Users receive the following error message when launching published applications through Citrix Access Gateway:
“Error: Protocol driver error”
Cause
Access Gateway is in Advanced Access Control mode using a legacy access center.
Applications are being launched from the Program Neighborhood Content Delivery Agent (CDA).
When using the Program Neighborhood CDA, the CitrixAuthService on the Advanced Access Control server acts as a secure ticket authority (STA) to issue and validate ticket requests.
Example of ticket issued:
Address=AS;P7XXQEFRFRYWOMC1VXSS;BB828B5B4D02E858403D3F09246A6C38
Once the ICA file is built and sent to the client, the Access Gateway has 15 seconds to validate the ticket against the STA server for a successful connection to occur. If the ticket verification takes longer than 15 seconds the connection is dropped and users see the generic “Protocol driver error” message.
Example of an Access Gateway log showing failure:
This line shows a request to nfuselaunch at 13:11:48:
(08/31/06 13:11:48): 2:server:aacd:: request: https://10.10.10.25:0/labs/cds/host.xps?category=&page=NfuseLaunch&cmd=refreshraw&action=launchica&cdaid=%7BA5DBC0E4-0F42-11D4-8FF1-0050DA2FEE7E%7D%7CNfuseLaunch&cdainstanceid=CDA67AE146092174F12ADCEE58024A68B82&method=SEAMLESS&appname=b7b713aa%2D13dd%2D4d39%2Dbfff%2D0ab8b4077a1b%2FRemote%20Desktop&enumstate=enumstate_cdabd951ee583ef49e68359ef36bab07c5e
This line shows a failed STA ticket check at 13:12:27:
(08/31/06 13:12:27): 2:server:cgp_proto: : failed STA ticket check!
This line shows the Common Gateway Protocol (CGP) connection being closed at 13:12:27:
(08/31/06 13:12:27): 2:server:cgp_proto: : closing CGP connection
Example of an Access Gateway log showing a successful launch:
This line shows a request to nfuselaunch @ 13:23:32:
(08/31/06 13:23:32): 2:server:aacd:: request: https://10.10.10.25:0/labs/cds/host.xps?category=&page=NfuseLaunch&cmd=refreshraw&action=launchica&cdaid=%7BA5DBC0E4-0F42-11D4-8FF1-0050DA2FEE7E%7D%7CNfuseLaunch&cdainstanceid=CDA67AE146092174F12ADCEE58024A68B82&method=SEAMLESS&appname=b7b713aa%2D13dd%2D4d39%2Dbfff%2D0ab8b4077a1b%2FRemote%20Desktop&enumstate=enumstate_cdabd951ee583ef49e68359ef36bab07c5e
This line shows a succeessful check at 13:23:36:
(08/31/06 13:23:36): 2:server:cgp_proto: user[cagtest]: CGP MPS tunnel succeeded
This line shows an application launched at 13:23:36:
(08/31/06 13:23:36): 2:server:cgp_proto: user[cagtest]: CGP Application launched [Remote Desktop]
Resolution
You must increase the time for the Access Gateway to verify the STA ticket using the following procedure:
Increase the ticket timeout value in the web.config file on the Advanced Access Control server. The path to the file is:
C:\Intepub\wwwroot\CitrixAuthService\Web.config
Find lines 104-106 in the web.config file. The default setting for the CGP ticket time is 15 seconds (shown below):
Increase the expiration time from 15 to 85 or to something a bit more suitable for your particular environment. For example:
Save the web.config file and restart the Advanced Access Control services using the service configuration.
This document applies to:
Advanced Access Control 4.2
No comments:
Post a Comment