Jump to content


Photo

Cannot launch pusblished apps from outside company network

Started by Philipp Frei , 17 July 2017 - 12:53 PM
4 replies to this topic

Philipp Frei Members

Philipp Frei
  • 4 posts

Posted 17 July 2017 - 12:53 PM

Dear support and forum users,

 

I've been removing my hairs trying to figure out what's going out there ;(

I'm coming from a Citrix XenApp 6.5 farm with Secure Gateway (3.3) & Web Interface (5.4.0.59) with a Gateway Direct, which was quite simple to setup.

 

Now with a brand new setup using XenApp 7.13, and Netscaler Gateway Express VPX (11.0 70.12.nc), I'm currently unable to make it work from outside the company.

 

From the inside, it works like a charm, either using the Delivery Controler FQDN, or the external adress, either with web or Receiver.

 

From the outside, I keep getting "this version of Citrix Receiver doesnt support your selected encryption", either with web or Receiver. With the Receiver, I can see that the store still uses the internal fqdn of the Controller/StoreFront server which seems bad.

 

Please find in attachment, the complete network setup/diagram to understand our setup (please note real domain name/internal domain name are not the real ones, my company just wont to publish those informations.)

 

Any help or suggestions are really appreciated.

 

Best Regards from Switzerland.



Carl Stalhood CTP Member

Carl Stalhood
  • 12,078 posts

Posted 17 July 2017 - 01:06 PM

See http://www.carlstalhood.com/receiver-for-windows/#modules and the next section for an explanation of how Receiver works. You should be seeing the internal URL.

 

The error you mentioned is when Receiver launches the app and it's not an error on the web page? What SSL Ciphers do you have configured on the Gateway vServer? Any proxy server or SSL decryption interfering? Did you install the intermediate certificate and link it to the Gateway certificate?



Philipp Frei Members

Philipp Frei
  • 4 posts

Posted 17 July 2017 - 01:49 PM

Hello Carl,

 

Many thanks for your quick answer.

 

I've check the link your provided me, and for the public ip entry in the netscaler gateway session profiles, the Account Service Address refers to the internal fqdn of the storefront/delivery controller machine. Should it be different ?

 

Actually, this error happens just after trying to launch a published application (either using a browser, or using Citrix Receiver 4.8) - always from outside network company.

 

For the netscaler configuration, I did the basic setup (NSIP, SNIP, hostname/dns/time, and licence), plus the XenApp and XenDesktop under the Integrate with citrix products.

 

Regarding SSL Ciphers I can't tell you which is configured because I didn't have to do this during the setup. Our certificate is a wildcard one from GeoTrust (Rapid SSL).

 

Regarding proxy server, we don't have any, and ssl settings are not configured under our physical firewall policies.

 

Please excuse my ignorance and lack of knowledge about these areas.

 

Many thanks again for time and help !

 

Regards.



Carl Stalhood CTP Member

Carl Stalhood
  • 12,078 posts

Posted 17 July 2017 - 02:20 PM

I recommend contacting a Citrix Partner or Citrix Support to review your configuration.



Philipp Frei Members

Philipp Frei
  • 4 posts

Posted 17 July 2017 - 06:21 PM

Dear Carl,

 

Thank you for your suggestion.

 

Obviously, that was the first step I make after I didnt was able to make this setup work.

As we don't have the valid Entitlement, which is not the case, we have running maintenance contracts till end september/october.

 

Waiting an answer on their side.

 

Regards.