We are running 4.5 version so the interface may be a little different. Basically what you are looking for is an interface that will select what address the server itself returns to the client when it connects.
Internal for us = Direct External = Alternate -----Original Message----- From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Saturday, November 14, 2009 1:17 PM To: NT System Admin Issues Subject: RE: Citrix question, could use some guidance I don't have a DMZ. Looking in the Web Interface Management, under XenApp WebSites, I can edit "secure access settings", but I don't know what access method to add. -----Original Message----- From: Domingue, Jamie [mailto:ja...@tsged.com] Sent: Saturday, November 14, 2009 10:59 AM To: NT System Admin Issues Subject: RE: Citrix question, could use some guidance Have you checked the web interface config. The DMZ Settings on our server points all addresses on our internal network to the internal IP of the server. The default, anything else not on our internal network, gets pointed to the alternate, external, address. -----Original Message----- From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Saturday, November 14, 2009 12:53 PM To: NT System Admin Issues Subject: RE: Citrix question, could use some guidance I did add altaddr at the command prompt, and 1494 is open, if I telnet to it I get "ICA ICA" -----Original Message----- From: Domingue, Jamie [mailto:ja...@tsged.com] Sent: Saturday, November 14, 2009 10:44 AM To: NT System Admin Issues Subject: RE: Citrix question, could use some guidance Do you have an alternate address set for the server? You can check by typing altaddr at a cmd prompt. If not then this could be the problem. Also make sure that your firewall has a translation from the outside to the inside for TCP port 1494. Hope this helps. -----Original Message----- From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Saturday, November 14, 2009 12:39 PM To: NT System Admin Issues Subject: Citrix question, could use some guidance Morning / Afternoon everyone. I got tossed a project that was a former engineer / consultants baby. Basically I was given a Citrix XenApp 5.5 server and told to "make it work". The last time I saw Citrix it was running on NT4, but with dreams of bonuses and being showered with praise at my amazing tech skills I said sure. (actually I am afraid of my boss and there was no way to say no). There is no documentation from the former engineer, and he will not communicate with me. I am ok with that. I have the XenApp server running, AD integration, published apps all working properly. I am sure that there is some cleanup, and security lock downs that I will have to do, but for now, it works. Published apps work. The Farm and all roles exist on one 2003 server. So here is my problem. I can not get this to work from outside of the firewall. Inside, everything works fine. On the VPN, everything works fine. >From the Internet, I can log into the web page, see my published apps. When I click on the Published app, it says "Unable to launch your application, Contact your help desk. Cannot connect to the Citrix XenApp server. Could not find the specified Citrix Xenapp server." So I have made sure that all the ports are open in the firewall, and I can telnet to the ports. Firewall is open. My question here is, I cant just open this to the Internet can I? I need some sort of SSL relay, or Citrix Gateway server or something right? Am I missing something here? Citrix documentation says " Securing connections to published applications with SSL/TLS. If plug-ins communicate with your farm across the Internet, Citrix recommends enabling SSL/TLS encryption when you publish a resource. If you want to use SSL/TLS encryption, use either the SSL Relay feature (for farms with fewer than five servers) or the Secure Gateway to relay ICA traffic to the XenApp server. You can also use SSL Relay to secure Citrix XML Broker traffic." http://support.citrix.com/proddocs/index.jsp?topic=/xenapp5fp2-w2k3/ps-gs-intro-using-xenapp-fp2.html So do I need to configure a SSL relay, install a Secure Gateway? I am so confused on this issue, and I am thinking it doesn't help that Citrix changes their product names more than I change my pants. Can anyone please just tell me or provide me a link, or some Google search terms on how to make published apps work on the Internet? Thank You Very much. Jeremy ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ CONFIDENTIALITY NOTICE This e-mail transmission (and/or the documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ CONFIDENTIALITY NOTICE This e-mail transmission (and/or the documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ CONFIDENTIALITY NOTICE This e-mail transmission (and/or the documents accompanying it) may contain confidential information belonging to the sender. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
