{"id":33381,"date":"2024-02-29T15:20:03","date_gmt":"2024-02-29T14:20:03","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=33381"},"modified":"2024-10-01T15:23:41","modified_gmt":"2024-10-01T13:23:41","slug":"leap-year-problem-29-february-citrix-and-sophos-on-board","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/02\/29\/leap-year-problem-29-february-citrix-and-sophos-on-board\/","title":{"rendered":"Leap year problem 29 February: Citrix and Sophos on board"},"content":{"rendered":"

\"Stop[German<\/a>]It's a leap year, which happens roughly every four years. And there is something even more memorable: Sophos is struggling with the leap year 2024 because there are problems with SSL\/TLS decryption in the SOPHOS Central Endpoint Agent. And at Citrix, the CtxHdxWebSocketService somehow no longer works on 29 February 2024 – this was already the case four years ago. And with SOPHOS Central there are problems with TLS decryption today.<\/p>\n

<\/p>\n

Citrix CtxHdxWebSocketService fails<\/h2>\n

\"\"German blog reader Christian R. contacted me by email this morning and raised a Citrix issue (thanks for that). According to him, Citrix has a special function that transfers the communication of teams in a Citrix session to the local client. The whole thing runs via the Citrix CtxHdxWebSocketService, so far so normal, but today, 29 February 2024, this service is on strike. On reddit.com there is the entry CtxHdxWebSocketService service not starting – Leap year problem<\/a> with the description of the error:<\/p>\n

It happens again.. \"Citrix HDX HTML5 Video Redirection Service\" crashes on Service start.<\/p>\n

Eventlog says:<\/p>\n

Name der fehlerhaften Anwendung: WebSocketService.exe, Version: 15.45.0.12, Zeitstempel: 0x64c00c5e<\/p>\n

Name des fehlerhaften Moduls: ucrtbase.dll<\/em>, Version: 10.0.17763.1490, Zeitstempel: 0x51d4b57a<\/p>\n

Ausnahmecode: 0xc0000409<\/p>\n

Fehleroffset: 0x000a5b3b<\/p>\n

ID des fehlerhaften Prozesses: 0x7974<\/p>\n

Startzeit der fehlerhaften Anwendung: 0x01da6ada2ab52ac7<\/p>\n

Pfad der fehlerhaften Anwendung: C:\\Program Files (x86)\\Citrix\\HDX\\bin\\WebSocketService.exe<\/p>\n

Pfad des fehlerhaften Moduls: C:\\Windows\\System32\\ucrtbase.dll<\/p>\n

Berichtskennung: 37ad8d28-17d2-45a0-9e4f-ecc3925ba10a<\/p>\n

Vollst\u00e4ndiger Name des fehlerhaften Pakets:<\/p>\n

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:<\/p><\/blockquote>\n

Christian pointed out that this had already surprised some administrators four years ago, as you can read on reddit.com at CtxHdxWebSocketService service not starting after service stop<\/a>. There is also a Citrix HDX HTML5 Video Redirection Service – stopped on all VDA's today<\/a> post in the Citrix community, which discusses the issue in February 2020. At that time it was related to a certificate problem. If you set the date to 1 March, it worked.<\/p>\n

Also <\/span>Thomas G. mailed me \"I would like to report a problem with Citrix Virtual Apps and Desktops\". His explanation: \"The \"Citrix HDX HTML5 Video Redirection Service\" crashes when you try to start the service. Apparently this is related to a certificate that is issued daily (and is only valid for one day). This is apparently missing today.\" He referred to the reddit.com thread CtxHdxWebSocketService service not starting after service stop<\/a>, where the problem is also addressed.<\/p>\n

Thomas cannot name the exact effects, but he assumes that Teams HDX will not allow video transmission. It is also unclear which versions of \"Citrix Virtual Apps and Desktops\" are affected. He is using \"Citrix Virtual Apps and Desktops 7 2308\".<\/p>\n

Problems with TLS decryption at SOPHOS Central<\/h2>\n

German blog Leser Markus H. Reader Markus H. informed me by email and in a private message on Facebook (thanks for that) about a problem with SOPHOS. In his message he wrote:<\/p>\n

Maybe interesting for the blog, if others also have SOPHOS Central in use and have problems with active TLS decryption today. It seems that the leap year doesn't taste good.<\/p><\/blockquote>\n

On Sophos endpoints that were restarted on 29 February 2024, browsers may display a warning as shown in the screenshot below:<\/p>\n

\"Sophos<\/p>\n

Markus then pointed me to the Sophos Endpoint advisory Sophos Endpoint \"Your connection isn't private\" after reboot<\/a> from the manufacturer, which addresses the problem. Affected are:<\/p>\n