In Citrix Studio, select [Licensing] from the left-hand tree and click [Change License Server], when entering IP address in the "Change License Server" window that appears, the message "Connected to a trusted server" is displayed.

However, when returning to Studio, the error message "Cannot connect to the Citrix License Server" is shown.

Furthermore, the Citrix Delivery Controller (DDC) failed to run the PowerShell command Get-LicEffectivePermission due to a "CommunicationError."

As a result, Citrix Studio reports the License server connection failure error.　

Extend the value of KeepAliveTimeout to 20 seconds or longer as a workaround for this issue. If 20 seconds is not sufficient, increase it further as needed.

1. Backup then edit C:\Program Files (x86)\Citrix\Licensing\WebServicesForLicensing\Apache\conf\httpd.conf.

2. Add "KeepAliveTimeout 20" into <IfModule ssl_module> section:

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
KeepAliveTimeout 20
</IfModule>

3. Restart Citrix Web Services for Licensing.

Problem Cause

When the DNS server fails to resolve the License Server's IP address to its FQDN during the TLS handshake initiated by DDC, the DDC server cannot obtain a Kerberos ticket. Windows would normally fall back to NTLM authentication, which does not require the server's FQDN or NetBIOS name.

However, the License Server's default KeepAliveTimeout of only 5 seconds causes it to disconnect the TLS connection prematurely, before the fallback to NTLM authentication can complete.