Jump to content
Welcome to our new Citrix community!

Citrix ADC SSPR - Renegotiation of certificate failed

Recommended Posts

Hi All,


I am trying to configure SSPR in ADC. After I try to login to netscaler gateway url, it verifies whether or not I am registered for KBA registration. It shows the questions if not registered and saves the data in one of the AD attributes. 


To test forgot password option, I click "forgot password" link on the NS gwy page. It prompts for username. When I enter my username, it prompts answers for my security questions and then it sends a OTP to my email. After I enter the OTP code from email, and click "Click to Log on" it says "Renegotiation of certificate failed" and sometimes, "Try again or contact your help desk" and sometimes, "Password change failed. Make sure you supply correct existing password and try again" Again, not sure why it is throwing different errors at different attempts. Testing it out with 2 user ids only.



Link to comment
Share on other sites

I've figured it out. I had to change:

  1. I selected wrong protocol for my LDAP servers. Earlier when I was working without SSPR, I had my LDAP servers on Plain text with 389 port. I only changed the port number to 636, but forgot to change the protocol to SSL.
  2. In LDAP server, I used a user account which was not part of domain admin group. I am not sure if this is a prerequisite while using SSPR, but I thought the user account we use in LDAP server will be used to change the password and it should have permissions to change the password. So, I've added it to domain admin group. 

After making these two changes, SSPR worked as expected.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...