[German]It's a leap year, which happens roughly every four years. And there is something even more memorable: Sophos is struggling with the leap year 2024 because there are problems with SSL/TLS decryption in the SOPHOS Central Endpoint Agent. And at Citrix, the CtxHdxWebSocketService somehow no longer works on 29 February 2024 – this was already the case four years ago. And with SOPHOS Central there are problems with TLS decryption today.
Advertising
Citrix CtxHdxWebSocketService fails
German blog reader Christian R. contacted me by email this morning and raised a Citrix issue (thanks for that). According to him, Citrix has a special function that transfers the communication of teams in a Citrix session to the local client. The whole thing runs via the Citrix CtxHdxWebSocketService, so far so normal, but today, 29 February 2024, this service is on strike. On reddit.com there is the entry CtxHdxWebSocketService service not starting – Leap year problem with the description of the error:
It happens again.. "Citrix HDX HTML5 Video Redirection Service" crashes on Service start.
Eventlog says:
Name der fehlerhaften Anwendung: WebSocketService.exe, Version: 15.45.0.12, Zeitstempel: 0x64c00c5e
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.17763.1490, Zeitstempel: 0x51d4b57a
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000a5b3b
ID des fehlerhaften Prozesses: 0x7974
Startzeit der fehlerhaften Anwendung: 0x01da6ada2ab52ac7
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Citrix\HDX\bin\WebSocketService.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\ucrtbase.dll
Berichtskennung: 37ad8d28-17d2-45a0-9e4f-ecc3925ba10a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Christian pointed out that this had already surprised some administrators four years ago, as you can read on reddit.com at CtxHdxWebSocketService service not starting after service stop. There is also a Citrix HDX HTML5 Video Redirection Service – stopped on all VDA's today post in the Citrix community, which discusses the issue in February 2020. At that time it was related to a certificate problem. If you set the date to 1 March, it worked.
Also Thomas G. mailed me "I would like to report a problem with Citrix Virtual Apps and Desktops". His explanation: "The "Citrix HDX HTML5 Video Redirection Service" crashes when you try to start the service. Apparently this is related to a certificate that is issued daily (and is only valid for one day). This is apparently missing today." He referred to the reddit.com thread CtxHdxWebSocketService service not starting after service stop, where the problem is also addressed.
Thomas cannot name the exact effects, but he assumes that Teams HDX will not allow video transmission. It is also unclear which versions of "Citrix Virtual Apps and Desktops" are affected. He is using "Citrix Virtual Apps and Desktops 7 2308".
Problems with TLS decryption at SOPHOS Central
German blog Leser Markus H. Reader Markus H. informed me by email and in a private message on Facebook (thanks for that) about a problem with SOPHOS. In his message he wrote:
Advertising
Maybe interesting for the blog, if others also have SOPHOS Central in use and have problems with active TLS decryption today. It seems that the leap year doesn't taste good.
On Sophos endpoints that were restarted on 29 February 2024, browsers may display a warning as shown in the screenshot below:
Markus then pointed me to the Sophos Endpoint advisory Sophos Endpoint "Your connection isn't private" after reboot from the manufacturer, which addresses the problem. Affected are:
- Sophos Central Windows Endpoint
- Sophos Home
- Sophos Central Windows Servers
if SSL/TLS decryption of HTTPS websites is enabled in the threat protection policy and if the endpoint is restarted and the system date is 29 February 2024. The solution is to disable SSL/TLS decryption as of today, 29 February, and enable it again on 1 March. However, they are probably in the process of distributing a Sophos Endpoint SSL/TLS decryption policy override since 8:00 am.
PS: In New Zealand, a software error forced numerous self-service petrol pumps on 29 February 2024 for hours "out of order", but they are back now, as I read here.
