NetScaler Enhanced Authentication Feedback throws Error Codes with RfWebUI Theme

NetScalers Enhanced Authentication Feedback is, despite being highly debatable from a security standpoint, a great feature in terms of usability.

Recently one of my customers had the requirement to enable it. But surprisingly we only received the error codes (4009, 4007, etc.) – not the error messages.

  • “4009” instead of “user unknown”
  • “4007” instead of “bad password”
  • etc.


What’s wrong? I knew I had seen this working in the past! And more important I was able to get it working in my lab environment just by the flip of the switch.

set aaa param -enableEnhancedAuthFeedback YES

I tried updates (12.0 to 12.0 latest, 12.0 to 12.1), re-import a fresh blank 12.1 VPX, recreate the custom theme, etc.

Long story short…

Turned out in the end the problem was with the classic authentication policies (i.e. “ns_true”) being used in conjunction with the RfWebUI theme.

The solution was to change them into advanced authentication policies (i.e. “true”)!

Knowing this I even found the matching CTX230677 but searching just for the error message I was never able to land at that article – hence I decided to briefly share the solution here.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: