This message was deleted.
# citrix-vads
Slackbot
03/01/2023, 7:21 PMThis message was deleted.
đź‘€ 1
r
Ryan Gallier
03/15/2023, 2:32 PMDid you figure this out?
t
Terry R
03/22/2023, 10:46 PMIt appeared to be related to a bad CRL repository on the CA's. There was an LDAP based repo and a HTTP repo and the latter was in an "unavailable" state. This was resolved and we have not heard of the issue re-occurring. Kerberos logging was helpful in tracking down root cause and can be enabled via registry.
r
Ryan Gallier
03/23/2023, 1:21 PMSounds similar. We found the issue to our problems; it seems the old CA server did not have a proper CDP/CRL configuration therefore all the certificates’ issues by it had the CRL pointing to the LDAP location of that server. When that server got decommissioned it caused CRL smart card failures because it couldn’t find the LDAP location of the old server. We end up removing/rea-adding the Citrix Smart Card certificate template, forcing all Citrix users to get the new smart card certificate from the template, renewing the Kerberos Authentication certificate on all our Domain Controllers (so it can have the correct CRL) and rebooting all Citrix Servers and Domain Controllers. This finally corrected the issue.