Weird Errors and the Mysterious Root Cause
Over the past few months I have come across several seemingly unrelated issues that all had one root cause. There was not any typical correlation between the servers. Citrix software was everything from Presentation Server 4.0 to XenApp 5. Windows operating systems ranged from Windows 2000 Server up to Windows Server 2008. Users would receive one of the following errors:
Cannot connect to the Citrix MetaFrame server (with one of the following statements):
- Protocol Driver error
- Transport Driver error
- The SSL Server you are trying to connect to is not accepting connections
- The Citrix MetaFrame server you have selected is not accepting connections
- There is no route to the specified subnet address
Looking in the server’s event logs, any number of the following would be logged:
- The licenses required by this edition of Citrix Presentation Server are not present on the license server LicenseServerName.
- This computer running Citrix Presentation Server will now stop accepting connections. This server is no longer in or could not enter a licensing grace period.
- Error errorNumber received while obtaining a license for a Citrix Presentation Server client connection. A grace license has been granted.
- Error errorNumber received while obtaining a license for a MetaFrame client connection. The license request has been rejected.
The first course of action would be to follow the relevant Citrix Support Knowledgebase Articles:
- http://support.citrix.com/article/CTX105793 Error: Cannot connect to the Citrix server. Protocol Driver Error and/or Transport Driver.
- http://support.citrix.com/article/CTX108782 Error: Cannot connect to the Citrix MetaFrame server. Protocol Driver error.
- http://support.citrix.com/article/CTX911130 Error: “1030 – Protocol Driver Error” Troubleshooting Steps and Suggestions
- http://support.citrix.com/article/CTX103367 Users receive a Transport Driver Error message
- http://support.citrix.com/article/CTX101716 Error: The SSL Server You Have Selected is not accepting connections
- http://support.citrix.com/article/CTX106531 Troubleshooting the Citrix XTE Service and Errors: There is no route to the specified address … Protocol Driver Error
At the customer sites where I was working, none of the above articles or troubleshooting steps resolved the errors. Every error above, at these specific customer sites, had the same root cause: name resolution issues. Symptoms included:
- The ability to ping the Citrix license server by IP address but not by either NetBIOS name or Fully Qualified Domain Name. For example, pinging 192.168.1.1 worked but not pinging CTXLIC01 or CTXLIC01.WebstersLab.com.
- The ability to ping the Citrix license server from one XenApp server but not another.
- A XenApp server would work one week but not work after all servers completed a scheduled reboot cycle.
Some of the problems and solutions included:
- Corrupt local DNS cache. Pinging the Citrix license server returned an invalid result or no result. Running ipconfig /flushdns on the XenApp server fixed this symptom.
- For the Presentation Server 4.0 farm, all the Domain Controllers were running Windows 2000 Server and all Domain Controllers pointed to themselves for primary DNS. This created DNS Islands and not all Domain Controllers had the host record for the Citrix license server. This was fixed by designating one Domain Controller (the one holding the PDCe FSMO role) as the central Domain Controller. All other Domain Controllers were reconfigured to point to the central Domain Controller for primary DNS and to themselves as secondary DNS. There was only one Active Directory site involved. To read more about this issue, see http://support.microsoft.com/kb/275278 . This issue does not affect DNS running on Windows Server 2003 and later.
- A firewall separated the XenApp servers from the Citrix and Terminal Server license servers. One XenApp server had been replaced and the IP address of the new server had not been added to the firewall to allow its traffic through. This was resolved by added the new server’s IP address to the appropriate firewall rule.
My point is this, the error you see is not always the error you have! Don’t forget basic network troubleshooting steps.
- Can you ping the local loopback address? [ping 127.0.0.1 or ping localhost]
- Gather the server’s IP configuration information. [ipconfig /all]
- Is the server using a static or dynamic configuration?
- If dynamic, is the IP information valid?
- Is the DHCP server reachable?
- Can you ping the server’s IP address? [e.g. ping 192.168.1.100]
- Can you ping the server’s NetBIOS name? [e.g. ping CTX01]
- Can you ping the server’s FQDN? [e.g. ping CTX01.WebstersLab.com]
- Can you ping the Default Gateway? [e.g. ping 192.168.1.1]
- If WINS is used, can you ping the WINS server? [e.g. ping 192.168.1.222]
- Can you ping the DNS server? [e.g. ping 192.168.1.200]
- Use nslookup to test name resolution. [e.g. nslookup carlwebster.com]
If pinging by IP address works but not pinging by NetBIOS name or FQDN then more than likely you are facing name resolution issues.
When working on resolving errors that appear in your Citrix environment, do not leave out verifying that something as basic as name resolution is functioning properly. In a Windows Active Directory infrastructure, broken name resolution can have you chasing down errors that don’t really exist.