Configure Citrix License Server With Firewalls

If there is a firewall between your citrix presentation / xenap server and citrix license server you need to configure your citrix license server to only talk on certain firewall ports.

Symptoms

If you have a firewall in between the citrix license server and the citrix presentation / xenapp server and you have not configured which ports the licensing server are going to use to communicate on you get pop up errors and errors in the citrix servers eventlog such as “The citrix server can not contact the citrix license server”  “The citrix presentation server has now entered a grace period”

Things You Need To Check

When a user logs on to citrix the citrix presentation server establishes a connection to a citrix license server on a certain firewall port (This is configured in the farm settings) then the license server allocates a license and replies back to the citrix presentation on a random firewall port.  Using a random firewall port is a big no no as this will mean you will have to open 100s or 1000s of firewall ports.  What we can do is hard code which firewall port the citrix license server responds on.

The first you need to hard code the firewall port is in the citrix farms settings.  Log in to your citrix management console and right click on the farms name at the top and select properties, at the next window select “License Server” first of all check what the license server name, I prefer to enter an IP address here rather than a DNS name,  Now note what port number is being used here to communicate with the citrix license server. The default port number is 27000, this can be changed if you want.

Now make sure this firewall port is opened, Log on to your citrix presentation server and go to the command prompt and type in  “Telnet %Citrix_Licensing_Server% %Port_number%” for example  “Telnet 192.168.0.77 27000” if the dos command screen goes blank communication is fine to your citrix license server,  If the dos screen hangs and times out then the firewall must still be blocking the connection.

The second place you need to hard code the firewall port is on the citrix license server. Choose a firewall port and open it on your network, Personally I use firewall port 27001. You need to edit all of the citrix license files you have downloaded from mycitrix. First stop the “citrix licensing” windows service and then go to the \Program Files\Citrix\MyFiles directory.  Copy and paste all files to a safe location.  If something goes wrong and we need to roll back we will then have a copy of all of the citrix license files.

Now Remove the Read Only attribute from all license files. in the MyFiles folder. Open each license file with a text editor, such as Notepad. In the license file, look for the line Vendor CITRIX  Modify the line by adding the following:

options= <the path to the options file “Citrix.opt”> port= <the chosen port number “27001” ??>

Example:

Vendor CITRIX options=”C:\Program Files\Citrix\Licensing\MyFiles\citrix.opt” port=27001

Make the same change in all license files in the \MyFiles folder. When you save the files make sure they keep the .lic file extention.  Now start the “CitrixLicensing” on the citrix license server

As soon as the above has been done log on to your citrix presentation server and check the eventvwr.  You will know the above was successful when you see the event “Citrix server has successfully contacted the citrix license server”

Other External Citrix License Server With Firewall Documents

CTX103356 – Firewall Configuration Concerns Between the License …Accessing the License Server through a Firewall

Readme for Citrix Licensing 11.5 for Windows

[THIN] Re: Citrix License Server – Firewall – thin – FreeLists