• Homepage icon
  • Searchpage icon
  • Contactpage icon
Logo

Twitter LinkedIn

A CitrixAGBasic Login request has failed

4 Jun

Strange thing today. Got my NetScaler VPX working perfectly, and suddenly it stopped working and gave me a ‘Cannot complete the request’ after logging in.

The complete error:

A CitrixAGBasic Login request has failed.
Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=2.1.0.0, Culture=neutral, PublicKeyToken=null
AuthenticateInternal encountered an exception.
at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.AuthenticateInternal(HttpRequestBase clientRequest, String agAuthentServiceUrl, String tokenForServiceID, String tokenForServiceURL, TimeSpan requestedTokenLifetime)
at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase request)
at Citrix.Web.AuthControllers.Controllers.AuthenticationController.DoAGSSOLogin()

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The remote server returned an error: (403) Forbidden.
Url: https://if1.domain.local/Citrix/Authentication/CitrixAGBasic/Authenticate
ExceptionStatus: ProtocolError
ResponseStatus: Forbidden
at System.Net.HttpWebRequest.GetResponse()
at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req)
at Citrix.DeliveryServicesClients.Authentication.ProtocolEnumerator.TokenRequestClient.SendTokenRequest(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptHeaders, IDictionary`2 additionalHeaders)
at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.AuthenticateInternal(HttpRequestBase clientRequest, String agAuthentServiceUrl, String tokenForServiceID, String tokenForServiceURL, TimeSpan requestedTokenLifetime)

Solution

It looked like something was wrong with the callback URL I configured in StoreFront. The strange thing is: I just used the external URL of my NetScaler Gateway. My storefront has internet access and it did work. Up until now. I solved this by adding a new NetScaler Gateway vServer on the NetScaler. I named it _local and configured the vServer with an internal IP and added my public certificate. Nothing else (no authentication or session policies etc.)

After that on the Storefront server I added an entry in my hostfile linking callback URL to the IP of my _local vServer. This ‘trick’ can be used for DMZ scenario’s as well.

netscalererror1

Tags:

authenticationcannotCitrixAGBasiccompletefailedforbiddenhostsloginnetscalerprotocolerrorrequest

Categories:

NetScaler StoreFront

Comments

Leave a Reply Cancel Reply

Search

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok