The Web Interface is not resolving the FQDN via its host file and is instead sending it out to a proxy and not getting back the response it requres. The message reported by the underlying platform was: Unable to connect to the remote server. You mentioning article CTX205907 - how to hide 2nd password field for Receiver 4.4; Any supported method to hide 2nd password field for Mobile Devices (iOS/Android)? SMS Passcode) require you to hide the 2nd password field. http://buzzmeup.net/citrix-error/citrix-error-your-credentials-are-invalid.html
Thank you for providing this. CANCELLARE Citrix Support Automatische Übersetzung Dieser Artikel wurde mit einem automatischen Übersetzungssystem übersetzt und nicht von Personen überprüft. There's an Authentication node where you can view the auth log. Thanks for pointing it out. http://discussions.citrix.com/topic/311918-401-unauthorized-access-is-denied-due-to-invalid-credentials/
To resolve the preceding issue, add a Hosts entry on the Web Interface or StoreFront server pointing to the Internal IP address of the NetScaler Gateway VIP. Could anyone please help what am I missing here. To configure timeout value for persistence method, run the following command from the command line interface of the appliance: > set lb vserver vservername -persistenceType COOKIEINSERT -timeout 0 Additional Resources CTX114355
For more information, refer - HOW TO: Install Imported Certificates on a Web Server in Windows Server 2003. I now get this receive_ldap_user_bind_event Other invalid credentials: lctx->lflags = 00000000, lconf->flags = 00000004 Fri Aug 19 16:24:37 2016 /usr/home/build/rs_105_61_6_RTM/usr.src/netscaler/aaad/naaad.c: send_reject_with_code Rejecting with error code 4001 Harish says: August 10, 2016 I find it strange that in order to install a client delivered by MS you have to use two administrative credentials. Reply Carl Stalhood says: April 13, 2016 at 8:43 am Not in the current release.
Reply Basem says: February 10, 2016 at 10:10 am Dear Carl, I have implemented securenvoy to work with netscaler which is installed in different network. Reply Wayne says: October 16, 2015 at 3:28 am Excellent article - thankyou for posting. If you are not allowing internal traffic to reach outside, this breaks the callback. https://support.citrix.com/article/CTX139390 Error 401 Token Invalid MS 2.2/Receiver 3.0 Started by Jamie Breedlove , 03 January 2012 - 11:47 PM Login to Reply 3 replies to this topic Jamie Breedlove Members #1 Jamie
Specify the IP address of the RADIUS load balancing Virtual Server. Search How to connect to Citrix GotoAssist REST API? Reply Omar says: December 9, 2015 at 5:15 pm Hi Carl, I have found your articles very useful. Expression = REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver Priority 100 = RADIUS policy.
This can idicate that a proxy is getting in the way. his comment is here Note: We are planning to use PingID (Cloud Solution) as the Multifactor solution for Citrix Netscaler. For browser-based StoreFront, you need two authentication policies: Primary = LDAPS authentication policy pointing to Active Directory Domain Controllers. Getting "error_message = API Login is invalid or missing" 1 Hi guys, Has any one tried connecting REST API of Citrix GotoAssist?
Priority doesn’t matter because they are mutually exclusive. Citrix ne peut être tenu responsable des incohérences, des erreurs ou des dommages causés par l'utilisation des articles traduits de facon automatique. When NetScaler uses a local (same appliance) load balanced Virtual Server for RADIUS authentication, the traffic is sourced from the NetScaler SNIP (Subnet IP). this contact form Reply Wayne says: October 19, 2015 at 7:30 am Excellent, thanks Carl.
The two servers are in the cloud. Are you exporting Syslog to a remote Syslog server? Email Address RSS FeedsRSS - PostsRSS - Comments NetScaler Gateway RADIUS Authentication Last Modified: Jul 10, 2016 @ 2:07 pm 53 Comments Navigation RADIUS Overview Two-factor Policies Summary Create Two-factor Policies Bind Two-factor
This is no different than any other communication and your firewall should handle it automatically. I tried verifying the token by using curl in my Ubuntu, I can get lots of json data by using the following script: curl -u x:fc4a3xxxxxxxxxxxxxxx4bdffbf -H "Content-Type: application/json" https://deskapi.gotoassist.com/v1/incidents.json Could For Receiver Self-service (native Receiver on mobile, Windows, and Mac), the authentication policies are swapped: Primary = RADIUS authentication policy pointing to RSA servers with RADIUS enabled. Use the same RADIUS Secret for both appliances.
If the FQDN is used for the SSO domain, change it to corresponding NetBios name. Saved me a lot of time! Put the Cookie expression in in your RADIUS policy and it should only use the one that matches the cookie. navigate here The second password / passcode option should not be visible to the users.