I have two win2k3 boxes hosting the Password Manager Service. I have
a CA that issued a SSL cert using a wild card token (ex. PM-
Service*.domain.local, for load balancing purposes). This CA has a
trusted root certificate installed on each box and the SSL cert I
created was installed on the personal root certificate store as well.
Oddly, on the first server everything works great, but the second
server I cannot get the XTE service to start.
The Error Messages...
When applying the settings: The server process could not be started.
Make sure that the port is not in use. Refer to the windows event log
and the Citrix server error log for more information.
The Citrix XTE Server Error log: [Tue Mar 03 15:08:39 2009] [error]
Unable to load SSL Certificate for server PM-
SERVICE2.chs.concentra.corp:443 [hint: SSLCertificateHash]
The Event Viewer: Eventid 7024 The Citrix XTE Server service
terminated with service-specific error 1 (0x1).
What troubleshooting steps I have taken...
1. I have made sure that port 443 is not in use.
A) IIS was switched to 444 did iis reset
B) Turned off IIS
C) Did netstat also verified by using sysinternals TCPView
D) As another step I also configured the service to listen on
444 rather 443 just to see if it was related to port 443.
2. Checked the SSL cert
A) The same cert works on the first box
B) Despite the wild card cert working on the first box I created
a new cert using the FQDN not using wild cards.
C) Double checked to make sure the cert and the FQDN matched by
3. Checked permissions and Folder attributes
A) Network Service had identical rights as the first box and
verified that it had access to registry etc.
B) Made sure that no Citrix folders had any hidden attributes
4. Checked Citrix knowledge base
A) Followed the Troubleshooting the Citrix Password Manager
Service guide found http://support.citrix.com/article/CTX107169
The two boxes were built identically from a server build, so reason
would suggest that the problem is with the SSL cert, but I have no
problems with the cert on the first box. Also, as stated above I have
created other certificates just to try and rule out certs as the
problem. I am at a lose as I am out of ideas for troubleshooting.