Cloud Connector on Sever 2019 STA Shows Down on Netscaler ADC 12.1

Cloud Connector on Sever 2019 STA Shows Down on Netscaler ADC 12.1

book

Article ID: CTX327960

calendar_today

Updated On:

Description

When using Microsoft Server 2019 with the Citrix Cloud Software and using Netscaler ADC 12.1, the Cloud Connectors will show as 'DOWN' for the Secure Ticket Authority (STA)

Environment

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Resolution

Set the following registry keys on the Citrix Cloud Connector:
  • HKLM\SYSTEM\CurrentControlSet\Control\SecurityProvider\SCHANNEL
    • AllowInSecureRenegoClients = 1
    • AllowInsecureRenegoServers = 1
Note: This is a Windows-specific registry key and would have effects to other services on the machine.

Problem Cause

SSL Hardening often modifies the SCHANNEL registry values seen below:
  • HKLM\SYSTEM\CurrentControlSet\Control\SecurityProvider\SCHANNEL
    • AllowInSecureRenegoClients = 0
    • AllowInsecureRenegoServers = 0

With values set to 0, these registry keys will prevent the use of insecure re-negotiations between Client and Server. 
Powered by Wolken Software