Alerts     Sign In
Rate this Article:
You must be signed in to rate again
 Article Feedback Print View
Alternate Languages: N/A

Error: Cannot connect to the Citrix MetaFrame server. There is no route from the Citrix SSL Relay to the specified subnet address (SSL error 37).

Document ID: CTX103203   /   Created On: Jan 14, 2004   /   Updated On: Jan 25, 2008
Average Rating: 1

Symptoms

Using Citrix SSL Relay, you can enumerate applications but cannot connect. The following error message appears:

“Cannot connect to the Citrix MetaFrame server. There is no route from the Citrix SSL Relay to the specified subnet address (SSL error 37).”

Note: This occurs while using SSL Relay to secure ICA connections to the MetaFrame servers. In this case, no Secure Gateway or Web Interface was involved. The full client was being used.

The Event Viewer shows the following:

Event ID 10123: “Failed to make server connection. SOCKSRelaySocket.cpp:98”
Event ID 10123: “Failed to make server connection. RelayConnection.cpp:172”
Event ID 10112: “Failed to setup relay connections. RelayConnection.cpp: 56”

Cause 1

The ICA port was not added to the SSL Relay Configuration.

Resolution 1

  1. Open Citrix SSL Relay Configuration.
  2. From the Connection tab, select the IP address of the server you want to connect to and click Edit.
  3. In the lower field on the Destination Ports menu, enter the ICA port number (default 1494).

If you are not sure of the ICA port value, use the command ICAPORT /QUERY from the command prompt of the server to which you want to connect.

Cause 2

Fully Qualified Domain Name (FQDN) – Domain Name System (DNS) resolution issues

There is a problem with the load balancing servers and the assigned certificate for the SSL Relay.

Ask for the output of SSLserverrelay.exe in debug mode (running from the CMD command).

  1. Stop the SSL Relay service.
  2. From a command prompt, run SSLserverrelay.exe in debug mode.
  3. Watch each SSL negotiation and see if anything is being denied, and so on.

For example:

On the successful connection, the user connects to first server IP 138 with the good assigned certificate for server 138, or Kam2k1:

22/03/2006 12:00:15: Client requested connection to Kam2k1.DNS20.SOCGEN:80
22/03/2006 12:00:15: Accepting connection from 192.82.120.201
22/03/2006 12:00:15: Client requested connection to 192.64.215.138:1494
22/03/2006 12:01:00: Accepting connection from 192.82.120.201

On the failed connection, the same user connects to server 139, but with the server 138 or Kamw2k2 certificate:

22/03/2006 12:01:02: Client requested connection to kamw2k2.DNS20.SOCGEN:80
22/03/2006 12:01:02: Accepting connection from 192.82.120.201
22/03/2006 12:01:02: Client requested connection to 192.64.215.139:1494
22/03/2006 12:01:02: Failed to make server connection. SOCKSRelaySocket.cpp: 98

Resolution 2

  1. On the SSL Relay Configuration, add all load balanced servers on the Connection tab.
  2. Select the "enable XML service DNS address resolution" check box under the Farm Properties/MetaFrame Settings.

Additional Information

Refer to the following Citrix Knowledge Base articles:

CTX102620 – Error: Cannot connect to the Citrix server. There is no Citrix server configured on (or route to) the specified address

CTX711855 – Common SSL Error Messages and Their Causes

CTX104581 – There is no route from the Citrix SSL Relay to the specified subnet address (SSL error 37)


This document applies to:

Search
Knowledge Center
Advanced Search
XenApp
XenApp Plugins (Clients)
XenServer
XenDesktop
NetScaler Application Delivery
Access Gateway
EdgeSight
Provisioning Server
WANScaler
Password Manager
>> View All Products
Does it work with Citrix? Verify it - introducing the new Citrix Ready Community Verified
©1999-2008 Citrix Systems, Inc. All rights reserved.