This article describes how to troubleshoot Web Interface on NetScaler when the client connections are unresponsive on the "agesso.jsp" page.

Instructions

If the Web Interface page does not respond at https://fqdn/Citrix/XenApp/auth/agesso.jsp and HTTP 401 denied error is displayed then there is a trust issue between Web Interface and the Access Gateway Enterprise Edition virtual server.

To troubleshoot this issue, complete the following steps:

1. Examine the following log file:
   /var/wi/tomcat/logs/localhost.[year-mo-da].log

   INFO: ERROR: Event Log ID: 18001 A communication error occurred while attempting to contact the Advanced Access Control authentication service at https://www.mytestcag.com/CitrixAuthService/AuthService.asmx. Check that the authentication service is running. The message reported by the underlying platform was ; nested exception is: java.lang.NullPointerException. [Unique Log ID: 1115c85c]

2. Verify if the certificate was imported to the Java keystore properly.

3. Run the following command to list all certificates in the Java truststore:
   /var/wi/java_home/bin/keytool –list –v –keystore /var/wi/java_home/lib/security/cacerts –storepass changeit

   For NetScaler 10.1, run the following command to list all certificates in the Java truststore:
   /var/wi/java_home/bin/keytool –list –v –keystore /var/wi/java_home/jre/lib/security/cacerts –storepass changeit

4. Verify if the certificate that is present in /nsconfig/ssl is listed in the output of the preceding command.

5. If certificate is not present then run the following command:
   /netscaler/wi/export_cert.sh [certpath]

Occasionally the issue might be related to a name resolution issue. Ensure that there is a DNS A record created for the IP address of the Access Gateway Enterprise Edition virtual server's Fully Qualified Domain Name (FQDN) and that the appliance can ping the FQDN.