Jump to content
Welcome to our new Citrix community!
  • 0

New Delivery Controller Joining to existing Site Failing


Feroz Khan1709163863

Question

We are commissioning a new 2nd Delivery Controller on our Citrix Farm.  We have installed the Delivery Controller components, including Studio and Director.  When install has completed and attempting to join the Delivery Controller to an existing site, it is failing with two errors, both of which are database related (attached).  The SQL scripts were generated and manually executed on our database by the DBAdmin.  We have an AlwaysOn High availability SQL cluster, however after reading a different knowledgebase article about joining the existing, the Citrix databases were removed from the AlwaysOn configuration and still are.

 

The errors reference firewall security when connecting to the database, however there is no Network Firewall between them and both are in our internal production network within the same subnet.  The local Windows Firewall is also disabled.

 

However when reviewing the even logs after it fails to join, there is also a certificate related error (shared below) being generated and not certain if this is the issue:

 

"The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate."

 

Does anyone know from their own experience if this could be a certificate/TLS issue, and if so, how else it can be verified?

DB-Error-1.JPG

DB-Error-2.JPG

Link to comment

2 answers to this question

Recommended Posts

  • 0

The services are now working on the new Delivery Controller.  It appears the issue is related to the SQL instance hosting the Citrix databases using a Self-Signed certificate.  We have used  "TrustServerCertificate=true;” in the DB connection string on the new Delivery Controller as a workaround, however will need to issue a valid certificate from our Network CA to configure on the SQL instance, which needs to be reviewed, as it's also hosting other application services.  

  • Like 1
Link to comment
  • 0

Is windows firewall only allowed to accept connections from certain IP addresses?  You might have to add the new DDC ip to it.

 

Also check the SQL database itself.  If there is a particular account that has DBO on it, login to the new DDC as that account when adding the new controller.  That account will add the new Machine Account for the new DDC to the database with the necessary permissions.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...