Jump to content
Welcome to our new Citrix community!

Netscaler, Sharefile issue turning off TLS1 for OWA


NICKY CRANCHER

Recommended Posts

I'm reaching out to wonderful people to see if anyone has encountered the same issue I'm facing or may have some suggestions. 

 

Background:  We are using our Netscalers to host our on-premise Storage Zone Controllers for Sharefile and included in this is an office online server aka office webapps. 

The Initial configuration of Sharefile uses TLS1, TLS1.1 and TLS1.2  as set on the content switching virtual server. 

 

The Issue: Turning off TLS1 on the Sharefile content switching virtual server breaks office webapp previews in Sharefile.

 

Troubleshooting:  I have tried settings the OWA load-balanced virtual server to the same settings as the content switching VS.  I have also changed the TLS setting on the windows server hosting OWA so everything was using TLS1.2.  I have also tried different Cipher sets on these VIPs. The Certificate we use is a wildcard issued by Digicert with SHA256-RSA & 2048 Key Length and I've run tools to ensure the chain is complete. Disabling TLS 1, 1.1 doesn't affect Sharefile files  

 

Netscaler Version: 11.1.49.16  / 200 VPX Platinum 

OWA: Hosted on Windows 2016  Server with Office Online Server 16.

 

Our Goal:  We are looking to use TLS 1.2 only with a Strong Cipher set such as ECDHE . 

 

Thank you all.

Link to comment
Share on other sites

I can confirm this problem as I ran into the same problem. 

 

TLS 1.2 is not currently supported because Office Online Server (and Office Web Apps) uses .NET Framework 4.x to establish network connections. By default, .NET Framework 4.x doesn’t support TLS 1.2.

 

You have to enable TLS 1.2 for .NET, see https://docs.microsoft.com/en-us/sharepoint/support/lists-and-libraries/documents-not-displayed-in-web-browser-when-using-tls-1.2 and https://docs.microsoft.com/en-us/officeonlineserver/enable-tls-1-1-and-tls-1-2-support-in-office-online-server

 

After this you can disable TLS 1.0 and 1.1 again on your CS vServer.

 

Best Regards

Julian

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...