"General Error", Receiver for Android Cannot Connect Through NetScaler Gateway

"General Error", Receiver for Android Cannot Connect Through NetScaler Gateway

book

Article ID: CTX202596

calendar_today

Updated On:

Description

Android Receivers are unable to make first connection through NetScaler Gateway 10.5. Android device shows "a general error has occurred".The Receiver for Android logs show a reference to "Authentication error: Unable to respond to any of these challenges"

Resolution

This issue could be related to known issue ID 613351, which can be found in release notes for fixed versions(Release Notes for Build 66.11 of NetScaler 11.0 Release).
https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/netscaler-adc/NS_11_0_66_11.html 

The NetScaler appliance inserts an NS_ESNS cookie for page tracking (for showing a waterfall chart) when AppFlow is enabled. Cookie insertion was controlled by the clientSideMeasurements option in the appflow action in release 10.5, but in release 11.0 the default became to always insert the cookie when appflow is enabled. Android receiver (HTTP client) was not able to handle this cookie. This fix adds the Enable/Disable page tracking (cookie insertion) option to the appflow action.
[From Build 65.35] [# 613351, 598478, 608448]

This issue can be relieved by ensuring that both AppFlow and HTML Injection (Edgesight Monitoring) are OFF.  Appflow need only be off for any connection that Android will be using.  HTML Injection should be disabled globally.
To disable HTML Injection at the system level using one of the following methods:

Using Command Prompt

Run the following command:

disable ns feature HTMLInjection

Using GUI

  1. Go to  System > Settings > Configure Advanced Features.

  2. Uncheck EdgeSight Monitoring (HTML Injection).
    User-added image

Appflow policies should be removed at any Netscaler Vserver that Android may be using, and/or at the global level if it applies to the Android connections:

Using Command Prompt

Run the following command:

set vpn vserver <vServer name> -appflowLog DISABLED

Using GUI

  1. Go to  NetScaler> NetScaler Gateway > NetScaler Gateway Virtual Servers
  2. Select the server and click on edit.
  3. Disable AppFlow under Basic Settings.

User-added image

Problem Cause

The NetScaler appliance inserts an NS_ESNS cookie for page tracking (for showing a waterfall chart) when AppFlow is enabled. Cookie insertion was controlled by the clientSideMeasurements option in the appflow action in release 10.5, but in release 11.0 the default became to always insert the cookie when appflow is enabled. Android receiver (HTTP client) was not able to handle this cookie. This fix adds the Enable/Disable page tracking (cookie insertion) option to the appflow action.

Issue/Introduction

Android Receivers are unable to make first connection through Netscaler Gateway 10.5. Getting a general error has occurred on the Android device
Powered by Wolken Software