Users will get the error "Http/1.1 Internal Server Error 43531"
The ns.log will give error as below:
Dec 23 14:52:26 <local0.infoXXX.XXX.X.XXX 12/23/2020:19:52:26 GMT QWERTY 0-PPE-0 : default SSLVPN Message 15268 0 : "get_session user: <username>, aaa_info flags 11 flags2 0, new webview 0, sess flags2 0, flags3 0 flags4 400 ssoDomain <abc>, ssoUsername: <username>, ssoUsername2: <username>"
Dec 23 14:52:26 <local0.warn> XXX.XXX.X.XXX 12/23/2020:19:52:26 GMT QWERTY1 0-PPE-0 : default SSLVPN Message 15269 0 : "Ica mode status is not okay"
Dec 23 14:52:26 <local0.info> XXX.XXX.X.XXX 12/23/2020:19:52:26 GMT QWERTY 0-PPE-0 : default SSLVPN Message 15270 0 : "Cannot complete login for user: <username>sessionid <xx>, session state <xx>, reason: <unknown>"
Customer have the below expression for the Session policy
"REQ.HTTP.HEADER User-Agent NOTCONTAINS Citrix-Receiver && REQ.HTTP.HEADER Referer EXISTS"
Follow the below steps if customer wanted to use the Advanced Policy:
The second part of Referer Header is not required for the session policy for storefront.
Configure NetScaler Gateway session policies for StoreFront - https://docs.netscaler.com/en-us/citrix-gateway/current-release/vpn-user-config/configure-gateway-session-policies-for-storefront.html