Jump to content


Photo

An unclassfied SSL error occured

Started by Rakhesh Sasidharan , 09 March 2017 - 06:37 PM
4 replies to this topic

Rakhesh Sasidharan Members

Rakhesh Sasidharan
  • 4 posts

Posted 09 March 2017 - 06:37 PM

Hi,

 

I am setting up a XenDesktop environment in my home lab as I've just completed the course and want to get familiar with it. My setup has two servers - data01 (running storefront and delivery controller) and data02 (running only delivery controller). All on the latest 7.13 version.

 

The delivery controllers work fine - I am able to create machine catalogs and delivery catalogs. The storefront too works fine as long as I connect to the delivery controllers via HTTP. But if I switch to HTTPS the receiver complains that it cannot contact the store and in the event logs of the storefornt server I have errors like these:

 

An SSL connection could not be established: An unclassified SSL error occurred.. This message was reported from the Citrix XML Service at address https://<delivery controller fqdn>/scripts/wpnbr.dll. The specified Citrix XML Service could not be contacted and has been temporarily removed from the list of active services.

 

I have tried my best to get to the bottom of this but can't find anything wrong. My CA is the DC itself and it is generating certificates using SHA1. The CA certificates and delivery controller certificates are added to the servers. I am able to visit the wpnbr.dll URL from any browser and it opens fine without any SSL errors (IE gives a 406 error; FF gives a blank page; but that's expected behavior I understand). The Ctrix XML service is running in standalone mode and I have confirmed via netsh that it has the correct certificates.

 

I don't know what else I could be missing and whether there are any other logs I can check to get more info, so any pointers in the right direction would be most helpful.

 

Thanks.



Kishore Kunisetty Citrix Employees

Kishore Kunisetty
  • 387 posts

Posted 09 March 2017 - 06:54 PM

Is your controller and storefront on window server 2016 OS?

 

Hope the enclosed link might help you  http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/tls.html?_ga=1.12668721.786433497.1487772459 

 

Thanks

Kishore



Rakhesh Sasidharan Members

Rakhesh Sasidharan
  • 4 posts

Posted 09 March 2017 - 07:07 PM

Hi Kishore,

 

Sorry I should have mentioned. Both are on Server 2012 R2.

 

Thanks for that link. I went through the controllers & storefront section of it and as far as I can see I have done all that's asked there.

 

Regards,

Rakhesh



Rakhesh Sasidharan Members

Rakhesh Sasidharan
  • 4 posts

Posted 11 March 2017 - 12:33 PM

No one? :(



Rakhesh Sasidharan Members

Rakhesh Sasidharan
  • 4 posts

Posted 11 March 2017 - 07:06 PM

I finally got this working! :)

 

I installed Storefront on data02 - the server which only had the Delivery Controller - and that installation was able to connect to both Delivery Controller servers (data01 & data02) with no issues. This meant the issue had to be with Storefront itself on data01, and not the Delivery Controllers. Since both servers were identical, and I know it is something certificates related, I decided to check the Trusted CA store of both servers.

 

(As an aside, I also tried uninstalling reinstalling Storefront but that didn't help).

 

I noticed that the problem server (data01) had a few extra CAs - two of which were my older CA certs, plus one from DigiCert. So I removed these and with that things began working! Am guessing the problem was my older CA certs - they were causing some validation error I guess. R

 

Regards.