Error: "Your logon has expired. Please log on again to continue" When Accessing StoreFront Through NetScaler Gateway

Question

My Citrix test environment is the following:

• One Windows 2016 VM acting as Domain Controller and DNS

• One Windows 2016 VM with everything from Citrix in it (XenDesktop 7.15) plus the SQL Server DB

• Two Windows 2016 VM acting as XenApp in my unique Machine Catalog, one for each Delivery Group (one for Apps, one for Desktop)

• A Netscaler VPX1000 (NS12.0) virtual appliance

This environment is working with the receiver for windows and web when the user is on the Internal Network. I've activated HDX routing through the Netscaler for all sessions.

I'm now configuring access for external users using the NetScaler, and I have the following problem.

Accessing from the web browser

1. Netscaler login page: credentials work

2. StoreFront Detect Receiver page. Click "Detect Receiver"

3. Receiver is never detected. I click "Already Installed"

4. StoreFront login credential page gives:

   • "Incorrect Domain" when I add the domain before the username Contoso\User

   • "Your logon has expired. Please log on again to continue" when I add the domain after the username user@contoso.com

Accessing from the Citrix Receiver

1. Credential popup. Insert credentials. (I'm using Self-Service Password Reset, and it is not available, so I'm getting the popup from Netscaler)

2. New credential popup. Insert credentials. A popup appears again (This time I have the Self-Service Password Reset available, so I'm getting the popup from StoreFront)

Answer 1

From my question, it was clear that the error was somewhere in the authentication passthrough from Netscaler to StoreFront.

The following option what was missing was:

1. Citrix StoreFront configuration page
2. Manage Remote Access Settings
3. Enable Remote Access
4. Pick the Netscaler Gateway

Found Citrix Article CTX204766 that presents other solutions for this Symptom.

Note on this Q&A

The real environment is a little more complicated than described, and at the time we were doing several changes not related to Citrix XenApp, mainly networking, and the environment stopped working. Before this changes everything was working, including Netscaler access.

We started by getting Citrix to work from inside and we ticked this option off while doing so. When we managed to make it work from inside, and we looked to external authentication we completely forgot this option. We spent some time with the "Your logon has expired" error, and we could not find anything on possible causes.

This is the reason why I decided to create this Q&A that I hope helps in a quick debug for anyone with this error.