Jump to content
Welcome to our new Citrix community!

XenApp 7.15 LTSR - NetScaler 12.0-60.10 - WorkSpace 1812: Launching App: SSL Error 4 Operation completed successfully


Tjakko Smit

Recommended Posts

I'm having problems launching published applications. When I click the icon of an published application I see the 'launching application' screen. The green progress bar stops pretty early and after 10 seconds (give or take) I get the message 'SSL Error 4. The Operation Completed Successfully".

 

My setup is: (All components are 7.15 LTSR CU3)

-NetScaler ADC 12.0 build 60.10 (latest build, Feb. 2019; I updated because of this issue)

-Citrix XenApp and VDA 7.15 LTSR CU3 (latest)

-StoreFront 3.12.3000 (LTSR CU3 base component)

-Studio 7.15.3000 (LTSR CU3 base component)

 

This issue seems to be in the NetScaler region. I tried all kind of different settings and configurations at the StoreFront/DeliveryController (backend) side and this has no effect whatsoever. 

-StoreFront with SSL or without SSL, the same error shows

-The public VIP of the NetScaler (the access webpage where clients logon) has a valid GeoTrust SSL certificate. I also checked and made sure the bindings of the CA en Root certificates are valid. The test on ssllabs.com is also successfull.

-Linked STA server is UP

-License files are valid and installed on NetScaler and Citrix Studio

-Same error shows when testing with a public VIP with a self-signed certificate

-I tried different SSL ciphers in the SSL profiles for front- and backend. (Now I returned the ciphers back to 'default').

-TLS1.2 is enabled on the public VIP. TLS1.0/TLS1.1 and SSLv3 are disabled.

 

I tried to fix this issue myself by reading many posts on Google, here on the Citrix Forums and Carl Stalhood's website. I'm stuck for 2 days now with this problem. This is why I create a new topic. 

Can anybody help? 

Link to comment
Share on other sites

Thank you Carl for your response.

 

It has never worked before. This is a new upgraded environment. 

The NetScaler is an NetScaler VPX on Amazon AWS cloud. The VDA is a Windows Server 2016 machine.

 

I added the Service you suggested and found it will not come up...

To be sure I allowed all traffic into the VDA server and I disabled the firewall. Still the service will not come up...

 

This setup is using the network layer/structure of AWS. In my situation this means I have 3 subnets for VDA machines.

The SNIP interface of the Netscaler is configured at 192.168.1.12 and the VDA I'm trying to reach is at 192.168.3.60.

The subnet's 192.168.1.x, 192.168.2.x and 192.168.3.x can talk to each other as they are 'one subnet'.

I think it's also useful to know that I have a LB vServer running for LDAP traffic. Both (2) servers in this ServiceGroup are in a different subnets. This vServer is UP.

 

Do you have any idea what is wrong. Is it something with the routing(table)?

Link to comment
Share on other sites

The subnetmask of the SNIP is 255.255.255.0. 

I realize that, when configured like that, the SNIP can only serve the subnet 192.168.1.X.

But nevertheless the traffic for subnet's 192.168.2.X and 192.168.3.X seems to reach the servers.

As I told there is one LB vServer UP and running which is monitoring 2 servers in a different subnet. And when I ping different servers in different subnet's from the Netscaler CLI, I get responses.

 

And to answer your question about the subnet's static route:

Yes there is a static route which routes all 192.168.0.0/16 traffic locally. This is how the subnet's can communicate with each other.

Link to comment
Share on other sites

Thank you for your answer Carl.

 

I tried to Telnet to the VDA server. Port 1494 answers with 'ICA' in the terminal and port 2598 opens and then closes. 

When I check netstat I can not see 1494 or 2598 in the list.

When I start my telnet session for both ports I can see them both in the netstat list.

 

I checked the farm with (Get-BrokerSite). It returns some properties but I cannot see any property that has to do something with DNS or IP addresses. Which property do you need to know?

 

Link to comment
Share on other sites

Update: I got it working now!

 

Your answer about 'RDSH VDA 'got me thinking and I decided to check some more settings.

I found that the VDA was a Windows 2016 Server box and the license server I have is a 2012 R2 server. Also I found that the license for the Windows 2016 server was over it's trial days.

This combination got me thinking, maybe that's why applications will not launch (even though when the error is something with 'SSL error 4').

 

I launched a new Windows 2012 R2 server and I installed the VDA software. I removed all servers from the Delivery Group and tried to launch the published application (Windows Calculator). Now the application was starting without the SSL error 4 BUT still an error occured. This time a more general 'Failed to start.......Unable to process your request'-error.

After I deleted all Applications from the store and added them again the published applications started succesfully!

 

Hopefully this case is useful for others who encounter this SSL error 4 and can't find out why. It seems that Citrix is throwing this error on different occasions...


Now I will revert back all the changes I made for testing on the Netscaler and farm.

 

Thanks for your help Carl!

Link to comment
Share on other sites

Update: I can reproduce the same error. 

I decided to check if it works when I deploy a new server in subnet 192.168.3.X (my working example is in subnet 192.168.1.X).

 

I created the same new server in subnet 192.168.3.X and I receive the 'SSL error 4' again.

I added the new server succesfully to the Delivery Group in Citrix Studio and the server shows up as 'Registered'.

I can ping the IP of the server from the Netscaler CLI by IP and hostname.

 

The problem seems to be with routing. Can you help me with that?

Link to comment
Share on other sites

After another evening of troubleshooting still no luck.

 

I now have 2 servers. One in subnet 192.168.1.X and another one in subnet 192.168.3.X.

All communication from/to the VDA/Delivery Controller and Netscaler is open and succesfull.

I tried to force the connections to both servers to test by using Maintenance Mode in Citrix Studio.

When I put the server in subnet 192.168.3.X in maintenance mode ON, I can succesfully launch an published application from the server in subnet 192.168.1.X

When I put the server in subnet 192.168.1.X in maintenance mode ON (and the other server maintenance mode OFF), I can't launch the published applications.

 

The Citrix Receiver hangs in the beginning with the message 'Connection in progress...'. After 30 seconds or so it will show the message 'Unable to connect......SSL Error 4. The operation completed succesfully'.

 

I really don't have any clue what could be wrong..

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...