Error using NFUSE - 401: Access Denied

[mgicash]

I am rather new to citrix, and I was having problems using NFUSE. Here is my setup:

1 Terminal server running Win2k server and citrix metaframe xp future release 2
1 Domain controller running Win2k server
1 Workstation running win xp pro

Everything is behind a Dlink firewall and then connected to my campus network through the firewall.

I was at my girlfriends dorm, and I was attempting to connect to my terminal server using NFuse. Nfuse loging screen came up fine, however when I went to login with the credentials I had setup, it gave me this message:

ERROR: The MetaFrame server farm cannot process your request at this time. The MetaFrame server farm sent HTTP headers indicating that an error occurred. 401 Access Denied

I setup an Ica connection and that worked fine, however I would like to get nfuse working so I dont have to go around setting up ICa connections on every computer that I want to connect to my terminal server from.

I dont believe it is a problem with the firewall, because first of all I have both port 80 and 1494 forwarded, plus this error also occurs when I am inside my firewall trying to use NFuse from my workstation to my terminal server.

I would appreciate any help that anyone could give me. I was poking around in IIS, and all the permissions, etc are setup for defualt.

If you need any more info just ask and I will try to the best of my ability to provide you with it. Sorry about the length of this post.

Thanks again,

mgicash
MCP

 

[CitrixEngineer]

I'm going to *guess* ports first, so here's a comprehensive round up;

Did you enable port 80 to be inbound and outbound, and 1494 to be inbound only?

Have you set outbound >=1023? These are the ports that the MF server communicates with and differentiates between the clients on.

If you're connecting using http/https this setup should work, although you'll also need port 443 open if you're running SSL Relay.

If you're connecting using TCP/IP without http, (ICA client setting), try opening UDP port 1604 inbound. Note: this is the old, insecure way and not recommended for serious use.

I presume you're running NAT on the firewall? If so have you set an alternate (public) address for your Citrix server?

Ports for domain authentication are 137, 8 and 9, but unless your Citrix server is in a DMZ, you shouldn't need these to be open. If you're using Kerebos, you'll need to open 88, however - again depending on your configuration.

Hope this helps



CitrixEngineer@yahoo.co.uk

 

[rezinz28]

IF Citrix and NFUSE are on the same server make sure your XML port for Citrix is different than port 80 which is the port fot IIS. Try this. Stop the Citrix XML service on the server. At a command prompt type ctxxmlss /U to unregister Citrix XML. Then at the command prompt type ctxxmlss /Rnnnn "n" equals the new port number you want xml to go after. Now with NFUSE change the xml port there as well.

Good Luck,
Steve

 

[mgicash]

I appreciate all your help. I tried everything that you guys said however none of it worked. My coworker told me that this was the problem:

"You have to be on the same network with your Citrix server to use Nfuse. For example: Citrix = 10.1.1.1 255.255.255.0
You = 10.1.1.25 255.255.255.0"

This was pasted from his email to me.

Do yall know the validity of this statement?

I am behind a router on a different network then where I am using nfuse from:

my network : ips ranging from 192.168.0.1-192.168.0.xxx with subnet masks of 255.255.255.0.

the network outside the router is setup like so:
ips ranging from 128.194.42.0-128.194.42.xxx with subnet mask of 255.255.240.0

I was thinking since it was a 401 access denied error that it might be something with IIS, but I havent changed any of the defualts.

Thanks for all your help,

mgicash
MCP