Jump to content
Welcome to our new Citrix community!

Cannot complete your request error when accessing StoreFront via GSLB domain

Jesus Martin

Recommended Posts

Hi everyone,


We are in progress right now of making our Citrix environment an Active Active setup using Netscaler GSLB between our 2 Sites/Datacenters. I configured Netscalers in each site which also load balanced our StoreFront Servers. Authentication Pass-Through was also configured from each Netscaler to StoreFront and tested without problems. SSL Certs were installed in all StoreFront Servers, tested via browser and no error.


My issue is when I access our GSLB domain “https://citrix.mydomain.com” which load balances our traffic between our 2 Sites/Datacenters. I can successfully login to Netscaler Unified Gateway but seems like pass-through going to StoreFront is not working properly, see below Event Log from StoreFront:



A CitrixAGBasic Login request has failed.

Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=, Culture=neutral, PublicKeyToken=null

Authenticate encountered an exception.

   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)

   at Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login()


System.Net.WebException, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089

The remote server returned an error: (403) Forbidden.


ExceptionStatus: ProtocolError

ResponseStatus: Forbidden

   at System.Net.HttpWebRequest.GetResponse()

   at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req)

   at Citrix.DeliveryServicesClients.Authentication.TokenIssuingClient.RequestToken(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptedResponseTypes, IDictionary`2 additionalHeaders)

   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)



I did tried below fixes from the forum but didn’t work. Hope someone can help me figure this out.


1.       Checked the NetScaler LDAP policy/server Single Sign-on Attribute field It should be blank as per this site: https://www.mycugc.org/p/fo/et/thread=1104

2.       Changed Loopback Option in StoreFront to “OnUsingHTTP”. Site:








Link to comment
Share on other sites

  • 3 months later...

I had the same issue, and I didn't configure Callback URL. The way I resolved it was by editing web.config under inetpub > wwwroot > Citrix > StoreFrontWeb.


In web.config I commented below line:

<add method="CitrixAGBasic" />


Here is the snippet:

        <authentication tokenLifeTime="08:00:00" locationURL="Authentication/GetAuthMethods">
            <clear />
            <add method="ExplicitForms" />
            <!--<add method="CitrixAGBasic" />-->
Link to comment
Share on other sites

  • 3 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...