Cannot connect to "0.0.0.2 - StreetSmart Edge"

[Jim Avera]

ICAClient 13.9.0 on Linux (Ubuntu 17.10) gives this error when trying to start Schwab's "StreetSmart Edge in the Cloud", which worked using 13.8.0.

 

I did a web search and found a very old Citrix Receiver bug specific to Linux, fixed in 2013:

  https://discussions.citrix.com/topic/323985-cannot-connect-to-0002-published-app-name-most-distros/

 

It looks like this bug, or something with the same symptom has come back.  

 

Any idea what to do about it?

 

NOTE: This does not happen using Receiver 13.8.0.   So it may indicate a regression.

 

(Schwab wants me to install the latest Citrix Receiver because of an unrelated problem, so am hoping citrix can resolve this new issue with 13.9.0 soon...)

 

STEPS TO REPRODUCE (requires Charles Schwab brokerage account):

1.  On Ubuntu 17.10, download icaclient_13.9.0.102_amd64.deb 

      sudo dpkg -i icaclient_13.9.0.102_amd64.deb  # fails due to missing dependencies

     sudo sudo apt-get -y -f install   # installs the missing libwebkit dependencies)

    sudo dpkg -i icaclient_13.9.0.102_amd64.deb    # will work the 2nd time

2. In Firefox, visit

      https://client.schwab.com/secure/cc/trade/trading_tools

     (requires Schwab login)

3. Click "Launch Cloud Version" for Steetsmart Edge

 

[H Roark]

Same problem.  Fedora 27 and ICAClient-rhel-13.9.0.102-0.x86_64.rpm.

 

Is there any workaround from the client side? 

[Daniel Barbosa]

same problem on linux fedora 27 and ICAClientWeb-rhel-13.9.0.102-0.x86_64.rpm

 

 

[H Roark]

Same issue.  13.9.1.6 linux x_64 "Cannot connect to "0.0.0.2 - ..."  Fedora 27.  ICAClient-rhel-13.9.0.102-0.x86_64.rpm.

[Alvin Lim1709159474]

On 3/27/2018 at 3:37 PM, H Roark said:

Same problem.  Fedora 27 and ICAClient-rhel-13.9.0.102-0.x86_64.rpm.

 

Is there any workaround from the client side? 

Same problem. Looks like it's not fixed yet, Fedora 27 and ICAClient-rhel-13.9.1.9-0.x86_64.rpm

 

I went back to https://www.citrix.com/downloads/citrix-receiver/legacy-receiver-for-linux/receiver-for-linux-138.html. Had to deal with SSL cert issues but got it working eventually.

[selvan naidoo]

Experiencing same issue cant connect to 0.0.2 . Installed latest Linux receiver . Authenticate fine . The moment you try open a published app the error comes up. Running Mint 18.3 64 bit .

[Scott Z]

I work for a fortune 50 world bank.  We are received hundreds (if not thousands) of calls because this issue has come back up. Our employees use Debian 64bit (stable). This issue can't continue to drag on more than a few days, otherwise we will be pursuing other products and it WILL put a dent in your ledger.

[Martin Schatz1709152855]

got the same Issue on a Raspbery Pi, Raspbian with receiver icaclientweb_13.9.0.102_armhf.

But: only when I connect via Cirix-Netscaler.

as long as the Client is in the same Network as the XenDesktopController everything is fine...

[Martin Scharnke]

Same problem - 13.9.1.6 linux x_64 "Cannot connect to "0.0.0.2 - ..."

 

[Sean Healey]

Same problem. OpenSUSE Leap 42.3 and ICAClientweb-suse-13.9.1.6-0.x86_64.rpm.

 

The VPN I'm using is launched via a web-based portal so I don't have access to any .ICA file it might be launching. I believe that the server side is a Netscaler instance, but I don't have any visibility of that and the helpdesk doesn't support Linux clients so I can't ask them for help.

[Robert Van Voorhees]

Also experiencing this issue with Fedora 27 and latest ICAClient.  Does downgrading temporarily resolve the issue?

[Michel Meeuwissen]

On 3/30/2018 at 2:05 AM, Alvin Lim1709159474 said:

Same problem. Looks like it's not fixed yet, Fedora 27 and ICAClient-rhel-13.9.1.9-0.x86_64.rpm

 

I went back to https://www.citrix.com/downloads/citrix-receiver/legacy-receiver-for-linux/receiver-for-linux-138.html. Had to deal with SSL cert issues but got it working eventually.

Ik got the same SSL cert problem.

Can you please point me in the right direction how to solve this?

[Robert Van Voorhees]

6 hours ago, Michel Meeuwissen said:

Ik got the same SSL cert problem.

Can you please point me in the right direction how to solve this?

 

The certificates for the older versions of ICAClient-13.8.0.10299729-0.x86_64 are stored in /opt/Citrix/ICAClient/keystore/cacerts as an example this does not include Entrust certificates, so you need to go to Entrust's website and manually down the PEM files.  No need to rename them, as long as the format is correct the filename is irrelevant.  I copied them into the folder, made sure they were owned by root:root, and my SSL problems went away:

 

-rw-rw-r-- 1 root root 1.5K Apr  4 15:26 entrust_2048_ca.pem
-rw-rw-r-- 1 root root 1.1K Apr  4 15:35 entrust_ec1_ca.cer
-rw-rw-r-- 1 root root 1.7K Apr  4 15:35 entrust_ev_ca.cer
-rw-rw-r-- 1 root root 1.5K Apr  4 15:35 entrust_g2_ca.cer
-rw-rw-r-- 1 root root 1.6K Apr  4 15:35 entrust_g3_ca.cer

I did rename one of them to pem, but that wasn't necessary.

[Alvin Lim1709159474]

11 hours ago, Michel Meeuwissen said:

Ik got the same SSL cert problem.

Can you please point me in the right direction how to solve this?

1. Locate the Entrust Root Certificate Authority - G2 certificate on your web browser (chrome://settings/certificates?search=cert on Chrome)
2. Export it to a file EntrustRootCertificationAuthority-G2.crt
3. Copy this file to /opt/Citrix/ICAClient/keystore/cacerts/
4. Repeat if necessary for other certificate authorities.

[Alex Thomson1709158331]

I have the same issue on 4.16.4-1-ARCH - tried certificate workaround for the sites that I am using to no avail, have also tried downgrading receiver version tarball to 13.5, 13.7 and 13.8 and had no success - any help would be greatly appreciated, I am assuming that this is a bug?

[H Roark]

On 4/16/2018 at 7:45 AM, Robert Van Voorhees said:

 

The certificates for the older versions of ICAClient-13.8.0.10299729-0.x86_64 are stored in /opt/Citrix/ICAClient/keystore/cacerts as an example this does not include Entrust certificates, so you need to go to Entrust's website and manually down the PEM files.  No need to rename them, as long as the format is correct the filename is irrelevant.  I copied them into the folder, made sure they were owned by root:root, and my SSL problems went away:

 

-rw-rw-r-- 1 root root 1.5K Apr  4 15:26 entrust_2048_ca.pem
-rw-rw-r-- 1 root root 1.1K Apr  4 15:35 entrust_ec1_ca.cer
-rw-rw-r-- 1 root root 1.7K Apr  4 15:35 entrust_ev_ca.cer
-rw-rw-r-- 1 root root 1.5K Apr  4 15:35 entrust_g2_ca.cer
-rw-rw-r-- 1 root root 1.6K Apr  4 15:35 entrust_g3_ca.cer

I did rename one of them to pem, but that wasn't necessary.

 

This worked for me on Fedora 27 for the SSL problem.   The entrust certs are here:  https://www.entrustdatacard.com/pages/root-certificates-download.  As noted by @Robert Van Voorhees just download and move them to  

/opt/Citrix/ICAClient/keystore/cacerts

then

chown root:root  /opt/Citrix/ICAClient/keystore/cacerts/entrust*

A workaround for now.

[Tristan Anderson]

I have tried to log this as a bug as its still occurring in ver 13.9.1 - released 23 march 2018- Citrix support refuses to log the request unless I provide proof of my companies licensing agreement. Its a licensed product that they provide to the public for free use? 

 

despite this Im happy to confirm your product still doesn't work for linux users.

[John Pugliese]

I've tried this with 13.9, 13.9.1,13.8 and others, I've tried downloading different certs, etc and haven't gotten anywhere for two months.  My workaround is Windows, which isn't acceptable.  Vendor won't sup0port a Linux issue,it worked fine before,now won't with newer OS (Debian 64 but newer build since March and 'update' of receiver. HELP

[nitin saxena]

I faced the same issue and got the answer at 

https://askubuntu.com/questions/901448/citrix-receiver-error-1000119

try this.

[DAZHOU LIU]

I have same issue on Fedora 28 with Citrix Receiver Web Client 13.10:

No such file or directory.

 

I got this issue fixed by steps below:

1. exported my company VPN web site’s Root cert, Intermediate cert, and website cert

2. copied all of them to Citrix keystore/cacerts

3. ran util/ctx_rehash

[G J1709160419]

Same flavor of issue (Cannot connect 0.0.0.2)  seems half my office has this issue and just gave up and bought a Mac/Windows machine. 

 

Seems like the certificates that ship with ICA Client are few and they are old.

 

This is what worked:

1. cd /opt/Citrix/ICAClient/keystore/
2. mv cacerts cacerts.old
3. ln -s /etc/ssl/certs cacerts
4. /opt/Citrix/ICAClient/util/ctx_rehash

 

Found the answer here: https://askubuntu.com/questions/1064452/citrix-receiver-13-10-on-ubuntu-18-04-1/1069929#1069929

 

icaclient 18.10.0.11 on Ubuntu 16.04.04 LTS

 

[Mohamed Jawad]

Hi team,

 

 

Getting the same issue, tried all the troubleshooting, not working.

 

using fedora 30
 

 

[Mohamed Jawad]

 

I fixed my issue,

OS: Fedora 30.

 

1. Install compat-openssl10

sudo dnf install compat-openssl10

Once you complete the installation you can see /lib64/libcrypto.so.1.0.2o,

2. Install the ca-certificates package

sudo yum install ca-certificates

3. Enable the dynamic CA configuration feature

sudo update-ca-trust force-enable

4. Install Dependencies,

sudo dnf install motif motif-2.3.4-14.el7_5.x86_64 libXaw libXaw libidn1.34 libjpeg-turbo-utils

5. Copy the keys

   

sudo cp -f /etc/pki/ca-trust/extracted/pem/*.pem /opt/Citrix/ICAClient/keystore/cacerts/
sudo cp -f /etc/pki/tls/*.pem /opt/Citrix/ICAClient/keystore/cacerts/
sudo cp -f /opt/Citrix/ICAClient/keystore/cacerts/ca-bundle.trust.p11-kit.crt /opt/Citrix/ICAClient/keystore/cacerts/ca-bundle.trust.crt

6. Changed  /usr/share/applications/wfica.desktop

Exec=/opt/Citrix/ICAClient/wfica -icaroot /opt/Citrix/ICAClient %f

to 

Exec=env LD_PRELOAD="/lib64/libcrypto.so.1.0.2o" /opt/Citrix/ICAClient/wfica -icaroot /opt/Citrix/ICAClient %f

I hope this helps someone...