Jump to content
Welcome to our new Citrix community!

Cannot complete your request "A CitrixAGBasic Login request has failed."


Chris Tolhurst

Recommended Posts

I am getting random "Cannot complete your request" when signing into storefront from Netscaler. If I try again a few times it then works?

 

The event log on the Citrix Xenapp server shows:

 

Event 8

None of the AG callback services responded

 

Event 10

A CitrixAGBasic Login request has failed.
Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=2.6.0.0, Culture=neutral, PublicKeyToken=null
Authenticate encountered an exception.
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)
   at Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login()
 
System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The remote server returned an error: (403) Forbidden.
Url: http://servername/Citrix/Authentication/CitrixAGBasic/Authenticate
ExceptionStatus: ProtocolError
ResponseStatus: Forbidden
   at System.Net.HttpWebRequest.GetResponse()
   at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req)
   at Citrix.DeliveryServicesClients.Authentication.TokenIssuingClient.RequestToken(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptedResponseTypes, IDictionary`2 additionalHeaders)
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)
 
Can anyone explain what is happening?
 
Thanks
Chris
 
Link to comment
Share on other sites

That looks like an STA issue.

 

Do the STAs on your Gateway, (NetScaler Gateway -> Virtual Servers -> Gateway Name -> Published Applications -> STA Servers), match up with the STAs defined on StoreFront (StoreFront Console -> NetScaler Gateway -> Gateway Name -> Secure Ticket Authority)?

 

Make sure they are identical.

 

Regards, Paul.

Link to comment
Share on other sites

Looks like that could be the problem, the callback url is the external url for the netscaler which resolves to the external IP. How should this be configured? Can I just put the VIP ip address or does it need to be a url? Should I use a hosts file on the storefront server to point to the VIP?

 

Thanks

Link to comment
Share on other sites

That's your problem, the callback is failing. I tend to use the host file on each storefront server, just add the gateway and it's VIP. Note it doesn't have to be actual IP of the gateway just a VIP on the NetScaler so if your gateway has an IP in the DMZ which isn't routable from the LAN you can just create a dummy gateway lan side and use that, for example -

 

192.168.100.100     gateway1.domain.com

192.168.100.100     gateway2.domain.com

192.168.100.100     gateway3.domain.com

 

Regards, Paul.

Link to comment
Share on other sites

  • 2 years later...

I realise its an old thread. However I faced the same issue on Storefront 3.12 | XenDesktop 7.15.

It turns out to be an SSL certificate mismatch on NetScalar and that on Storefront. I was using a wild card cert at both places, at the time of expiry, I missed renewing the one at Netscalar.

Link to comment
Share on other sites

  • 11 months later...

Had the same issue, running two Sft server in our environment. found out one of the STF server was the only one throwing the error. tried to authenticate from each storefront server with their IP and found out just one could process login and the other could not. so what i did was remove the bad STF server from the LB VIP. still troubleshooting the issue with the bad STF Server.

  • Like 1
Link to comment
Share on other sites

  • 4 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...