Jump to content

Netscaler Citrix Access gateway logon " cannot Complete Request"

Recommended Posts

Netscaler access gateway URL (for internal users only), doesn't work when logged on. throws cannot complete Request. 

Checked Storefront URL, works OK and able to login absolutely fine. Only netscaler AGEE URL throws the error. 


1) SSL certificate CHAIN > OK. (Globalsign nonPublic CA) 

2) AAAD.DEBUG - last to lines as below,

"user authentication (bind event) for user succeeded."

"sending accept to kernel for:  user"

3) No Event Logs on storefront. ( NO ERRORS, NO WARNINGS related to Netscaler Access gateway) 

4) Netscaler URL on able to browse on storefront without any certificate Errors. Also All certificate Chain is imported on Storefront certificate store. 

5) Checked Storefront web URL (base URL) , works OK and able to login and able to launch VDI absolutely fine. 

6) netscaler smart Access disabled. ICA only checkbox ticked. 

7) when Portal Theme Selected as RFWEBUI  error is " cannot complete Request", however when portal theme is set as DEFAULT or X1 or GREENBUBBLE - error is  "HTTP 500 internal Server ERROR" 

aaad.debug is sending accept for all users when using any portal theme. 



Netscaler 12.1, XD 7.15 LTSR CU 4



Link to comment
Share on other sites

Are you using a callback URL in your NetScaler instance on StoreFront?

If so, from the StoreFront server can you browse to that URL without any errors or warnings?

You can also try removing it ... it's not necessary if you are not using Smart Access.


When you checked for errors in the StoreFront Event Log, did you look under Citrix Delivery Services?


Link to comment
Share on other sites

On 10/18/2019 at 6:08 PM, Kedar Pavaskar said:

On the session profile > published Apps,  can you enable the FQDN and check if that works? 

Also have you added the netscaler Gateway and enabled remote access on the Storefront?  

check these, as your aaad.debug suggests that your LDAP policy seems to be fine. 



thanks! this fixed it.  when i entered the FQDN , it worked fine. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...