Citrix Unknown Client Error 1110

[Leronne Washington]

Alist containing the majority of Internet Explorer, Firefox and Chrome related support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

There is a search box that you can use if looking for a specific fault. For example if you have an error code or error message, use that to perform a search. You can also use your browsers search feature which will perform a search against the whole page based on the words you enter.

wdt_ID Brief Description of Issue Brief Description of Fix Applicable Product Versions Affected (if known) Link to supplemental Support Article(s) 1 When launching a published desktop you may receive "Unknown Client Error 1110". This only seems to happen when launching the desktop from Firefox. What happens is Receiver is re-using an .ica file from the previous session. As a workaround you could save the ICA file to disk every time prior to launching it or delete the previous ICA files from temporary folders. A fix for this issue will be released in Receiver for Windows 4.11. Mozilla Firefox. 13 Workspace Control reconnects to only one application session instead of all the disconnected sessions. This issue currently exists when using Chrome to access Receiver for Web. You must manually click on each disconnected application. Citrix StoreFront 3.12 and Google Chrome. 2 If you log on to SharePoint 2013 through Clientless VPN, you cannot use Internet Explorer to open a Word ".doc" document. This is a known issue. Use Firefox or Chrome. NetScaler 11.1.53.11 and still exists in 12.0.53.6 (August 2017). 3 If you log on to SharePoint through Clientless Access, you cannot add a new item to the calendar if using Internet Explorer. Use Firefox or Chrome. NetScaler 12.0.41.16. 4 When using Firefox v51 and later, the NetScaler EPA and VPN plugins do not launch. This is due to Firefox dropping NPAPI plugin support. This has now been resolved in NetScaler 12.0.51.24. 5 Citrix Receiver can not be detected when browsing to the NetScaler Gateway portal and using the latest versions of Firefox. Firefox dropped support for NPAPI plugins which causes this issue. This is now resolved in NetScaler 11.1.55.10 and 12.0.51.24 builds. 6 EPA scans fail occasionally with Safari or Firefox web browsers and display error "3006". Install the NetScaler Gateway plug-in on the client machines before EPA scans are performed. 7 Unable to launch applications from NetScaler Gateway using Google Chrome if "Client Selective Trust (CST)" is enabled. This is a known issue. Follow the steps from the CTX article to configure Google Chrome so that you can access resources via NetScaler Gateway with CST enabled. Google Chrome. 8 After switching off Client Choices, users are still asked to make a selection. This was an issue with Internet Explorer Enterprise Mode. 9 Internet Explorer 8 does not display the NetScaler Gateway portal correctly when the portal theme is set to "Default", "Greenbubble" or "X1". This is a known issue and a bug "ID 669942" is currently open. table.wpDataTable table-layout: fixed !important; table.wpDataTable td, table.wpDataTable th white-space: normal !important; table.wpDataTable td.numdata text-align: right !important;

There are two user interface options for connecting to Citrix Virtual Apps and Desktops (CVAD). Both user interface options rely on a connection to StoreFront. ICA Proxy is configured differently for each user interface.

Hello, i just configured the netscaler gateway for connecting to storefront. When i log on i can start a citrix desktop. But after loading the desktop i get an error: unknown client error 0. Do you know what this could be?

Great article Carl, do you know where I can find some documentation for setting up conditional access for Citrix users coming in through Citrix Gateway on NetScaler? I am looking to limit access to certain published applications based on device posture (i.e. domain joined)?

but when i configure storefront, i am getting the error server address cannot be verified, than i need to click manual setup and have the netscaler gateway inside but cannot save anything like password or use FaceID on Ipad.

Hmm. There were no alerts or odd events because it was actually working. When I tried in Chrome rather than Edge, the ICA file appeared. That made me recreate the receiver session policy, which then worked.

Thanks for the speedy response.

Do a network trace on the NetScaler while somebody tries to add a store to Workspace app. When you do the network trace you can select the SSLPLAIN option to decrypt it so you can see the HTTP traffic.

Here is some final feedback on the topic. Citrix Support has confirmed a bug in version 13.1. Version 14.1 works great and classical policies are still supported.

Unfortunately, there is still no possibility to run MFA with Citrix Gateway license (50) and Advanced Policies.

Hi Carl, thanks for your response, how can I get back to vpn/index as I am not able to see updated page even after applying portal themes to on my gateway virtual server, I am just using LDAP authentication and no advance auth policies.

Launching an icon is completely separate from getting the list of icons. Launching an icon requires the Workspace app to create a separate connection to Citrix Gateway, which then verifies the STA ticket and forwards the traffic to the VDA. If you are internal, can your internal machine reach the Citrix Gateway FQDN?

There are bugs in certain builds. Make sure HSTS is not configured in SSL Parameters. Edit your Session Policy/Profile, on the Client Experience tab, configure a timeout in both Session Timeout and Client Idle Timeout. Make sure your Responder policies have the correct expressions.

Thanks for the great article. Wanted your advice regarding running app firewall on ADC to inspect the ssl component of the proxy. Is it worth the hassle, or will it break ica traffic? It is a policy requirement to have this.

I just came across your article because the storefront logoff page looks quite simple over netscaler after upgrading to 1912 LTSR. Thank you very much for your detailed description on how to deal with this.

Sorry for bothering you; I have tried to follow your guide to setup the ICA proxy and still not able to restrict the client go through the netscaler. What i can see is once the client auth with the citrix gateway, then the connection will be directly connected to the CAVD. I have no idea what went wrong, pleae kindly shield some light for me. Thanks.

Is there anything online, like a flowchart or something, or can you explain the flow of traffic from the onset of the client traffic hitting the gateway vip, then to the ldaps/radius auth process, then the behind the scenes traffic between the enumeration servers/sta servers, back to the netscaler etc?

How can I prevent users from fiddeling with the Web Interface Address?

Consider following example.

1. User login to GW (ICA-Proxy) under citrix.corp.com

2. Session-Policy takes over and redirects user to citrix.corp.com/Citrix/StoreWeb

3. User knows about the store CoolStore, so he/she changes the URL to citrix.corp.com/Citrix/CoolStoreWeb

1. User login to GW (ICA-Proxy) under citrix.corp.com

2. Session-Policy takes over and redirects user to citrix.corp.com/Citrix/StoreWeb (Store has only limited settings allowed, e.g. no password change, HTML5 Workspace App etc.)

3. User knows about the store AdminStore, so he/she changes the URL to citrix.corp.com/Citrix/AdminStoreWeb (this stores allows password change, native Workspace App etc.)

Hello. I have one question about authentication. I have Nescaler 13 (auth forwarded to StoreFront, citrix xenapp 6.5). Is it use intergrated authentication from PC to login into Netscaler (from Citrix Receiver). All policies are set SSO Enabled. But everytime I restart PC, I have to authenticate user name and password to Netscaler. Single Sign ON feature is installed with citrix workspace app.

Hello Carl. I guess my question could by quite silly, but cannot find soluiton for it.

I use Netscaler for ICAproxy only to internal XenDesktop/Storefront. I want to setup second Storefront for fault-tolerance. But using session profile I can configure only one Storefront (at Published application tab). So, is it possible to use more than 1 Storefront in case of ICAproxy?

Hi carl. Is there a way to have multiple Citrix gateway virtual servers (different hostnames) using a single external IP. I tried using SNI and content switching but that seems to require an advance license. I just need to implement multiple authentication methods (SAML, AD+Radius) to a single storefront.

My public CWA connects to the NetScaler (VIP) with SSL and then the NetScaler (SIP) connects to the internal VDA. Consequently, my client session terminates on the NetScaler. So does the optimization actually work through the SSL connection with the NetScaler?

Can you post instruction on a possibility of a content switching LB infront of multiple non-addressable Citrix gateways? So that we can switch storefront as gateway.fqdn/storefront1 gateway.fqdn/storefront2. Or is it possible to use SNI to redirect to appropriate gateway? We have a challenge of a single external IP but multiple storefronts.

Just a random question.

Currently our Internal clients are going through internal subnets (we have VPN tunnels between site, Citrix is hosted in Datacenter). What changes do I need to make in Netscaler and Citrix Virtual Apps 1903 or Storefront for all the connections to go out of WAN and use the WAN instead of going through internal subnet?

If you implement Citrix Gateway, you can proxy your ICA connections through the Gateway. If you point your browsers to Gateway, then the ICA connection will go through Gateway. Whereas Receiver clients need a fake internal beacon (or HDX Optimal Routing) to force connections through Gateway.

When clients Access from web interface:

Clients R or S, when they connect, the connection (CTX Website) is using public IP, but when they are connected the traffic I am noticing on the Firewall is shown as Internal. I am seeing on the Firewall logs as Clients R IP as source and Destination as VDA IPs. On the Netscaler I am seeing Retail A WAN IP as source and VDA IPs.

3a8082e126