Thursday, May 21, 2009

[THIN] Re: WI cert issues

..or someone hasn’t changed the firewall rules so that the internal servers can’t validate the revocation list – or has changed / modified the way root certs are handled on that box?

 

Maybe someone has done this? http://support.microsoft.com/kb/252657

 

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Joe Shonk
Sent: 21 May 2009 06:27
To: thin@freelists.org
Subject: [THIN] Re: WI cert issues

 

What about an issue with the date/time on the CSG device?

 

Joe

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Snyder
Sent: Wednesday, May 20, 2009 10:24 PM
To: thin@freelists.org
Subject: [THIN] Re: WI cert issues

 

nope - got a few more months to go

On Thu, May 21, 2009 at 2:10 PM, Greg Reese <gareese@gmail.com> wrote:

did your server cert expire?

 

On Wed, May 20, 2009 at 5:29 PM, Steve Snyder <kwajalein@gmail.com> wrote:

Remote site, wi 4.0.4 (I think) hiding behind CSG. Was running fine with no changes (I'm told ;) ) and now users get an error when trying to authenticate to it with smartcards:

    This page requires a valid SSL client certificate, blah blah blah, HTTP error 403.16 - Forbidden: Client certificate is ill-formed or not trusted by the web server. Love, IIS

If I forgoe the smartcard and logon with my non-smartcard credentials I get my list of apps, but when launching one I get

     Cannot connect to the citrix xenapp server. SSL Error 47: An unclassified network error occurred. (error code: error140770FC:lib(20):func(119):reason(252))

Since this is happening for everyone I'm guessing the cert committed suicide, or at least gravely injured itself in its attempt. Of course this server has never been backed up and a backup copy of the cert is probably non-existant.

Hoping that someone has seen this before and my diagnosis is overly pessimistic.

 

 

No comments: