Forum Discussion
NimbostratusAPM & Citrix
Good Morning,
I am having some issues in getting external (internet) access to an existing internal Citrix infrastructure to work through an APM. Internal setup includes some NetScaler systems that host the internal service IP, followed by Storefront 3.0, DDCs, etc. The main goal is to simply authenticate the external connection and enable users to access their resources on the backend systems. No load-balancing, fail-over, etc. needed.
At first I tried to get it to work through the 2.3.0 iApp, but that proved to be too restrictive in some regards (wouldn't let me use the existing LDAP and RADIUS authentication servers). So I am trying to get it to work manually.
Authentication is working fine, and I seem to be able to access the Storefront itself either through the Application or Portal Access I am playing around with. In both cases I can see the applications Citrix is granting me access to. But as soon as I click on them, I get a loading symbol for a few seconds and nothing happens.
Looking for some pointers on what might be going wrong at this point. Checked local F5 logs and sessions information, as well as the firewall logs. Nothing seems to be hinting at any connections being initiated or droped.
Cheers. -S
8 Replies
Yann_Desmarest_Nacreous
Hello,
I suggest you to inspect your .ica file. I think that you will see citrix internal hostname that are not DNS resolvable from Internet.
Why not configuring the Citrix RDP on APM by putting the IP address or hostname of the XML Brokers. Thus, you don't need Netscaler nor Storefront anymore.
- Yann_Desmarest_This way, F5 APM will do patch the ica content to allow access from internet
sheylock_84248Thanks for your answer! Isn't that what Access Policy --> Application Access --> Remote Desktop should be doing? I have switched it between Storefront and Broker Services, the results stay the same.- Yann_Desmarest_The F5 APM need access to the XML brokers and the Citrix farms. Moreover, As far as I remember, you have to switch in Gateway Direct mode on the Citrix configuration. Then, you can put apm and websso logs into debug mode to have more verbose on the apm.log. I suggest also to trace what happens on the client side by using wireshark and fiddler, it can be a dns issue, an ssl issue or something else
Yann_DesmarestCirrus
Hello,
I suggest you to inspect your .ica file. I think that you will see citrix internal hostname that are not DNS resolvable from Internet.
Why not configuring the Citrix RDP on APM by putting the IP address or hostname of the XML Brokers. Thus, you don't need Netscaler nor Storefront anymore.
- Yann_DesmarestThis way, F5 APM will do patch the ica content to allow access from internet
- sheylock_84248Thanks for your answer! Isn't that what Access Policy --> Application Access --> Remote Desktop should be doing? I have switched it between Storefront and Broker Services, the results stay the same.
- Yann_DesmarestThe F5 APM need access to the XML brokers and the Citrix farms. Moreover, As far as I remember, you have to switch in Gateway Direct mode on the Citrix configuration. Then, you can put apm and websso logs into debug mode to have more verbose on the apm.log. I suggest also to trace what happens on the client side by using wireshark and fiddler, it can be a dns issue, an ssl issue or something else
