Jump to content
Welcome to our new Citrix community!

Netscaler Gateway - cannot complete your request after login


Recommended Posts

Hi,
ERROR: cannot complete request (after login), error message goes on loop, even after clicking OK.

 

I have an issue where the access gateway is unable get the apps populated when logged in.

this is happening on external Netscaler only.

here are the points 

 

External netscaler - 13.0

storefront 1912 LTSR

 

1) Access gateway URL certificate( external Netscaler HA pair) used is self signed (Microsoft CA) wildcard certificate. This wildcard cert is also used on the storefront load Balancing VIP, (SF LB VIP residing on internal Netscaler HA pair).

this wildcard cert is also bound on IIS in the SF web server. 


2) Able to login and authenticate fine,  Refer to (LDAP aaad.debug screenshots)

 

2) Able to work fine when directly connected to Storefront base URL, storefront Load balanced URL., also able to browse external access gateway URL  lon storefront server

 

3) gateway is hosted on external Netscaler, which contacts the storefront load balanced vip on internal Netscaler.

 

4) there is also a internal gateway, on the internal Netscaler. Working fine, will be a separate URL.(external Netscaler gw URL, and Internal Netscaler GW, Will be separate URLs) internal GW uses the same storefront lb vip

 

5) added two gateways inside storefront config.

 

6) there are two Gateways configured in storefront, the default appliance is not set as external Url.
Even if I set the default appliance as the external Netscaler issue is the same.


 

any thoughts on this would be greatly appreciated.

thanks
 

 

 

 

Link to comment
Share on other sites

On 7/19/2020 at 6:43 PM, Carl Stalhood1709151912 said:

What errors do you see in StoreFront Server > Event Viewer > Applications and Services > Citrix Delivery Services?

 

i get these three errors Everytime i log in.

 

The SF base URL is nothing but the LB VIP - https://citrixstrorefront (followed by domain fqdn)

 

this same LB viP is being used for Internal Netscalers GW. and works fine.

issue is happening only via external GW URL.

 

 

Link to comment
Share on other sites

It looks like you have Callback enabled. If you don't need SmartAccess or FAS, then go to StoreFront Console > Manage NetScaler Gateways, edit the Gateway, and on the Authentication page remove the callback URL.

 

If you need the callback, then make sure your StoreFront server and resolve the Callback URL and connect to it.

Link to comment
Share on other sites

21 hours ago, Carl Stalhood1709151912 said:

It looks like you have Callback enabled. If you don't need SmartAccess or FAS, then go to StoreFront Console > Manage NetScaler Gateways, edit the Gateway, and on the Authentication page remove the callback URL.

 

If you need the callback, then make sure your StoreFront server and resolve the Callback URL and connect to it.

thanks carl!

verified this, and while i was doing it, i  found that cert attached was wrong.

 

browsing the GW page on storefront servers was thrwoing certificate errors, so fixed it by attaching the right certificate.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...