Presentation Server 4 - Using a different port.

[jjjax0330]

Hi, we are setting up a test Citrix Presentation 4 server and locally everything is working fine as far as the web interface and program neighborhood application sets. We are on Winodws 2003 server with a Watchguard firewall. We have changed the default iis port to be 8090 instead of 80 in iis and within Citrix site configurations. We need to do this, at least for now while testing, because we only have the one public IP and http requests on port 80 are defaulting to our company's webserver and we use 8080 for another test server so we just chose 8090 for the time being while testing. We have setup our firewall to allow that port to be forwarded to the citrix server. Port 1494 works fine for the client connections. I allowed 443 in and directed to the citrix server even though not sure if needed but I did notice out firewall blocking it while testing.

Here is what is happening.

- Local connections to web interface and pnagent to run applications work fine when specify port 8090 on local citrix server when setup as local area connection.

- For testing purposes, I just used a netzero dialup account but still attached locally to our internal network. Setup citrix agent a wide area network and with our public ip address and port 8090. Everything still works fine and I can see that it is coming in from outsode the firewall on port 8090 and the 1494 for the client connection works fine too. With the way our watchguard firebox works, we can't get to our public IP from internally so I know it is using the netzero connection and not our local connection and the firewall does show it coming in from the outside.

- When I unplug my internal network connection and just use dialup, the web interface works fine up to allowing me to login and it beings up a list of applications but when I go to run the applications and it starts the agent, it says looking up application then connecting but never does and brings back message about can't find server at this address. The agent itself works fine but not the application sets.

- One last thing is that if I don't connect to netzero and still have it connected to our internal network but leave the citrix settings to be a wide area network connection with our external public IP, it does not run anything so it looks like the port stuff is configured correctly?

Any ideas? Could it be a dns issue?

Thanks, Joe

 

[newbie000]

Are you using CSG ? If you use, its simple. Just direct SSL port from firewall to CSG (normally its 443 but in your case 8090). Let CSG talk to other Citrix servers internally. Open Citrix required ports on second firewall between DMZ and secured area.

 

[jjjax0330]

No, we're not using CSG. We're trying to avoid buying another piece of hardware for now, at least during the testing phase of this project to see of Citrix is the right way to go. We are using 443 as normal and forwarding that to our citrix server, we only wanted to change port 80 to 8090 which seems to be working because I can signon using the web interface without a problem and it does bring up the list of available applications. Do you know what port it uses to actually run applications using pnagent? 1494 works fine when using client connection.

Thanks, Joe

 

[newbie000]

WI to citrix server uses only 80, 1494 as standard. In your case, citrix client contact WI using 8090 to connect to WI to find the published application, then when you click to open an applic, 1494 take over and talk direct with citrix server without WI. So follow 1494 traffic between ICA client and citrx server. Suggest , look at event viewer what happened when opening published program.

 

[kanee]

your problem is very simple. Your ps4.0 is passing the internal IP address when it shows you the application icons. Once you log into the wi, and you see the icons, instead of doubleclicking on an app, right click it and save as and save it, then open it in notepad and you will see that it is passing he internal IP address of your citrix server and if that is the case then obviously you will not be able to connect from the outside world.

To fix this you have to do a couple of things, first you have to set alt address on your citrix server. Open cmd prompt and use this command.

altaddr "your public ip" set

then type altaddr and make sure that it shows your public ip as alternate address. Once you have confirmed that, now open your WI and edit the dmz settings, in here you will see that by default citrix server is set to as direct, so it will only pass the default ip which is your internal ip, so you need to change that to alternate, so default access should be alternate, then if you still need to connect to your citrix server from inside your lan, you add another rule that says 192.168.x.x(what ever your internal subnet) is direct. Once you have done this you will be golden.

What this will do is, if anyone connects to the wi, by default it will embed the alternate address in the icons which happens to be your public ip and the client will know how to get back tot he citrix server, but if someone comes to wi from inside your lan because of the second rule you added, when citrix server realizes that the request is coming from a subnet that matches your second rule it will pass them the internal ip, thus internal clients will be able to connect to your citrix server with no problems internally as they will be connecting to the internal ip.

 

[jjjax0330]

Thanks a lot for the help. I had posted my question to another forum,

http://www.brianmadden.com

and someone basically gave me the same answer. It's a pretty helpful site for any other Citrix users. Thanks again.