Jump to content
Welcome to our new Citrix community!

Citrix Gateway unavailable after Chrome and Edge updates


Recommended Posts

Hello all,

We are experiencing a bit strange issue after Friday's (23. July 2021) update versions of Chrome and Edge browsers to versions:

- Google Chrome: Version 92.0.4515.107 (Official Build) (64-bit)

- MS Edge: Version 92.0.902.55 (Official build) (64-bit)

We are not able to load Citrix Gateway portal in those browsers anymore after the upgrade. We're getting error "ERR_CONNECTION_CLOSED" on browsers. The issue happened immediately after those browsers update. We can open portal without any issue via Firefox and either via installed WorkspaceApp.

 

Citrix Gateway is hosted on ADC MPX 5550. That issue happened on ADC firmware version 12.1 build 57.xx and retains even after upgrade to version 12.1 build 62.25.

 

I would like to ask if anybody faced such issue? If so, have you found any workaround / root cause of that?

That does NOT look to me as the only ADC issue. Perhaps it is some kind of combination of new security rules applied for Chromium (??) and ADC setting(s), because I don't see the same issue on another Citrix Gateway portals on different ADC's running the same firmware version. I'm neither able to replicate it in my lab.

... checking it with Citrix in the meantime and either settings by myself, but nothing found at the moment.

 

Thanks for any idea.

Link to comment
Share on other sites

18 hours ago, Julian Jakob said:

Are you able to share your expressions for your session policies which are bound to your gateway? This could be the reason.

 

Regards

Julian

Thanks Julian for response: very simple expressions for session policies (2 policies):

1. REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver

2. ns_true

 

But I've never get logon portal. Getting immediately error that the page can't be loaded. Detail: Connection closed.

 

 

Link to comment
Share on other sites

17 hours ago, Carl Stalhood1709151912 said:

Do you see the logon page? If not, then it might be a cipher problem on your Gateway. Are ECC curves bound to the Gateway?

Thanks Carl,

Yes, That was my thought too, but I tested it "somehow" with default ciphers and the same issue I get. "Somehow" means that I'm not sure if the test was relevant as that is production environment and I can't test it directly on Citrix Gateway. So need to test again to be really sure.

Yes, we are using ECC bound to Gateway, I tested also without ECC - the same result.

I also thought if it is not a hardware error, but ns_hw_err.bash script did not show any HW related error, except some CRC error, which I saw even before the issue.

image.png

Link to comment
Share on other sites

  • 2 weeks later...

Just an update regarding that:

- after deep investigation we found out that ADC (MPX 5550) does not processes SSL handshake while key exchange of big length is sent from client (Edge or Chrome).

However still the question is why? (I think that should not be a problem usually)

My suspicious is that the device MPX5550 does not support such TLS handshake (even we are running July's firmware), but I see that not all SSL options are supported already by that MPX platform.

However, we'll see - Citrix is checking that now.

Link to comment
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...