Monday, April 15, 2013

(OS 10061)No connection could be made because the target machine actively refused it. : Unable to connect to the CGP tunnel destination (

(OS 10061)No connection could be made because the target machine actively refused it.  : Unable to connect to the CGP tunnel destination (

We got this error on a XenApp 6.5 provisioning server

We utilize Citrix PVS for our XenApp servers.  After updating our XenApp vDisk using our usual method and rebooting the server we got the above error.  Since we versioned it we had our usual servers working without issue, and a couple of "test" versions failing.  I started troubleshooting this using the google method of shotgun trying the first 5 error/solutions.  This included, disabling re-enabling ICA listener, setting the listener on only one NIC interface (which it was, I toggled it for all then just one), deleting the ICA listener and recreating it.  None of them worked so I started troubleshooting.

I encountered this error today and started troubleshooting.  The first step I did was trace the path to the error using Procmon.exe.  This, unfortunately, did not reveal anything of substance.  What I found with this error is the network process is almost exactly the same for both.  I can see XTE.exe communicating via 2598, I can see, what appears to be it handing it off to IMASrv.exe.  At this point is when it causes that error message to be displayed on the bad machine, but IMASrv.exe continues on the good machine.

At this point I'm thinking that maybe the IMA settings for session reliability have become corrupted.  It was suggested to me to disable session reliability and see if it works by a colleague of mine.

The odd thing about resetting the IMA policy is that it isn't even set in the first place.

"Add" means it is not set
But I disabled it anyways in the IMA policy in AppCenter, NOT in group policy.  After setting session reliability to disabled I restarted the IMA Service on the server and the XTE service.  The XTE service refused to start, I assume because we disabled it, and the IMA service came up.  I then connected to the application via 1494 without issue.  At this point I removed the session reliability setting again.

Click "Remove"
And then waited a minute or so and restarted the IMA Service and XTE Service.  The XTE service came up cleanly, running netstat -a only showed 2598 was listening and I retried the application hosted on the troublesome server.

BANG, it worked like a charm.  I wish I knew why it was happening with more detail, unfortunately, this is as far as I got and I cannot make the error occur again.

The next time this occurs I would like to try stopping the IMA Service and removing this file:
C:\Program Files (x86)\Citrix\FarmGpo\FarmGpo.bin

I think that contains the local IMA policy that may have been corrupted and causing my issue.


I believe I have fixed the issue here.  It appears it may be a NIC binding issue.

No comments: