[THIN] Re: Clients behind firewalls

• From: "Rosa,Steve,BRUSSELS,GLOBE Center EUR-ITOC" <Steve.Rosa@xxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Thu, 4 Nov 2004 14:06:01 +0100

Mike,
 
These clients are connecting via TCP-IP only. They connect to the ZDC's via IP 
addresses, not FQDN, as this 3rd party site has no connection with our DNS 
infrastructure.
The box for XML DNS Address Resolution is not checked.
 
Steve

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of 
Mike Semon
Sent: 04 November 2004 13:51
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Clients behind firewalls


If you are using Program Neighborhood you may receive this error if you are 
connecting via HTTP+TCP. The client cannot resolve the FQDN of the Metaframe 
Server. Try adding an entry to the host file of the client device or
in the Management Console deselect enable XML DNS Address Resolution under the 
farm properties.
 
-Mike

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of 
Rosa,Steve,BRUSSELS,GLOBE Center EUR-ITOC
Sent: Thursday, November 04, 2004 2:19 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Clients behind firewalls



Hi there, 


Environment: MF XP1.0 on Windows 2000 

We have a couple of users who connect from a 3rd party site. Between this site 
and the server farm, firewalls have been put in place and rules have been 
created to allow the Citrix traffic. Our farm consists of 20 servers. These 
clients should only connect to 6 of the servers (2 are dedicated data 
collectors and 4 are actual load balanced application servers), therefore 
firewall is open only to these 4 boxes.

When the users connect via the Program Neighbourhood, they get the error 
message "Cannot connect to the Citrix MetaFrame server. There is no route to 
the specified subnet address".

The issue is not critical as refreshing 3 times usually clears the issue 
however it is annoying. I received some network trace logs which clearly show 
that the clients try to connect to servers where they should not.

I assume a quick workaround would be to add all the servers in the firewall 
rules, but I would rather know what is really going on.

Has anyone a clear view on this? 

Thanks! 

Steve Rosa 
Platform Services - Technology - Senior System Engineer 
Nestlé European Information Technology Operations Center (ITOC) S.A. 
Rue de Birmingham, 221 - B-1070 Brussels (Belgium) 
Phone : +32 2 529 68 35  -  Fax : +32 2 529 55 95 
Mobile : +32 477 770 772 
E-Mail : mailto:steve.rosa@xxxxxxxxxxxxxx 

• Follow-Ups:
  • [THIN] Re: Clients behind firewalls
    • From: Mike Semon

Other related posts:

• » [THIN] Clients behind firewalls
• » [THIN] Re: Clients behind firewalls
• » [THIN] Re: Clients behind firewalls
• » [THIN] Re: Clients behind firewalls
• » [THIN] Re: Clients behind firewalls
• » [THIN] Re: Clients behind firewalls

1. Home
2. thin
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---