1. When connecting to RDP via NS gateway CVPN bookmarks, the RDP window terminates with error An Internal error has occurred.

2. Netscaler resets  the back-end connection with reset code of 9952 (dropping connection due to SSL received fatal alert)

3. Disabled SSO using as per https://support.citrix.com/article/CTX208324/how-to-disable-single-sign-on-while-using-rdp-proxy-feature-of-netscaler-gateway  User was prompted for password and RDP access worked
 

Option 1
Note: The user must login with username@domain.ext

For the LDAP profile using GUI
Change SSO Name attribute to sAMAccountName, Server Logon Name Attribute as userPrincipalName

For the LDAP profile, using CLI
Note change LDAPPROFILENAME to your profile name
set authentication ldapaction LDAPPROFILENAME -ldapLoginName userPrincipalName -ssoNameAttribute sAMAccountName

OR Option 2
Note: The user must login with domain\username or username

For the LDAP profile using GUI
Do Not use SSO Name attribute, leave it blank. Instead set Server Logon Name Attribute as sAMAccountName

For the LDAP profile, using CLI
Note change LDAPPROFILENAME to your profile name, and run both commands.
set authentication ldapaction LDAPPROFILENAME -ldapLoginName sAMAccountName
unset authentication ldapaction LDAPPROFILENAME -ssoNameAttribute

Problem Cause