yep, just the security server...
when I connect to the connection server from internal LAN (and the connection server URLs are set to the connection servers URL and IP numbers) clients on the local LAN connect fine.
Unfortunately, I don't have access to our firewall.. but I had someone who does working with me all day yesterday and we didn't get any joy. He has opened up 4172 TCP and UDP in both directions on the internal and perimeter firewalls. I have wireshark running on the security server in the DMZ and I can see traffic flowing to and from external IP address, the client trying to connect, and to and from the connection server on the internal, have scanned the ports from there with NMAP as well and they say open though one says open/filtered not sure what the filtered means.
Just to make sure I have this right - when you edit the security and connection servers, the external URL and PCoIP extneral URL should always point to the public IP address on both the connnection server and the security server? When I do this, our internal clients can no longer connect, but that's because they are trying to connect to the external IP address which doesn't work from the internal network due to our IT outsourcing company saying that "it is too complex" :-( but anyway, i can fix that with our internal DNS so not really a big deal.
So if that's all correct... then I am still stuck with a black screen...
While watching with wireshark, I did notice some "black" packets, something about being out of sequence or something which may be a clue... I've just got started this morning and wireshare crashed overnight so I have to recreate that again and will post the sniffer info to see if it makes any sense to anyone later... once I get to the UDP 4172 tunnel setup, I am guessing it is unlikely to be any other ports that could be causing the problems? I guess I will scan all of those in due course today as well... if ONLY I had access to the firewall.. . may have to set this up on a small network with my own firewall first and see if I can make it work - but that's a lot of work just to prove that the firewall guy has done something wrong. Also yesterday, he was saying it looks like an ISP problem.. ISP wouldn't block port 4172 on a corporate network would they? Or from the ADSL connection my client is connecting from? I will be running wireshark on that as well today to make sure I guess.
Thanks for help - any more suggestions to short circuit this always appreciated.
Bill