Wednesday, July 25, 2012

Launching a Citrix published XenApp application on an HP t5745 Thin Client with ThinPro operating system throws the “Client Error”: “You have not chosen to trust “Certificate Authority”, the issuer of the server’s security certificate (SSL error 61).”

Problem

You attempt to launch a Citrix published XenApp application on an HP t5745 Thin Client with ThinPro operating but receive the following Client Error:

You have not chosen to trust “Certificate Authority”, the issuer of the server’s security certificate (SSL error 61).

image

The login portal:

image

… uses the same certificate but you have no problems or warnings logging in because you have already added the certificate as an exception.

Solution

This issue was a tough one because I’m in no way a Linux expert so I had no idea how to add certificate authorities on the ThinPro’s operating system so that it would trust the issuing authority because the issue here is that the thin client is configured in CDA mode which essentially opens up a browser to access the Citrix portal but then launches the application with the Citrix Receiver.  This meant that the browser would need to trust the certificate and the Citrix Receiver would need to as well.

After doing a few searches on Google, I finally found the following post where a user identifies the directory to copy the certificates:  http://forums.citrix.com/thread.jspa?threadID=262631

What you should do is basically copy the certificate authority that the thin client doesn’t trust onto a USB key, plug it into the thin client, open Terminal X:

image

… then issue the following commands:

  1. su
  2. fsunlock
  3. cd /media
  4. ls (to determine drive ID)
  5. cd (drive name from previous step)
  6. cp (certname) /usr/lib/ICAClient/keystore/cacerts/
  7. fslock
  8. reboot

The commands above will place the untrusted certificate authority into the trusted store of the receiver which will in turn allow you to launch applications without receiving the error above.

Tuesday, July 24, 2012

Launching a Citrix published XenApp application on a repurposed desktops with Stratodesk NoTouch Desktop throws the “SSL error”: “Contact your help desk with the following information: The security certificate “someURL.domain.com” could not be validated. (SSL provider code: unable to get local issuer certificate, SSL error 86).”

Problem

You’ve deployed Stratodesk’s NoTouch Desktop on a repurposed PC and attempt to launch a Citrix XenApp application through the portal via the Mozilla browser but receive the following error:

SSL error

Contact your help desk with the following information: The security certificate “someURL.domain.com” could not be validated. (SSL provider code: unable to get local issuer certificate, SSL error 86).

image

You are able to sign in through the login prompt that uses the same certificate without any issues:

image

Solution

The reason why this error is thrown is because the Citrix Receiver and the Mozilla browser within the Stratodesk operating system have uses separate stores to determine which certificate authorities they trust. This means that putting in an exception for the Mozilla browser would get your through the login portal without any warnings but when you launch an application and the Citrix Receiver, it will look into its own trusted store which may not have the issue certificate authority.

To get around the problem, you will need to copy the issuing certificate authority’s certificate (.cer file) into the following directory:

/usr/lib/ICAClient/keystore/cacerts/

… via the console option when you go into the configuration option:

image

Once the certificate file is in the store, reboot the operating system and you should be able to launch the applications.

**Note that the certificate’s .cer file MUST NOT contain any spaces or the file will disappear from the directory after a reboot.

To get the file onto the desktop, you can either plug in a USB key with the certificates and use the console to get to the following directory:

/tmp/devshares

… or upload the certificates by browsing to the client’s IP and using the administration page:

image

image

image

All certificates uploaded to via this method will end up in the following directory:

/config/certificates

Hope this helps anyone out there that may come across this problem.

Thursday, July 12, 2012

Citrix XenApp 6.5 server missing the “Citrix XML Service” in the Services Console

Problem

You log onto your XenApp server and notice that the services console does not list Citrix XML Service as a service (this service is usually listed under Citrix XenApp Commands Remoting):

clip_image002[16]

Navigating to the following registry key also doesn’t show any configuration settings:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CtxHttp

image

Solution

While there could be various reasons that could cause this, one of them would be because you have chosen to install the IIS XML integration during the install.  In the event that you want to change the port, you’ll need to use the ctxxmlss.exe /r<port #> command as shown in the following:

ctxxmlss.exe /r8080

clip_image002[6]

Notice how the Citrix XML Service is now listed as a service:

clip_image002[8]

The configuration settings will also be populated in the registry:

clip_image002[10]

Note that the service isn’t automatically started when you register the XML service with the port so make sure you start the service:

clip_image002[12]

You can also test by telnet-ing to the port on the server to see if you get a response:

image

image

Hitting the enter button will also terminate the session and display the following response:

clip_image002[14]

Thursday, July 5, 2012

terenceluk.blogspot.com turns 2 years old

2 years ago from today I created a new blog on Blogspot primarily for 2 reasons:

  1. A way to give back to the technology community for all the times someone else’s blog helped me.
  2. Have something for myself to reference to during deployments and/or troubleshooting.

Fast forward 2 years later with 572033 visitors and an average of 2000 visitors per day during working days, I’d have to say I’m extremely happy with the way the blog turned out.

I’d like to thank everyone who has visited my blog over the years.