If we get this error first thing to check is if we are able to resolve Storefront FQDN or base URL from netscaler.
If not make an A record in Netscaler DNS.
Or else give the IP of Storefront in session profile like: https://10.10.10.10/citrix/SFWeb.
*Where 10.10.10.10 is our SF IP and SF is our store name.
Also make sure that the SSO domain that we add in session profile is same as the Userdomain.
To check this run “set” command on storefront command line and check the Userdomain field.
If we still get errors like “cannot complete your request”, check the LDAP profile.
It may have an entry in SSO name attribute field like “cn.”
We need SSO name attribute in only multiple domain environment, and that should be set as “userPrincipalName ” in that case.