Troubleshooting Citrix protocol driver error

Trouble shooting the Citrix error/ICA message: protocol driver error


I think this is a rather poor chosen error message. Protocol driver error within a Citrix environment can mean so many things. But it comes down to this: the client cannot find the server. So if it were up to me, I’d change this message to ‘The ICA client cannot connect to the XenApp server’, or even sorter; Cannot connect to the Server.


‘Protocol drive error’ can have so many causes, and here’s a list of things you should check.

1 – Step one is to determine what the problem is, we split that up in 3 groups;

  1. client, the workstation or thin client
  2. transport, network cables/switches/firewall
  3. server, XenApp server/load balancer

To determine which is your case is usually fairly simple:

How much people have the problem?;

1 – usually the client
2 to department size (50-100) – usually transport (network)
All people cannot login; usually server problems

These figures are indicative, it is very well possible they don’t count in your case!

2 – Client problems

Here’s a list of things you could check;

  • is the network cable connected
  • Is the network driver properly installed
  • check your IP configuration
  • check for blocking software like firewalls
  • check for viruses
  • check your ICA client version

Sometimes it faster and easier to just replace the whole client, specially with thin clients. Or sometimes a reinstall is faster than troubleshooting.

3 – Transport problems

At one of the faulty clients;

  • check the IP configuration;
  • check network card physically, cable, link LED, follow the cable to the outlet.
  • check the default gateway, see if you can ping the default gateway
  • check the DHCP settings
  • try to resolve one of your XenApp servers at the client
  • ping one of the XenApp servers
  • Use telnet or putty.exe  to see if the port is blocked somewhere during transport, do a:

C:> telnet ctxsvr01 1494

If the ICA protocol is listening you should get a black empty screen, with a few ‘ICA’s appearing. If not, this means that either the server is not listening on port 1494, or some network component is blocking traffic on this port. This is usually a firewall, so contact your network administrator if you suspect the port is being block underway.

*in this example we use port 1494, the default ICA port, this might be different in your environment!
**You can easily spot the difference from listening port and a non-listening port by connecting to a port number from which you know for sure no service is listening, for example;

C:\> telnet ctxsvr01 15121

Telnet usually responds with something like; ‘cannot connect to host, on port 15121’


4 – Server problems

If no one can connect to you published applications, or if all people sometimes or always get ‘protocol driver error’ something might be wrong with your XenApp setup.

Storefront/Webinterface/CAG If you use a Citrix Access Gateway/Citrix Secure Gateway/Netscaler to connect via Storefront/Webinterface to your XenApp/Presentation server farm, rule out these components by connecting to the XenApp servers directly. If connecting via the Program Neighbourhood doesn’t pop up ‘protocol driver error’s’, you are sure it must be your CAG/WI setup. (WI=Web Interface) Things to check in your CAG/WI setup:

  • Are all STA’s configured correctly and responsive. (you can turn on logging)
  • Have you chosen the correct access method;
  • direct
  • Alternate
  • Translated
  • Gateway Direct
  • Gateway Alternate
  • Gateway Translated
  • Double check the ‘access routes’, ‘Firewall translations’ and ‘Gateway settings’.

Server general When you connect to your published application using the Program Neighbourhood till shows ‘protocol driver error’, it must be the load balancer or one of your XenApp servers. Isolate the issue by replicating the published resource and have it end up at one XenApp server. For each server involved you should check:

  • ccan you ping the server
  • check the load balancing, on a XenApp server: qfarm /load
  • is the IMA service running
  • is the logon service running
  • is the server listening on port 1494
  • try bypassing your entire Citrix setup by connecting with RDP