Top 20 Misconceptions about Citrix MetaFrame and Microsoft Terminal Server
Written by Thomas Koetzing at Tuesday, 22 March 2005
As the “Three Musketeers” (Stefan, Jeff, and Thomas) in the official Citrix support web forums, we have written about 20,000 posts over the last two years. During that time we’ve probably read more than 100,000 posts and noticed some basic misunderstandings with Citrix or Terminal Services. Sometimes answering the same questions get really frustrating for us! Therefore, we’ve written this “Top 20“ list of misunderstandings. Contrary to what you may believe, all of these 20 statements are TRUE.
Top 20 Citrix and Terminal Services Facts that many people incorrectly think are myths
Citrix MetaFrame is just an ADD-ON for Microsoft Terminal Services.
A Citrix MetaFrame connection license does NOT include a Microsoft Terminal Services client access license (TSCAL).
With Windows 2000 and above you MUST deploy a Terminal Server licensing server (TLS). Period. No exceptions. (Warning: An initial "grace period" may fool you into thinking otherwise!)
Windows 2000 Professional and Windows XP Professional do NOT have a "built-in" TSCAL licenses. (They can however get free licenses when used with Windows 2000 Terminal Servers.)
Citrix’s NFuse / Web Interface (WI) is basically a web-enabled Program Neighborhood (PN) that delivers custom ICA files on demand.
ICA connections via Citrix Secure Gateway (ICA in SSL) are completely different from HTTPS connections, even though both work over port 443 and use SSL encryption.
There is a different MetaFrame FR-3 version for Windows 2000 and Windows 2003. Also, MetaFrame XP FR-3 is the first version that supports Windows 2003.
With Windows 2003 acting as a Terminal Server, you need a Terminal Server licensing server running on a Windows 2003 server.
There is NO Web Interface Extension (WIE) for Web Interface 3.0! You have to use MSAM.
You need application licenses (Office, etc.) for EVERY user that could possibly start the application on the server.
As a default, Windows 2003 allows only ONE session per user.
When using NAT to access a MetaFrame server you have to run ALTADDR on the server to configure Citrix to use the external IP.
Speaking of NAT, EVERY server requires it’s own public IP address if using NAT.
Port 1604 UDP (Broadcasts) is NOT required anymore. It was replaced a long time with the Citrix XML service on TCP port 80.
TCP port 2598 is the NEW port for session reliability with MPS3. It should be disabled at the server and Web Interface if not used.
Citrix Secure Gateway 1.1/2.0 does NOT support port 2598 for session reliability.
An application MUST reside on the same server as the application that calls it unless you are using PNA and content redirection.
Citrix Secure Gateway 2.0 does officially NOT support the “relay mode.” Therefore you cannot use PN or an ICA file to connect through CSG.
When using Citrix Web Interface, Hotkeys are enabled and disabled by editing the template.ica on the WI server.
Microsoft hotfixes are FREE of charge during the mainstream support. (You just have to call the technical support number to get them.) Also, you should NOT download Microsoft hotfixes from any third-party website, because these sites do not use the same version control as Microsoft and you have no idea whether you’re getting the most recent Hotfix or not.
Number 10 is not correct Written by Guest on 2006-03-11 20:53:01As the Office suite from Microsoft is licensed per device that can access the application and not per user, it is not correct to state the you would need as many licenses as there are users using the applications. 1 device (desktop computer) being used by 4 users only need 1 MS Office license, where as 1 user using 4 devices (desktop computers, not secondary portable) actually needs 4 MS Office licenses .
Regards Steen Pedersen
Nr. 10 Written by Thomas Koetzing on 2006-03-29 07:43:26I think it's about how you read Jeffs Nr. 10 but at the end you need a license for every user that opens a Application on the server.
Steen is right but still say's what Jeff has written, when the user is on the Server he needs a license and EVERY user on the Server needs one if it's a per device or per user license. See also that Steen wrote 1 device = desktop computer NOT Server
The main idea is to keep in mind that if you have for example 5 Terminalserver, then you need much more than 5 Application license and you have to check the license agreement with every vendor application.
Sales Written by Guest on 2006-05-08 20:45:42Seems like most of these questions should be answered by calling sales not tech support.
Sales Questions Written by Thomas Koetzing on 2006-05-08 21:18:18Sales question, right but read what people have ask when we first published the article... Article @ BrianMadden
Written by Guest on 2006-09-11 22:07:34"If you elect to deploy Office 2003 as a client on a Windows Terminal Services–enabled computer, you will need to acquire one license for each client computer that makes use of the Microsoft Office System." http://office.microsoft.com/en-gb/assistance/HA011403011033.aspx
Or if you just use Outlook, you can use OWA or the client provided on the Exchange CD. "Each Exchange 2003 CAL also includes Microsoft Office Outlook® 2003 and permits access from Microsoft Office Outlook Web Access, Outlook Mobile Access, Exchange Server ActiveSync®, or any standard Internet-messaging client": http://www.microsoft.com/resources/sam/lic_cal_exchange_server.mspx
Ergänzung zu Punkt 3. Written by Gast on 2006-12-04 15:45:50Hallo
Unter Punkt 3. müsste es doch eigentlich, wenn man es ganz genau nimmt, heißen: Mit Windows 2000 und höher "die im Awendungsserver Modus betrieben werden", MUSS ein "Terminal Server licensing Server" (TLS) installiert werden, ohne Aussnahme. (Warnung: Nicht während der Testperiode (180Tage) notwendig, danach aber zwingend!)
Mit freundlichem Gruß, asociera
Ergänzung zu Punkt 17 Written by Gast on 2007-06-12 16:01:22Das geht nachweislich nicht nur mit dem PN Agent, sondern auch mit dem Program Neighborhood, wenn dieser auf dem Server installiet ist.