An issue I encountered when working with one of our customers today. The customer reported that users intermittently received a ‘Protocol Driver Error’ when launching applications from their XenApp 5 (windows 2003) farm.
As you know Protocol Driver error is one of those brilliant errors of a million causes but essentially it’s the client telling you “I couldn’t contact the server using the address provided” if taken literally it means the server address in the ICA file could not be contacted via ICA or CGP but over the years can be caused by anything from licensing to network connectivity..
Anyway in this particular instance the servers were provisioned (Provisioning Server 5.6 SP1) XenApp 5 (R06) servers hosted on VSphere 4.0. As all the hosts were provisioned from the same VDisk it was odd that the issue was ‘random’.
The customer had done some investigation and had managed to identify that the issue occurred on servers that would not respond to ICA (telnet to port 1494) so with this information a server that was effected was found by scanning the farm servers with a port scanner to check if the ICA listener responded, this this instance the customer had written their own but NMAP would do fine
Example NMAP command:
nmap -1494 -v 192.168.1.1-254.
From the system eventlogs I could see at start up the main offender looked to be the following error:
Event Type: Error
Event Source: TermService
Event Category: None
Event ID: 1014
Time: 2:15:35 AM
Description: Cannot load illegal module: C:WINDOWSsystem32VDTW20.DLL."
Checking TSADM the listener status was indeed down making it entirely reasonable for the server have problems taking ICA connections. Thankfully a quick Google produced the following Article:
I don’t want to duplicate the efforts of the article but it turns out Cause 2, the presence of Microsoft hotfix 938759, was the issue on these servers. This has now been removed and we’re yet to see an instance of the ICA listener being in a down state so until proven otherwise I consider this case closed.