TRIM 7.1 failing on VPN connection: "Client side message length error"
Hi there. Best wishes to all.
I might be a newbie here but trust me, I've spent days on this before coming here for help. Any suggestions would be most welcome.
Background: TRIM 6.2 upgraded to TRIM 7.1 last weekend. All's fine on the LAN, but when connected via VPN - Citrix, through a Netscaler (9.2) - I see this error:
Connection to [dataset details] failed: Error connecting to [dataset]. Client side message length error.
Nothing else changed last weekend - we didn't change the CAG at all, nor any other network settings.
Network traces show TRIM.exe sending a TCP RESET very soon after the initial SYN/ACK handshake. My hunch is that TRIM isn't handling the altered network stack on the workstation due to the VPN. Just a hunch, though...
I've tried a bunch of stuff to isolate this issue:
Moved a VM to our DMZ, inside the CAG but outside a key internal firewall. Works.
Moved a VM in to an artificially NAT'd zone to confirm it's not NAT messing up. Works.
Telnet to <TRIM server:TRIM port> from the VPN connection works just fine.
Played with the MTU values to see if large packets were at fault. Doesn't seem to be, and the network trace shows reasonably small packets anyway.
I'm properly stuck. Could anyone suggest where I might go from here? I have a deep feeling it's TRIM not getting along with my local network settings - really don't think it's happening anywhere but on the local machine - but wouldn't know what to do with TRIM now.
Re: TRIM 7.1 failing on VPN connection: "Client side message length error"
Yes, the error occurs on TRIM launch. I see the splash screen then the error appears about 2 seconds later.
I don't know what data compression is happening client-side before it goes through the VPN tunnel. I could probably find out - I have a Citrix support call open that I can use.
Other than the VPN tunnel there is no config difference between the same workstation connecting just fine on the LAN (including traversing various firewalls) and failing when coming across the internet via the VPN.
Are there any downsides to changing the message length via reg key as you mention? Can you send me the key so I can give it a crack? (If you advise against implementing it, I'll pass that on to my management - but it'd be nice to know if that was the issue.)