I recently ran into an issue with a Citrix ADC / NetScaler NS13.0 36.27.nc after a reboot where the following error is displayed upon successfully authenticating:
Http/1.1 Internal Server Error 43531
The URL displayed ends with /cgi/dlge:
https://workspace.contoso.com/cgi/dlge
No configuration changes have been made for months. I combed through the configuration but could not determine why this error was being thrown so a ticket was opened with Citrix. The engineer went through the configuration and decided to change the Web Interface Address FQDN in the Citrix Gateway Session Profile to use the IP address instead of the DNS of the StoreFront server as shown in the screenshot below, which immediately corrected the issue:
We originally thought that there was something wrong with DNS but a DIG for the storefront.contoso.com URL returned the correct IP address for the Load Balancing Virtual Server that load balanced the two StoreFront servers:
root@CTXNETSCALER# dig storefront.contoso.com
; <<>> DiG 9.10.6 <<>> storefront.contoso.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31561
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;storefront. contoso.com. IN A
;; ANSWER SECTION:
storefront. contoso.com. 3600 IN A 10.0.1.17
;; Query time: 0 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Tue Sep 29 19:25:36 UTC 2020
;; MSG SIZE rcvd: 69
I haven’t gotten to the root cause of this issue but noticed that there were no recent posts for this error and thought I’d write a post in case someone else encounters this issue. We were told that an upgrade from the current version 13 Build 36.28 to version 13 Build 64.35 would resolve the issue so I will update this post when I determine whether it resolves the issue.
5 Responses
Same problem with ADC version 13.0 58.32. Change to IP was successful.
Thank you!
This solved it for us
https://it-feed.de/citrix-adc-internal-server-error-43531-nach-upgrade-auf-71-40/
Upgraded from 13.0.64x to 13.0.82x
Fix: citrix removed expression that we were using. Changed below and all was good.
Depreciated Expression:
REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver && REQ.HTTP.HEADER Referer EXISTS
New Expression:
HTTP.REQ.HEADER.CONTAINS(Citrix Reciever)
Thanks for the details. We encountered today in our environment and going to attempt this. Thanks Terence Luk for teh blog 🙂
As I have two SFs, I ended up creating a LB VIP for them (SSL_BRIDGE) and defining the Web Interface Address in the session profile using the new LB VIP.