Solved

The SSL Server you have selected is not accepting connections

Posted on 2009-04-02
13
1,680 Views
Last Modified: 2012-05-06
I have an issue where I am getting two error messages when trying to access a published application through a Citrix access gateway. The application is published through a website on the internet. I have been able to login to the site fine but when it comes to launching the application the citrix progress bar gets so far and displays either 'The SSL Server you have selected is not accepting connections' or 'There is no Citrix SSL server configured on the specified address'. To add some complication to the issue the users that are attempting to access this are on a domain and they are part of different user groups within AD. If the user is part of the administrator group they are able to access the application but if they are not then they get the above error.

Does anyone have an idea why this might be happening. It would appear that it is a permissions issue but I am not sure what permission would dictate this kind of access.
0
Comment
Question by:MartynLawson
  • 7
  • 6
13 Comments
 
LVL 17

Expert Comment

by:Nik
Comment Utility
Hi there,

Unfortunatelly we're not using Citrix over Access Gateway so Im not familiar with it although I am Citrix Administrator.

Have you checked this topic?
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Citrix/Q_22068583.html

Also, please check this articles:
http://support.citrix.com/article/CTX101716
http://forums.citrix.com/thread.jspa?messageID=707006

Anyway, if this sources don't help, I'll try to find the solution for this as I might need it for future reference too :)
0
 
LVL 17

Expert Comment

by:Nik
Comment Utility
When I think more about it. Your users might not have permission on terminal services.
You might need to add that members/groups into the terminal Services Remote access group on the Citrix Server.
0
 
LVL 1

Author Comment

by:MartynLawson
Comment Utility
I have checked the Administrator account and that is not a member of that group, but I have tried it anyway and it is still failing.

Unfortunately I am not that up to date with Citrix. The information that I have managed to accumulate so far shows that the user is able to login to the site and they are able to downlaod the lauch.ica file ok and it executes alright but it stops about half way with either of the error messages above. I have done some digging and alot of cases have mentioned DNS or FQDN as a possible source of the problem. I believe that I can rule this out as it is working with domain admin account.

Do you have any other ideas as to why this might be occurring?
0
 
LVL 17

Expert Comment

by:Nik
Comment Utility
If a user can successfully download an ICA file I wouldn't say it's a DNS issue.
I'm still in thoughts that you're having Terminal Services Connection Permission error.

You said:
If the user is part of the administrator group they are able to access the application but if they are not then they get the above error.

Go to Terminal Services in Control Panel on Citrix machine, click the RDP-Tcp connection and hit properties. Check the permissions there and paste your info here.
Also check the ICA-tcp connection permissions and paste that info here.

Regards,
Nik
0
 
LVL 1

Author Comment

by:MartynLawson
Comment Utility
I had not thought of that. You are opening my eyes to new things here

RDP-Tcp Permissions shows access for three user groups. Administrator, System and Users. The first two accounts have full access and the Users account has user and guest access. I have gone into the advanced settings and it shows that the Users account has the Query Information, Logon, Message and Connect access.

ICA-tcp Permissions show Adminstrators and System have full access. The User group has user access and Guest access. We also have other groups called Guest and Everyone that have only Guest access. I have checked the actual permission entries and Admin and System have full access, Users has Query, Logon, Message and connect access. The Guests and Everyone has only got Logon access.

I think that the problem that we are having is that the new user group that we have created has not been added to these permission lists. What are the bare minimum settings that would allow the user to launch the application?

P.S Thanks for all your help so far
0
 
LVL 17

Expert Comment

by:Nik
Comment Utility
You can put that group into the local "Remote Desktop Users" Group on the Citrix machine to have easier administration.
Once you do that, add that local RDP group User and Guest Access to ICA-tcp and RDP-Tcp connection.

See if it works.

Regards,
Nik
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 1

Author Comment

by:MartynLawson
Comment Utility
I have made the changes that you suggest but we are still getting the error messages. I am kind of hpoing that you have some more ideas because we ran out sometime this morning.

If you can think of anything else that we can try then please let me know
0
 
LVL 17

Expert Comment

by:Nik
Comment Utility
This group has access to this application, right?
Then it has to be a terminal services permission issue.
Try to give that group more permissions, test it a bit with RDP group locally on Citrix Server.
I'll try to investigate more into this..
0
 
LVL 17

Assisted Solution

by:Nik
Nik earned 100 total points
Comment Utility
Try to give that group full permissions on ICA-tcp and RDP-Tcp connections in Terminal Services Manager so we can be sure it's not related to Terminal Services Permissions.
0
 
LVL 1

Author Comment

by:MartynLawson
Comment Utility
I have tried to access the site outside of Citrix and it works with a minimal access user account. I have then done what you suggested and I have given the user full access for both ICA-tcp and RDP-tcp, but it is still not allowing the user to connect through the ICA connection. I am not really sure what this means as I believe that I have proved that it is a Citrix issue but the ammendments that I have not made has not resolved the issue.

Do you have anymore suggestions
0
 
LVL 1

Accepted Solution

by:
MartynLawson earned 0 total points
Comment Utility
I have looked into this further and done some additonal testing and it wouldm appear that this has been caused by a Group Policy template. Then issue stems from a recent proxy change that we have implemented recently. The connection was attempting to access the site through our old proxy server. I have since changed the settings to direct the connection through the new proxy and all is now working ok.

Many thanks for your help in diagnosing the issue
0
 
LVL 17

Expert Comment

by:Nik
Comment Utility
Hello Martin,
I'm so sorry that I couldn't help you, but I'm glad you've found the solution by yourself. I couldn't find time to investigate your issue a bit more since I had problems with Citrix too for the last two days.

We're having issues with "Connection in progress..." box, where clients can't connect to Presentation Server.

Apparently there are kerberos tickets stuck on the server, since users are not logging off properly.  I've found that info somewhere on the net.
Basically, if you restart Citrix farm once a week, there shouldn't be problems with that, but my servers failed to restart last Sunday and now problems emerged.

Will do a servers restart tonight when no one will be connected.

If you wan't we can stay in touch regarding Citrix issues since we're both Citrix admins.

Kind regards,

Nik
0
 
LVL 1

Author Comment

by:MartynLawson
Comment Utility
Yeah, it would be good to stay in touch. If you have any citrix issues then please let me know and I will help as much as possible

Thanks again for your help
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now