Netscaler http/1.1 internal server error 43531

Nach dem Upgrade der Citrix ADC Appliance (Gateway) auf die Version 13.0 (Build: 71.40) wurde nach erfolgreicher Anmeldung am Gateway eine weiße Seite und der Fehler „Http/1.1 Internal Server Error 43531“ zurückgegeben.

Einige Blogeinträge weisen daraufhin, dass es sich hierbei um DNS Probleme im Bereich der Session Profile zur Auflösung der internen Storefront Server handeln kann. Eine saubere DNS-Auflösung gilt es an dieser Stelle grundsätzlich auch zu prüfen.

In diesem Fall lag es jedoch an veralteten Expressions in den entsprechenden Sessions Policies für StoreWeb, die bei Nutzung eines Webbrowsers zur Anmeldung am Gateway greifen. Ein Gegentest ergab, dass die Verbindung via Citrix Receiver bzw. der Workspace-App erfolgreich durchgeführt werden konnte.

Lösung: Um die Session Policies für ein ADC Gateway zu bearbeiten, muss an folgende Stelle navigiert werden:

Citrix Gateway -> Policies -> Citrix Gateway Session Policies and Profiles -> Session Policies

Neben der negierten Bedingung für Receiver/Workspace war ein veralteter, ergänzender Ausdruck für den HTTP-Header Request hinterlegt „&& REQ.HTTP.HEADER Referer EXISTS„. Nach Entfernen des Abschnitts war eine Anmeldung auch für StoreWeb, also Webbrowser, wieder möglich.

System Engineer Softwarebereich Microsoft

Schaltfläche "Zurück zum Anfang"

I have a new farm with a new VIP.

All the proper firewall rules were in place but access from the Net would only give:

Http/1.1 Internal Server Error 43531

I went through and did all the proper DNS checks, etc., and did not find anything wrong.

The Netscaler had green lights on the basic setup and internally, Storefront was accessible. I reviewed load balancing services and found my two storefronts had yellow lights!

It turns out the security people only updated the firewall rules for one of the firewalls. A simple update and all was good!

What was strange was the fact we kept hitting the firewall without the rules! If only I was that lucky with the lottery.

Verify the StoreFront URL. In case of HTTPS store, Verify the certificate on StoreFront servers.

You should have the valid certificate for the Base URL and Base URL should be along with FQDN not anything like only hostname or something.

Example: StoreFront.Domain.com

Refer to Citrix Documentation – Configure NetScaler Gateway connection settings

No Related Posts

October 7, 2014

After upgrading a HA Pair of NetScalers from 10.1 to the latest 10.5 Build (10.5-52.11 to be exact) I stumbled upon a critical Error when trying to access the Receiver for Web Site.

After authenticating successfully I would be presented with an Http/1.1 Internal Server Error 43531

After some Troubleshooting I could narrow it down to a specific Setting in my Session Policies for the NetScaler Gateway. If you used my previous Blogpost on how to configure the NetScaler Gateway for Storefront Remote Access you might also run into the same Problem.

The following Setting was working with the NetScaler 10.1 Builds:

After upgrading to the 10.5 NetScaler Build you need to edit your "Receiver for Web" Session Policy and move the Storefront URL from the "Home Page" Field under Client Experience to the "Web Interface Address" Field under Published Applications. You also need to enable "ICA Proxy" and set it to ON. Below are two Screenshots with the corrected Session Policy Settings:

I'm not sure if this is intended or just a Bug in the Code. Feel free to let me know in the Comments if you encountered the same Problem when upgrading from 10.1 to 10.5.