Jump to content
Welcome to our new Citrix community!

CTX134123 error when connecting through https via Netscaler


Anthony Harvey

Recommended Posts

Hi

 

I have been asked to set up a netscaler initially for testing and generally things seem to be going well except when connecting to the gateway and just using html5 I get the CTX134123 error.  I thought this only happened if connecting to the storefront directly and ssl wasn't set up on the VDA's, hence my confusion.

 

I appreciate this may be lacking in detail so I will answer all queries best I can in full.

 

I am using a single vpx express 11.0 which connects to a 7.12 xenapp farm via the NetScaler gateway config.

No SSL config has been done the farm side.

https url configured to access the netscaler landing page to get to the storefront.

 

So to get a successful connection via html5 - do I have to configure the VDA's with ssl still? Or have I missed something else?

Link to comment
Share on other sites

Hi

 

Yes I did (have done an awful lot of Googling....) and the first 'solution' stated is:

Connect via Netscaler Gateway even for internal connections. This would ensure connections work fine regardless of XA or XD versions.

 

Not for me!

 

I'm connecting through a netscaler which is where I'm stuck - all solutions seems to be regarding root certs etc which are absolutely all installed on my workstation via GPO.

 

I'm currently thinking of enabling https transport on the Delivery Controllers as configured in storefront. This is a plan for Monday as will have time to create and install the certs and test.

 

Have since discovered the issue happens through the netscaler and going directly to the storefront URL - all via html5 or the lite client option..

 

Also bizarrely I can't launch applications through the netscaler when 'Authentication and HDX routing' is selected in the storefront config.  I get an SSL error 61. I'm wondering if this is related.  Can launch apps fine when 'Authentication only' is selected as no STA's need to be configured. But this defeats the object of hiding the ip in the file sent to the client.

Link to comment
Share on other sites

Hi

 

Plot thickens.  I can connect and open apps no problem with HTML5 lite client. I can connect and open apps with Receiver 13.1.  I cannot open apps with the latest Receiver 4.3 or 4.6 - I get the SSL 61 error.

 

Any ideas anyone?  The usual solution is to update a client not go to a previous version!

Link to comment
Share on other sites

Hi Anthony,

 

SSL 61 Error-This error message suggests that the client device does not have the required root certificate/intermediate certificate to establish trust with the certificate authority who issued the NetScaler Gateway server certificate.

 

Please refer to the article below for the solution,

 

https://support.citrix.com/article/CTX101990

Link to comment
Share on other sites

Hi Aparna

 

I have looked at this page already, even disabled te AV.

 

Root and intermediate are installed on the Netscaler and linked fine - Web browser shows this with a secure connection.

 

Wiresharking the failed connection shows the receiver connecting with TLSv1.2 which  gets a reset whereas the older receiver which works seems to use TLSV1.0.  Still at a loss.......

Link to comment
Share on other sites

Hi

 

Plot thickens.  I can connect and open apps no problem with HTML5 lite client. I can connect and open apps with Receiver 13.1.  I cannot open apps with the latest Receiver 4.3 or 4.6 - I get the SSL 61 error.

 

Any ideas anyone?  The usual solution is to update a client not go to a previous version!

 

When you mentioned as you were able to connect above - Have you managed to connect via NetScaler Gateway with HTML5 receiver or is that via storefront direct web access when using HTML5 receiver as client instead of native windows receiver?

 

Thanks

Kishore

Link to comment
Share on other sites

Hi

 

Plot thickens.  I can connect and open apps no problem with HTML5 lite client. I can connect and open apps with Receiver 13.1.  I cannot open apps with the latest Receiver 4.3 or 4.6 - I get the SSL 61 error.

 

Any ideas anyone?  The usual solution is to update a client not go to a previous version!

 

Receiver 4.6 needs a reg hack to make it work with with no ssl on the SF:

 

You'll find two Registry-Keys in HKLM\SOFTWARE\Citrix\Dazzle

 
"AllowAddStore" and "AllowSavePwd"
 
They accept the following three single characters:
 
a Stands for Always
s Stands for Secure Only
n Stands for Never
 
So if you set the value for AllowAddStore to "a" I was able to add stores without https.

 

html5 lite works no matter what; iOS app works; it's just that pesky receiver 4.6 that needs the hack 

Link to comment
Share on other sites

  • 2 years later...

very simple . either use google chrome and make sure you ALLOW the client FULL access ,never ask again. If this is happening in Internet explorer... turn OFF active x filtering. it will show as a small circle with a slash through it up top right next to the address on the right side of it.

CTX134123_fix.jpg

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...