Brian Madden Logo
Your independent source for application and desktop virtualization.
Discussion Forums » Tech Support Forums » Citrix XenApp / Presentation Server » Outside IP change broke connectivity to MetaFrame
Marketplace

advertisement

Outside IP change broke connectivity to MetaFrame, in the Citrix XenApp / Presentation Server forum on BrianMadden.com

rated by 0 users
Not Answered This post has 0 verified answers | 7 Replies | 0 Followers

Guest posted on 03-08-2006 2:52 PM
We have a MetaFrame XPs Feature release 3 SP3 installation, one W2K3 server sitting behind a firewall and we are using NAT.

The External IP address changed and now connecting to an application is random at best.
One of the internal IPs was removed.

Symptoms:
We have 3 applications. some of them work, some of the times. Some apps will not work for a user while others will work.
Upon connecting we get these error messages (depending upon which variation of the .ICA file we are trying)

Error Messages:
Unable to contact the MetaFrame Server browser
OR
There is no Citrix MetaFrame server configured on the specified address
OR
....Input/Output error message ...
These of course depend upon which settings we are trying at the momement.

We did the telnet
Port 80 is open, IIS is running.
Our clients are using ICA 9, over the internet and they are behind a firewall too.
The clients are connecting via
No HTTP proxies.
128 Bit Encryption for login only.

Other Symptoms:
Sometimes, through Program Neighborhood, we can get the list of applications, but then we can not connect.

What we have done so far:
Added altaddr
Changed the 'zone' used from the old address to the new address.
Tried various combinations of TCPBrowserAddress and HttpBrowserAddress.
All accesses are by IP address (DNS change is still propagating)

Other information:
Checked the Windows Event Log, no *obvious* error messages related to citrix or the applications.
Checked for windows and terminal server licensing, *seems* ok.
Connection reliability is turned off.
Farm-Information-Zone Information does show the data collector with our
Server-Information-Network-TCP/IP addresses:
on this dialog, the farm's internal address is listed correctly, no external address is listed (below it). I thought at one point I did see two addresses listed there, the old external address and the internal address.


Any advice on how to trouble shoot this problem further / resolve it?
How do we find out more about what is going on with the MetaFrame server browser... Is there a process to look for here, a telnet type test to prob it?

Thanks in advance,
DM
  • | Post Points: 20

All Replies

Top 10 Contributor
Points 87,242
Reply
Jeff Pitsch replied on 03-08-2006 4:51 PM
Try recreating the ICA-TCP listener.
  • | Post Points: 35
Not Ranked
Points 175
Reply
Scott Lorenzen replied on 03-08-2006 5:10 PM
Have you checked the Firewall rules to make sure the internal IPs are all there for forwarding you 80/443 traffic?
  • | Post Points: 20
Reply
Guest replied on 03-09-2006 7:18 AM
Port 80 is open.

DM
  • | Post Points: 20
Not Ranked
Points 175
Reply
Scott Lorenzen replied on 03-09-2006 7:25 AM
Since you are using multiple servers behind a firewall you need to check to make sure that the internal address are setup in the firewall to recieve and send information. Also, are you using CSG's?
  • | Post Points: 20
Reply
Guest replied on 03-09-2006 7:33 AM
To Jeff:
I used Terminal Services Configuration GUI to remove and re-create ICA-Tcp.
The connect problems were intermittent, and the change didn't break it ;-)
It will be a few hours before I know how effective this was.


I noticed that the ICA-TCP has encryption settings, bound to my fully qualified domain name. Could these problems of not finding the MetaFrame Browser be related to a DNS issue (DNS had not fully propagated).?

What was the theory behind re-creating the ICA-Tcp ?

Many Thanks,
DM
  • | Post Points: 5
Reply
Guest replied on 03-09-2006 7:42 AM
SLGizmo,
We are not using CSGs. We have one 'Citrix' MetaFrame Application server and a couple other non Citrix servers behind the Firewall.

The telnet

One confusing point for me though in the Citrix documents/Brian Madden's documents....
The documents say that ports 1023-5000 outbound should be open. Does Citrix initiate outbound requests? We've always had this closed off in the past and operated without problems...

Thanks,
DM
  • | Post Points: 5
Reply
Guest replied on 03-09-2006 8:20 AM
ORIGINAL: Guest
...Could these problems of not finding the MetaFrame Browser be related to a DNS issue (DNS had not fully propagated).?


I just ran a test on this theory.
First, I change my hosts file, enter 127.0.0.1
Then connect using IP addresses

Result:
"Cannot connect to the Citrix MetaFrame Server. The Citrix MetaFrame server you have selected is not accepting connections."
Comment out the host entry, connection is fine.

So, when connecting by IP, DNS still does matter.
However, I haven't been able to reproduce the original error "Unable to contact MetaFrame browser.."

- DM
  • | Post Points: 5
Page 1 of 1 (8 items) | RSS
Copyright © 1997-2009 TechTarget | Disclosures | Privacy Policy | Contact Info

BrianMadden.com | SearchVirtualDesktop.com | SearchEnterpriseDesktop.com | SearchServerVirtualization.com | SearchVMware.com