Posts Tagged ‘Citrix’
Citrix Alternate Addresses
I ran into a problem recently with a Citrix XenApp 6.5 farm we have setup for external users in an overseas office. These users access the Citrix farm via external IP addresses which are setup on our firewall. The internal IP address of the Citrix XenApp server is different than the external IP address that the clients overseas use to access the published applications. This caused the connection to the published applications to fail because the Citrix Web Interface server was sending the clients to the internal IP address rather than the external address.
In order to make this work, you have to first assign an alternate (external) IP address for the servers running XenApp using the ALTADDR command. The alternate address is returned to clients that request it and is used to access a server that is behind a firewall. Before this will work, though, you also must setup the Citrix Web Interface to use the alternate address.
So, as an example, let’s say that you have a Citrix XenApp server hosting published applications and is assigned the internal IP address of 192.168.1.10. Your firewall is configured to allow access to this internal IP address via the external public IP address of 100.1.1.10. The first step to make this work is to use the ALTADDR command line utility on the Citrix XenApp server to specify the alternate IP address of 100.1.1.10. The syntax would be:
altaddr /set 100.1.1.10
The next step is to configure the Citrix Web Interface to use this address. Now, let’s say that this XenApp server is accessed by both clients on your internal network and clients at an overseas location. Assume that the overseas office uses the subnet 10.2.2.0/24 for their PCs. We can setup the Web Interface server to use the alternate address for the overseas office, and all other clients will use the internal (default) address.
On the Citrix Web Interface server, launch the Citrix Web Interface Management console. You should have two options on the left side, XenApp Web Sites, and XenApp Services Sites. Select the site that you want to setup for alternate addresses, right-click the site name and click “Secure Access”. Click the “Add…” button, and using the IP subnet from our example, you will enter 10.2.2.0 for the IP address and 255.255.255.0 for the Mask. In the “Access Method” drop-down box, select “Alternate” and click OK. Click Finish.
Now when a user on the 10.2.2.x subnet attempts to access a published app, the web interface server will send the ICA session to 100.1.1.10 instead of 192.168.1.10.
Citrix SQL Gotchas
Every Citrix XenApp farm requires a data store, which is basically a SQL database. The database can exist on either a fully-licensed Microsoft SQL server implementation, or a freely available (and included) SQL Express server. When running Citrix XenApp setup, you can opt to setup the included SQL Express edition. However, you may wish to do a manual installation of SQL Express for various reasons. If you choose to do a manual installation, there are a couple of things you will need to know.
First of all, when setting up a new SQL Express installation, always choose a named instance, and use the name “CITRIX_METAFRAME” whenever possible. This is the default choice for an out-of-the-box Citrix SQL Express installation, and makes things easier. When you create the new data store during XenApp installation, it should automatically create the MF20 database for you.
When you are attempting to join a new Citrix XenApp server, you may encounter a “Network-Failure” error when testing the connection (during the join process). If you encounter this issue, it is most likely due to the configuration of SQL Express on the data store server. By default, the TCP/IP and Named Pipes protocols are disabled on a new SQL Express 2008 R2 installation. To change this, on the SQL Express server hosting the data store, launch the SQL Server Configuration Manager (found under the start menu, under Microsoft SQL Server 2008 R2\Configuration Tools), and expand the SQL Server Network Configuration node. Select “Protocols for NAMED_INSTANCE” (should be CITRIX_METAFRAME), right-click on TCP/IP and Named Pipes and select “Enable”. It should look like this:
When you are finished you should restart the SQL services, then attempt to join the new XenApp server to the farm again.
Citrix XenApp IMAService Login Failed
On a new Citrix XenApp 6.5 farm that I built recently, I noticed that I was no longer able to connect to the farm using the AppCenter console. When doing a discovery, I received errors that it could not connect to the data store. I checked the server hosting the Citrix farm’s data store, and everything appeared to be ok. So, I checked the event viewer on one of the servers running Citrix XenApp, and discovered a recurring error in the System event viewer:
Log Name: System
Source: IMAService
Event ID: 3989
Description: Citrix XenApp failed to connect to the Data Store. ODBC error while connecting to the database: 28000 -> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
I opened the DSN file located at C:\Program Files (x86)\Citrix\Independent Management Architecture named “MF20.DSN” with Notepad and noticed that the UID value was set to my domain user account, which I had used to install the Citrix farm’s components. Since I have to change the password on this username frequently (and had recently changed it), I decided I should change this to a domain service account with a password that never expired. To do this, I had to use the dsmaint command line utility. The syntax is as follows:
dsmaint config /user:<username> /pwd:<password> /dsn:”C:\Program Files (x86)\Citrix\Independent Management Architecture\mf20.dsn”
You should get a notification that it “Successfully connected to the data store” and that “Configuration successfully changed.” Restart the IMA service and everything should work again.
The Server Monkey's Blog 