Jump to content
Updated Privacy Statement

Unable to login to Storefront externally via Netscaler Access Gateway 10


Gavin Lockhart

Recommended Posts

Thanks Sergey Kozlov, the problem is that I specified also in "Pass-Through from NetScaler Gateway" the Trusted Domain. But in this case on internal request the Domain must be specified.

 

Reviewing other settings on Netscaler, I made a mistake compiling "Single Sign-on Domain" in Netscaler Gateway wizard on Storefront, where it requests the NETBIOS name and not fqdn.domain. Changed fqdn to NETBIOS, the logon works fine and the Truested Domain can be enabled.

Link to comment
Share on other sites

  • 2 months later...

I had the same problem referenced in the orginal post with NetScaler 10.5. Carl was on to it as usual. In my case I had a split domain with internal vs. external DNS. The problem was that the internal Storefront servers couldn't resolved the internal VIP AG external URL and didn't trust the certificate. To fix the problem, I had to install (I'm using http for StoreFront in this deployment) the external URL cert and the root/intermediate certs on each StoreFront server. I then had to create a host entry so the external URL (i.e. citrix.domain.com) resolved to the internal VIP of the AG. It's working great now.

Link to comment
Share on other sites

  • 3 years later...

I configured Citrix Farm 7.15 and everything is accessible locally. I can browse storefront store and login successfully and also launch applications successfully. But when I configured the settings with Netscaler Gateway I'm ended up error "Can not Complete Request" after login to the gateway.

 

When I check the event logs in Storefront server, error log quoted like below.

<<<

Error Event Log:

Log Name:      Citrix Delivery Services
Source:        Citrix Receiver for Web
Date:          XXXXXXXX PM
Event ID:      10
Task Category: (3001)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxxxx.xxx.com
Description:
A CitrixAGBasic Login request has failed.
Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=3.12.0.0, Culture=neutral, PublicKeyToken=null
Authenticate encountered an exception.
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)
   at Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login()

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The remote server returned an error: (403) Forbidden.
Url: https://127.0.0.1/Citrix/XXXXXstoreauth/CitrixAGBasic/Authenticate
ExceptionStatus: ProtocolError
ResponseStatus: Forbidden
   at System.Net.HttpWebRequest.GetResponse()
   at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req)
   at Citrix.DeliveryServicesClients.Authentication.TokenIssuingClient.RequestToken(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptedResponseTypes, IDictionary`2 additionalHeaders)
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Citrix Receiver for Web" />
    <EventID Qualifiers="0">10</EventID>
    <Level>2</Level>
    <Task>3001</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2019-03-26T20:53:07.227006500Z" />
    <EventRecordID>1215</EventRecordID>
    <Channel>Citrix Delivery Services</Channel>
    <Computer>example.exampledomain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>A CitrixAGBasic Login request has failed.
Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=3.12.0.0, Culture=neutral, PublicKeyToken=null
Authenticate encountered an exception.
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean&amp; passwordSupplied)
   at Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login()

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The remote server returned an error: (403) Forbidden.
Url: https://127.0.0.1/Citrix/XXXXstoreEAuth/CitrixAGBasic/Authenticate
ExceptionStatus: ProtocolError
ResponseStatus: Forbidden
   at System.Net.HttpWebRequest.GetResponse()
   at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req)
   at Citrix.DeliveryServicesClients.Authentication.TokenIssuingClient.RequestToken(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptedResponseTypes, IDictionary`2 additionalHeaders)
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean&amp; passwordSupplied)
</Data>
  </EventData>
</Event>

 

error log 2 records as a Citrix Authentication Service error.

 

CitrixAGBasic single sign-on failed because the supplied domain: /Citrix/XXXXXstore is invalid. This has two main causes, either;

The single sign-on domain specified in the NetScaler Gateway console is invalid.

or

If the domains are being restricted in the StoreFront console, then the domain: /Citrix/XXXXXstore is not present in the list of Trusted Domains.

 

>>>>>

 

Fix:

 

I've modified the Netscaler Gateway Session Policies settings.

 

Login to Netscaler and browse to Netscaler Gateway --> Virtual Servers --> Go to Session Policies --> Select Policy with "Edit Profile" as Action --> Click on "Published Applications"--> See "Single Sign-On Domain"  tab where it is filled with some path, here need to update with domain only as "exampledomain.com" and save settings and close.

 

After I log into Netscaler Gateway and I successfully browse to storefront and able to access apps.

 

This way my issue is fixed. 

 

Here I've not configured with any cert or something else. 

 

 

 

Link to comment
Share on other sites

  • 6 months later...

Hi all.... can somebody please help me on this one???

 

I've checked certs but this error seems a litle different for that socket part, but I really don't know what port it should be talking through

 

 

The AG Web Service at: https://netscaler.vip.com/CitrixAuthService/AuthService.asmx failed with the following error. This endpoint will be ignored until: 10/3/2019 3:49:07 AM
Citrix.DeliveryServices.Authentication.CitrixAGBasic.Exceptions.AGCommunicationException, Citrix.DeliveryServices.Authentication.CitrixAGBasic, Version=3.12.0.0, Culture=neutral, PublicKeyToken=null
A communication error occurred while attempting to contact the NetScaler Gateway authentication service at https://netscaler.vip.com/CitrixAuthService/AuthService.asmx. Check that the authentication service is running.
   at Citrix.DeliveryServices.Authentication.CitrixAGBasic.Client.AGClient.GetAccessInfo(String sessionId, String username, String domain)
   at Citrix.DeliveryServices.Authentication.CitrixAGBasic.Client.CitrixAGBasicWebService.GetAccessInfo(String sessionId, String username, String domain)

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Unable to connect to the remote server
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Citrix.DeliveryServices.Authentication.CitrixAGBasic.AGAuthService.AuthenticationServiceSoap.GetAccessInformation(String sessionId, String username, String domain)
   at Citrix.DeliveryServices.Authentication.CitrixAGBasic.Client.AGClient.GetAccessInfo(String sessionId, String username, String domain)

System.Net.Sockets.SocketException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 11.111.111.1:443 (netscaler virtual server IP)
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...