EPA failure (Access denied)
Article ID: CTX464137
Updated On:
Description
EPA failure with the following error seen in the logs:
2022-04-13 12:24:19.079 | Tid: 03344 | ERROR | downloadEpaLib | 296 | Failed to verify downloaded EPA library
2022-04-13 12:24:19.079 | Tid: 03344 | DEBUG | ns_verifyfile: called
2022-04-13 12:24:19.080 | Tid: 03344 | ERROR | ns_verifyTrustedCert | 162 | WinVerifyTrust failed -2146762496, err -2146762496
2022-04-13 12:24:19.080 | Tid: 03344 | ERROR | checkAndLoadEPALib | 518 | Failed to verify EPA DLL
2022-04-13 12:24:19.080 | Tid: 03344 | ERROR | initEPAlib | 702 | Failed to load EPA library
2022-04-13 12:24:19.080 | Tid: 03344 | ERROR | epaLibScan | 787 | Faield to initialize EPA library
Resolution
This could happen because of IC (even if IC as a feature is disabled).
Create the following nocache policy and bind this to the vServer with the highest priority; this should be either the GW Vserver or AAA vserver, whichever is relevant.
add cache policy epa_nocache_pol -rule "HTTP.REQ.URL.CONTAINS(\"/win/epaPackage.exe\")" -action NOCACHE
Also you must perform the following:
- Remove any corrupted EPA package from the end-user machine (in case any present at - C:\Users\<USERNAME>\AppData\Local\Citrix\AGEE)
- Flush the ADC cache for inappropriate caching the plugin executables (which involves epaPackage.exe). Use the command to flush the content group. Even if the 'Integrated Caching" feature is disabled, this still applies:
> flush cache contentGroup loginstaticobjects
Problem Cause
Even though the Integrated Cache feature is disabled, it will still cache certain objects (Gateway EPA packages and others).