Secure Gateway
Secure Gateway 3_3,Secure Gateway 3_2
How to Change the Secure Ticketing Authority Port Number.


This article describes how to change the Secure Ticketing Authority (STA) port number from 80 to any other port available.


Occasionally, for security reasons, the administrator has to close port 80 on the firewall between the first demilitarized zone (DMZ) and the LAN where the STA is situated. The STA port then must be changed to cross the firewall.

STA uses the same port as the XML Service.


To update the STA port, you must complete the following procedure:

  1. Modifying XML Service

  2. Modifying the Secure Gateway Server

  3. Modifying the Web Interface Server

Modifying XML Service

To modify the XML server, complete the following procedure:

  1. Open the command prompt.

  2. Run the following command to unregister the xml service:
    ctxxmlss /u

  3. Run the following command to register the xml service to the new port:
    ctxxmlss /rXXXX
    : xxxx represents the new port number.

  4. Open the services console.

  5. Locate the citrix xml service.

  6. Highlight and right-click on the xml service.

  7. Select Start.

Modifying the Secure Gateway Server

To modify the Secure Gateway Server, complete the following procedure:

  1. Open the Secure Gateway Configuration Wizard.

  2. Go to the Details of the server running the Secure Ticket Authority (STA) section.

  3. Highlight the STA server in the list and select Modify.

  4. In the Protocol settings, clear the Use default and specify your designated port in the TCP port check box.

  5. Click OK.

Modifying the Web Interface Server

To modify the Web Interface Server, complete the following procedure:

  1. Open Web Interface Management.

  2. Highlight the required site name that must be modified.

  3. In Xepp-Edit Settings, click Server Farms.

  4. Highlight the farm and select Edit.

  5. In the XML Service Port field, enter the new port number.

  6. Click OK.

Additional Resources

If the STA server is also used as a Web server for different Web sites, then you must indicate the new port number in each user HTTP addresses because Internet Explorer or the Web browser assumes that the HTTP port is 80.

To avoid this issue, complete the following procedure to create a new Web site for the STA component:

Note: For this section, it is assumed that the STA server is published on port 80.
  1. Open the IIS snap-in.

  2. Right-click the server name and choose New Web Site.

  3. Provide a name to the Web site, for??example,??STA and click Next.

  4. Change the port for the Web site as 6556 and click Next.

  5. Browse to locate the c:\inetpub\wwwroot folder and click Next.

  6. The Permission??is selected by default. Click Next.

  7. Click Finish.

  8. Right-click the STA Web site you created and choose new virtual directory.

  9. Type scripts as the alias name and click Next.

  10. Browse to locate the c:\inetpub\scripts folder and click Next.

  11. Clear all the check boxes to remove the permissions. Click Next.

  12. Click Finish.

  13. Right-click the Scripts folder and select Properties.

  14. From the Virtual Directory tab, select Scripts and executables from the list of options for Execute permissions.

  15. Click Apply and click OK.

  16. Restart IIS.


The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.


Join the conversation

Citrix Discussions

Open a case

Citrix Support