Intermittent error "An existing connection was forcibly closed by the remote host" on Citrix DAAS.
Article ID: CTX463863
Updated On:
Description
Intermittently session launch fails for Citrix Daas . If the user tries a few times it may be possible to launch an application or desktop.
The failure reason is recorded as "Connection Timeout" .
This error may also be seen .
"Failed to connect to the server for your session ''Name_of_Application'. Try again or contact your Helpdesk with the following information"
An existing connection was forcibly closed by the remote host.
(Error code: 2064.10054)
Transaction_ID
If the problem persists, contact your admin with the Transaction ID.
Resolution
Ensure traffic to Netscaler PoP from Cloud Connector is not blocked by a firewall.
See https://support.citrix.com/article/CTX270584/citrix-gateway-service-pointsofpresence-pops for list of URLs to allow through firewall.
In this example The connector is XXXXXCON07 and the Netscaler PoP is aws-eu-c-rdvz.g.nssvc.net. The Connector is unable to contact the PoP .
TimeStamp=2022-08-23T12:51:09.404944Z EdgeServerId=3751a897-1461-45b7-8215-3c4906fbd111 MachineName=XXXXXXXCON07.XX.XX MachineIP=10.x.x.x REventType:\"error\", Message:\"Connecting to Gateway Service PoP Failed\", MessageCode:\"NGSConn_ERR_00007\", SenderName:\"xxxCON07\", SenderPublicIP:\"x.x.x.x\", SenderPrivateIP:\"\", ResourceLocationId:\"60f12d09-d554-414d-bae2-255838805467\", UserName:\"xxx.xx\\\\xxxxxxxx\", VdaIP:\"\", VdaFQDN:\"\", ProxyHost:\"\", EdgeIP:\"\", EdgeFQDN:\"aws-eu-c-rdvz.g.nssvc.net\"}"}
The above error is repeated a few times . No other connector or PoP is contacted .
Them the failure SessionStartFailed is logged @1253
The traffic from the Cloud Connector to the Netscaler PoP is blocked by the firewall..
This can be verified with Telnet on the Cloud Connector
The "telnet aws-eu-c-rdvz.g.nssvc.net 443" command will fail
Within the Cloud Connector you can also attempt to access the various NetScaler PoPs:
See https://support.citrix.com/article/CTX270584/citrix-gateway-service-pointsofpresence-pops for list of URLs to allow through firewall.
Problem Cause
The back end Logs shows the Cloud Connector is unable to reach the Netscaler PoP.In this example The connector is XXXXXCON07 and the Netscaler PoP is aws-eu-c-rdvz.g.nssvc.net. The Connector is unable to contact the PoP .
TimeStamp=2022-08-23T12:51:09.404944Z EdgeServerId=3751a897-1461-45b7-8215-3c4906fbd111 MachineName=XXXXXXXCON07.XX.XX MachineIP=10.x.x.x REventType:\"error\", Message:\"Connecting to Gateway Service PoP Failed\", MessageCode:\"NGSConn_ERR_00007\", SenderName:\"xxxCON07\", SenderPublicIP:\"x.x.x.x\", SenderPrivateIP:\"\", ResourceLocationId:\"60f12d09-d554-414d-bae2-255838805467\", UserName:\"xxx.xx\\\\xxxxxxxx\", VdaIP:\"\", VdaFQDN:\"\", ProxyHost:\"\", EdgeIP:\"\", EdgeFQDN:\"aws-eu-c-rdvz.g.nssvc.net\"}"}
The above error is repeated a few times . No other connector or PoP is contacted .
Them the failure SessionStartFailed is logged @1253
| 8/23/22 12:53:35.547 PM | { [-] BrokeringUserFullName: xxxxxxxxxx BrokeringUserSamName: Domain\\xxxxxxx EventType: SessionStartFailed FailureReason: Session.ConnectionTimeout |
The traffic from the Cloud Connector to the Netscaler PoP is blocked by the firewall..
This can be verified with Telnet on the Cloud Connector
The "telnet aws-eu-c-rdvz.g.nssvc.net 443" command will fail
Within the Cloud Connector you can also attempt to access the various NetScaler PoPs:
- If you access one of the FQDN/Control/Ping and the page returns a blank then access is working. Note Control/Ping is case-sensitive.
Was this article helpful?
Yes
No
Powered by
