Jump to content
Welcome to our new Citrix community!

End to end encryption with Netscaler, Session not starting


Recommended Posts

Hi Guys,

 

in the LAB, i want to test end to end encryption with Netscaler. Connection to the VDA over Netscaler Secure Gateway works fine before applying any changes.

 

I followed this guide: https://support.citrix.com/article/CTX220062 and enabled SSL on the VDA with:

 

.\Enable-VdaSSL.ps1 -enable -SSLPort 443 -SSLMinVersion "TLS_1.2" -SSLCipherSuite "COM" -CertificateThumbPrint XXXXXXXXXXX

 

The connection to the VDA works via Storefront as expected.

 

But not over the Netscaler, i got the following error message:

image.thumb.png.abe6bcb88db20e674a426c17a0b38d96.png
 

The CA Certificate is present in the CA Certificate section in the Netscaler.

 

The ns.log shows the following message:


 

Jun 24 20:46:15 <local0.info> 172.44.46.101 06/24/2019:18:46:15 GMT netscaler-adc 0-PPE-0 : default SSLVPN ICASTART 10409 0 :  Source 172.44.45.200:61078 - Destination 172.44.46.2:443 - SSLRelayAddress 172.44.46.2:2598 - customername  - username:domainname tklein:dom.local - applicationName XA1 $S1-2 - startTime "06/24/2019:18:46:15 GMT" - connectionId 4c9d01

172.44.46.2 is the IP of the VDA, but i'm confused because of the SSLRelayAdress Port 2598 - as far as i know, is 2598 not used any more in this constellation.
 

In the VDA's Event Log i could also find the following events:

image.thumb.png.f5e1a9f7ab005563c8006718a72700d3.png


image.thumb.png.a6fb86d3013f75a6e649301412165aec.png

 

What might be the problem in this case?

 

Many thanks & best regards

Thomas

Link to comment
Share on other sites

  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...