Citrix XenApp Server/Citrix SSL server not accepting connections

A branch office has moved to a new location. Before the move everything worked. After the move = unable to connect to Citrix/application from the new branch office location.

(They have tested connecting to the Citrix / application from outside of the new branch office. = Success. From inside the new branch office = no joy.)

The following error message is displayed when attempting to connect from inside the new branch office.

Citrix receiver

Unable to launch your application. Contact help desk with the following information:
Cannot connect to the Citrix XenApp server. The Citrix SSL server you have selected is not accepting connections.

Why is this? What needs to be done? Any ideas?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian MurphyIT ArchitectCommented:
I can tell you it is not the receiver.  Apologies, before continuing I need more information.

Is the farm at least version 6.5?  If yes >

Are you using Secure Gateway and have Web Interface set to Gateway Direct?  > yes or no

If no, do you leverage SSL Relay on your STA or ZDC primary and secondary?  

SSL error is caused by so many things. Now, the fact that you get the error with the client helps narrow it down, a little.  But a lot of the questions to follow depend on whether or not you have 6.5 on 2008R2 or 2012.  Or 7.1.  Or 7.6.

All of them are related if you use a Netscaler and third-party Certificate.  They would all have this in common which brings me to question #1.

1.  It can be your SSL Certificate was from a third-party but SHA-1 has deprecated depending on who that third-party.  Your certificate does not have to expire if you are running the client 4.2 or higher.  4.3.1 is the latest client.  4.2 and even 4.1 do not support SHA-1 certificates.

Renew your third-party certificate with a SHA256.  You can even use the former CSR if you wish or generate a new CSR with new private key.

2. You changed the hostname of "something".  

This might be two part.  You can either change the name of your host back or issue a new certificate in the new name.  OR, you might have to do both IF you are using a SHA-1 certificate

3.  You are using SSL Relay on ZDC to proxy traffic from 80 and 1494 to 443 for secure internal communication.  This excludes Netscaler.  This is NOT Secure Gateway.

The SSL Relay hostname cannot change if using an Internal CA.
The SSL Relay hostname cannot change if using a third-party Certificate.
The Secure Ticket authority is using the new name >

Do you get an SSL 29, 49?  Or just SSL Error?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ubatAuthor Commented:
The Citrix server is 4.5 and the clients may have 3.2 installed. Clients belong to another company.
ubatAuthor Commented:
Updated/corrected information
Xenapp-server 6.5 is installed/being used
ubatAuthor Commented:
Solved. The Solution turned out to be that the IT department opened port(s) which they previously had claimed to be opened in the firewall.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.