Jump to content
Welcome to our new Citrix community!

Error if I wait 2 min on login page

Stefano Baronio

Recommended Posts

Hi all,

    I just discovered that if I open the AAA login page and wait for about 2 minutes, than the login will fail with something like "call your support".

Error logged in ns.log are:

 "AAATM Login: created session for <stefano.baronio> with cookie: <>"

"Artifact Store: Value absent in local cache"

 "AAATM LOGIN: failed to lookup cgi/tm one time code"


And then:

"AAA Client Handler: Found extended error code 1245184


The problem happen when logging off the application as well. If I wait a couple of minutes then I can no longer log on and have to re-load the initial page.

Anybody knows a workaround for this?





Link to comment
Share on other sites

Check your clock/cookies/timeouts first:

1) check your NetScaler system clock/timezone settings to see if they are not in sync

2) Determine whether the NetScaler is still using version 0 (absolute timestamp) vs version 1 (relative timestamp) cookies and change to version 1.

3) Double check in your AAA session policy or global parameters that you do or don't have a max session or idle session or client idle session timeout set that could be affecting the authentication duration there.


If you use AAA for any other application do you see the same behavior (if so, one of the above settings is likely). If it works for some apps and not this one, there might ben issue that is app specific.  You could do a trace in case there is a connection termination happening elsewhere in the communication.

Link to comment
Share on other sites

Hi Rhonda, 

   thank you for your time. I've checked point 1) and 2) and they are ok.

I couldn't find any timeout setting in AAA global setting and I've checked on Global system settings, HTTP parameters and Change Timeout Values (all 0), but they seems to be ok.

Set the SSL timeout in the Auth vServer properties to 600, but no change.


Session cookies are set after authentication, so they shouldn't get involved in this case.

At login prompt, the only cookie set is NSC_TASS. I've noticed that the cookie has the following text in it: <server-url>/&code=40e7fb01526ba8ea. After the authentication the cookie content changes and the "code" part disappear. Any changes it is related with the error "AAATM LOGIN: failed to lookup cgi/tm one time code"?


Thank you



Link to comment
Share on other sites

Actually I hit the LB URL, then I'm redirected to the AAA login page. If I wait there for about 2 mins I get the error "Try again or contact your help desk" with the logs above.

I get the same error when logging off the application and wait more than 2 mins on the same login page (I have a redirect policy on the logoff button hit).



Link to comment
Share on other sites

  • 4 months later...

Hello I ge the same issue "If I wait there for about 2 mins I get the error "Try again or contact your help desk" with the logs above.".  


Like a poor workaround, I have added a Content Switching policy that publish "OWA & AAA Server" with the expression

HTTP.REQ.HOSTNAME.EQ(" FQDN  OWA  ") && http.req.url.endswith("ico_error.png"). In the action I publish the LB Virtual server that redirect to "https://"FQDN  OWA"/owa

FQDN  OWA: your public FQDN

It is not an elegant solution but in the case of error, the system advice to the user that "try again" and in this case works. 

I will try to find a better solution but  meantime it is better that get the error.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...