Error "Couldn't connect to server 'https://gwfqdn:non-443' when log on to non-443 port vpn vserver
Article ID: CTX561497
Updated On:
Description
You may get the following error message "Couldn't connect to server 'https://gwfqdn:non-443' while attempting to log on to non-443 port NetScaler Gateway virtual server using the latest Windows Secure Access Client. :
Environment
Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
Resolution
You can select either of two workarounds to address the issue temporarily :
Workaround 1: Create a new 443 Port Gateway vServer for discover requests.
Workaround 2: Add a Registry Value
Add a registry value as the followings:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Secure Access Client Registry Key: cloudAuthDisAllowed Value Type: DWORD Value: 1
Citrix is working on a permanent fix. This article will be updated when fix is released.
Problem Cause
Port number of discover request is not extracted from the netscaler gateway virtual server url correctly if it's not 443.
Issue/Introduction
Error message "Couldn't connect to server 'https://gwfqdn:non-443'"" while attempting to log on to non-443 port NetScaler Gateway virtual server using the Windows Secure Access Client
Additional Information
Upon reviewing the vpn.log, it has been observed that the following URL is being sent: https://gwfqdn:443/Citrix/Store/discovery. However, this URL is incorrect and does not align with the expected configuration (1443 in this case ). Please note that 'gwfqdn' represents the fully qualified domain name
The Netscaler is currently not responding to the clientHello packet sent by the client. This is due to the absence of a 443 port being listened to on the Netscaler.
2023-05-26 15:09:12.097 | Tid: 04256 | DEBUG | (editable) url=https://gwfqdn:1443 name=GWQDN_1443 2023-05-26 15:09:12.097 | Tid: 04256 | EVENT | Cloud authentication will always be tried, Client will check whether the current URL is an on-prem gateway or a cloud setup. 2023-05-26 15:09:12.097 | Tid: 04256 | DEBUG | Discovering store for domain Name - gwfqdn 2023-05-26 15:09:12.097 | Tid: 04256 | EVENT | Making GET request to *https://gwfqdn:443/Citrix/Store/discovery* 2023-05-26 15:09:12.097 | Tid: 04256 | DEBUG | Forcing a direct connection for this request.
The Netscaler is currently not responding to the clientHello packet sent by the client. This is due to the absence of a 443 port being listened to on the Netscaler.
Was this article helpful?
Yes
No
Powered by
