When a pc has the proxy configured within the webbrowser and they want to go to access a published application on a Citrix Web Interface (internal adres) they receive the following message.
|"Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. Protocol Driver error."|
SSL Scanning is turned on by default.
When I turn of SSL Scanning, ICA is working. So the problem has something to do with SSL Scanning.
Some tracing log entries:
10:34:16.483: Accepted connection on 192.168.105.36:9090 from 172.16.0.130:59142
10:34:16.484: Received 193 bytes
CONNECT 10.90.1.140:2598 HTTP/1.0
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIogUABQAuAAAABgAGACgAAAAFASgKAAAAD0FWVzE0OUFWSUtP
<table class='titleTable' background='/mwg-internal/de5fs23hu73ds/files/default/img/bg_navbar.jpg'>
The SSL handshake could not be performed.
<b>Host: </b>10.90.1.140<br />
<b>Reason: </b>error:140760FCSL routinesSL23_GET_CLIENT_HELLO:unknown protocol
Who has the solution?
Solved! Go to Solution.
<b>Reason: </b>error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
This pretty much sounds like there is a problem in establishing an SSL connection to the remote end. Probably there is no real HTTPS traffic going through, but something that is tunneled within SSL. MWG won´t be able to read this. I believe an option would be to tunnel the SSL Decryption for this host, like adding 10.90.1.140 to the SSL Host Tunnel List.
For a more detailled analysis I think more data is required to find out what exactly is happening here. Maybe you can also file an SR for support?
Thanks for your reply.
It's not just 10.90.1.140. The IP address is randomly chosen. The servers are in a complete range of 10.90.1.* /24
Can I put a IP range in a SSL Host Tunnel List?