Results 1 to 10 of 16

Thread: Citrix and ZA > Re-install ZA

Hybrid View

  1. #1
    risman Guest

    Default Citrix and ZA > Re-install ZA

    I get the following error message when I try to get into applications (e.g., Outlook, Word, Excel) remotely via my office's Citrix server: "Cannot connect to the Citrix mainframe server. SSL Error 4: Attempted to connect using the (TLS V1.0 | SSL V3.0) protocol(s). The server rejected the connection." Alternatively, I get the message: "Citrix SSL server you have selected is not accepting connections."

    It seems to be a firewall issue. I use ZoneAlarm Security Suite, and I can get into the applications when the firewall software is shut down. I've attempted to have the firewall recognize the Citrix application and website, but that doesn't seem to help.

    I'm no techie on this stuff, so please be technically gentle in any response. Thanks.
    Bob

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    watcher Guest

    Default Re: Citrix and ZA

    Dear risman:

    What web interface are you using to connect to the Citrix server? I've seen this SSL error(the first one) on browsers when your browser's encryption protocols, such as SSL 3.0/TLS 1.0, are set at their highest, such as 256-bit, but the server only supports a lower encryption setting such as 128-bit or a different encryption protocol such as SSL 2.0. Go into your web interface and find the configuration settings for SSL and change this to a lower setting if necessary. Keep in mind that the lower bit encryption is not as secure and neither is SSL 2.0 when compared to 3.0 or TLS.

    The 2nd error message means the server has the maximum number of connections it is configured for and won't accept any new logons. There are too many people logged on and you'll just have to wait and recheck after a period of time. There's no getting around this one.

    Hope this helps.

    WATCHER

  3. #3
    risman Guest

    Default Re: Citrix and ZA

    I have Firefox 2.0.0.11 and IE 7.0--it happens with both of them. I don't know how to change SSL settings to a lower level other than to disable altogether. I tried that with Firefox, but I then get the message "Firefox can't connect securely to [website] because the SSL protocol has been disabled. However, it doesn't make sense to me that it's the browser, because when ZA is disabled, I can access the site fine. So it seems like there should be something to tinker with in ZA, but I can't figure what it might be.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Citrix and ZA

    <blockquote><hr>risman wrote:
    I have Firefox 2.0.0.11 and IE 7.0--it happens with both of them. I don't know how to change SSL settings to a lower level other than to disable altogether. I tried that with Firefox, but I then get the message "Firefox can't connect securely to [website] because the SSL protocol has been disabled. However, it doesn't make sense to me that it's the browser, because when ZA is disabled, I can access the site fine. So it seems like there should be something to tinker with in ZA, but I can't figure what it might be.
    <hr></blockquote>
    Make sure the server IP or IP range that is for your Citrix on your laptop/desktop is entered as Trusted in the Zones.
    Make sure the Citrix listed in the ZA Program listing has server rights for the Trusted Zone, along with the Trusted and Internet Access and the Mail rights.
    Make sure the Privacy of the ZA has all green checks or all allowed in the Mobile code for the Citrix servers that you use.
    Make sure the "allow uncommon protocols at High security" is checked in the Advanced of the Firewall.
    Make sure the ports used by the Citrix are entered into the Custom of the Firewall for both inbound and outbound.
    Still more ideas yet.

    Best regards, Oldsod

    Message Edited by Oldsod on 01-01-2008 05:05 AM
    Best regards.
    oldsod

  5. #5
    risman Guest

    Default Re: Citrix and ZA

    I've done all of that except the last suggestion: &quot;Make sure the ports used by the Citrix are entered into the Custom of the Firewall for both inbound and outbound.&quot; How do I know what ports those are?

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Citrix and ZA

    The Citrix web site help has these suggestions, here. There should be a Manual or Help .chm along the Citrix installed, giving advice for the needed ports.

    The Citrix forum is found here.

    Just looking at the IANA port list, there is mention of 1494 tcp/udp, 1604 tcp/udp, 2312 tcp/udp, 2512 tcp/udp, 2513 tcp/udp, 2598 tcp/udp and 2897 tc/udpp for various Citrix features. However the Citix listed in the IANA port list is probabaly missing a needed few ports.


    I would be more inclined to use the Expert Rules for the Citrix along with the Expert of the Firewall, however just entering the needed ports into the Custom section of the Main of the Firewall usually does what is needed and will make it work.

    One of the easiest no effort, yet time consuming, method to trouble shoot ports/protocols with a firewall is set the firewall alerts to High and set the logging to High. Then run the application. Note each alert for ports, protcol and IP related to the application and of course inbound/outbound directions. Then add the ports for both local and remote(and sometimes port ranges), the protocol, and the IP (also as range sometimes) to the the rules. Then try it again. Keep repeating until all is finally added and it works. Checking the firewall logs in between all of this for dropped packets - this help find the needed data as well. In the end , after going step by step, this approach does yield results.

    Very often just giving the Citrix (as with many applications needing open ports) server rights for the Trusted and Internet Zones and adding the required servers as Trusted in the Zones ,will resolve the problem. Often the easiest.

    Plus if there is a router with SPI/NAT and/or a modem with NAT in front of the PC, the needed ports will have to be forwarded in the hardware. Or else it still will not work.

    The IT people at your office should be helpful.


    Oldsod

    Message Edited by Oldsod on 01-01-2008 06:55 PM
    Best regards.
    oldsod

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Citrix and ZA

    The information provided says the remote server dropped the connection. Is your laptop (?) IP set as an accepted IP in the server at the office? Is the server properly setup to recognize your PC?

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ZA IS 10.0.250 and Citrix
    By petergoode in forum Common Program Settings
    Replies: 10
    Last Post: August 9th, 2011, 12:19 PM
  2. Citrix XenApp
    By Iamblichos in forum ZoneAlarm Configuration
    Replies: 1
    Last Post: July 18th, 2011, 07:03 PM
  3. Citrix App Download
    By Richard Stockton in forum ZoneAlarm Configuration
    Replies: 3
    Last Post: January 17th, 2010, 06:25 AM
  4. Citrix
    By richardha in forum Access Issues
    Replies: 4
    Last Post: June 19th, 2009, 06:45 AM
  5. Citrix and ZA
    By bahboy in forum Access Issues
    Replies: 7
    Last Post: May 9th, 2006, 01:08 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •