Sukumar Andela Posted March 30, 2022 Share Posted March 30, 2022 Dear Champs post upgrade to ( 13.0.71.44 to 13.0.85.15) , randomly users are not able to login "Netscaler login looping back to login page" can somebody help me Thanks Sukumar Link to comment Share on other sites More sharing options...
Thorsten Kruumlger Posted March 31, 2022 Share Posted March 31, 2022 Hello Sukumar, I have the same problem with 13.1_17.42. The problem occurs since the update from 12.1_55.18. I have also imported a second, new appliance. The configuration is clean and not complicated. We only use one gateway with nFactor authentication. In the backend is Storefront 1912.2. Problem: Often after successful login, the login page is displayed again. It is the login web page of the gateway - not the one of the storefront. The problem only occurs with browsers - logins with the Workspace app always work. I have compared the exports of cat aaad.debug on a successful and an unsuccessful login: The exports are identical! So the authentications are always successful. But the redirection to the storefront website often gets stuck! Sometimes just waiting helps - after 15min all of a sudden the login works, although the browser window was not closed. Mac's seem to be more sensitive than Windows clients. It also occurs with all browsers. We haven't found a solution for this yet! Does anyone have this problem as well? Does anyone have a solution? Thanks. The same problem is also described here: https://www.reddit.com/r/Citrix/comments/tajjh4/intermittent_login_loop_via_citrix_gateway_adc_131/ Link to comment Share on other sites More sharing options...
CarlStalhood Posted March 31, 2022 Share Posted March 31, 2022 Any GSLB? If so, it might be a persistence problem. Also make sure no IP conflicts. Link to comment Share on other sites More sharing options...
Sukumar Andela Posted April 1, 2022 Author Share Posted April 1, 2022 Thanks for your replies and ideas We could able to find the solution , post up-gradation to 13.0.85.15 , we have this problem. solution : 1. In the previous version we observed that "No Themes" configured on the VIP servers 2. When we configured "Default Theme" and applied the settings on both VIP servers , issue resolved. Link to comment Share on other sites More sharing options...
Thorsten Kruumlger Posted April 4, 2022 Share Posted April 4, 2022 Hello Carl, GSLB is not used. There are no IP conflicts either. The configuration also worked without errors until before the update. The workaround from Sukumar to assign the "Default" theme has also fixed the problem for us. But the "Default" theme is a deprecated feature! It can't be the final solution. There seems to be a bug with the RfWebUI. Link to comment Share on other sites More sharing options...
CarlStalhood Posted April 4, 2022 Share Posted April 4, 2022 Are you using the built-in RfWebUI? Or did you create a custom one? Link to comment Share on other sites More sharing options...
Thorsten Kruumlger Posted April 5, 2022 Share Posted April 5, 2022 We use the built-in RfWebUI. Also with a newly created RfWebUI-theme it comes to the error. Link to comment Share on other sites More sharing options...
Sukumar Andela Posted April 6, 2022 Author Share Posted April 6, 2022 Hi Carl and members Now i want to upgrade from 13.0.85.15 13.0.1 version i see that Classic expressions have been deprecated and only advanced is available. prior to upgrade do i have to move all them and then do a upgrade ? Thanks Sukumar Link to comment Share on other sites More sharing options...
CarlStalhood Posted April 6, 2022 Share Posted April 6, 2022 Classic Gateway policies still work in 13.1. But I've seen classic Duo rewrite policies not work. Link to comment Share on other sites More sharing options...
Sukumar Andela Posted April 14, 2022 Author Share Posted April 14, 2022 Thank you, so which means that upgrade process it self will move all of them to latest version right ? Link to comment Share on other sites More sharing options...
CarlStalhood Posted April 14, 2022 Share Posted April 14, 2022 Firmware upgrade does not change your existing configs, but it will remove invalid configs. See https://docs.citrix.com/en-us/citrix-adc/current-release/appexpert/policies-and-expressions/introduction-to-policies-and-exp/converting-policy-expressions-nspepi-tool.html Link to comment Share on other sites More sharing options...
Sukumar Andela Posted April 19, 2022 Author Share Posted April 19, 2022 Thank you Carl Link to comment Share on other sites More sharing options...
Leo Wu Posted May 4, 2022 Share Posted May 4, 2022 exact same problem here after upgrading to 13.1-21.50 from 13.0-83.27 aaad log shows that the login was successfull but users are looped back to the logon page every other login works though, not every login is affected but all users are. I can login successfully 10 times but then it just starts to loop again. No errors in aaad Link to comment Share on other sites More sharing options...
Thorsten Kruumlger Posted May 8, 2022 Share Posted May 8, 2022 Hi Leon, can you check if you are using traffic policies? For us these were the problem. I removed the traffic policy and the binding to the gateway vserver and now login works for us with web browser and workspace app. Link to comment Share on other sites More sharing options...
Quang Hong Huynh1709162616 Posted June 2, 2022 Share Posted June 2, 2022 On 5/8/2022 at 3:45 PM, Thorsten Kruumlger said: Hi Leon, can you check if you are using traffic policies? For us these were the problem. I removed the traffic policy and the binding to the gateway vserver and now login works for us with web browser and workspace app. Hi Thorsten, For us the Traffic Policy was not the cause. I have unbind the Traffic Policy and switched to RfWebUI theme but the login jumps back to the login page. Only when I select Default or X1 theme (I have not tried Greenbubble) the login works fine. ADC version is 13.1 17.42. @Carl Stalhood: Is it correct that Traffic Policies are no longer "necessary for StoreFront on newer builds of ADC 13.0"? This is what you mentioned on your blog. Link to comment Share on other sites More sharing options...
CarlStalhood Posted June 2, 2022 Share Posted June 2, 2022 Correct. It was only one build that needed it for StoreFront. Link to comment Share on other sites More sharing options...
Jeff Silverman1709153428 Posted June 3, 2022 Share Posted June 3, 2022 Hi all. I'm on a call with Citrix technical support now. This is a known issue. They're working on a permanent fix, but the temporary workaround is to override the session timeout on the Client Experience tab in session profiles bound to your Gateway vServer, and set the value to 720. 3 Link to comment Share on other sites More sharing options...
Jeroen Cuijon Posted June 14, 2022 Share Posted June 14, 2022 Hi all. The fix for this will be available by Q3. Link to comment Share on other sites More sharing options...
Jocelyn Briere Posted June 17, 2022 Share Posted June 17, 2022 On 6/14/2022 at 3:28 AM, Jeroen Cuijon said: Hi all. The fix for this will be available by Q3. Hi, who gave you a Q3 date for a fix ? I have been struggling with Citrix support over this for two weeks and it seems none of the known fix work (theme, override global timeout) Also seeing different behavior with Workspace 1912 ltsr vs the latest one. Issue is only with the Workspace for us, web is fine. We upgraded to 13.0.85.19 and it started immediately. Link to comment Share on other sites More sharing options...
Jeroen Cuijon Posted June 20, 2022 Share Posted June 20, 2022 (edited) On 6/17/2022 at 7:44 PM, Jocelyn Briere said: Hi, who gave you a Q3 date for a fix ? I have been struggling with Citrix support over this for two weeks and it seems none of the known fix work (theme, override global timeout) Also seeing different behavior with Workspace 1912 ltsr vs the latest one. Issue is only with the Workspace for us, web is fine. We upgraded to 13.0.85.19 and it started immediately. Citrix provided the Q3 time windows for the fix. However there is a new build 13.0-86-17 out that has the following fix. Quote In a unified gateway setup, in rare cases you might be presented with a re-login page when accessing services behind the unified gateway even after the authentication is successful. [ NSHELP-31148, NSHELP-27994 ] I am currently waited on confirmation that this indeed is the fix. I just got confirmation that this is the fix. Edited June 20, 2022 by Jeroen Cuijon 1 Link to comment Share on other sites More sharing options...
John Keiling Posted June 29, 2022 Share Posted June 29, 2022 This login loop issue started for us with build 13.0-85.19 and it looks like build 13.0-86-17 and build-13.1-24.38 does not resolve it. If you use RfWebUI or custom themes with RADIUS authentication the only workaround seems to be overriding the session timeout to 720 on the Client Experience tab in the session profiles bound to the Gateway vServer; I am not sure why this works. I did a bit of troubleshooting and changed the authentication profile to Okta or LDAP and the login loop did not occur with RfWebUI. Changing the theme to GreenBubble also fixed the issue with RADIUS. Bottom line with these latest builds is there is still a login loop issue with RfWebUI and custom themes when using RADIUS authentication, I hope a permanent fix arrives before Q3. 1 Link to comment Share on other sites More sharing options...
Joost Sannen Posted June 29, 2022 Share Posted June 29, 2022 Latest information it's about NSHELP-30832 and awaiting fix from engineering. Link to comment Share on other sites More sharing options...
John Keiling Posted June 29, 2022 Share Posted June 29, 2022 1 hour ago, Joost Sannen said: Latest information it's about NSHELP-30832 and awaiting fix from engineering. What release notes contains NSHELP-30832? I'm trying to find it. Thanks. Link to comment Share on other sites More sharing options...
Joost Sannen Posted June 29, 2022 Share Posted June 29, 2022 9 minutes ago, John Keiling said: What release notes contains NSHELP-30832? I'm trying to find it. Thanks. It's not fixed yet so there are no release notes containing this bug ID. I'll update when I've more information from Citrix. 1 Link to comment Share on other sites More sharing options...
John Keiling Posted June 29, 2022 Share Posted June 29, 2022 Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now