The SSL Server You Have Selected is not accepting connections

Troubleshooting “The SSL Server You Have Selected is not accepting connections” error message

Make sure that a connection is being made to the server running Secure Gateway.

• Set the logging to maximum on Secure Gateway so that all events, including informational, are logged.

• Attempt to connect.

• Make sure that there is a connection in the application log on the server running Secure Gateway:

CSG0401 Accepted connection from client >client ip address<.

• If no connection is logged in the event viewer, make sure that Secure Gateway is started and that the firewall is allowing access to that server.

• Make sure the client can resolve the FQDN of the server running Secure Gateway.

• If you are attempting to use IIS and Secure Gateway on the same server, make sure you followed CTX799332 - Running Citrix Secure Gateway and IIS/NFuse on the same server ; there are two IP addresses, each with its own SSL certificate; and Debug.asp CTX052061 - Citrix Web Server Debugging & Analysis Tool shows that DisableSocketPooling is set to True. Verify that IIS is not trying to run a Web site on the same IP address as Secure Gateway.

Ensure that the server running Secure Gateway can access the MetaFrame server on the IP address specified.

• Set the logging to maximum on the server running Secure Ticket Authority (STA) so that all events, including informational, are logged by editing the ctxsta.config file and changing the logging level to 3. Then run IISRESET.

• Attempt to connect.

• Check the STA logs to see what address the STA is sending to the server running Secure Gateway  they are in the \inetpub\scripts folder by default.

Check for an entry resembling this:

INFORMATION 2002\11\15:14:24:54 CSG1305 Request Ticket - Successful 97CA7F83085BD179B08EDC1F0DC316FC MetaFrame address:port

• The server running Secure Gateway must be able to access the given IP address on the port specified.

To test, telnet to that address from Secure Gateway or make a connection using the Citrix ICA Client.

If the server running Secure Gateway and the MetaFrame server are separated by a firewall performing Network Address Translation (NAT), you may need to configure an alternate address on the MetaFrame server and then set Use alternate addresses of MetaFrame servers in the server-side firewalls settings. The internal firewall must be configured to allow the traffic on port 1494 from the server running Secure Gateway to the MetaFrame server.

Additional Information

CTX103343 - Error: Cannot connect to the Citrix MetaFrame Server. Server location address must be specified as fully qualified domain names to allow SSL connections to succeed.