Jump to content
Welcome to our new Citrix community!

SSPR - Unable to contact external authentication server


nlffel439

Recommended Posts

hello to all,

I have used  Mr. Stalhoods guide to test SSPR (https://carlstalhood.com/self-service-password-reset-citrix-adc/) .

The tutorial is really great and helped me a lot ?.

 

However, sending the password and redirecting to the login page with the one-time password prompt does not work.

I think I have the same problem as in post https://discussions.citrix.com/topic/406733-citrix-adc-sspr-registration-issue/page/1/

 

I am using "NS13.0 84.11.nc"

 

What currently works:

  • Registration + Question/Answer if none have been entered yet.
  • Click on forgotten password + enter mail address and get asked questions.

 

 

What does not work:

  • After entering the correct questions: "Request cannot be completed" appears.
  • Mail with "One time password" is not sent.
  • In the log appears only the message "Unable to contact external authentication server".

 

Mar 17 12:19:59 <local1.info> ADC [1576]: (3-60344) extract_ldap_attribute: retrieved mail value username@domain.com for username@domain.com, length is 24
Mar 17 12:19:59 <local1.info> ADC [1576]: (3-60344) receive_ldap_user_search_event: extracted attribute, name: mail, value: username@domain.com
Mar 17 12:19:59 <local1.info> ADC [1576]: (3-60344) extract_ldap_attribute: While retrieving ldap attributes krzselfservice01 value for username@domain.com exceeds 127 bytes and will be truncated
Mar 17 12:19:59 <local1.info> ADC [1576]: (3-60344) extract_ldap_attribute: retrieved krzselfservice01 value {"KBA":"tqh430ghq348guhq39uhg4pauwhgphqu34gpouqh34gpuhq3o4ughae for username@domain.com, length is 128
Mar 17 12:19:59 <local1.info> ADC [1576]: (3-60344) receive_ldap_user_search_event: built group string for username@domain.com of:v067_PA-WindowsExplorer v067_CTX-Profile01 v067-Terminalserverbenutzer
Mar 17 12:19:59 <local1.info> ADC [1576]: (3-60344) receive_ldap_user_search_event: Authentication is disabled for user username@domain.com, finishing ldap authentication
Mar 17 12:19:59 <local1.notice> ADC [1576]: (3-60344) send_accept: sending accept to kernel for : username@domain.com
Mar 17 12:20:45 <local0.info> 173.25.1.151 03/17/2022:11:20:45 GMT ADC 0-PPE-3 : default SSLVPN Message 21575914 0 :  "AAAD API: aaad_authenticate_req: sending login req to aaad for <username@domain.com>, factor <email_validation>, auth type 4161, trans id 24189943" 
Mar 17 12:20:45 <local0.info> 173.25.1.151 03/17/2022:11:20:45 GMT ADC 0-PPE-3 : default AAATM Message 21575918 0 :  "AAAD RESP: received resp,user: <username@domain.com>, factor: <email_validation>, trans id 24189943, pcb trans id 24189943, q_flags 1073774592 aaad-resp 22 aaad-flags 0" 
Mar 17 12:20:45 <local1.info> ADC [1576]: (3-60344) process_kernel_socket: call to authenticate user :username@domain.com, vsid :35774, userlen 24
Mar 17 12:20:45 <local0.warn> 173.25.1.151 03/17/2022:11:20:45 GMT ADC 0-PPE-3 : default AAA LOGIN_FAILED 21575928 0 :  User username@domain.com - Client_ip 192.168.175.144 - Failure_reason "Unable to contact external authentication server" - Browser Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 
Mar 17 12:20:45 <local0.info> 173.25.1.151 03/17/2022:11:20:45 GMT ADC 0-PPE-3 : default AAATM Message 21575927 0 :  "AAAD RESP: received resp,user: <username@domain.com>, factor: <email_validation>, trans id 24189943, pcb trans id 24189943, q_flags 1073774592 aaad-resp 3 aaad-flags 0" 
Mar 17 12:20:45 <local0.warn> 173.25.1.151 03/17/2022:11:20:45 GMT ADC 0-PPE-3 : default AAA LOGIN_FAILED 21575928 0 :  User username@domain.com - Client_ip 192.168.175.144 - Failure_reason "Unable to contact external authentication server" - Browser Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 

Has anyone had the same problem and a solution for this ? 

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...