Tunnel Client could not connect to server with error "Please check that the server is running"
search cancel

Tunnel Client could not connect to server with error "Please check that the server is running"

book

Article ID: 423156

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

A tunnel client is not connecting to the tunnel server.

The tunnel client GUI or hub log shows a message like:

"Could not connect to (Tunnel server IP/port). Please check that the server is running."

Environment

DX UIM - Any Version
hub - any version - SSL Tunnels implemented

Cause

possible causes include:

  • tunnel server is down
  • firewall is blocking the connection
  • high (greater than 10 seconds) latency on the network between client and server
  • heavy load (CPU) on the tunnel server or client
  • too many tunnel clients connecting to the same tunnel server (more than 30-40 can cause the issue)

Resolution

This message is a generic message indicating that the TLS/SSL handshake between the client and server is failing.

FIrst, check to ensure the tunnel server is actually up and running, and listening on the assigned port, and that the firewall is open to the connection -- try a telnet test, for example, from the tunnel client to the server port and ensure that the connection does not time out or get refused.

If there are a large number of tunnel clients connecting to the same tunnel server, sometimes the tunnel server will have trouble accepting the client connections quickly enough, especially immediately after a server restart.  The number of clients which is "too many" may vary depending on the performance characteristics of the environment, but this problem seems more likely to manifest when there are more than 30 tunnel clients connecting to the same tunnel server.   If there is heavy load on the server or high latency on the network, the number of clients which can successfully connect may be lower.

If, due to load/latency or other reason, the SSL/TLS handshake takes more than 10 seconds to fully complete for a client, this may also cause the problem.  Your network adminstrator may be able to identify this behavior with a packet capture of the tunnel traffic.  

Additional Information

In DX UIM 23.4.7 (CU7) there will be an option on the tunnel client hub to enable a longer timeout than the existing 10-second timeout which may help clients connect more reliably in a heavily loaded environment.

Powered by Wolken Software