Hello folks,

It’s been a while since the last update but I have another KB article out. This is an issue that we run across often here in support, the ominous SSL error. This article explains how to deal with SSL Error 38. You can view the content below or here is a direct link to the CTX article http://support.citrix.com/article/CTX128812


When trying to launch applications, upon clicking the icon, users receive SSL Error 38. The error message reads as follows:

“Cannot connect to the Citrix Presentation Server. SSL Error 38: The proxy denied access to…”


This is possibly because of licensing restrictions as indicated in the article below:
CTX119980 – SSL Error 38 when Launching Applications using Access Gateway Enterprise Edition

It could also be caused by issues with Domain Name System (DNS) name resolution. When launching an application, the NetScaler relies on the method specified in the WebInterface.conf file. This is because Web Interface is responsible for generating the ICA file. If the WebInterface.conf file is set to dns-port and there is no way to resolve DNS, either because no DNS server is specified in the NetScaler or the NetScaler being in a DMZ where DNS resolution is not possible the launching of the application fails with the above error message.


To resolve this, specify a DNS server in the NetScaler under DNS-Name Servers. (Note: Make sure not to select the local option if this is a name server that is not local to the NetScaler)

Another option is to edit the WebInterface.conf file on the Web Interface server for that site to resolve through ipv4-port rather than dns-port. This can be found under C:\inetpub\wwwroot\Citrix\sitename\conf\WebInterface.conf

See the screen shots below: