Case

When trying to launch a Citrix Virtual App or Desktop you receive the following error message:

Error:”Cannot resolve the SSL Host name xxx.xxx.xxx (SSL error 40)”. An example occurrence of this error is shown in the screenshot below.

Solution

This issue’s root cause is the end-user DNS resolver (client) not working properly. In most of the cases the issue is resolved with the following actions:

1. Clear your browser cache. Step-by-step instructions for all major browsers can be found at: https://kinsta.com/knowledgebase/how-to-clear-browser-cache/.
2. Flush your DNS resolver. In Windows systems run the following command in an elevated Windows terminal: ipconfig /flushdns. In Debian-based Linux systems first check if DNS caching is enabled by running following command: ps ax | grep dnsmasq. If the cache-size parameter is not zero then the DNS cache needs to be flushed. Depending on your DNS service you will need to run the appropriate commands.

For the latest Ubuntu distributions

#Ubuntu 20.04 
sudo systemd-resolve --flush-caches
#Ubuntu 22.04
resolvectl flush-caches
#Alternative commands for cache flush
sudo systemctl restart systemd-resolved
sudo killall -USR2 systemd-resolved
#Check cache statistics, cache should now be zero
resolvectl statistics

For Debian-based systems

sudo /etc/init.d/dns-clean restart
sudo /etc/init.d/networking force-reload

For nscd

sudo /etc/init.d/nscd restart
sudo /etc/init.d/dnsmasq restart

For BIND

sudo /etc/init.d/named restart

If issue persists despite the Web browser cache reset and DNS flush, you may also want to manually set your hosts file on the end-user machine, in case the DNS service is having issues.

You can find more detailed guidance and step-by-step procedures for analyzing and troubleshooting Citrix Virtual Apps and Desktops organized by category in my Citrix Virtual Apps and Desktops Troubleshooting e-book.