Application virtualization, IoT and Cloud Computing, Blog of Sacha Thomet

“Cannot complete your request‘” on Netscaler Gateway VPX

In my lab environment I was using a Citrix Webinterface 5.x which was accessible  from Internet over a Access Gateway 5 VPX. Since Citrix Store Front is in a fairly usable release (> Version 2.x), I intended to update my lab environment to the current software releases and update my skills to Store Front and Netscaler Gateway VPX.

You can find a step by step Netscaler Gateway intro here
Also a very nice guide you can find here, this guide also contains information about how to configure StoreFront for Netscaler Gateway VPX:

Cannot complete your request

After completion of the configuration I was not able to access the my environment from outside. The login to the Netscaler Gateway, the black window, was working fine, but as soon I hit the StoreFront I get this Error:


Because StoreFront is working fine from internal, I assumed that’s not a completely wrong StoreFront configuration. After i had a look into the event viewer on the StoreFront server I can see that something is wrong here:



The crucial indication that’s a problem between the Store Front server and the the Netscaler Gateway in role of Authentication Callback Server I found here:


when I browse to the address https://192.168.x.x/CitrixAuthService/AuthService.asmx you can see a certificate error, so I need to have here a FQDN that match to the installed certificate but I wont communicate outside, so first I’ve defined the internal IP as Callback URL:



Now I’ve changed the Callback URL to the FQDN appropriate to the certificate:


But because the DNS resolve this URL as the external IP which is not accessible over the necessary TCP ports, I was constrained to do a dirty hack … I have edited my host file :



3 Responses to “Cannot complete your request‘” on Netscaler Gateway VPX

  • I had the same issue, It was an IIS setting which fixed my issue.

    open IIS –> Default Web Site –> SSL setting –> Select “ignore” in Client Certificate section.

  • Ensure that the ROOT cert and Intermediate Cert used for binding on Netscaler vServer i.e., End Entity Certificate -> intermediate 2 -> intermediate 1 ( cross sign certificate ) -> sha-1 root or sha-2 root are all installed on the storefront cert store (MMC- Certificate snapin- Trusted and intermediate store (Add respective files here)). This was missed out on my storefront servers. Its still intriguing why root and intermediate certs were not available on Storefront servers which should be pushed in the form of patching.

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow me on Twitter