Jump to content


Photo

401 - Unauthorized: Access is denied due to invalid credentials

Started by li yang , 19 January 2012 - 05:06 AM
11 replies to this topic

li yang Members

li yang
  • 7 posts

Posted 19 January 2012 - 05:06 AM

Hi,

Getting this error with Singel Sign on Access Gateway to WI hosted on W2k8R2
http://FQDN/Citrix/CAG/auth/agesso.aspx
401 - Unauthorized: Access is denied due to invalid credentials
Event log on internal WI states :

The Citrix Broker Service failed to validate a user's credentials on an XML service.

Verify the trust relationships between your domains.

Error details:
User: ''
Error: 'InvalidCredentials'
Message: 'badly formed domain name'

I just follow this article,and it is cannot work well
http://support.citrix.com/article/CTX128869

Edited by: liyang@ftsafe.co.jp on 2012/01/19 0:49

Attached Files



Jarian Gibson CTP Member

Jarian Gibson
  • 7,116 posts

Posted 19 January 2012 - 05:32 AM

On your WI server can you hit the AG site without cert error? If you get cert error bringing up page then WI doesn't trust the cert and you will need to trust the cert.

Also make sure authentication on WI site for AG is set https://fqdn/CitrixAuthService/AuthService.asmx

Also make sure WI can resolve inside address for AG fqdn.

Is the CAG 2010/VPX or AGEE on NetScaler?



li yang Members

li yang
  • 7 posts

Posted 19 January 2012 - 05:42 AM

>On your WI server can you hit the AG site without cert error? If you get cert error bringing up page then WI doesn't >trust the cert and you will need to trust the cert.
checked,yes,without cert error...

>Also make sure authentication on WI site for AG is set https://fqdn/CitrixAuthService/AuthService.asmx
checked,yes,it is..
>Also make sure WI can resolve inside address for AG fqdn.
checked,yes,it is..
>Is the CAG 2010/VPX or AGEE on NetScaler?
it is cag_5.0.2.179500.ova for vmware.



Jarian Gibson CTP Member

Jarian Gibson
  • 7,116 posts

Posted 19 January 2012 - 05:51 AM

Using the Access Controller?

Also look at http://forums.citrix.com/thread.jspa?threadID=266616



li yang Members

li yang
  • 7 posts

Posted 19 January 2012 - 06:16 AM

>Also look at http://forums.citrix.com/thread.jspa?threadID=266616
thanks for you help
I try again but it still not work...
by the way my WI is 5.4

in the error message
Message: 'badly formed domain name'
is there any problem with domain name?



Jarian Gibson CTP Member

Jarian Gibson
  • 7,116 posts

Posted 19 January 2012 - 06:20 AM

What are you putting in for domain name in the AG console?



li yang Members

li yang
  • 7 posts

Posted 19 January 2012 - 06:25 AM

Certificate's Common Name

Attached Files

  • Attached File  3.png   59.05K   54 downloads
  • Attached File  2.png   27.66K   35 downloads
  • Attached File  1.png   29.06K   36 downloads


Jarian Gibson CTP Member

Jarian Gibson
  • 7,116 posts

Posted 19 January 2012 - 06:27 AM

What about authentication settings in AG console?



li yang Members

li yang
  • 7 posts

Posted 19 January 2012 - 06:36 AM

...

Attached Files

  • Attached File  5.png   40.28K   98 downloads
  • Attached File  4.png   43.84K   73 downloads


Jarian Gibson CTP Member
  • #10

Jarian Gibson
  • 7,116 posts

Posted 19 January 2012 - 06:38 AM

Enter xentest.com or whatever your domain name is in the single sign-on domain field.



li yang Members
  • #11

li yang
  • 7 posts

Posted 19 January 2012 - 06:50 AM

it is worked
thank you very much...

Attached Files

  • Attached File  6.png   3.48K   105 downloads


li yang Members
  • #12

li yang
  • 7 posts

Posted 19 January 2012 - 07:38 AM

if set authentication radius
there is some new problem
error message is changed
'Failed Windows logon, error code 1326'

Attached Files

  • Attached File  8.png   4.86K   39 downloads
  • Attached File  7.png   26.24K   35 downloads