AAA logout is not working as expected and giving error "ERR_INVALID_CHUNKED_ENCODING" in chrome browser as shown below:



Configuration for Initiate Logout setting for Traffic Management is as below and is bound to LB Vserver:
===

add tm trafficPolicy Logout_policy "HTTP.REQ.URL.CONTAINS(\"logout\")" Logout_profile
add tm trafficAction Logout_profile -appTimeout 10 -SSO ON -persistentCookie OFF -InitiateLogout ON -kcdAccount NONE

In fiddler capture done at client side when accessed through Netscaler we see below request and response when logout is done:
====

GET https://abc.xyz.com/?loginOp=logout HTTP/1.1
Host: abc.xyz.com
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.82 Safari/537.36
Referer: https://abc.xyz.com/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: NSC_TMAA=e3388e9d41c36e3d00424cdc6b1ae417; NSC_TMAS=78f627c8a09d418c9ff19d748c294c09; ZM_AUTH_TOKEN=0_fedfcaabec111e7c151034bf4a6622b766e459c7_69643d33363a36656665663234622d303565612d343835612d383832622d3565316536316435383163363b6578703d31333a313435333938303038383134353b747970653d363a7a696d6272613b7469643d393a3731383838333932343b76657273696f6e3d31333a382e352e305f47415f333034323b637372663d313a313b; ZM_TEST=true; NSC_wtsw_ajncsb=ffffffff092b1f9645525d5f4f58455e445a4a42378b; JSESSIONID=bjimr5xhhgpcyznh9juw64hf


HTTP/1.1 200 OK
Date: Tue, 26 Jan 2016 11:22:03 GMT
Expires: -1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: ZM_AUTH_TOKEN="";Version=1;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0
Set-Cookie: AUTH_TOKEN_TYPE="";Version=1;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0
Set-Cookie: T="";Version=1;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0
Set-Cookie: Y="";Version=1;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0
Set-Cookie: ADMIN_AUTH_KEY="";Version=1;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0
Set-Cookie: ZM_TEST=true;Secure
Vary: User-Agent
X-UA-Compatible: IE=edge
Transfer-Encoding: chunked
Cache-Control: no-cache, no-store

<script language='javascript1.1' type="text/javascript"> /*Script contents copyright Citrix Systems 2007, and implementation covered by international intellectual property laws.*/
function  _aaatm_NSST(e){if(document.readyState=="complete"){_aaatm_NSLG();}}if(window.addEventListener){window.addEventListener('load',_aaatm_NSLG(),false);} else if(window.attachEvent&&document.attachEvent){document.attachEvent('onreadystatechange',_aaatm_NSST);}function _aaatm_NSLG(m){setTimeout("_aaatm_NSLG1()", 3000);}
function _aaatm_NSLG1(){var o=new Image();if(o){o.src='/cgi/tmlogout';}}</script>

<!-- Touch client exists only in network edition -->



Above we see the logout script that is added by Netscaler AAA-TM logout setting which is causing the issue when doing logout.

Issue is seen only with servers sending chunked encoding. If the response is not chunked then backend will send "content-length" header in response and issue is not seen.
 
The permanent fix for the chunked response during logout is available in 11.0-66.x and 10.5-62+ builds of Netscaler.

---

Problem Cause

AAA-TM has a logout feature where it inserts the logout script going to client based on config. However, if the server responds with HTTP chunked data, Netscaler after evaluating the response coming from backend server is not rechunking after script insertion which causes failures at browsers.
 

This article talks about the issues caused due to the "Chunked" responses coming from backend at the time of logout and "InitiateLogout" is configured on Netscaler in traffc policies