Hi all, first let me say that this is my first post here, so hopefully I explain my issue well enough and second I am a relative newbie to ISA, so I’m sure my problem is something small I’m missing. J
Let me give a quick background. I am running ISA 2006 in a test environment, however it is connected to the live network and acts just like our current ISA 2004 setup. I am able to successfully navigate to the internet through my 06 setup with no issue.
The problem that we have is, if I connect to a Citrix website, I can get all the way to the application screen, however the application will not launch and returns a pop-up error of "socket operation on non-socket". If I bypass the proxy (in test 06 or prod 04) the app launches just fine without any error. I set up a base rule to allow access for all protocols to access the internet and then a ICA and ICA (w/ Session) rule as well, however I still get the ‘socket’ error above. I have tried extending the SSL-tunnel to include 1494 and 2598 with no success.
OK, a bit of an update. What we've discovered is that the Citrix sessions try and conenct to port 2598 first (fails everytime) and then it will 'fail-over' (so to speak) to 1494 and connect there.
However, what I think the issue is, is that when the initial connection changes from 2598 to 1494, ISA server does not know who to handle the change. Is there any type of rule I can create or config. change that would help with this?
I have since followed what Citrix told me, and still get hung up at the same spot. Look inside the ISA 2006 logs and find out the following...
Unidentified IP Traffic for destination port 1604. Now in my access rule, I have set up to Allow Protocols [ICA, ICA session w/ Session reliability enabled, Netbios name service], from Internal and Local Host, to External, Condition All Authenticated Users.
I've got the same issue with an ISA Server 2006 EE array (2 servers) on Windows 2003 R2 (SP1)....I've created an access rule to allow the predefined protocols ICA and ICA w/session reliability from Internal to External (for All Users), but I have users who try to connect from their PCs (Windows 2000 SP4, no firewall client, just SecureNAT) using an ICA client unsuccessfully and I see this in the logging:
Why does it list traffic on port 1604 as unidentified, and more importantly, any clue as to why it's denying it? The access rule for ICA is placed ahead of the Default Rule...if the ICA client doesn't use Published applications, it goes out through 1494 and the rule applies and works quite well.
This was bugging me...but I came up with a solution. I created my own custom ICA protocol, UDP 1604 Send/Receive, and ISA started recognizing that traffic on port 1604 as my Custom ICA Protocol (no more "Unidentified IP traffic") and it worked.
Even though both the canned ICA protocols include that same thing (albeit in the Secondary Connections portion of it) it wouldn't work. Hmmm....
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 General] >> General >> Can't launch Citrix Applications 
Can't launch Citrix Applications - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread