Open the Citrix Receiver GPO administrative template by running gpedit.msc Navigate to Administrative Templates Citrix Components Citrix Receiver Network Routing Deprecated Cipher Suites. Right-click on “ Deprecated ciphers suites ” and select Edit Select. Beginning August 2018, Citrix Receiver will be replaced by Citrix Workspace app. While you can still download older versions of Citrix Receiver, new features and enhancements will be released for Citrix Workspace app.
- Receiver for Windows
Symptoms or Error
This article discusses error messages that may occur while launching TLS or DTLS encrypted sessions when using the Citrix Receiver for Windows 4.12 and describes the possible causes of each error message. It also provides troubleshooting steps for each issue. In addition, this article is intended for system administrators.
If these troubleshooting steps do not resolve your issue, please use a network tracing tool such as Wireshark to capture TLS and DTLS network traffic. TLS and DTLS network traffic should be captured at the client device, Citrix NetScaler Gateway, and VDA (if possible). Please be ready to supply this information to your Citrix support representative when requested.
Symptoms or Errors
When attempting to connect to an Application or Desktop using Citrix Receiver for Windows 4.12, you may see connection failures possible related to the new Crypto Kit updates.
To troubleshoot the issues, follow the next steps based on the error messages.
|“The published resource is not available currently. Please contact system administrator for further assistance”.|
“The Citrix SSL Server you have selected is not accepting any connections”.
“SSL error 4: Operation completed successfully”.
|Go to resolution 1|
|“Socket Operation on Non-socket”.||Go to resolution 2|
|“SSLv3 alert handshake failure”.||Go to resolution 3|
Latest Citrix Receiver Install
If you receive one of the error messages below, while attempting to connect to an Application or Desktop using Citrix Receiver for Windows 4.12 via Citrix NetScaler Gateway. Please follow the instructions listed below.
- The published resource is not available currently. Please contact system administrator for further assistance.
- The Citrix SSL Server you have selected is not accepting any connections.
- SSL error 4: Operation completed successfully
New Citrix Receiver For Mac
Please follow the below steps for configuring the required cipher suites on NetScaler Gateway
Navigate to Configuration tab > Traffic Management > SSL and Select Change advanced SSL Settings.
Check the box labelled ‘Enable Default Profile’ and select OK.
Select Yes when the following prompt message appears.
To verify if the Default profile was enabled, repeat step 1.
Then, navigate to Configuration tab > System > Profiles > SSL Profile > Click on ns_default_ssl_profile_backend and Select Edit
Under the SSL Ciphers section, click on the pencil to edit. Then, remove the DEFAULT_BACKEND option by clicking the ¬minus (¬–) symbol next to it.
Then, search for SHA2 and RSA options. Move them under Configured.
First click OK, then Done to save the configuration.
If you receive a “Socket Operation on Non-socket” error message while attempting to connect to an Application or Desktop using Citrix Receiver for Windows 4.12, this is because the configuration on the client and/or VDA is currently un-supported. For a supported matrix configuration, go to Receiver for Windows Crypto Kit Updates article.
For instance, if the setup has FIPS compliance mode enabled and the COM cipher set has been configured on the Client and VDA, session launch fails with Citrix Receiver for Windows 4.12 due to lack of common cipher suite. You can change the configuration to GOV or ANY on client and VDA to resolve the same.
If you receive “SSLv3 alert handshake failure” error message, this is because certain deprecated RSA cipher suites have been explicitly disabled in Receiver. Some configurations still require these deprecated cipher suites. You can re-enable these cipher suites using the Receiver Group Policy template as follows.
New Citrix Receiver For Mac
Open the Citrix Receiver GPO administrative template by running gpedit.msc
Navigate to Administrative Templates > Citrix Components > Citrix Receiver > Network Routing > Deprecated Cipher Suites.
Right-click on “Deprecated ciphers suites” and select Edit
Select Enabled the policy and check the TLS_RSA_ option
Click Apply. Then, Ok to save the configuration changes.