Jump to content
Welcome to our new Citrix community!
  • 0


Hello to everybody


All our users connects through Netscaler to the XenApp servers. We publish several applications (through RDS) that connects to application servers. 

Is there any way that the client IP (the user's real IP) can be published, in any way, to the application servers? 




User connects to netscaler (using IP1) and authenticates with his domain credentials. In his citrix receiver Internet Explorer is published though RDS1 with ip address IP2  (instead of IE you could think a normal client-server application, where client side is installed to RDS1). User opens the published IE and connects to OWA (Outlook web access). 

In normal way,  IP2 is logged in the Exchange server. We need to log IP1 instead of IP2. This is the case.


I know that we could configure the client IP address in NS  (https://docs.citrix.com/en-us/netscaler/12/load-balancing/load-balancing-advanced-settings/usip-of-client.html) but as far as I can understand and think, that would work if we publish the application server directly to NS and not through RDS and XenApp. This should work if we publish the OWA through NS, not publish IE through XenApp and then open OWA. Even even we configure client IP address forwarding in NS, there should be some extra configuration in XenDesktop-Xenapp. Am I correct?


I found that horizon (I know, shame on me, but I did a wide googling in order to find a solution) calls this feature Client IP Transparency. 


Thanks everyone in advance.



Link to comment

4 answers to this question

Recommended Posts

  • 0

Thanks  for your reply. I already mentioned this config in my 1st post. This does not resolves the issue, as far as I can think. It only forwards the client IP address to the XenApp server. What about the published application and the application server? Will it be forwarded until the end of the chain?


I have done some googling so far, my self.

Link to comment
  • 0

The VMware Horizon Client IP Transparency appears to be limited to connected to Internet Explorer instances: https://docs.vmware.com/en/VMware-Horizon-7/7.0/com.vmware.horizon-view.desktops.doc/GUID-C8B03EF6-93DC-46AD-AF53-F3568572B038.html



VMware Client IP Transparency - Enables remote connections to Internet Explorer to use the Client's IP address instead of the remote desktop machine's IP address.

This setup option is not selected by default. You must select the option to install it.





Introducing VMware Client IP Transparency

In VMware Horizon 7, a new feature called VMware Client IP Transparency is introduced to solve this issue for web-based applications. This directly passes the client IP address to the backend application server. (Currently, the feature supports only IE.)


This feature enables IE to expose the client IP address, instead of the RDS IP address while connecting to the backend infrastructure.


I understand what you are trying to achieve, I am just not sure how you could achieve that natively (meaning anything published from a Delivery Controller).  The closest this I can find related to what you are asking about is the Session State Monitor utility (https://support.citrix.com/article/CTX127491), which provides the ability to pull the Client IP (and other details) of the user making the ICA connection to a VDA via the %clientaddress% variable programmatically.


I've used a similar setup to pull hostnames from thin clients making connections to VDAs so that the hostname of the thin client could be passed to the application that was being launched, but it was not a published application they were accessing it was a web-based application accessed via a shortcut on their desktop.


The following discussion talks about this, but there is no answer or clarification provided: https://discussions.citrix.com/topic/374824-pass-clients-ip-address-to-the-back-end-server/


I hope this is a little helpful.

Link to comment
  • 0

First of all, thanks for your time. I appreciate it. 

Session state Monitor utility seems to be a good idea. As I understand, it does some rewriting in the inside the session channel. It seems that it passes the client IP also.

I would be more optimistic if there Netscaler wasn't in the middle. I will test it and let you know how it went. 

Thanks mate once again.


If anyone else have any other idea or have played with SSM utlity, it would be nice to hear.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...