{"id":27034,"date":"2022-10-18T05:33:22","date_gmt":"2022-10-18T03:33:22","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=27034"},"modified":"2022-10-18T11:50:36","modified_gmt":"2022-10-18T09:50:36","slug":"citrix-verbindungen-nach-windows-update-kb5018410-oktober-2022-gestrt-tls-problem","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/10\/18\/citrix-verbindungen-nach-windows-update-kb5018410-oktober-2022-gestrt-tls-problem\/","title":{"rendered":"Citrix connections broken after Windows update KB5018410 (October 2022) (TLS problem)"},"content":{"rendered":"

\"Windows\"[German<\/a>]Small addendum from last week. Since the October patchday (October 11, 2022), administrators of Citrix installations have noticed that connections no longer work for Citrix clients once Windows update KB5018410 has been installed. This update for Windows 10 version 20H2-21H2 is likely where the TLS 1.0\/1.1 issue struck. Addendum:<\/strong> It seems that an out-of-band update from Microsoft has fixed this issue.<\/p>\n

<\/p>\n

\"\"I became aware of the issue the other day via the following tweet<\/a> from Carl Stalhood. The message is simple: If you install the Windows update KB5018410, you should not be surprised about broken connections from Citrix clients.<\/p>\n

\"Citrix<\/a><\/p>\n

In the Citrix forum there is a discussion CITRIX WORKSPACE NO CONNECT AFTER MICROSOFT OCTOBER 2022 UPDATE<\/a> about this. The thread starter writes:<\/p>\n

Hi,<\/p>\n

After my Workstations was installed the Microsotf Security Update October 2022 KB5018410, the Citrix Workspace Client can\u00b4t connect with Netscaler server, the error for new connections is \"can't add account with provided url\". The clients that have Citrix open, can\u00b4t open any application. If uninstall it the Microsoft KB, Citrix work fine. We try with differents Citrix version and the problem persist. Any idea?<\/p>\n

The Windows OS version is Windows\u00a0 21H2<\/p><\/blockquote>\n

There, the Citrix clients can no longer connect to the server as soon as the update KB5018410 for Windows 10 version 20H2-21H2 has been installed. A user then confirms that it was probably due to the TLS problem outlined below.<\/p>\n

@Martin Berthiaume, I found the solution for our environment in Citric ADC (aka Netcaler). The Load balancing virtual server object for our Storefront missed settings for TLSv11 and TLSv12 in SSL parameters. I also tested with the delfault Ciphers, but had to remove them again because then the Session from HP Linux thin clients stopped working. In my searching for answers I also fixed an outdated certificate in IIS on the StoreFront servers. But it wasnt until I checked the LSv11 and TLSv12 the receiver started to work again. It seems like KB5018410 unchecks these the older ones Internet Options just leaving TLSv12 .<\/p><\/blockquote>\n

In the forum thread, a user describes how he enabled TLS 1.2 in his environment to get the connections working again. Maybe free Nartac tool<\/a>\u00a0<\/em>for testing TLS configuration is also quite helpful.<\/p>\n

Update KB5018410 and the TLS problem<\/h2>\n

I had pointed out the problem of TLS 1.0\/1.1 being disabled by Microsoft for Windows 10 version 20H2-21H2 with the October 11, 2022 security update in the run-up to the October 2022 patchday in the post Windows 10: Beware of a possible TLS disaster on October 2022 patchday<\/a>. This was not voodoo, as Microsoft already documented exactly this in the September 2022 preview update (see Windows 10 20H2-21H2 Preview Update KB5017380 (Sept. 20, 2022)<\/a>). And on Patchday, October 11, 2022, the TLS 1.0\/1.1 shutdown was then distributed more broadly (see Patchday: Windows 10-Updates (October 11, 2022)<\/a>).<\/p>\n

Also just got a message on Facebook that someone at a customer has experienced Outlook connection problems, probably due to the October update and TLS. The tips from my article Bug: Outlook no longer connects to the mail server (October 2022)<\/a> may help there.<\/p><\/blockquote>\n

Out-of-band for Windows as a fix<\/h2>\n

Addendum:<\/strong> It has been mentioned within the comments below and within my German blog – Microsoft has confirmed a bug in Windows, that's causing SSL and TLS connection issues. I covered this update within the blog post Out-of-band updates for Windows fixes SSL-\/TLS connection issues (also with Citrix) \u2013 October 17, 2022<\/a> eine \u00dcbersicht der verf\u00fcgbaren Updates aufgelistet.<\/p>\n

Out-of-band #update for #Windows fixes SSL \/ TLS connection issues – also for Citrix clients<\/p>\n

Similar articles:<\/strong>
\nWindows 10 20H2-21H2 Preview Update KB5017380 (Sept. 20, 2022)<\/a>
\nPatchday: Windows 10-Updates (October 11, 2022)<\/a>
\nWindows 10: Beware of a possible TLS disaster on October 2022 patchday<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Small addendum from last week. Since the October patchday (October 11, 2022), administrators of Citrix installations have noticed that connections no longer work for Citrix clients once Windows update KB5018410 has been installed. This update for Windows 10 version 20H2-21H2 … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,1547,22,2],"tags":[466,76],"class_list":["post-27034","post","type-post","status-publish","format-standard","hentry","category-issue","category-software","category-update","category-windows","tag-problem","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/27034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=27034"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/27034\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=27034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=27034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=27034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}