Friday, June 24, 2011

Secure Gateway SSL handshake from client failed with IE9

I recently ran into an issue with Internet Explorer 9 (IE9) and Citrix Secure Gateway.

Using two Windows 7 machines (one with IE9 one with IE8) it was quick to realize that this was an IE9 specific issue.

What I discovered was that I could logon, I would get my list of applications, but when I launched my application from the WebInterface the application never launched.

Interestingly, the download of the launch.ica file was never completed by IE9 either.

If I look at the logs on the Secure Gateway server I see the error message: “SSL handshake from client failed.”  But that does not intuitively fall into place with the download of the launch.ica file not completing.

I have further learned that this is most likely due to new security sandboxing that exists in IE9.

The workaround to all of this is to place the URL of your Citrix Secure Gateway server into the Trusted Sites security zone within IE9.

After doing this, it all works as before.

I hope this helps overcome some issues and moves you on to IE9 (I will admit, I am still not used to typing search strings into the same box that I have been typing URLs into for years).

No comments: