AAA virtual server is able to authenticate but fails to redirect to Load Balanced VIP. This behavior is only observed with Internet Explorer (tested with IE9, IE10, IE11).

The users get the following error message: "Internet Explorer cannot display the webpage".

The Fiddler trace shows HTTPS ERROR 504: "The server hostname contains an underscore '_' and this response sets a cookie. Internet Explorer does not permit cookies to be set on hostnames containing underscores" (https://aaa_authentication_server.wawa.com/cgi/login).
Note: Download the image to view it at full resolution.

A 504 status code is returned when a server acting as a proxy has waited too long for a response from a server further upstream.The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI (e.g. HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed to access in attempting to complete the request.

Remove the underscores in AAA virtual server hostname on NetScaler to resolve this issue.

Problem Cause

Incompatible naming convention detected by Internet Explorer. Internet Explorer does not permit cookies to be set on hostnames containing underscores.

PRB: Session Variables Do Not Persist Between Requests After You Install Internet Explorer Security Patch MS01-055