Jump to content
Welcome to our new Citrix community!

Protocol Driver Error (yes another one)


Recommended Posts

When launching a publiushed app through Citrix Gateway I am getting the infamous Protocol Driver Error, which usually is related to STA or connection error on port 2598/1494 from GW SNIP to XA-server.

 

I cannot Identify any of this in this specific case.

 

I took a nstrace and looked at in Wireshark and I can see that the STA ticket is verified. Nothing is blocked in firewall but no ICA-traffic is attempted from Citrix Gateway to XA at all (which would point to STA-problem anyway?).

 

I have a ADC Trial License,.   I believe there is no need for the Access Gatway Platform license anymore (ADC is latest build of 12.1)? 

It is showing unlimited VPN and unlimited ICA Connections.

 

Link to comment
Share on other sites

okay, so lets try a different way.

 

Are you able to spot the VDA's IP returned in the response of POST /scripts/ctxsta.dll?

 

If not, then see below:

 

NOTE: There would be multiple POST, most of them would be monitoring probes. You should be looking for the one that DOES NOT say "Thisistheextendeddata" when the xml body is expanded in Wireshark.

 

You can try using the filter "http contains RequestData" and then if you see POST request, follow the HTTP stream and check then spot the ICA Address in the body of 200 OK.

 

Once you find the IP address then filter ip.addr==x.x.x.x and see if you have any packets, if not then check if NS knows how to route a packet to that IP subnet.

Link to comment
Share on other sites

Are you able to spot

Quote

Are you able to spot the VDA's IP returned in the response of POST /scripts/ctxsta.dll?"

 

Do you mean the VDA´s IP or the STA´s IP?

 

On the working setup:

Yes I can see that the NS SNIP request the STA Ticket from STA. At next line the STA sends the Ticket to NS SNIP (you can see the ticket ID and TTL (100 sec). Right after that the ICA session starts from NS SNIP to VDA.

 

On the non working:

I can see that the NS SNIP request the STA Ticket from STA. At next line the STA sends the Ticket to NS SNIP (you can see the ticket ID and TTL (100 sec).

At this time I get the "Protocol Driver Error" and there is no communication at all with the VDA.

 

For testing I created 2 services with tcp-monitors on netscaler to probe 1494 and 2598 on VDA. This works as expected.

Nothing gets blocked by the firewall, NS just dont initiates any communication (ICA) with the VDA.

 

Link to comment
Share on other sites

On ‎2019‎-‎04‎-‎05 at 3:20 PM, Raman Kaushik said:

okay, so lets try a different way.

 

Are you able to spot the VDA's IP returned in the response of POST /scripts/ctxsta.dll?

 

If not, then see below:

 

NOTE: There would be multiple POST, most of them would be monitoring probes. You should be looking for the one that DOES NOT say "Thisistheextendeddata" when the xml body is expanded in Wireshark.

 

You can try using the filter "http contains RequestData" and then if you see POST request, follow the HTTP stream and check then spot the ICA Address in the body of 200 OK.

 

Once you find the IP address then filter ip.addr==x.x.x.x and see if you have any packets, if not then check if NS knows how to route a packet to that IP subnet.

 

Hello Raman,

In the trace there is only one single POST from NS SNIP to STA and it contains Thisisextendeddata.

There is no IP of the VDA:

 

POST /Scripts/CtxSTA.dll HTTP/1.1
Host: 10.x.x.x
Content-Type: text/xml
Content-Length: 324

<?xml version="1.0"?><!DOCTYPE CtxSTAProtocol SYSTEM "CtxSTA.dtd"><CtxSTAProtocol version="4.0">  <RequestTicket>    <AllowedAuthorityIDType>STA-v1</AllowedAuthorityIDType>    <AllowedTicketType>STA-v1</AllowedTicketType>    <Data>CSGTestData</Data>    <XData>Thisistheextendeddata</XData>  </RequestTicket></CtxSTAProtocol>HTTP/1.1 200 OK
Content-Length: 421
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 08 Apr 2019 12:04:01 GMT

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE CtxSTAProtocol SYSTEM "CtxSta.dtd">
<CtxSTAProtocol version="4.0">
    <ResponseTicket>
        <AuthorityID authorityType="STA-v1">STA827404866</AuthorityID>
        <Ticket ticketType="STA-v1">A95D8B2844DA7FEAAD03A9EA3793C0</Ticket>
        <TicketVersion>10</TicketVersion>
        <TicketLifetime>100</TicketLifetime>
    </ResponseTicket>
</CtxSTAProtocol>
POST /Scripts/CtxSTA.dll HTTP/1.1
Host: 10.x.x.x
Content-Type: text/xml
Content-Length: 324

<?xml version="1.0"?><!DOCTYPE CtxSTAProtocol SYSTEM "CtxSTA.dtd"><CtxSTAProtocol version="4.0">  <RequestTicket>    <AllowedAuthorityIDType>STA-v1</AllowedAuthorityIDType>    <AllowedTicketType>STA-v1</AllowedTicketType>    <Data>CSGTestData</Data>    <XData>Thisistheextendeddata</XData>  </RequestTicket></CtxSTAProtocol>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...