I have a fully functioning (but admittedly aged) XenApp deployment that's been servicing thousands of people daily for a long time. Suddenly, one particular remote network seems to have lost the ability to connect. Upon entering the server address, Workspace immediately returns "Your account cannot be added using this server address." The credentials prompt never appears (obviously).
Running a packet trace on the communication, what I see is:
TLS v1 Hello
Server Hello
Client immediately sends FIN
The client never sends a session key as one would expect.
Other useful things:
1. The Citrix gateway server uses the same wildcard certificate as a website on the same server. The remote network has no problem accessing that site
2. Every SSL tool on the internet reports a complete/correct certificate & chain
3. The remote network *used* to work - it broke suddenly
4. There are still 2000 other sessions on this farm
5. Upgrading from Receiver 4.12 to Workspace 1909 changed nothing
I do not control the remote network, so it's a black box for me. I am looking for an explanation as to why this suddenly broke for them, but I can't readily explain a reason for a sudden SSL handshake abort like I'm seeing. Anyone have any ideas?
Edit: I've attached a snip of a packet trace that may help illustrate
Question
ABICO Licensing
I have a fully functioning (but admittedly aged) XenApp deployment that's been servicing thousands of people daily for a long time. Suddenly, one particular remote network seems to have lost the ability to connect. Upon entering the server address, Workspace immediately returns "Your account cannot be added using this server address." The credentials prompt never appears (obviously).
Running a packet trace on the communication, what I see is:
TLS v1 Hello
Server Hello
Client immediately sends FIN
The client never sends a session key as one would expect.
Other useful things:
1. The Citrix gateway server uses the same wildcard certificate as a website on the same server. The remote network has no problem accessing that site
2. Every SSL tool on the internet reports a complete/correct certificate & chain
3. The remote network *used* to work - it broke suddenly
4. There are still 2000 other sessions on this farm
5. Upgrading from Receiver 4.12 to Workspace 1909 changed nothing
I do not control the remote network, so it's a black box for me. I am looking for an explanation as to why this suddenly broke for them, but I can't readily explain a reason for a sudden SSL handshake abort like I'm seeing. Anyone have any ideas?
Edit: I've attached a snip of a packet trace that may help illustrate
Link to comment
0 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now