RE: How to add a Citrix Server

Thank you very much for this information. In order to proceed, please tell
me the following:
-If I get another static IP address from my internet provider, how do I tell
ISA about the second address (how do I attach a second IP address to the NIC
going to the internet) and how do I specifically indicate to ISA that the
second address is for access only to the Citrix Server?

-As an alternative to a second IP address, can I configure an unused port on
the ISA server to handle the incoming traffic that needs to go to the Citrix
server? How would I forward the traffic coming in on the new port to port
443 of the citrix server (port 443 is the Citrix server requirement )?

Thanks, Ira Shapiro

-How do I know which ports are used so I can choose an unused port in the
step above?

""Brandy Nee [MSFT]"" wrote:

Hello Ira Shapiro,

Thank you for posting back!

I am sorry for the delayed response due to the weekend. Please understand
that the newsgroups are staffed weekdays by Microsoft Support professionals
to answer your systems and applications questions. Your understanding is
greatly appreciated!

You can send the screen shot to my mailbox v-branee@xxxxxxxxxxxxxx

Please understand that by default, Port 443 is preserved for Default Web
Site and there are many SBS Components will utilize Port 443, like OWA. If
you configure Port 443 for Citrix, OWA may not be work, and we need to
change another Port for OWA. It will be very complicated for you to
configure and monitor. Also, if you rerun CEICW, the OWA Port will be
changed back to Port 443.

We suggest that you use another Public IP Address especially for the Citrix
Server. You can assign two Public IP Addresses on the external NIC of the
ISA Server, one IP address for SBS Server, another IP address for the
Citrix Server. So there will be no conflict for clients to access these two
Servers. For example, clients type https://Public_IP_Address_1/exchange to
access SBS OWA, type https://Public_IP_Address_2 to access the Citrix, and
you do not need to change Port.

If you insist configure Port 443 for the Citrix Server, please see my
suggestions:

a. Open ISA 2K4 Management.
b. Expand to YourServer\Firewall Policy.
c. On the middle pane, high light each of the Web Publishing Rule. On the
right pane, go to Tasks tab, select Disable Selected Rules.
d. Click Apply.
e. Still on the right pane, go to Toolbox tab.
f. Under Network Objects, expand Web Listeners.
g. Right click each of the Web listeners and select Delete.
h. Expand to YourServer, right click Firewall Policy, New, Server Public
Rule.
i. Run the New Server Publishing Rule Wizard to publish the Citrix Server.
j. Test the issue again.

If the issue persists, please help me to gather the ISA Log and ISA info:

1. ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/isainfo/ISAInfo.zip

2) Extract all files to a folder on ISA server

3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.

4) Please send these files to me.

2. We also need to gather the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted,that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing client/server so
that I can filter the data.

Hope it helps. If you have any further updates, please feel free to let me
know. I am looking forward to hearing from you!

Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
Thread-Topic: How to add a Citrix Server
thread-index: AcZblWRw6gtgObLyRGCBHeVragEA4w==
X-WBNR-Posting-Host: 71.242.19.123
From: =?Utf-8?B?SXJhIFNoYXBpcm8=?= <IraShapiro@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <AB99BD2C-D370-41EA-84A9-61EBD24DA0AF@xxxxxxxxxxxxx>
<tdXEuYuVGHA.5296@xxxxxxxxxxxxxxxxxxxxx>
<3D28AA1D-5C63-4243-B844-4527095D5E6D@xxxxxxxxxxxxx>
<xJgnuIWWGHA.5296@xxxxxxxxxxxxxxxxxxxxx>
<134F5483-7F10-4A19-980C-DBDBB2DCA8BB@xxxxxxxxxxxxx>
<aLQNFciWGHA.880@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: How to add a Citrix Server
Date: Sat, 8 Apr 2006 22:21:02 -0700
Lines: 105
Message-ID: <FF6EE035-AE83-4281-9522-DB83E3446B8A@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:259082
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.sbs

Is there a way to paste in a screenshot or attach a file to a reply here?
I
found a section in the Citrix Access Essentials pdf document that I
captured
in a jpg file. It says the only thing needed is to forward port 443
through
the firewall. I wanted to paste the screenshot in here.

So, what I have created on my ISA2004 server is an access rule for port
443
(which is a standard protocol called "https server"). That protocol is
for
inbound TCP traffic on port 443. I then published the citrix server,
using
its IP address on my SBS network to receive traffic from that access rule.
I
apply the ISA changes. I still can't access the citrix server over the
internet. I tried https://mail.company.com:443 in the browser of the
remote
pc. I am not even contacting the citrix server over the internet, so I
believe my problem is getting through the ISA2004 firewall. I can access
the
citrix server from within the SBS network with no problem.



.

Relevant Pages

  • Re: RWW Timing
    ... If you have installed ISA, ... Expand the server node and highlight ''Monitoring''. ... In the following website you can find many useful resources related to SBS ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Nagging Autorization issue for Companyweb after ISA04 install
    ... Check the companyweb CNAME entry in the DNS Server. ... Does the situation occur when you access companyweb from the ISA ... > 'Microsoft Firewall' service. ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS web config
    ... The 1 IP 1 Port listener is by design on ISA Server. ... 'Microsoft Firewall' service. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: sloww web browsing
    ... and ISA 2004, the internet access became slower than it used to be. ... Open the ISA Server management console, ... Click Start, point to Programs, point to Microsoft ISA server, and then ... will you be able to access the internet from the internal client ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2004 SP1 - Microsoft Firewall service not starting
    ... Then open the ISA management console, right click Cache and select Disable ... How to delete the Web cache in Internet Security and Acceleration Server ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)