Reset Search
 

 

Article

KB21413 - NC start script fails to launch with the 'Unable to connect to the Secure Gateway. The Secure Gateway may not be configured to support NCLauncher' error

« Go Back

Information

 
Last Modified Date8/2/2015 10:19 PM
Synopsis

This article describes the issue of the NC start script launch failure with the following error being generated:

Unable to connect to the Secure Gateway. The Secure Gateway may not be configured to support NCLauncher

The customer was able to logon to PCS via a web browser and NC mini browser without any issues. The customer was using the following command to run the NCLauncher from the command line:
nclauncher -url <url> -r <realm>-u <user> -p <password>

 

Problem or Goal
  1. In the command line, type the command using the appropriate parameters:
     

 
  • The following Security Alert window is displayed:

 
  •  

    When the Yes button is clicked, the following message is displayed:
     

 
  • When the Yes button on the above dialog box is clicked, the following error message is displayed:

Cause
 On analysing the user's debug log, the following entries were found:
00169,09 2011/05/31 15:33:15.889 3 nishant nclauncher.exe nclauncher p1472 t1188 httpQuery.cpp:153 - 'dsHttpQuery()' HttpSendRequest return code: 12057, call InternetErrorDlg()
00169,09 2011/05/31 15:33:26.904 3 nishant nclauncher.exe nclauncher p1472 t1188 httpQuery.cpp:153 - 'dsHttpQuery()' HttpSendRequest return code: 12057, call InternetErrorDlg()
00141,09 2011/05/31 15:33:27.732 1 nishant nclauncher.exe nclauncher p1472 t1188 httpQuery.cpp:180 - 'dsHttpQuery()' HttpSendRequest() failed: 12057
00146,09 2011/05/31 15:33:27.732 0 nishant nclauncher.exe nclauncher p1472 t1188 NeoterisAppLauncher.cpp:169 - 'NeoterisAppLauncher' dsHttpQuery() failed
00195,09 2011/05/31 15:33:27.732 0 nishant nclauncher.exe nclauncher p1472 t1188 NeoterisAppLauncher.cpp:190 - 'NeoterisAppLauncher' authentication failed to https://138.42.114.11/nctestwf541, error 102
The return code: 12057 is related with Check for server certificate revocation.

If a user tries to access PCS with an expired CRL on it, a warning message (about the lack of valid revocation info) is displayed and the NC launcher fails to launch with return code: 12057 in the debug log. The following message is displayed in the command line:
Unable to connect to the Secure Gateway.The Secure Gateway may not be configured to support NClauncher

The Server Certificate Revocation check was performed by Internet Explorer and the user was not able to launch NCLauncher, as the Device Certificate on the PCS had expired.
Solution

This issue is due to the Check for server certificate revocation checkbox being selected and the client PC being unable to retrieve the CRL list for the certificate used by PCS.

There are two solutions:

  1. Resolve the connectivity issue between the client and server, which holds the certificate CRL used by PCS. The CRL link for the certificate used by PCS can be checked as follows:
  • Go to Admin Webui > System > Configuration > Certificates > Device Certificates and click the certificate used by PCS.
  1. Click the triangle shaped icon located at the right hand side of Details.
  2. Check the CRL Distribution Points field.
  3. Install the device certificate on PCS, which is valid and not expired or disable the Check for server certificate revocation option in IE:
  • Go to Tools > Internet Options and click the Advanced tab.
  • In the Security section, clear the Check for server certificate revocation option.
Network Connect launches normally, after implementing the second solution, without any issues.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255