Citrix VDI-in-a-Box – 1030 Connection Error


Was helping out a friend with a deployment of Citrix VDI-in-a-Box for their company.  After setting up the environment we kept receiving a 1030 Connection error when accessing the virtual desktops from an external connection which utilized CAG 5.04.  After thinking that some ACL in the firewall was missing and waited around for the network folks to return emails, I noticed a very important step you need to configure inside vdiMgr.

Checked all the usual places
  • Is the STA generated from the vdiMrg in the CAG.
  • Used an SSL checker to see if the SSL was created correctly.
  • Checked that the vDesktop DHCP range is in the ICA access control list on the CAG.
  • CHecked that the correct ports are opened up on the firewall.

I found the issue by looking at the default.ica file from WI, and noticing the “Internal HDX gateway IP Addresses” is wrong inside the ICA file and seeing if it has been marked with the internal IP address.

If you log in to the vdiMgr console and go to advance properties and look under gateways ensure that you have specified the “Internal HDX gateway IP Addresses” which HAS TO point to the internal IP address of the CAG.

About CyberRuiz
Highly motivated with over 12 years experience on Citrix/VMWare/Microsoft/technologies. Exceptional communication skills and team player. CCIA – Citrix Certified Integration Architect. CCEA – Citrix Certified Enterprise Administrator. VCP – VMWare Certified Professional in ESX 2.x, VI3, VI4 MCSE – Microsoft Certified Systems Engineer

2 Responses to Citrix VDI-in-a-Box – 1030 Connection Error

  1. GHanel says:

    Just to add. People will likely be trying this with the netscaler VPX Access Gateway (as I believe CAG is being phased out). In the VPX you are required to create a MIP (mapped IP) when first setting up the appliance, you then assign another IP to the access gateway (this IP is made public -via NAT in my case). The IP address Daniel mentions above should be the MIP (not the internal IP of the AG). Different terminology when using Netscaler but same solution to same problem.

    • CyberRuiz says:

      I am with you GHanel. The CAG is pretty much history. And yes… You need that MIP (Mapped IP). MIP addresses are used to connect to the backend servers and Reverse Network Address Translation (NAT).

      In case you run a NetScaler, where the CAG will end up living after 5.04 is discontinued (it’s what it seems is going to happen), the MIP address is one of the NetScaler owned IP addresses and you must specify at least one MIP address when you configure the appliance for the first time, then you SNIP of course for the subnet your are routing, and finally your CAG IP known as AGEE IP.

      You got it right on man.

      Cheers back at you.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: