If you see in browser “Proxy did not respond” or “Connection refused” in Terminal server on the Citrix server or in a Citrix session.
If you have Palo Alto Terminal Server Agent installed on your Citrix server, you can see in Windows Event log on the entry 4227
“Event ID 4227 — TCP/IP Network Connectivity
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint…”
You need to increase the “Port Allocation Start Size Per User” (which is 200 by default) to 400 as minimal
Thanks for Thomas Delbos from the Yvelin company to have found this issue
Palo Alto Networks suggests using the following settings for port allocation on the Terminal Server Agent:
If the Port Allocation Start Size per User is set to 400 and the Port Allocation Maximum Size per User is set to 4000, each time a user takes up 400 ports the TS-Agent will allocate another 400 ports until the max of 4000 is reached, at which point the allocation will fail.
If a user application connects and closes a connection to the same destination port multiple times in a very short time, the source ports can be used to connect to another destination port.
If the “TCPTImedWaitDelay” on the Windows server hasn’t expired from the previous connection, the same destination port cannot be used.
The TCPTimedWaitDelay can be decreased to a smaller value (valid range is 30-300 seconds, default is 240) to free up the destination port.
It is also possible to decrease the Port Allocation Start Size Per User and the Port Allocation Maximum Size per User if there is a need to free up ports to allow more user connections.
The Source Port Allocation Range can be configured from 1 – 65535, but it is also required to reserve the server source ports (Reserved Source Ports) to ensure they aren’t allocated to users.
You can verify the user-to-port-range mapping by viewing the TS-Agent Monitor to determine current users and port allocations.
Refresh the count by clicking the Refresh Ports Counts.
