Users receive error "Try again after some time or contact your help desk" at login

Users receive error "Try again after some time or contact your help desk" at login

book

Article ID: CTX579162

calendar_today

Updated On:

Description

While accessing ADC Gateway or Authentication page, in certain conditions users received one of these two errors:

  • "Try again after some time or contact your help desk". 
    image.png
  • "Malformed assertion sent to Netscaler"
    image.png
  • Users redirected to Login page.

To validate this is the cause, you can check ADC syslogs with DEBUG enabled. You would see something similar to these logs:

  • SSID xxx ,timeout session on 0, owner is 0 core_refmask is 0 expired_refmask is 0 state is 12
  • SSID xxx remove session PE : 0, owner : 1, ref : 0, exp : 0"
  • removing session 1099
  • vpn log logout message for 1049 10ms ticks
Running nsconmsg -d current -g aaa_tot_session_timeout on the ADC would show that counter getting a hit when the timeout occurs.

Resolution

There are 3 simple methods to resolve, but all must be preformed client-side:

  • Clear browser cookies and then refresh the login page
  • Open Private window and load the login page
  • Manually delete all NSC_ cookies from your browser and refresh the login page. This can be done in the Developer Tools of your browser Application Tab->Cookies->Select site->Right click each cookie and click Delete
  • image.png

 

 

Note :

 

The error "Try again after some time or contact your help desk" may be seen due to other reasons.
 
If the issue is not resolved with the steps suggested in this article, the underlying cause is possibly different from this article and will need further investigation.
 
In such cases, customer can contact Support Team for further investigation of the issue.

 

Problem Cause

In this scenario, the issue is caused by a stale or no longer valid NSC_TMAS cookie.

This condition can exist in these conditions:

  • The first authentication was SAML, which a user canceled or had otherwise failed, and then the user refreshes the page
  • If users sit on the login page for too long this causes a hard-coded SAML timeout to end the session before authentication is completed. This timeout length varies by ADC version from 2 to 5 minutes.


Example: TMAS Cookie shown which existed prior to access the login page

image.png

Additional Information

https://support.citrix.com/s/article/CTX460180-error-try-again-after-some-time-or-contact-your-help-desk-after-authentication-passed

Powered by Wolken Software