Error: "Cannot Process Provisioning File"
Article ID: CTX132169
Updated On:
Description
While running the StoreFront Services provisioning file (for example, Receiverconfig.cr) using Citrix Receiver 3.1, issues might be experienced. The following error message might appear:
“Cannot process provisioning file”.
Environment
Resolution
Following are the various causes, and the resolutions for the issue:
Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.
Cause 1
If the following error is displayed:
“Error: SSL certificate has an unknown Certificate Authority. Cannot validate SSL certificate.”
And if the provisioning file contains Access Gateway settings, as shown in the following screenshot, there is a possibility that the root Certificate Authority (CA) (or intermediate CA) is not installed in the local computer to trust the Access Gateway.
Resolution 1
To resolve the preceding issue, import the root CA to trust Access Gateway in the certificate store in Local Computer > Trusted Root Certification Authorities > Certificates folder, as shown in the following sample screen shot.
Cause 2
If the following error is displayed:
“Error: SSL certificate has an unknown Certificate Authority. Cannot validate SSL certificate.”
And if the provisioning file contains the Store URL using HTTPS, as shown in the following screenshot, there is a possibility that users might not have the root CA (or intermediate CA) installed in the local computer to trust the StoreFront Services server.
Resolution 2
Import the root CA to trust StoreFront server in the certificate store in the Local Computer > Trusted Root Certification Authorities > Certificates folder, as shown in the following sample screenshot.
- If using a self-signed certificate on Storefront for https configuration, then import the root cert into client's trusted root store.
Cause 3
If the following error is displayed:
“Cannot validate SSL certificate.”
Then Citrix Receiver is unable to verify the server certificate revocation.
Resolution 3
To resolve the preceding issue, complete the following procedure:
-
On Internet Explorer browser Options, go to the Advanced tab.
-
Select Security settings.
-
Search for Check for server certificate revocation and clear the selected option.
-
Ensure to close the browser window and start a new one for the changes to take effect.
Cause 4
If the following error message appears:
“Error: Windows Library Internal SSL Error. Cannot validate SSL certificate.”
Resolution 4
To allow Citrix Receiver 3.1 or later, add unsecured accounts by running a provisioning file, which requires SSL validation.Alternatively, Receiver can be manually configured by entering the Server Address of StoreFront. To do this, you need to follow the next procedure to allow unsecured connections to a store.
- Navigate to the following locations:
-
For 32-bit - HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\AuthManager
-
For 64-bit - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\AuthManager
-
-
Create a new String value called ConnectionSecurityMode.
-
Set the value to Any.
-
Navigate to the following location:
-
For 32-bit - HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Dazzle
-
For 64-bit - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\DazzleB
-
-
Modify the String value AllowAddStore to A.
Note: Citrix recommends installing a server certificate on StoreFront Services server to avoid sending in clear text user credentials over the network.
Issue/Introduction
Additional Information
CTX131857 – Citrix Receiver 3.1 does not Allow you to Add Non-Secure URL.
Citrix Documentation - StoreFront 3.0
