SSL Unknown Erros with Wyse C10LE

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #7340
    • Total Post: 3
    • Newbie

    Hi guys

    We just rolled out a Server 2008 R2 Environment for our Remote desktop services, 1x gateway server, 1x broker server, 3x session host servers

    We use round-robin DNS for clients connecting to the farm, which directs them to the next server

    Im not sure what the broker server exactly does for internal clients, but i know it brokers clients for our external clients, and RDweb access

    Now, i setup the Wyse WTOS to connect to remote desktop services by selecting “Remote Connections” t hen “Microsoft” and putting in my broker server name, lets call it broker1 for now.

    When i try connect i get a message saying

    SSL Connection to “broker1”

    When i read more of the logs, i see the following errors

    SSL: unable to setup a connection, (err=-7517)

    Why am i getting this? the servers all have an internal certificates issues by our internal Certificate server. For external connectivity our GW server has a published cert

    Windows Embedded terminals do not get this as we can join them to the domain and i assume they get the correct certificates required

    Do i have to manually import them, if so, what ones do i need? WTOS dosnt say

    • Total Post: 22
    • Regular Joe
    • ★★

    You have to deploy your root cert to the WTOS devices.

    Copy the certificate to the cacerts folder on your FPT server.

    In the wnos.ini add the line

    You can also add a user name and password if your cert stored as a PFX secured file

    From the ini guide:

    AddCertificate — Specifies a certificate file residing in the subfolder cacerts
    under the wnos folder to load on the nand flash device (on platforms with
    nand flash), or on the memory. The length of the filename, including the
    trailing period and the file extension, is limited to 64 characters.
    This is required when configuring the Citrix Secure Gateway PNAgent
    Interface (PNAgent/Lite servers) in the Network Setup dialog box. Adding
    certificates are required if the user CSG environments use certificate agents that are not covered by the built-in certificates. The certificates are used to validate server identities by the thin client.
    Supported files include .crt file on ICA CSG; .cer and .pfx in 802.1x.

    password={plain text password}
    Password-enc={encrypted password}




    • Total Post: 3
    • Newbie

    Can you please advise what the rooc certificate is?

    Is there a master certificate that holds all the information for my RDS servers? or do i ineed to export each server certeficate? or just the broker server cert ?

    I assume you mean FTP Server?

    When i add the line AddCertificte=filename is the filename the ftp server path? or a local flash path

    • Total Post: 3
    • Newbie

    I imported my Trusted Root Auth Certificate being aour domain controller certificte, as its our Root CA

    I imported using the USB drive and import wizard

    When i connect i now get

    SSL” unable to setup connection (err=- 7702)

    • Total Post: 11485
    • Jedi Master
    • ★★★★★★★

    Only RDS Broker is supported. TS Gateway isn’t. This is planned in a later release.


Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.