Citrix Virtual Apps and Desktops - Licensing Activation Status: Not Activated

book

Article ID: CTX696359

calendar_today

Updated On:

Description

Citrix Web Studio displays the activation status: Not Activated.

Example:

image.png

CDF trace captured on the Delivery Controller shows an issue with TLS communication.

System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

Network trace shows handshake failure:

Alert (Level: Fatal, Description: Handshake Failure)

 

Network trace analysis - working (activated) DDC:

image.png

 

Network trace analysis - not working (not activated) DDC:

image.png

Cause

Old ciphers prioritized using GPO on the affected Delivery Controller.

Resolution

Review existing GPO - SSL Cipher Suite Order (if configured):

(Computer Configuration\Administrative Templates\Network\SSL Configuration Settings\SSL Cipher Suite Order)

Make sure that any of the supported ciphers are on top of the list.

From Licensing Server documentation:

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

 

Policy configuration:

image.png

image.png

 

You can also check the list from PowerShell: Get-TlsCipherSuite | Format-Table -Property CipherSuite, Name

 

Issue/Introduction

The purpose of the article is to provide troubleshooting steps and a solution in a scenario where Delivery Controller Licensing Activation Status is: Not Activated.

Additional Information

Please note that the change can affect other applications or components. Handshake issue might also occur after the change if other servers have an old / different Cipher Suite Order (for example Storefront > DDC communication). 

 

Verify if your deployments have transitioned to License Activation Service (LAS)

License Server Cipher Suite order and requirements

From License Server documentation:

Cipher Suite order and requirements
The following is the full list of supported Cipher Suites:

  • ECDHE-ECDSA-AES256-GCM-SHA384
    ECDHE-RSA-AES256-GCM-SHA384
    ECDHE-ECDSA-CHACHA20-POLY1305
    ECDHE-RSA-CHACHA20-POLY1305
    ECDHE-ECDSA-AES128-GCM-SHA256
    ECDHE-RSA-AES128-GCM-SHA256

 

 

Powered by Wolken Software