After Upgraded Native Citrix Workspace App (CWA) from v2402 CU4 to v2507 - Users could not launch their Resources
Article ID: CTX695945
Updated On:
Description
Users are experiencing issues connecting to Citrix desktops after upgrading Citrix Workspace app from LTSR 2402 Cumulative Update 4 Hotfix 1 to LTSR 2507.1
- Error 1320 found; returning CLIENT_ERROR_PD_ERROR
- Protocol Error 1030 occured, Error Message: Protocol driver error
- Could not connect to the (GatewayURL:443) server for your 'DesktopVDA' session. Please try again or contact the helpdesk with the following information: __Protocol driver error (Error code: 2064.1030)
Cause
- The issue was caused by the changes in SSL API which introduced in CWAfWin 2507 and onwards versions.
- No such changes in CWAfWin 2402 CU4.
- It changed the behavior to get the bitwise protocol number.
- Specific configuration "SecureChannelProtocol=ON" on the client machine which override the default value (by default the SecureChannelProtocol is ““ or NULL or “detect”).
- These two factors result in that the protocol number to be SSL_PROTOCOL_VERSION_NONE(0) rather than the SSL_PROTOCOL_VERSION_TLS_ALL(0xf, or 15).
Examples (different values of SecureChannelProtocol):
-------------------------------------------------------------------------
"" or " " → TLS_ALL
"detect" → TLS_ALL
"TLS12" → TLS12
"TLS12_TLS13" → TLS12 | TLS13
"TLS1_2" → NONE (not recognized)
"TLS13__TLS12" → TLS13 | TLS12 (extra underscore ignored)
"TLS11_XYZ" → TLS11 (XYZ ignored)
“ON”→ NONE (not recognized) <- In this case
Resolution
Please remove the "SecureChannelProtocol=ON" configuration, just leave it non configured just like below [ Under both locations ]
Under Registry: [HKEY_CURRENT_USER\Software\Citrix\Ica Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
- Set the Registry & Value to the following: "SecureChannelProtocol"=""
Under Registry:[HKEY_LOCAL_MACHINE\Software\WOW6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
- Set the Registry & Value to the following: "SecureChannelProtocol"=""
Please reboot & confirm that these values remain unchanged & persistent on your machine
Issue/Introduction
Users are experiencing issues connecting to Citrix desktops after upgrading Citrix Workspace app from LTSR 2402 Cumulative Update 4 to LTSR 2507.1
