Jump to content


Photo

7.12 -> VDA SSL -> The Citrix ICA Transport Driver received SSL initialization error 0xc0000241

Started by Torsten Streng , 13 March 2017 - 09:30 AM
6 replies to this topic

Torsten Streng Members

Torsten Streng
  • 5 posts

Posted 13 March 2017 - 09:30 AM

Hello,

 

I want to use the HTML 5 Receiver and tried to activate SSL on the VDA. Unfortunately it's not working for Windows Server 2012 R2.

 

All requirements are in place. I have one machine catalog and delivery group for a 2008 R2 server and the same for a 2012 R2 server.

 

For 2008 R2:

 

Standard Receiver --> SSL working

HTML 5 Receiver --> SSL working

 

For 2012 R2:

 

Standard Receiver --> SSL working

HTML 5 Receiver --> SSL not working (Event ID 1014: The Citrix ICA Transport Driver received SSL initialization error 0xc0000241)

 

A Citrix case is already opened and a GTM with an expert is done. He agreed that the configuration itself is correct. Now they want a lot of traces, incl. Wireshark.

 

On the StoreFront servers we had to disable TLSv1.2 because the NetScaler 11.1 is not able to initialize the SSL handshake when it's enabled. For this we have another case open. But it will also not work when trying directly (modified Firefox) without the NetScaler.

 

An idea?



Kishore Kunisetty Citrix Employees

Kishore Kunisetty
  • 370 posts

Posted 13 March 2017 - 02:11 PM

Hello,

 

I want to use the HTML 5 Receiver and tried to activate SSL on the VDA. Unfortunately it's not working for Windows Server 2012 R2.

 

All requirements are in place. I have one machine catalog and delivery group for a 2008 R2 server and the same for a 2012 R2 server.

 

For 2008 R2:

 

Standard Receiver --> SSL working

HTML 5 Receiver --> SSL working

 

For 2012 R2:

 

Standard Receiver --> SSL working

HTML 5 Receiver --> SSL not working (Event ID 1014: The Citrix ICA Transport Driver received SSL initialization error 0xc0000241)

 

A Citrix case is already opened and a GTM with an expert is done. He agreed that the configuration itself is correct. Now they want a lot of traces, incl. Wireshark.

 

On the StoreFront servers we had to disable TLSv1.2 because the NetScaler 11.1 is not able to initialize the SSL handshake when it's enabled. For this we have another case open. But it will also not work when trying directly (modified Firefox) without the NetScaler.

 

An idea?

can you provide your case id?

 

what version of netscaler 11.1 you have in your setup?



Torsten Streng Members

Torsten Streng
  • 5 posts

Posted 15 March 2017 - 08:36 AM

Hi Kishore,

 

It's NS11.1 Build 51.21nc but it's also not working without NS.

 

Case ID is SR#72343379

 

Additional cases:

 

SR#72283762 - [NS11.1: Build 51.21nc] Event ID 36888: A fatal alert was generated and sent to the remote endpoint. [...] fatal error code is 40. [...] Schannel error state is 1205 --> This case was closed without solution and opened a new one 72353142

 

SR#72353142 - TLSv1.2 not working on Storefront --> This case was closed without solution for a new case 72351715

 

SR#72351715 - Schannel TLS error



Kishore Kunisetty Citrix Employees

Kishore Kunisetty
  • 370 posts

Posted 15 March 2017 - 10:43 AM



Hi Kishore,

 

It's NS11.1 Build 51.21nc but it's also not working without NS.

 

Case ID is SR#72343379

 

Additional cases:

 

SR#72283762 - [NS11.1: Build 51.21nc] Event ID 36888: A fatal alert was generated and sent to the remote endpoint. [...] fatal error code is 40. [...] Schannel error state is 1205 --> This case was closed without solution and opened a new one 72353142

 

SR#72353142 - TLSv1.2 not working on Storefront --> This case was closed without solution for a new case 72351715

 

SR#72351715 - Schannel TLS error

 

for the issue when not using NS (direct access and session launch via htmlreceiver case)  - can you please confirm which option has been used in your setup while enabling ssl to the vda (i.e., COM, GOV or ALL)?

 

Are you using default ssl port 443 or any custom port?

 

Also would you be able to open browser debugging tools and capture the trace and share when using HTMLReciever along with HTMLReciever logs?

 

Thanks

Kishore



Torsten Streng Members

Torsten Streng
  • 5 posts

Posted 15 March 2017 - 03:21 PM

SSL was enabled without any specific option. Default port 443 is used.

 

What debugging tools do you mean? Chrome is forbidden. I already uploaded CDF traces to Citrix support. A HTMLReceiver log will not be generated.



Kishore Kunisetty Citrix Employees

Kishore Kunisetty
  • 370 posts

Posted 15 March 2017 - 04:36 PM

SSL was enabled without any specific option. Default port 443 is used.

 

What debugging tools do you mean? Chrome is forbidden. I already uploaded CDF traces to Citrix support. A HTMLReceiver log will not be generated.

http://docs.citrix.com/en-us/receiver/html5/2-3/user-experience.html

 

Can you grab the htmlreceiver logs for your session launch issue when connected via chrome browser without Netscaler Gateway?

 
Also you can get the browser debugging tools using F12 or developer tools when the session launch is attempted with in that tab (before you see the error) for example.
 
there is some info in the troubleshooting connections section on the blog @ https://www.citrix.com/blogs/2015/07/08/receiver-internals-how-receiver-for-html5-chrome-connections-work/ 
 
Sorry I could not spot the traces in your case since you have few of these cases.
 
Thanks
Kishore


Torsten Streng Members

Torsten Streng
  • 5 posts

Posted 16 March 2017 - 08:25 AM

 

Yes I know this link. But a log will not be generated. It does also not work.

 

 

Can you grab the htmlreceiver logs for your session launch issue when connected via chrome browser without Netscaler Gateway?

 

No. As I already wrote, Chrome is not allowed.

 

 

 

Also you can get the browser debugging tools using F12 or developer tools when the session launch is attempted with in that tab (before you see the error) for example.

 

I tried already with Fidler. But nothing found what would help. 

 

 

 

there is some info in the troubleshooting connections section on the blog @ https://www.citrix.com/blogs/2015/07/08/receiver-internals-how-receiver-for-html5-chrome-connections-work/ 

 

 

I alredy know this blog too. Thanks.