Error: Unable to launch your application; SSL error 29 through NetScaler gateway

Error: Unable to launch your application; SSL error 29 through NetScaler gateway

book

Article ID: CTX217121

calendar_today

Updated On:

Description

Unable to launch apps through Netscaler Gateway Error: cannot launch app; SSL Error 29: proxy denied access to xxxxxx port 1494.
Applications can be launched by bypassing Netscaler and connecting directly to Storefront.

 

Resolution

Add an INAT rule on the NetScaler with public IP as the internal IP of the XA server(application host server) and Private IP as the NAT IP.
This way NetScaler will hit the internal IP which will NAT the traffic to NAT'ed IP which is reachable from NetScaler . 

User-added image

Problem Cause

  1. Since netscaler is in DMZ, netscaler was talking to backend storefront/xenapp servers over a natted IP. 
  2. When DDC was giving IP address of XA server (application host server), its giving internal IP of the XA server instead of the natted IP.
  3. Netscaler cannot communicate with the internal IP and has to go through natted IP.  

Issue/Introduction

This article briefs about the troubleshooting scenario in a NAT'ed Network environment

Additional Information

For INAT rules please refer below link:

https://docs.citrix.com/en-us/netscaler/11/networking/ip-addressing/configuring-network-address-translation/configuring-inbound-network-address-translation-inat.html
Powered by Wolken Software