Wednesday, September 19, 2012

Logging onto Citrix NetScaler VPX 1000 access gateway throws the error: “You do not have permission to view this directory or page using the credentials that you supplied.”

Problem

You’ve just deployed a Citrix NetScaler VPX 1000 access gateway and you’re able to launch the gateway’s login page:

image

You proceed to log into the page but receive the following error message:

401 – Unauthorized: Access is denied due to invalid credentials.

You do not have permission to view this directory or page using the credentials that you supplied.

Logging onto the Web Interface server and reviewing the event logs shows that event ID: 18001 errors are logged:

Site path: C:\inetpub\wwwroot\Citrix\XenAppExternal.

A communication error occurred while attempting to contact the Access Gateway authentication service at https://remote.someDomain.bm/CitrixAuthService/AuthService.asmx. Check that the authentication service is running. The message reported by the underlying platform was: The request failed with HTTP status 404: Not Found.. [Unique Log ID: eee32ba4]

For specific information about this message, see the Web Interface documentation at http://support.citrix.com/proddocs/topic/web-interface-impington/wi-log-messages-event-ids-hardwick.html.

image

image

Solution

While there may be more than one reason that would cause this, the problem I came across was because my web interface did not have a host record configured to direct the:

remote.someDomain.bm

or the URL:

https://remote.someDomain.bm/CitrixAuthService/AuthService.asmx

… to the internal or external VIP of the NetScaler VPX appliance.  The reason why I say “internal” or “external” is because you have the choice of configuring the web interface server to call back to either virtual server’s IP depending on how you configured the access gateway.  I chose to unify the internal and external URL so when the web interface server attempts to access the URL, it may be connecting back to itself.

Creating a simple record in the host file:

image

To point to the VPX appliance’s internal or external interface’s VIP that the virtual server is binded to corrected the problem.

No comments: