Jump to content
Welcome to our new Citrix community!
  • 0

Citrix Storefront (FAS) unable to connect


Bjoslashrn Olav Aure

Question

Hi,

 

I'm trying to configure a dedicated Store for FAS login, but when, the logon process trough the IdP works correctly and i get redirected to the Storefront Store, but i get an error when i am redirected to the Store URL.

 

We're using a product called PhenixID as the IdP. The user is logged on at the IdP, sendt to our NetScaler that again sends the user to the storefront servers to the "StoreFAS" store.

 

The error on the website (storefront) just shows "Cannot complete your request", but i get this in the Eventlog on the storefront server.

The Store name is "StoreFAS"

 

Failed to run discovery
Citrix.Web.DeliveryServicesProxy.ConfigLoader.DiscoveryServiceException, ReceiverWebConfigLoader, Version=3.12.0.0, Culture=neutral, PublicKeyToken=null
An error occurred while contacting the Discovery Service
   at Citrix.Web.DeliveryServicesProxy.ConfigLoader.Discovery.AppendConfigurationFromDiscoveryService(WebReceiverConfigSection section)
   at Citrix.Web.DeliveryServicesProxy.ConfigLoader.Discovery.RunDiscovery(WebReceiverConfigSection configSection)
   at Citrix.Web.Proxy.Filters.DiscoveryComplete.OnAuthorization(AuthorizationContext filterContext)

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Unable to connect to the remote server
Url: http://127.0.0.1/Citrix/StoreFAS/discovery
ExceptionStatus: ConnectFailure
   at System.Net.HttpWebRequest.GetResponse()
   at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req)
   at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(String url, String token, HttpRequestParameters options, Object requestData, CookieContainer cookieContainer, Boolean overrideLoopback)
   at Citrix.DeliveryServicesClients.Discovery.RequestHandler.DiscoveryHttpRequestHandler.GetDocument(String url)
   at Citrix.DeliveryServicesClients.Discovery.DiscoveryClient.GetDocument(String url)
   at Citrix.Web.DeliveryServicesProxy.ConfigLoader.Discovery.AppendConfigurationFromDiscoveryService(WebReceiverConfigSection section)

System.Net.Sockets.SocketException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
No connection could be made because the target machine actively refused it 127.0.0.1:80
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)

I have followed this article by @Carl Stalhood1709151912 when i installed and configured FAS (version 1909), our Citrix servers are 7.15 LTSR - XenApp

 

I have exhausted my google skills and tried a lot of different configurations on the new Store but i still cannot get it working.

 

 

Any tips on this and what to check would be greatly appreciated.

 

Thank you all :12_slight_smile:

 

Link to comment

8 answers to this question

Recommended Posts

  • 0
16 minutes ago, Carl Stalhood1709151912 said:

Is http added as a listener on your Default Web Site? If not, then you need to change StoreFront Loopback to On instead of OnUsingHttp.

 

Also, make sure the StoreFront Base URL is https, not http.

 

Hi,

 

There was not added a HTTP listener on the Default web site, i have added this but now i get some other errors in the eventlog when i try to login.

 

My errors are the following (in this order)

I have removed some ogranization specific information from the errors

 

Quote

A CitrixAGBasic Login request has failed.
Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=3.12.0.0, Culture=neutral, PublicKeyToken=null
Authenticate encountered an exception.
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)
   at Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login()

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The remote server returned an error: (403) Forbidden.
Url: http://127.0.0.1/Citrix/StoreFASAuth/CitrixAGBasic/Authenticate
ExceptionStatus: ProtocolError
ResponseStatus: Forbidden
   at System.Net.HttpWebRequest.GetResponse()
   at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req)
   at Citrix.DeliveryServicesClients.Authentication.TokenIssuingClient.RequestToken(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptedResponseTypes, IDictionary`2 additionalHeaders)
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)
 

Quote

CitrixAGBasic single sign-on failed because the credentials failed verification with reason: Failed.

The credentials supplied were;
user: <First Part of UPN Name>
domain: <DOMAIN>

Quote

The following error occurred during an authentication attempt for user: <DOMAIN>\<First Part of UPN Name> with realm: <unknown>
System.ArgumentOutOfRangeException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Specified argument was out of the range of valid values.
   at Citrix.DeliveryServices.Authentication.Kerberos.Native.Authenticator.Authenticate(String userPrincipalName, String clientRealm)
   at Citrix.DeliveryServices.Authentication.Kerberos.KerberosAuthenticator.Authenticate(String userPrincipalName, String clientRealm)
   at Citrix.DeliveryServices.Kerberos.Delegated.Server.DelegatedKerberosAuthenticator.Authenticate(String userPrincipalName, String clientRealm)

 

Link to comment
  • 0

In StoreFront console, go to Manage Authentication Methods. Click the top gear icon and click Manage Trusted Domains. Change it to Any Domain, or make sure your domain names are in the list in the same format shown in the event.

 

On NetScaler, you might have to edit your Session Policy/Profile and clear the setting for Single Sign-on Domain.

Link to comment
  • 0
12 hours ago, Carl Stalhood1709151912 said:

In StoreFront console, go to Manage Authentication Methods. Click the top gear icon and click Manage Trusted Domains. Change it to Any Domain, or make sure your domain names are in the list in the same format shown in the event.

 

On NetScaler, you might have to edit your Session Policy/Profile and clear the setting for Single Sign-on Domain.

 

The setting is already set to Any domain on the Storefront, we have already cleared the setting for single sign-on on the netscaler.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...