Desktop VDA only listens on port 1494/2598 when the connection comes in

Was troubleshooting a Citrix issue (“Failed with status 1110”) and one of the possibilities was that something is blocking the VDA ports 1494/2598 (two other possibilities seem to be mismatched STAs or issues with the root CA certs – neither seems to be the problem in my case as only one user seems to affected) .

My first response was to fire up telnet and try connecting 1494/ 2598. That gave me mixed results until I realized that the VDA only starts listening on these ports when the user is going to connect to it. From CTX213761:

Windows 7 – Desktop OS will listen on Port 1494 only when request comes in from StoreFront or WebInterface.
netstat -ano on Windows 7 will not show 1494 | 2598 listening up until the time of ICA launch.
netstat -ano  on Windows 2012R2 – Server OS will be listening on Port 1494 | 2598 regardless.

 Worth keeping in mind. Two takeaways for me:

  1. This doesn’t affect Server OS (so XenApp is unaffected)
  2. So if VDA isn’t listening on port 1494/ 2598 that means it hasn’t received a request from StoreFront/ WebInterface – so there could be communication trouble between STF/ WI and VDA. 

For future reference:

Going through an earlier post of mine about the flow during a Citrix session (and also CTX128909 – good one by the way, it has a diagram too) I don’t see any step where the StoreFront/ WebInterface talks to the VDA. All the StoreFront communication is with the Delivery Controller or Receiver, so am guessing the VDA starts listening on ports 1494/2598 when the Delivery Controller selects a machine from its Delivery Group and informs the StoreFront/ WebInterface (so it can put this in the ICA file). At this point either the StoreFront or the Delivery Controller talks to the VDA – not sure which one. The troubleshooting flowchart in CTX136668 mentions that one must check whether the VDA and Controller are both listening on port 80 (as that’s the ports they use for talking to each other) so my bet is on the Delivery Controller. When the Delivery Controllers informs the VDA (via port 80) that it is selected, the VDA starts listening for Receiver connections on port 1494/ 2598.

Before I conclude – port 2598 is used for Session Reliability. If Session Reliability is enabled only port 2598 is used; else only port 1494 is used. It’s either, not both!