iOS 9 devices cannot connect to Netscaler Gateway. Getting error "Could Not Logon - Verify your credentials and network connectivity"

iOS 9 devices cannot connect to Netscaler Gateway. Getting error "Could Not Logon - Verify your credentials and network connectivity"

book

Article ID: CTX205719

calendar_today

Updated On:

Description

Receiver for iOS on iOS 9 fails to enumerate applications via Netscaler Gateway with error "Could Not Logon - Verify your credentials and network connectivity"

Could Not Logon - Verify your credentials and network connectivity

iOS logs will contain entries similar to the following:
Send HTTP request. urlRequest: <NSMutableURLRequest: 0x189d9200> { URL: https://<DNSName>/cgi/login }.
    HTTP Method: POST.
    HTTP URL: https://<DNSName>/cgi/login.
    HTTP URL.path: /cgi/login.
    HTTP URL.port: (null).
    HTTP URL.query: (null).
    HTTP URL.scheme: https.
    HTTP header fields: {
    "CONTENT_LENGTH" = 40;
    "CONTENT_TYPE" = "application/x-www-form-urlencoded";
    "User-Agent" = "CitrixReceiver/com.citrix.ReceiveriPad iOS/6.1.1 (build 20) CitrixReceiver-iPad CFNetwork Darwin";
}.
    HTTP body: Removed..",Active,com.apple.main-thread,b07,Receiver,/Users/Shared/Jenkins/Source/iOSReceiver/6.1.1/Universal/Common/Network/AsyncHTTP.m,-[AsyncHTTP issueRequest:withIgnoreCertErrorsOption:],291
" 2015-12-09T17:51:53.457-0500 ",AsyncHTTP.m,NWREQUEST,DETAIL (5),"Type="Error" Status-code="89" Description="The operation couldn’t be completed. Operation canceled".",Active,com.apple.main-thread,b07,Receiver,/Users/Shared/Jenkins/Source/iOSReceiver/6.1.1/Universal/Common/Network/AsyncHTTP.m,-[AsyncHTTP connection:didFailWithError:],995

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Resolution

Disable SPDY and HTTP2 protocols using a Netscaler HTTP Profile.  See Additional Resources for details.
A HTTP profile can also be bound to the NetScaler Gateway virtual server if the user wants to implement the change on a virtual server level only.
 

Problem Cause

Transport protocols HTTP/2.0 and SPDY are enabled by default in iOS9.  There is a known issue in Netscaler affecting the use of these protocols, so they must be disabled.  With these protocols disabled on the Netscaler, iOS devices will negotiate the HTTP1.1 protocol, which works as expected.
 

Issue/Introduction

iOS 9 devices using Receiver for iOS are unable to connect to Netscaler Gateway. Attempt fail with the error "Could Not Logon - Verify your credentials and network connectivity". Problem is not observed with iOS 8 and earlier.

Additional Information

Release Notes for Build 55.20 of NetScaler 11.0 Release: https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/netscaler-adc/NS_11_55_20.html

When the HTTP/2 Protocol is used to access the VPN with external authentication, the transaction will not go through. Ensure HTTP/2 is disabled in nshttp_default_strict_profile. [# 574742]

Configuring HTTP/2 on the NetScaler Appliance: http://docs.citrix.com/en-us/netscaler/11/system/http-configurations/configuring-http2.html

How to Configure SPDY on NetScaler Appliance:  http://support.citrix.com/article/CTX138554

Networking with NSURLSession:  https://developer.apple.com/videos/play/wwdc2015-711/
Powered by Wolken Software