Published Applications Problem

[LetGeorgeDoIT]

I have a successful connection thru a firewall to my Metaframe Server (MF). The ICA clients are set to use 128 bit encryption as is the server. I published an application on this MF server but clients on the exterior of the firewall do not see it (or can't browse to it) - messages usually state a timeout or that the published application is not seen at that server IP. If I make a direct connection to MF server tthe clients can launch the application so it is not a user autority issue. I opened port 1604 UDP on the firewall coming in as well as the other TCP ports needed for MF, and since I can make the connection to the MF desktop I guess it should be working. Anybody else run into this problem before and found a solution?

 

[BruceP]

What about the client's browser settings? Are they set up to use the correct port to access the MF server through the firewall?

 

[LetGeorgeDoIT]

Thanks BruceP - but we are so new to this MetaFrame business I am not sure what you mean by the the client's browser settings (especially which port). We have set up UDP 1604 inbound thru the firewall and we can connect to the server thru the firewall and run the app from the desktop. From inside the firewall we can see and run the published app. What I have done at the client end is to make sure it is the correct encryption level (same as server 128). In the connection wizard setup you get to the screen that allows you to either select a server or published app. We select the published app button and click the down arrow. It pretends to search and the client then comes back and says it can't find the app and suggests putting in the server IP number along with the published app button being highlighted. When we do that we get to the logon screen and logon but then we get back an error saying that the file could not be found and that the offending party is the IP number (we know it is a good number and it is not proxied). Perhaps you could point me to a location to read up on this Client side port designation business. Thaks for responding. George

 

[BruceP]

My mistake. I thought you were using a web browser to access the published app. rather than the ICA client. In that case I think that you may need to open TCP Inbound Port 1494 on the firewall, which is the default ICA port. The RDP Listener on the server by default listens for client connections through port number 1494. It sounds like the published application is working and installed properly, but you cannot connect through the firewall. I would give that a try.<br>

 

[jaywit]

I am having the exact same problem. We are also porting through a firewall, and both TCP 1494 and UDP 1604 are open. I can access a remote desktop with no problem, but as soon as I try to access a published app, the ICA client seems to hang up on "Looking up application..." then it gives an error which reads, "A network error caused your request to time out." It's truely baffling. It can't be the firewall because desktop access works, and no log entries are being generated in the firewall when attempting to access the published app.

 

[ascotta]

What port is your XML service using, that has to be open too.

[blue]Arguably the best cat skinner around ! [/blue]

Cheers
Scott

 

[jaywit]

XML is configured to use port 80, but I'd rather not open that up due to the security implications. I suppose I could change the XML service to another port (what a pain)...

Are you saying that XML has to be open to access published apps remotely, but not if I'm accessing them on the local LAN? I don't get it...

Thanks!
Jason

 

[jaywit]

I finally managed to get it working.
Here is what I did:

The firewall fowards ports 1494 and 2598 through to the MF server.

On the server itself, run the following command at a command prompt:

altaddr /set x.x.x.x y.y.y.y

x = Server LAN IP
y = Server WAN IP

On the Citrix client, set up to use only TCP/IP to connect. Also when specifying the IP address of the server, you have to click the "Firewall" button, and select "Use alternate address for firewall connection."

Now I can run published apps from home without using a VPN client. Woohoo!!!