Jump to content
  • 0

SSL VDA connection issue to Remote PC


dpalchu521

Question

Posted

Testing Remote PC and trying to setup HDX over SSL (encrypted VDA). Followed the steps to install cert and run script to enable SSL but unable to connect. 

 

The errors are:

 

 TdIca 1014   "The Citrix ICA Transport Driver received SSL initialization error 0x80090331." as well as

 

Schannel 36874                 "An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed."

 

I tried setting cipher GPO as recommended here https://support.citrix.com/article/CTX232685 but that did not work. Unencrypted connections work fine.

 

The target I am testing is Win 10 1809. The netscaler is 11.1 56.19.

 

This happens in two environments I tested -  7.15 LTSR and 1903.

 

Any help will be appreciated.

 

Thanks!

7 answers to this question

Recommended Posts

Posted

Frontend is what you configure on the Virtual Server. Backend is based on the default_backend cipher group, which you can't modify. But if you enable the Default SSL Profile, then you can modify the default backend SSL profile. Modifying the Virtual Server has no impact on the backend.

Posted

The NS is VPX running on SDX. I tried it with default cipher group and preconfigured one (per some security page a while back). Does not seem to make a difference.

Is there a set of ciphers you recommend setting?

Posted

The issue is probably backend, not frontend. You can't really configure the default backend until you enable Default SSL Profile.

 

Go to Traffic Mgmt > SSL > Cipher Groups. Find the default_backend cipher group and see what ciphers are there. You probably won't see TLS 1.2 ciphers.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...