Jump to content
Welcome to our new Citrix community!
  • 0

External access to VDA

Reidar Westvik


Hi Peeps,


I have a brand new installation of VDA which i cannot seem to connect to from outside of our network. Internally i can connect to the win 10 desktop with no issues. This goes for both the workspace client and via the storfront web - no issues. 


I've attatched the errors from my external connect attempt. 

My setup


1x CTX hypervisor with Tesla GPU. 192.168.80.xxx

1x CTX VDA 192.168.80.xxx

1x CTX Storefront 37.28.130.xxx

Azure VM for external testing 52.138.222.xxx

Endpoints are virtual Win 10 on HyperV with Virtrual delivery agent. 192.168.80.xxx

Nvidia Grid on VDA server


Its a pretty simple setup with no redundancy just a HV and VDA for static desktops login on internal and external network. 

Everything running on latest versions and MS hotfixes.  All IPs are static and resolves DNS fine between all instances. 


As of firewall i've made a few tcp/udp any rules from my Azure test to all CTX servers which i will lockdown at a later stage. I can successfully telnet from my Azure test to storefront on 80 and 443.

Servers seated in the 192.168.80 network is not firewalled. All local FWs are switched off. Internally i can also telnet  to: 80, 443. Testing TCP/1498, 2598 and 8008 they are not responsive. I'm not sure if they should be open cause they are also non responsive if i telnet on localhost. All IPV6 interfaces are disabled. 


I've gone thru windows event logs and here's what i can find.


Storefront System log: An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed. No sure if this is Citrix related. 

VDA Logs:  No errors or warnings.


Testing Site, Catalog and delivery group in Citrix Studio shows no errors in the reports.


I've also tested with TCPView running on my Azure test box whilst connecting. No error or traffic seem to be blocked between Azure and storefront.
I can notice there is some sort of communication to the end point. If i'm logged in either via RDS or console to the win10 endpoint i can see its disconnecting this session when i init a session with via storefront or workspace client as it should do. 


One of the things i cannot figure out is if i need the Citrix Gateway in front of the Storefront for external non VPN connections? I whould think that storefront would be enough?


Anyone else experienced similar issues? Any pointer or tips is deeply appriciated!








vda errors.JPG

Link to comment

1 answer to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...