CITRIX WORKSPACE NO CONNECT AFTER MICROSOFT OCTOBER 2022 UPDATE

[Miguel Angel Blazquez]

Hi,

After my Workstations was installed the Microsotf Security Update October 2022 KB5018410, the Citrix Workspace Client can´t connect with Netscaler server, the error for new connections is "can't add account with provided url". The clients that have Citrix open, can´t open any application. If uninstall it the Microsoft KB, Citrix work fine. We try with differents Citrix version and the problem persist. Any idea?

The Windows OS version is Windows  21H2

Edited October 13, 2022 by Miguel Angel Blazquez

[Martin Berthiaume]

We are having the same issue here with all our Windows 10 clients that applied KB5018410.

[Kristina Sjoumlberg]

Same here! I registered a case with Citrix but unfortunately they could not help us because we are on an unsupported version:

"Thank you for your time on call today.
We found that your current CVAD Infra is on an unsupported version 7.15. The support for 7.15 ended on Aug 15 2022.
Since this issue is caused due to a recently released Win 10 security update so we would have to engage Escalations and Product Team. Due to the unsupported scenario I would not be able to do that. Hence suggesting you to upgrade your CVAD Deployment to a supported version."

 

I hope that someone with a newer version can get help soon and share the solution/workaround real soon!

[Dominik Odermatt]

We just tested this and we don't have this problem. Our setup is as follows:

Win10 Client with KB5018410 and CWA 2209 connecting to Windows Server 2019 with VDA 1912 LTSR CU5.
Maybe the error only occurs in combination with older VDA versions?

[Martin Berthiaume]

@Kristina Sjoumlberg We are also using Citrix 7.15 and contacted Citrix support and they gave us exactly the same answer as you...

[Kristina Sjoumlberg]

@Martin Berthiaume, I found the solution for our environment in Citric ADC (aka Netcaler). The Load balancing virtual server object for our Storefront missed settings for TLSv11 and TLSv12 in SSL parameters. I also tested with the delfault Ciphers, but had to remove them again because then the Session from HP Linux thin clients stopped working. In my searching for answers I also fixed an outdated certificate in IIS on the StoreFront servers. But it wasnt until I checked the LSv11 and TLSv12 the receiver started to work again. It seems like KB5018410 unchecks these the older ones Internet Options just leaving TLSv12 .

[Martin Berthiaume]

Resolved for us: 

If you are wondering how to add TLS 1.2 support on your Netscaler, see the following steps. It could be different depending of your specific Netscaler setup and version. 
1.  Traffic Management -> Load Balancing -> Services: Edit the two SF servers Edit the SSL Parameter and Enable TLSv12 
2. Traffic Management -> Load Balancing -> Virtual servers: Edit active virtual server (not redirect) Edit the SSL Parameter and Enable TLSv12 
3. Traffic Management t -> SSL ->  Cipher Groups: create a new Ciphergroup add: "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384" "TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256" "TLS1.2-ECDHE-ECDSA-AES256-SHA384" "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384" 
4. Traffic Management -> Load Balancing -> Virtual servers: Edit active virtual server (not redirect) Edit the SSL Cipher and add the new Cipher Groups created just before. 
Do not forget to click on top right floppy disk icon to save the config.

[Vivek S1709154537]

Which version of VDA is this issue being observed? and is the issue observed only on Windows 10 21H2?

[Thomas Brandlehner1709161787]

Seems to be by design.
https://support.microsoft.com/en-us/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e

 

Thomas

[Miguel Angel Blazquez]

Microsoft was release a patch that fix the problem. I just try and Citrix Workspace work again!

 

 

URL: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-tls-handshake-failures-in-out-of-band-updates/

 

[Manikandan Chinnusamy]

Hi All,

 

We are running with 7.15 version ( out of support). We are having the same issue in my environment with all our Windows 10 clients that applied the KB5018410. We have installed the fix KB5020435 also but the issue still persists. Kindly suggest any one to fix the issue.