Jump to content


Photo

Storefront does not "see" SSL certificate

Started by Cris Kolkman , 19 October 2015 - 08:17 AM
11 replies to this topic

Cris Kolkman Members

Cris Kolkman
  • 97 posts

Posted 19 October 2015 - 08:17 AM

Hello all,

 

Because our SSL certificate expired yesterday, we bought and installed a new wildcard certificate on our servers.

The settings and SSL links are the same as the previous only difference is the issuer.

We used to have a globalsign certificate but now the issuer is Comodo.

 

Root certificates seems to be installed correctly etc, but StoreFront (2.5) keeps saying:

 

"No certificate associated with this site."

 

When users try to login via the website, they are able to login but get the message:

 

"There are no apps/desktops available"

 

And when they login on Receiver, they get the message:

 

"Cannot contact store"

 

We are using Storefront 2.5

 

What could be the issue?



Cris Kolkman Members

Cris Kolkman
  • 97 posts

Posted 19 October 2015 - 10:57 AM

Update:

 

Added the certificate to the "Personal" certificate store and changed it in IIS, the error in Storefront is gone but still get the same error after user logon:

 

"There are no apps/desktops available"



Carl Stalhood CTP Member

Carl Stalhood
  • 12,366 posts

Posted 19 October 2015 - 01:01 PM

This usually means StoreFront can't talk to Controllers. Look in Event Viewer > Applications and Services > Citrix Delivery Services. In StoreFront Console, go to Stores > Manage Delivery Controllers. Edit the farm and set the Transport Type to HTTP.

Cris Kolkman Members

Cris Kolkman
  • 97 posts

Posted 19 October 2015 - 01:24 PM

This usually means StoreFront can't talk to Controllers. Look in Event Viewer > Applications and Services > Citrix Delivery Services. In StoreFront Console, go to Stores > Manage Delivery Controllers. Edit the farm and set the Transport Type to HTTP.

 

I will have a look at that, but the strange thing is that it works like it should for current users, this behaviour is only with "new" users.

The transport type is allready HTTP.



Cris Kolkman Members

Cris Kolkman
  • 97 posts

Posted 19 October 2015 - 01:52 PM

This usually means StoreFront can't talk to Controllers. Look in Event Viewer > Applications and Services > Citrix Delivery Services. In StoreFront Console, go to Stores > Manage Delivery Controllers. Edit the farm and set the Transport Type to HTTP.

 

In the event viewer these seem to be the most relevant errors:

 

The Citrix servers reported an unspecified error from the XML Service at address http://DC02-XA75/scripts/wpnbr.dll [NFuseProtocol.TRequestAppData].
All the Citrix XML Services configured for farm Controller failed to respond to this XML Service transaction.



Matthew Francis Members

Matthew Francis
  • 419 posts

Posted 19 October 2015 - 06:52 PM

If the transport type is HTTP then it is not using SSL to contact the Controllers as it is currently configured.



Cris Kolkman Members

Cris Kolkman
  • 97 posts

Posted 20 October 2015 - 06:04 AM

What does these errors mean for the environment?

Matthew Francis Members

Matthew Francis
  • 419 posts

Posted 20 October 2015 - 01:29 PM

The errors mean the Storefront servers are having issues communicating with the Controllers for XML related traffic. If you are using HTTP as the transport then the traffic should be using port 80 to the controllers/xml which is the Broker service. If it is using HTTPS then you must have a SSL certificate bound to IIS and configure the transport type to be HTTPS. Make sure the XML service name matches the certificate. Then it will use port 443 to that Controllers and traffic will be encrypted. These ports on the controllers can be configured using the broker service commands.



Cris Kolkman Members

Cris Kolkman
  • 97 posts

Posted 20 October 2015 - 01:45 PM

The errors mean the Storefront servers are having issues communicating with the Controllers for XML related traffic. If you are using HTTP as the transport then the traffic should be using port 80 to the controllers/xml which is the Broker service. If it is using HTTPS then you must have a SSL certificate bound to IIS and configure the transport type to be HTTPS. Make sure the XML service name matches the certificate. Then it will use port 443 to that Controllers and traffic will be encrypted. These ports on the controllers can be configured using the broker service commands.

 

But it has always been like this, nothing changed.

I changed using HTTPS (we have a certificate) but that didn't help either.

 

Strange thing is that I added a new customer to the 7.5 environment today and they can start their apps/desktops while the customer that is having this issue, logged in a few times before on 7.5 before this issue started.



Matthew Francis Members
  • #10

Matthew Francis
  • 419 posts

Posted 20 October 2015 - 02:08 PM

Is this a consistent error and doesn't work at all for all Controllers from the Storefront?



Cris Kolkman Members
  • #11

Cris Kolkman
  • 97 posts

Posted 20 October 2015 - 02:17 PM

Is this a consistent error and doesn't work at all for all Controllers from the Storefront?

 

Well it does seem like the error keeps occuring all the time but what I don't understand is that everything works fine for all our customers except this one customer who keeps getting the "There are no apps/desktops available" error.



Citrix Administrators Members
  • #12

Citrix Administrators
  • 45 posts

Posted 20 March 2017 - 07:26 PM

I saw the same thing on my side.  I had to go into IIS Mgr on the StoreFront and click Bindings on the Default Web Site.  I was missing the https one (it's a new setup).  In your case, you might see the https one but you will still need to select https and click Edit then choose the new SSL certificate.  It's probably still using the old/missing SSL certificate.

 

Yes, I know it's an old post but wanted it to have an accurate answer embedded here in case others like me come here.

 

Regards,

 

John Babbitt

Systems Administrator

Ashland Partners & Company LLP