Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 NICs on SERVER and can only connect w/in LAN

Status
Not open for further replies.
bingboo

bingboo

IS-IT--Management
Sep 10, 2002
43
0
0
US
I have read through the previous errors and have not found one quite like mine. I have just walked into a new job with a win2000 metaFrameXP server. It was installed on a machine that was given two network cards (to have local citrix access). I have one card with local addresses and another with a LAN and WAN address associated with it. If I am in the LAN, I can connect through a custom ica connection. Outside, I enter through browser -- login on via Nfuse - can see my shared app -- when I open, I get "not accepting connection error". If I attempt to gain access through custom ica connection - I receive an error message saying that there is no citrix server configured at the specified address. While inside the LAN I cannot telnet to WAN address port 1494 --- I can telnet to port 1494 on the local address with the NIC that has both WAN and LAN addresses. I cannot telnet to port 1494 on the NIC with just the local address. Also, if I go to server properties in the management console, I can see that it is assoc
iated with all three addresses. When I do a query farm I can see all three addresses and each has a "D" after it. Please help me....I have spent waaaaay to much time on this. Thank you very much
 
Sort by date Sort by votes
The ICA protocol can only bind to one adapter. I believe FR-1 removes this limitation.
 
Upvote 0 Downvote
On the server, what does it say if you type from a command prompt

"altaddr" (no quotes)

does it show the WAN address mapped to the same NIC that has the LAN address? The citrix server needs the altaddr to be set in order for it to route outside addresses to it's lan address. Think of it like a build in NAT feature...

If it's not set, you can set it with this (from a command prompt): where 10.6.3.1 is the LAN and 206.1.x.x is WAN..
altaddr 10.6.3.1 206.1.x.x /set
then press enter...now if you type altaddr /? it should show the mapping.

To delete this mapping if you need to, rerun the exact command except put a /delete at the end instead of /set...

It is true there was an issue w/xp1.0 regarding multihoming and it was fixed in FR1 and later versions.
 
Upvote 0 Downvote
entering "altaddr" shows the local address as default and the alt. address as the WAN address. After using the set command I know how have both listed as such: under Local Address I have both default and the LAN address that is associated with the same NIC as the WAN address. Under alternate route the WAN address is listed twice. Should I remove the default? I appreciate your help very much.
 
Upvote 0 Downvote
I went ahead and deleted the default entries so now there is just the lan address and the alternate address (WAN address) --- I still can only connect locally...... Thank you
 
Upvote 0 Downvote
what version of MFXP are you on? This was a known issue and was fixed in FR1...

 
Upvote 0 Downvote
what version of MFXP are you on? This was a known issue and was fixed in FR1...

 
Upvote 0 Downvote
mfxp 1.0 --- FR1 is installed and set as the selection under "set feature release level". I appreciate the help you are dedicating to this (it has troubled me greatly).
 
Upvote 0 Downvote
Okay, let's take NFuse outta the picture for now, except I want to know if in the nfuse.properties page you've set the altaddr there and if nfuse is on the same server.

Just for fun, install the ica client on the nfuse server if it's a separate box and try to make a connection from there, is it successful?

Have you run a netmon trace from the client that cannot connect going to the server? what are the results?
 
Upvote 0 Downvote
nfuse is on the same server and I have tested the ica client from the server too. I get the same error as if I was remote. [enter wan address in browser -- able to logon through nfuse -- can see my shared app -- open and receive "citrix server not accepting connections" --- if I use custome ica connection I can connect and my shared app will open within LAN]. When I set the altaddr from the command line on the server --- does that also take care of the nfuse altaddr? (how do I get to the nfuse properties page?)-- hope you are having a good day.
 
Upvote 0 Downvote
do a search on the server for nfuse.properties file, open it in wordpad/notepad and scroll down until you see
Address=[NFuse_IPv4Address]...change it to [NFuse_IPv4AddressAlternate] this tells the Nfuse server there is another address it should use.

save, stop/start IIS...try that...remember that if you want local and internet users to go to nfuse, you have to set up different sites...just copy the and sub folder to another directory and point the other users there...
 
Upvote 0 Downvote
I was able to locate two separate NFuse.properties files...
I will call the first one A:
"C:\WINNT\Java\trustlib\"
and the second... B:
c:WINNT\mfzp10sp1\C_\WINNT\Java\trustlib

The first line of B points to file A through "ConfigurationFilePath".... When I open file A, there is only two lines of code, the second of which points to a file named NFuse.conf. When I open NFuse.conf there is only two lines that deal with addresses:
1. AddressResolutionType=IPv4-port
2. AlternateAddress=on
 
Upvote 0 Downvote
what version of nfuse are you running? You are on MFXP FR1?
 
Upvote 0 Downvote
is there a switch between the servers and the clients?

 
Upvote 0 Downvote
running MFXPs FR1....no switches.... NFuse 1.5 (I think, can't find any documentation nor info. on server).... Thanks and have a good day.
 
Upvote 0 Downvote
Okay...here is what you wanna do...on your lan where your local subnet is, you can connect locally right? Fine, that's how it should be.

Now on the WAN side, there are two things...one, although you did the altaddr on the server, if there is a firewall, then that alternate address also needs to be mapped to the internal address so that when traffic passes thru the firewall, it knows to reroute it. You shouldn't be able to hit from the inside LAN to the altaddr of the server...there is no route on the inside of your network so it doesn't understand.

The second thing is to ensure that in the client on the outside, that when you put in the alternate address, that you also check "use alternate address for firewall" that tells the client to not expect an internal address....here is a more detailed explanation of the reason of altaddr:

back in the day, when there were fewer firewalls, people generally used non-routable ips for their networks for obvious reasons. Customers wanted a way to assign a public ip address to the citrix master browser so that outside people could connect...hence altaddr....nowadays, there are firewalls and you must have ports 1494 TCP and 1604 (UDP) open --for browsing-legacy products) open inbound and outbound..if you are using tcp + http, then port 80 or 8080 need to be opened inbound/outbound as well. Ensure if you are using http that the DNS is configured correctly..

for a final test, connect using tcp/ip alone with a client on the outside, using the public ip address of the altaddr'd NIC, checking that use alternate address for firewall is checked to "on"...also ensure that if there are any firewalls that those ports mentioned above are open and that there is a NAT route to the inside citrix server....

Finally, if there is no route in your inside network that knows about the alt address, then you won't be able to connect using the altaddr but you'll always be able to connect using the inside address...
 
Upvote 0 Downvote
This will sound horrible --- but I just started at this company, so it was not my doing.... there is no firewall.
 
Upvote 0 Downvote
actually that makes it easier as you don't have to troubleshoot it....

look at my reply above and from the outside WAN, ensure the outside ip address is in the client server location and that you click on firewalls, and put a check on "use alternate address for firewalls" don't worry that you don't have a firewall....

that's the problem..that checkmark needs to be there....you should be all set after that....now that is only for the outside users, not the internal LAN users...they will just use the regular internal address.

Sorry it took so long to figure out, but I didn't know you didn't have a FW....
 
Upvote 0 Downvote
Thank you very much for your help --- I stumbled accross the problem yesterday evening... In the ICA connection manager, the settings were for the protocols to associate with the nic with both the LAN and WAN addresses. (which still makes sense to me). However, I set the associations to all NICs in system. It works, which makes me very very happy. It does puzzle me that the only way this will work is to create an association with a nic that has only a LAN address when there is a LAN address associated with the nic that has the wan address. Anyway, I APPRECIATE your time greatly and I wish you the best.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

wavestar69
  • Locked
  • Question
Trouble starting WinFrame 1.7 after replacing server
Replies
0
Views
55
wavestar69
wavestar69
patr77
  • Locked
  • Question
wifi router reviews
Replies
0
Views
44
patr77
patr77
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
120
ntinlin
ntinlin
bklabel1
  • Locked
  • Question
Reflections Attachmate with OpenVMS
Replies
1
Views
78
yamyam
yamyam
doobster1
  • Locked
  • Question
cannot connect to presentation server 4 protocol driver error
Replies
0
Views
41
doobster1
doobster1

Part and Inventory Search

Sponsor

Back
Top