• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Personal Blog
Vinny Sosa
Blogs
Profile
Related Tags
firewall
xendesktop
Added by Vinny Sosa, last edited by Vinny Sosa on May 19, 2008  (view change)
Permalink | Twitter Post to Twitter | Comments (5) | Views (23602) |
12 Mar 2008 06:02 PM EDT
Network Communication Ports used by Citrix XenApp (the new name for Presentation Server)
[ Tags: xenapp ,   network ,   ports ,   communications ,   presentation server ]
posted by Vinny Sosa

In the process of working on a project I had to gather all of the ports used by Citrix XenApp (the new name for Citrix Presentation Server). I had to look in a number of documents and KB articles. All I have to say is WHEW! I thought this might be useful for someone out there since I would have liked to have something similar. There are other ports too but I felt they weren't important (or perhaps I didn't understand how important they were so I left them out   ). Many of these are not Citrix ports but rather the service ports that we use to communicate into the infrastructure (such as LDAP). Hope this helps someone. If you find an obvious error or something omitted, please be sure to comment to this post. Enjoy!

Definitely nice to see that regardless of all of these ports, all clients/users need to connect are HTTP(S)-TCP ports 80 or 443.

NOTE: For more information on commonly known ports, visit http://www.iana.org/assignments/port-numbers

  • Application Performance Monitoring (powered by Citrix EdgeSight)
    • EdgeSight Agent to Edgesight Server - TCP 80/443 (Payload and alerts)
    • EdgeSight Web console (non-IMA) to RSCorSvc on EdgeSight Agent - TCP 9035
    • EdgeSight Agent internal communication - TCP 9036 (client-side database) NOTE: After EdgeSight 4.5, replaced with IPC)
    • EdgeSight database - SQL 1433 (configurable)
  • Client-side Application Virtualization -
    • Streaming Client to Application Hub (File Server/Share) - SMB 445
  • EasyCall -
    • To client - HTTP(S)-TCP 8443 (PSync)
    • To Admin console (non-IMA) - TCP 443
    • To LDAP Directory- TCP 389
    • To PBX - port varies by vendor
  • Independent Management Architecture (IMA) Services - TCP 2512, 2513
  • Licensing Service - TCP 27000, 27009 (configurable)
  • Server-side Application Virtualization
    • Management Console (Using IMA) - TCP 2512, 2513
    • Application requests - TCP XML 80, 8080 or 443 (configurable)
    • Access to Applications Virtualized on the Server - ICA-TCP 1494, 2598 (Session Reliability)
  • Single Sign-on (powered by Citrix Password Manager)
    • Management Console (non-IMA) or Agent to Password Manager Service - TCP-443
    • Management Console (non-IMA), Agent or Service to credential store
      • Network File Share Credential Store - TCP/UDP 445 (CIFS) or TCP/UDP 135-139 (NetBIOS)
      • Active Directory Credential Store - TCP/UDP - 389, 636, TCP - 3268, 3269
      • Novell File Share Credential Store - TCP/UDP - 524  
  • SmartAccess (powered by Citrix Access Gateway)
    • Standard and Advanced Edition
      • Client connections- TCP-SSL 443 (configurable)
      • Advanced Access Control (AAC) to Appliance communication - TCP 80 or 443 (configurable), 9001, 9002, 9005
      • Management Console
        • to Appliance (non-IMA) - 9001, 9002, 9005
        • to AAC - IMA-TCP-2513
    • Enterprise Edition
      • To client - SSL-TCP 443
      • To internal network - SSL-TCP 443, Native Authentication port (i.e. RADIUS 1812, LDAP 389), Native application ports (i.e. ICA-1494)
      • Management console (non-IMA) - SSH-TCP 22, HTTP(S)-TCP 80/443
  • SmartAuditor -
    • Management (non-IMA) - Use local console on Agent or on Server.
    • Agent to Broker (Recording and Policy Check) - TCP 80/443 (configurable)
    • Player to Broker - TCP 80/443 (configurable)
    • Agent to Server (Metadata and Video)- Microsoft Message Queuing,
      • Default - TCP: 1801; RPC: 135, 2101*, 2103*, 2105*; UDP: 3527, 1801 (*These port numbers may be incremented by 11 if the initia choice of RPC port is being used when Message Queuing initializes. A connecting QM queries port 135 to discover the 2xxx ports.)
      • Over SSL- TCP 80,443
  • WAN Optimizer -Guidance provided was to get it from Admin Guide
    • Appliance to Appliance - Pass-through native application port (e.g. ICA-1494, HTTP-80, LDAP-389)
    • Management Console (non-IMA) - TCP 80
    • Client to Appliance - TCP 443
  • Web Interface
    • Client connections - TCP 80/443 (configurable)
    • Server-to-server - TCP XML 80/8080, 443 (using SSL Relay)
    • Management console (partially IMA) - DCOM 135 (+ configurable high port range), IMA-TCP 2513, TCP 80/443

Brian Madden created a webinar that helped to explain some core communications processes. That might also be useful and you can find it here (called Understanding and Designing Presentation Server Farms).

Labels

xenapp xenapp Delete
network network Delete
ports ports Delete
communications communications Delete
presentation server presentation_server Delete
lang-eng lang-eng Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Comments (5)

 

  1. Mar 14, 2008

    Tom Hanagan says:

    Good list.  Thanks for the effort.  I've needed a list like this a few...

    Good list.  Thanks for the effort.  I've needed a list like this a few times over the past few months.

    Although not a direct XenApp product, you might add Access Essentials to the list...just a thought. 

  2. Jun 25, 2008

    David Weissman says:

    Hopefully all of your hard work can be integrated into a long overdue ...

    Hopefully all of your hard work can be integrated into a long overdue update to *CTX109929, Citrix Access Suite 4.2 Connections (*http://support.citrix.com/article/ctx109929*).*

  3. Aug 04, 2008

    Leonar Alvarez says:

    Hey Vinny, Thanks for the list, this will be very helpfull in our future impleme...

    Hey Vinny, Thanks for the list, this will be very helpfull in our future implementations.

     Keep bloging!

  4. Oct 22, 2008

    Anonymous says:

    What about the high level ports?  We have a situation where a layer 3 devic...

    What about the high level ports?  We have a situation where a layer 3 device sits before the firewall and is only allowing certain ports through.  1494 is open, but it still didnt work.  We then found this from an old article, so I am unsure if the numbers are the same in Xenapp.  But there definetly is more higher ports operating:

     When a client wants to connect to a particular Citrix MetaFrame server, after it knows the server's IP address, it will address the server on port 1494. The server will respond to the client on 1494 and assign it a port number in the "high port" range (1023-65534) for further communication. Each client that attaches to a single server is assigned a different "high port" number after the initial connection establishment. In this way, the Citrix MetaFrame server can differentiate between which clients it is conversing with, because each client continues communication with the Citrix MetaFrame server using a different source "high port" number, but the destination port number will remain at 1494 throughout the conversation.

  5. Jan 15, 2009

    Charles Comer says:

    There are two ports that must be made available to communicate with License Serv...

    There are two ports that must be made available to communicate with License Server 11.5.  Port 27000 is used to communicate from the XenApp servers to the License Server (LMGRD.exe), and port 7279 is used from the License Server to the XenApp servers (CITRIX.exe).  If you want to change the port from 7279 to something else, from the license server edit the citrix_startup.lic file and change VENDOR CITRIX options="C:\Program Files\Citrix\Licensing\MyFiles\CITRIX.opt" PORT=7279 to another port and restart the license service.  Almost immediately you will notice the date stamp of the remaining license files change as well (CtxLSPortSvc.exe AKA Citrix LS Port Updater Service).  If the segment PORT=7279 does not exist or is removed, then it defaults to that port anyway.

    Prior to version 11.5, it was dynamic.  To find out which port you are currently using, open the lmgrd_debug.log.

Add Comment