Jesus Martin Posted June 16, 2017 Share Posted June 16, 2017 Hi everyone, We are in progress right now of making our Citrix environment an Active Active setup using Netscaler GSLB between our 2 Sites/Datacenters. I configured Netscalers in each site which also load balanced our StoreFront Servers. Authentication Pass-Through was also configured from each Netscaler to StoreFront and tested without problems. SSL Certs were installed in all StoreFront Servers, tested via browser and no error. My issue is when I access our GSLB domain “https://citrix.mydomain.com” which load balances our traffic between our 2 Sites/Datacenters. I can successfully login to Netscaler Unified Gateway but seems like pass-through going to StoreFront is not working properly, see below Event Log from StoreFront: A CitrixAGBasic Login request has failed. Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=3.9.0.0, Culture=neutral, PublicKeyToken=null Authenticate encountered an exception. at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied) at Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login() System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 The remote server returned an error: (403) Forbidden. Url: http://127.0.0.1/Citrix/MTG-AppStore1Auth/CitrixAGBasic/Authenticate ExceptionStatus: ProtocolError ResponseStatus: Forbidden at System.Net.HttpWebRequest.GetResponse() at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req) at Citrix.DeliveryServicesClients.Authentication.TokenIssuingClient.RequestToken(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptedResponseTypes, IDictionary`2 additionalHeaders) at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied) I did tried below fixes from the forum but didn’t work. Hope someone can help me figure this out. 1. Checked the NetScaler LDAP policy/server Single Sign-on Attribute field It should be blank as per this site: https://www.mycugc.org/p/fo/et/thread=1104 2. Changed Loopback Option in StoreFront to “OnUsingHTTP”. Site: http://docs.citrix.com/en-us/storefront/3-11/plan.html Thanks.. Link to comment Share on other sites More sharing options...
CarlStalhood Posted June 16, 2017 Share Posted June 16, 2017 Do you use SmartAccess? If not, you can remove the Callback URL from your StoreFront > Gateway configuration. 1 Link to comment Share on other sites More sharing options...
Jesus Martin Posted June 19, 2017 Author Share Posted June 19, 2017 Thanks Carl! It works now. Link to comment Share on other sites More sharing options...
Salman Mahmood Posted October 12, 2017 Share Posted October 12, 2017 I had the same issue, and I didn't configure Callback URL. The way I resolved it was by editing web.config under inetpub > wwwroot > Citrix > StoreFrontWeb. In web.config I commented below line: <add method="CitrixAGBasic" /> Here is the snippet: <citrix.deliveryservices> <webReceiver> <serverSettings> <authentication tokenLifeTime="08:00:00" locationURL="Authentication/GetAuthMethods"> <authMethods> <clear /> <add method="ExplicitForms" /> <!--<add method="CitrixAGBasic" />--> </authMethods> </authentication> Link to comment Share on other sites More sharing options...
Elmer Vargas1709161663 Posted October 5, 2021 Share Posted October 5, 2021 Hi Carl, I have the same issue but in my case I am using smartaccess, any recommendation? Link to comment Share on other sites More sharing options...
Elmer Vargas1709161663 Posted October 5, 2021 Share Posted October 5, 2021 On 6/16/2017 at 11:46 PM, Carl Stalhood1709151912 said: Do you use SmartAccess? If not, you can remove the Callback URL from your StoreFront > Gateway configuration. Hi Carl, I have the same issue but in my case I am using smartaccess, any recommendation? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now