Error cannot resolve the SSL Host name (SSL error 40) in Citrix Virtual Apps and Desktops


When trying to launch a Citrix Virtual App or Desktop you receive the following error message:

Error:”Cannot resolve the SSL Host name (SSL error 40)”. An example occurrence of this error is shown in the screenshot below.


This issue’s root cause is the end-user DNS resolver (client) not working properly. In most of the cases the issue is resolved with the following actions:

  1. Clear your browser cache. Step-by-step instructions for all major browsers can be found at:
  2. Flush your DNS resolver. In Windows systems run the following command in an elevated Windows terminal: ipconfig /flushdns. In Debian-based Linux systems first check if DNS caching is enabled by running following command: ps ax | grep dnsmasq. If the cache-size parameter is not zero then the DNS cache needs to be flushed. Depending on your DNS service you will need to run the appropriate commands.

For Debian-based systems

sudo /etc/init.d/dns-clean restart

sudo /etc/init.d/networking force-reload

For nscd

sudo /etc/init.d/nscd restart

sudo /etc/init.d/dnsmasq restart


sudo /etc/init.d/named restart

If issue persists despite the Web browser cache reset and DNS flush, you may also want to manually set your hosts file on the end-user machine, in case the DNS service is having issues.

You can find more detailed guidance and step-by-step procedures for analyzing and troubleshooting Citrix Virtual Apps and Desktops organized by category in my Citrix Virtual Apps and Desktops Troubleshooting e-book.

Was this article helpful?

Related Articles