I'm setting up a Citrix MetaFrame 1.8 server farm on Windows NT Server 4.0, Terminal Server Edition (TSE). My company doesn't allow UDP ports, so I'm trying to install Feature Release 1 (FR1) and Service Pack 2 (SP2) so that we can use the Citrix XML Service. Our users either come in through a Web site or use the 32-bit client. However, I can't seem to get the XML Service to work. When I try to connect, I receive an error message.
You installed the XML Service when you installed FR1 and SP2. The XML Service lets ICA browsing react to client requests instead of to UDP port 1604. However, before you can use the XML Service, you must make sure that you have opened up your firewall. A friend of mine had a hard time using the service because he was running a protocol-analysis firewall which, in addition to its typical firewall duties, analyzed packets and served as a proxy—eliminating some of the Distributed Denial of Service (DDoS) attacks on mail servers as well as direct attacks on Web resources. My friend had a hard time opening common ports for such uncommon uses. For other firewalls, such as Cisco Pix, Firebox, and Nokia, I've found that most people have common ports 8080 and 80 available and open for use. If you need to change the port you use for the service, go to a command prompt and type the following command to unload the Citrix XML Service from memory:
ctxxmlss /u
Next, type
ctxxmlss /Rnn
where nn is the number of the port you want to use. For example,
ctxxmlss /R8080
forces the XML Service to use TCP/IP port 8080. Finally, restart the XML Service.
When you want to publish an ICA file in Published Application Manager, you can right-click the application's icon and choose to create an ICA file. With FR1 and SP2 installed, you can also specify a TCP+HTTP address and a port number. Use this option to fill in the IP address and port for the Citrix server that's running the XML Service. For example:
[WFClient]
Version=2
HttpBrowserAddress=192.168.1.22:8080
TcpBrowserAddress=192.168.1.22
NetBiosBrowserAddress=DC2
[ApplicationServers]
notepad=
[notepad]
Address=notepad
InitialProgram=#notepad
ScreenPercent=75
DesiredColor=8
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
You can achieve the same results using Program Neighborhood. For a server farm, right-click the Program Neighborhood Application Set settings and, on the bottom of the configuration screen that appears, choose the TCP/IP+HTTP network protocol. Next, go to the Address List and choose Add, and enter the IP address and port. The process is about the same for a custom application except that you must perform the steps for each application separately, and you must clear the "Use Custom Defaults" option on the bottom of the screen before you can add an address and port.
These steps should let your users connect to a Citrix Server application by opening port 1494 TCP Inbound and some other common TCP port of your choice. Be sure to tell your Program Neighborhood users how to select the correct protocol.