Citrix Error 1030 Protocol Driver Error
Hello there,Users are getting Citrix Protocol driver error when they launch application internally. This is intermittent, and I am getting the following error in the event logs in WI 5.4 servers.' An error occurred while attempting to read information from the Citrix servers. The specified Citrix XML service could not be contacted and has been temporarily removed from the list of active servers.Socket pooling has been enabled, not sure if this is causing the issue.Farm: Citrix XA 6.5Please advise.Thanks and Regards.
Hello again,This time I`m setting up Netscaler to remotely access my previously created XenDesktop environment.I have set up the internal environment using self signed certificates. I created the keys, requests and certificates on Delivery controller and Domain controller CA.On the NetScaler there was previously installed certificate for an environment an employee was using earlier but is not using it anymore.After the configuration (the xendesktop and xenapp setup wizard in the bottom of the GUI) an user can login to the environment, but as soon he is opening a desktop, he is getting the error failed with status 1110. If he is opening a session to published application, he is getting protocol driver error (earlier was getting error about socket operation in non socket)After looking into a working XenDesktop implementation through NetScaler, I saw that it has a server certificate installed as well as CA certificate installed in the virtual servers for XenDesktop page. What is this CA certificate meant for?Does somebody even have an idea what went wrong in my installation of the appliances?Actually I don`t understand, how NetScaler handles the connection after the authentication, and why I can run my environment internally and logon to all appliances but when doing it through NetScaler after authentication errors appear. Has anyone got some idea?Thanks a lot already and have a great Christmas and a lucky New Year!!
Could you be more specific about the root CA?Can ypu please tell me, where and what certificates are needed for successful communication between the devices?For now i have Win2012 which is ROOT CA for the domain, acts as a domain controller also. Storefront is getting the certificate from the domain controller. I believe the internal communication should be alright with this config. At least everything is working.For the external communication i had a certificate already installed onto the netscaler, the guy before me left some things behind.
Citrix Error 1030 Protocol Driver Error Free
I reused that one. This certificate should secure the communication from the physical device to the netscaler. Am i right?Is there a configuration needed between the internal and external certificates? I already went through that material twice, it helped me to setup my first lab and the one after that. Basically I understand most of the things there. Its certificates that get me confused, particularly the things described in previous reply from me.The difference between my configuration and the one described in the article you provided is that Robinhobo uses one certificate. For internal and external comunication.
In my configuration now, im using one certificate, that is issued by Veritas, signed to particular domain name.I use this for external ssl. The second certificate is for the internal comunication, that cerificate is issued and signed by internal domain CA, not verified by 3rd party.I believe that using 2 certificates causes the 1110 error.
To be more specific, client connecting from outside does not have the certificate for the internal communication. The question is, how can i fix it. You used the certificate for registering domain machines and the same certificate for external access?The thing is, that i have created domain martinslab.local, issued the certificates for that domain with Domain CAand the domain is not intended to be accessed from outside.I use Veritas certificate only for connections made from outside, so that browser would not give me the red security warning for lack of certification.I believe this is the right setup. Can I do all this stuff differently? MartinsRubenis wrote:You used the certificate for registering domain machines and the same certificate for external access?I'm not sure what you mean. I don't use a certificate to register my domain machines.
I'm not sure even how to do that.MartinsRubenis wrote:The thing is, that i have created domain martinslab.local, issued the certificates for that domain with Domain CAand the domain is not intended to be accessed from outside.I use Veritas certificate only for connections made from outside, so that browser would not give me the red security warning for lack of certification.I believe this is the right setup. Can I do all this stuff differently?So martinslab.local is your internal domain name, but you don't need a certificate for that domain unless you intend to use that domain in your url.I'm saying don't use the internal domain as your url. Instead use your external url both for external access and internal access. This is the simplest way to set it up. That way you only have to tell your users 'go to and no matter where they are at it works. In citrix online training they used cch.local as the domain name.
I think it was because of learning purposes. I substituted it with more familiar name for me. An internal certificate issued by cch.local CA is needed to secure connections for devices connecting to cch.local. Another certificate is needed for connections coming from outside reaching netscaler. The netscaler waits connections coming to a public address configured onto it. It has the valid external certificate for a a given hostname.domain, signed by Veritas.
It then does its job, redirects users through gateway to internal domain. There it needs to have a domain certificate to secure the connections in internal domain.
A different certificate, not signed by third party, issued by cch.local domain CA in this case.Correct me if i`m wrong in any of the points i stated. I really need the opinion because i believe its vital for me in understanding the basics.Anyhow, if i would like to take your approach and use one certificate for both internal and external communications, I would have to change the domain name. That is no easy task if I understand correctly. I would change it to validname.com, make sure it is not used by anyoneAll the domains that i have worked with in labs or msbs does not have valid domain name. Its something that ends with.lan or.local.
Maybe this is getting me confused. Sorry, but yes, I think you're confused with the difference of AD domain name, Citrix website /URL and Certs. There would be no need to change your internal Active Directory domain as that does not have to match the DNS / website you use to publish your Citrix apps through.I do now understand that you're trying to setup an SSL cert for internal traffic to be different then the external. I don't know how to do that. Although I would argue why have it separate, just make everyone use the external url regardless of if they are internal or external.I know I'm not explaining this very well. I would refer back to the guide I posted earlier or perhaps someone else on here can explain better than me.
I think you misunderstood me about the internal and external communication. For external communication i meant end user device conncecting to netscaler. For internal communication I meant VDIs communicating with DC,DDC, Its the domain member certificate, issued by Domain Controller in my case.Actually sorted the problem out. Turns out my STA server was not configured with full FQDN and path. I had only FQDN.
After throughout look at my configuration several times I found that STA was marked as down. Added the path after the FQDN and the 1110 error went away.:).