Jump to content
  • 0

The Connection to desktops failed with status (1030)

Louis Harle


I have a XenDesktop 7.1 rollout with 2 StoreFront servers load balanced on a netscaler - url sf.domain.com - when i browse to this i can successfully launch desktops. When coming from the outside I receive the 1030 generic error. My session policy is pointing me to https://sf.domain.com/citrix/mystoreweb properly. I have the appropriate certificate installed/configured. I have ports 1494, 80, 443 & 2598 from my VIP for Access Gateway open to both DDC - what could I be missing here?


Link to comment

10 answers to this question

Recommended Posts

  • 0

1030 usually means one of the following:

  • STAs are invalid. STAs on StoreFront don't match the STAs on the NetScaler Gateway.
  • Firewall is blocking TCP 1494 and TCP 2598 from the NetScaler SNIP (not the VIP) to every internal VDA.
  • StoreFront did not recognize it as a Gateway connection and is giving out the internal IP of the VDA instead of the gateway address.

You can look in the ICA file to make sure it's trying to use the Gateway: http://support.citrix.com/article/CTX115304

  • Like 1
Link to comment
  • 0

Thanks for the reply - I was not aware that 2598 and 1494 needed to be open to all VDA's on the Win7 machines, they certainly aren't listening on those ports, only on 80. Cannot obtain the launch.ica file as this is StoreFront. I do have 1494 and 2598 open from the VIP to the DDC's though. for the storefront URL i am pointing it to the load balanced VIP of my two StoreFront Servers - is there any port configuration necessary from the SF VIP (or individual IP's) that I might need?

Link to comment
  • 0

The article I linked to tells you how to get the ICA file.


Source IP from NetScaler is always a SNIP (or MIP), but never a VIP.


VDAs do listen on 1494 and 2598 when the DDC brokers a connection to them. DDCs do not listen on 1494 or 2598.


The StoreFront load balancing VIP should be listening on TCP 443 (SSL).


NetScaler Gateway (SNIP) also needs to connect directly to the DDCs on port 80 for Secure Ticket Authority.

Link to comment
  • 0

ok, so what I am going to have done is map 1494 & 2598 from the SNIP of the NSGateway to the subnet where the desktops are located. Additionally from that SNIP I will open 80 to both DDCs. StoreFront is indeed listening on 443 or I believe I wouldn't ever be presented with the ability to launch an app, right?


Thanks for your help, in all the times that I've done NSAGEE for XenApp I've always mapped from the VIP and it's worked (for whatever reason)..

Link to comment
  • 0

Hi carl,




well im having a setup running around 500 users, but for 1 user we are not able to launch session post sucessful logging.


we get .ica file n when we open it window console opens with white screen which turms to grey screen and screen disappers.


in event it shows event id 1050

with message  "connection validation failed on domain "for user"  for reason "deny" ".

Link to comment
  • 0

Same problem here... Error 1030 and 1050


Not linked to the Netscaler because I have the same error when i'm connecting trough storefront directly to the XenApp Server or trough the Netscaler.


--> I observed that issue/behaviour when I configure the "HDX Adaptive Transport" citrix policy on "Off" or "Diagnostic" mode.

When I choose the "Prefer" mode, no problem... Despite the fact that the "Prefer" mode normally try the "Diagnostic" mode in first and fallback on the "Off" mode is not sucessfull. But clearly there is another process in the "Prefer" mode that make it working


Are you have the same behaviour as me with the HDX adaptive transport ? 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...