Symptoms
When the SSL Relay is deployed on Citrix Presentation Server 4.0 and the XML Service is being used as a Secure Ticket Authority (STA), the Citrix Presentation Server 4.0 computer must be rebooted if the XML Service port is changed. Otherwise, the SSL Relay will not successfully communicate with the STA until a reboot occurs.
Cause
The SSL Relay is implemented through the Citrix XTE service. The behavior of the Citrix XTE service is governed by the XTE configuration file located at the following folder path:
Program Files\Citrix\XTE\conff\httpd.conf
The httpd.conf file is generated during the startup of the Independent Management Architecture service (IMA). The IMA Service is what determines the XML Service port when the httpd.conf file is being created. The httpd.conf file includes a setting that allows an HTTPS proxy to protect traffic going to the XML Service port. This HTTPS proxy is the SSL Relay function of the Citrix XTE service. If the XML Service port changes, the content of the generated httpd.conf file becomes invalid. The relevant section in httpd.conf is as follows:
<Location />
ProxyPass 127.0.0.1:80
</Location>
In this example, the XML service port is 80.
The Citrix XTE service will only reference httpd.conf during initial startup. The Citrix XTE service does not monitor the status of the httpd.conf file in realtime. Thus, if the XML Service port changes, STA URLs that begin https:// will be unreachable. Additionally, Web Interface sites that use HTTPS as the XML Service transport will fail.
Resolution
Restart the Citrix Presentation Server 4.0 computer. This will regenerate the httpd.conf file using the correct XML Service port in the ProxyPass parameter.
Workaround
Locate the ProxyPass parameter in httpd.conf and manually change the referenced port number for the XML Service. Then, restart the Citrix XTE service so that it will read the modified httpd.conf file.
