Citrix CLoud - Unable to launch published desktop from static VDA – “VDA Connection Refused” event logged on VDA

book

Article ID: CTX695700

calendar_today

Updated On:

Description

In some environments, users may encounter connection failures to a Virtual Delivery Agent (VDA) in Citrix Cloud DaaS.

VDA and Cloud Connectors are in the same zone.

One common cause is port 443 already being used by another service on the VDA, which prevents the required Citrix components from binding to the port.

This article explains how to identify the process using port 443 and release the port if the service is not required

Cause

The user connection to the VDA was refused because port 443 on the VDA was already in use by another service (IIS / third-party application).

In Citrix Cloud DaaS, the Cloud Connector must establish a secure HTTPS connection (TCP 443) to the VDA to broker and validate user sessions. Although the VDA and Cloud Connectors were located in the same zone and network connectivity was otherwise healthy, the port conflict prevented

 

Resolution

Step 1: Verify which process is using port 443

  • Log on to the affected VDA and open Command Prompt as Administrator, then run:
  • netstat -ano | findstr :443
  • Note the PID listed in the output.

 

Step 2: Identify the service/application using the PID

  • Run the following command to map the PID to a process:
  • tasklist /svc | findstr <PID>
    • Alternatively:
      • Open Task Manager
      • Go to the Details tab
      • Match the PID and identify the process (for example, w3wp.exe for IIS)

Step 3: Check if IIS is Running on the VDA

Option 1: Using Command Prompt

  • Log in to the affected VDA server.
  • Open Command Prompt with Administrator privileges.
  • Run the following command to check the IIS service status:  iisreset /status
 

Option 2: Using Services Console

  • Press Win + R, type services.msc, and press Enter.
  • In the Services list, locate World Wide Web Publishing Service.
  • Check the Status column to confirm whether the service is Running.

Step 4: Stop the Service Occupying Port 443

If IIS is not required on the VDA and is occupying port 443, stop the service.

Option 1: Using Command Prompt

  • Open Command Prompt as Administrator.
  • Run the following command: iisreset /stop
Option 2: Using Services Console
  • Press Win + R, type services.msc, and press Enter.
  • Locate World Wide Web Publishing Service.
  • Right-click the service and select Stop.

Note: Before stopping the service, confirm that IIS or the service using port 443 is not required by any business-critical application running on the server

Step 5: Re-validate port 443 availability

  • Run the netstat command again to confirm port 443 is free: netstat -ano | findstr :443
  • No output indicates the port is no longer in use.

Once port 443 is released, the VDA can successfully listen for connections from the Cloud Connectors, allowing the published desktop launch to proceed normally.

Issue/Introduction

Unable to launch the published desktop in Citrix DaaS and encountered a “Connection Refused to VDA” error during the launch attempt.

Event logs on the Virtual Delivery Agent (VDA) showed “VDA connection refused” messages.

This occurred even though the VDA and the Cloud Connectors were configured within the same zone, indicating that the issue was not related to zone placement but likely due to connectivity or service configuration between the components.

Powered by Wolken Software