Problems with VPN

[OliverKulbach]

Hi everybody,
I have a realy weird problem. At the moment we have our remote offices connected with T1 to the Citrix Server (MetaFrame on NT4TS). People get connection through a server-farm. We try now to get a connection via VPN which gives us nightmares. Basicly the VPN runs perfect. I can ping a user in every way, traceroute, even telnet to port 1494 on the Citrix-Server works. But when I try to refresh the Server-farm I get "Cannot connect to Server". It only works if I make a user-defined connection and instead of entering the servers name I enter the IP-Adress. So we think it has something to do with name-resolution, but we don't know what this could be. Does anybody know how the procedure works exactly when a user connects to a Citrix-Server via Server-Farm. What happens then? Every hint would be highly appreciated.

Thanks and regards
Oliver

 

[Voyager1]

Sounds like it might be an ICA browsing problem. When you say you connect to the farm, are you connecting to a server desktop or to a published application? Either way, you can put the address of the ICA master browser in the Citrix client and hopefully this will aleviate your problems. In the 32-bit ICA client (Program Neighborhood), under "Custom ICA Connections" select "Settings" from the toolbar. Add the address of your ICA Master Browser to the "Address List" and you should be good to go.

Hope this helps - Bill

"You can get anything you want out of life, if you'll just help enough other people get what they want" - Zig Ziglar

 

[OliverKulbach]

Thanks Bill,
but the two Servers are already in the address-list. We use published applications via the server-farm.

Thanks and regards
Oliver

 

[CitrixEngineer]

If it works using the IP address, then you need to check the DNS setup. The client requires the IP address of your DNS server in its network settings. I have also seen this fail where a Novell client is used, and 802.3 is enabled.

You asked how the browser process works:

One Metaframe server acts as an ICA Master browser. It maintains a list of all servers, published applications and licenses that it knows about. This list is maintained by pulling similar lists from backup browsers and other servers, integrating the information on the Master list, and updating the backup browser(s).

When a client wishes to make a connection, it sends out a broadcast messsage using ICA over a transport protocol to find a browser server. Typically the transport protocol will be TCP/IP, and the name of the server/published application is resolved using DNS lookups.

The browser server will redirect the client to a listening ICA port (there are usually two on each MetaFrame server), and the client will initiate a connection.

If a client cannot connect to a Citrix server, then either the connection is bad, all the licenses are used up (this may include Terminal Server licenses) or the name could not be resolved.

If the name cannot be resolved, there is a DNS issue, either in that there is no DNS setting on the client, a router or your DNS server. It may help to put an entry in the local hosts file on the client - but that shoudn't be necessary. If it is, it proves that there is an issue elsewhere on the network.

I hope this is helpful (and useful!)

 

[OliverKulbach]

Thanks a lot,
this is basicly what we found out just this second. I would like to tell you what happens now:
When the user in the remote office starts the published application 5 packages will be send on port 1604 udp to the Citrix-Server and 2 packages then return from the Citrix. Then a DNS-lookup on port 53 is send. As we don't have our own DNS it is routed to the DNS of our Provider. Before we knew that, there have been no entries and therefore we didn't get a connection, now my provider entered the names of the published application on the DNS and it works. Is this the only way to get it working? Why does the DNS-lookup doesn't happen when we use our own T1?
Thanks and regards
Oliver