Jump to content


Photo

"SSL Error 47" Authentication Errors

Started by George Rodrigurez , 22 May 2006 - 08:47 PM
95 replies to this topic

George Rodrigurez Members

George Rodrigurez
  • 2 posts

Posted 22 May 2006 - 08:47 PM

Started receiving an error message about 1 week ago, specifically:

"SSL Error 47: Attempted to conect using the (TLS V1.0 : SSL V3.0) protocol(s). The server is configured for SSL V3.0"

Citrix ICA Client for 32-bit Windows (I re-installed this)

Tried both Firefox and Internet Explorer (not browser specific)

Tried both my notebook and desktop at home (not computer specific)

Tried to login both from my home internet connection and from my normal wifi hotspot in the hospital. (not router specific)

It is specific to me as no one else is having this issue. SSL 3.0 is enabled in both Firefox and Internet Explorer options.

IT has been slow to respond to my request to troubleshoot.

Any ideas or suggestions.

OS: WinXP SP2
Router: Linksys WRT54GS
Citrix ica32t.exe installed

Thanks, Greg Rodgers



Administrator Administrators

Administrator
  • 2 posts

Posted 14 June 2006 - 02:39 PM

Hello,

We are having the exact same problem here. Did you find a resolution to this issue? Thanks.



George Rodrigurez Members

George Rodrigurez
  • 2 posts

Posted 24 June 2006 - 01:43 AM

no, not yet. i installed in on a virtual machine from my mac and it works, so it must be a setting that i changed inadvertantly somewhere on my 2 pc's.



michael chinn Members

michael chinn
  • 1 posts

Posted 07 February 2007 - 04:56 AM

Thought that I would post one solution I found to this error...

Local security Policy preventing Citrix from working

Local Policies > Security Options > System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing

Disable this requirement.

You may also want to look at other System cryptography variables to see if it fixes the problem.



Murali Reddy Members

Murali Reddy
  • 1 posts

Posted 20 February 2007 - 05:54 AM

Do any one have the solution for the same.

Message was edited by: murali97



Administrator Administrators

Administrator
  • 2 posts

Posted 08 March 2007 - 10:16 AM

Guys,
are you using Secure Gateway in your environment?
If so, what version are you using?
Is SSL Relay used in your environment?
I'd suggest you to upgrade to SG 3.0 with hotfix level 6 (http://support.citri...ticle/CTX112518), since it solves following issue:

12. The link between the Secure Gateway and Citrix Presentation Server cannot be secured through secure sockets layer (SSL) Relay if the Secure Gateway is configured to secure only Citrix Presentation Server. This fix adds support to the Secure Gateway to retrieve SSL Relay information from the Secure Ticket Authority (STA) ticket validation response and secures the link between the Secure Gateway and Citrix Presentation Server through SSL Relay. To fully implement this fix, Web Interface Version 4.5 must also be installed.

[From SGE300W005][#149586]

I hope this helps,
Ainars



Christopher Stark Members

Christopher Stark
  • 31 posts

Posted 12 March 2007 - 02:59 AM

WI 4.5
CSG 3.0 with latest Hotfixes as of 3/11/2007
XPE Farm SP4 FR3 on Win2K OS

Clients using ICA PNAGENT 9.x have no issues.

People using PN Agent 10.0 with Vista getting

Cannot connect to Citrix Presentation Server.
SSL Error 47: An unclassified SSL network error occured. (error code: error: 14090086:lib(20):fun(144):reason(134))

Help!!



Administrator Administrators

Administrator
  • 2 posts

Posted 12 March 2007 - 11:52 AM

Hello All,

Guys are you using Intermediate certificates?
This morning I ran WireShark trace between my test WinXP SP2 machine and customer's environment and it shows such line in TLSv1 protocol line: Alert (Level: Fatal, Description: Unknown CA).
So what we are trying to do now is exporting Root CA into Base 64 encoding format, open it with Wordpad, copy it in the end of the original certificate for SG and upload / install it from the beginning.
I'll give an update regarding results.

Regards,
Ainars



Administrator Administrators

Administrator
  • 2 posts

Posted 12 March 2007 - 03:31 PM

cag4.5.1, aac4.5.1, wi4.5.1.8215

icaclient v9.x ; no problems

icaclient v10.00 52110;
Cannot connect to the Citrix Presentation Server.
SSL Error 47: An unclassified SSL network error occurred. (error code: error:14090086:lib(20):func(144):reason(134))

login works though



Christopher Stark Members
  • #10

Christopher Stark
  • 31 posts

Posted 12 March 2007 - 07:14 PM

We are using Network Solutions certificates.

Also, I noticed that if we put the ICA client vers 10 on an XP Professional box and a Vista box we get this error, but if we roll back to 9.x if works find with either XP Pro or Vista.

We get this error in PN Agent and Web Interface 4.5

Its something with IC Clinet vers 10 and WI 4.5 or CSG 3.0



Christopher Stark Members
  • #11

Christopher Stark
  • 31 posts

Posted 12 March 2007 - 07:16 PM

The only differecne with your setup and mine is your using CAG and I'm using CSG 3.0 and WI 4.5. Someting is wrong with ICA client 10. Any update on a fix.



christophe gaussin Members
  • #12

christophe gaussin
  • 1 posts

Posted 14 March 2007 - 12:53 PM

We are experiencing the same issue. Any news or update ??



Jean-François Robert Members
  • #13

Jean-François Robert
  • 12 posts

Posted 14 March 2007 - 01:22 PM

Hi, i have the same issue. I have an Trusted Authority certificate and same problem. I have CSG 3. The problem come from client 10.

So Citrix remove the client 9.230 from the download site.

Someone solve the issue?

Thanks!



Administrator Administrators
  • #14

Administrator
  • 2 posts

Posted 15 March 2007 - 04:50 PM

Guys,
Escalation developers looked into it and reproduced the problem as well. Waiting for their response / fix.
Will update you as soon as I get any news.

Regards,
Ainars



Christopher Stark Members
  • #15

Christopher Stark
  • 31 posts

Posted 15 March 2007 - 04:59 PM

Great! Let us know if the deveopers come up with a fix. We have tried this on many differnt machines in many different installs and it seams to stem from vers 10.0 I have also found a lot of traffic on the web about a lot of people having a lot of different problems with 10.... printing, disconnects, our ssl 47 error etc..



WILLIAM RAY Members
  • #16

WILLIAM RAY
  • 55 posts

Posted 17 March 2007 - 03:58 AM

I figure I throw my 2cents in.
I have 3 CSG3.0 / wt4.0 servers.I'm 99% sure that they are exact (since you can't image them)

There are 2 servers at 1 location and 1 server at another. All 3 work from IE or PN Agent 10 from inside the corporate LAN, but the server in the 1 location gives the SSL 47 error from any 1 of my 4 pc's at home, but only with v10.



Bruce Kiser Members
  • #17

Bruce Kiser
  • 7 posts

Posted 18 March 2007 - 02:29 PM

I am retracting my original tirade inspired by this issue after being contacted by Citrix. They informed me that you must open a support ticket, even if you have never before needed any paid support or support agreements. This way they have control of what is going on, & apparently they are willing to refund the charges if there is a legitimate reason to do so... It might have been helpful for me to know this was the case, but at any rate they will take care of you if you go about it the right way.

Message was edited by: ccfcitrix1

Message was edited by: ccfcitrix1



Martin Kirsch Members
  • #18

Martin Kirsch
  • 1 posts

Posted 19 March 2007 - 11:22 AM

hi,

i got the same problem. first, the new citrix client (10) encountered problems with duplicate entries in the ica-file. after resolving this, we now get the same ssl-errors as described in the other postings of this thread.
system: sg2.0.0.11882 on w2k3 server
we are lucky, this is our backup-system, which we test right now. the live system is the same, but running under w2k, and works fine (also with client v10)

any help appreciated,
regards
martin

presentation server 4 on w2k3 server
SG 2.0.0.11882 (says the diagnostic utility) on w2k3



Shane Walters Members
  • #19

Shane Walters
  • 5 posts

Posted 19 March 2007 - 03:56 PM

Could someone please update this thread. With only supplying end-user's with V10.x client it is increasingly becoming a problem with my customers.



Bruce Kiser Members
  • #20

Bruce Kiser
  • 7 posts

Posted 19 March 2007 - 08:15 PM

I am retracting my 2nd tirade inspired by this issue because I have received a copy of the 9.237 client, without being required to make any transactions for support.

Message was edited by: ccfcitrix1