
I'm sorry... but the WI does not proxy traffic like SG does. The clients Web ICA client, after the initial handshake and retrieving of published applications through the XML service, will communicate with the MetaFrame servers over the standard ICA port which is 1494. You either have a firewall that looks like swiss cheese or you are using some other VPN-less solution if your sessions are working.
  • | Post Points: 20
Top 10 Contributor
Points 88,051
ORIGINAL: Ferencik

I'm sorry... but the WI does not proxy traffic like SG does. The clients Web ICA client, after the initial handshake and retrieving of published applications through the XML service, will communicate with the MetaFrame servers over the standard ICA port which is 1494. You either have a firewall that looks like swiss cheese or you are using some other VPN-less solution if your sessions are working.


Actually, that's not true. If you had read the original post you would know that he opened up port 2598 on the firewall. Metaframe does not require port 1494 anymore unless they are going through CSG. Although, CSG 3.0 takes care of that little issue now too.
  • | Post Points: 20
Not Ranked
Points 175

If you had read the original post you would know that he opened up port 2598 on the firewall. Metaframe does not require port 1494 anymore unless they are going through CSG.


You got me, Jeff. I'm here like everyone else trying to learn on a day-to-day basis. Silly me, thinking old school. Thank you for correcting me. I'm humbled. BTW... I did read his original post and he did not state he was using session reliability, although he had a port opened for it. So, Heath.. make sure your clients are version 8 or above with SR enabled and you should be okay. v7 and under, even with SR on will use 1494.
  • | Post Points: 20
Top 10 Contributor
Points 88,051
Wow, I didn't mean it that way at all. Sorry for mentioning it and trying to get the correct information across. Sheesh
  • | Post Points: 5
Page 1 of 1 (9 items) | RSS