troubleshooting Question

User locked-out when attempting to print through Citrix

Avatar of greenwin
greenwin asked on
Citrix
9 Comments1 Solution3101 ViewsLast Modified:
We experience intermittent user lock-outs (domain policy - lock-out after 5 incorrect attempts) after a user attempts to print something through Citrix.

To replicate the event, a user launches a published application (any app - Word, Lotus Notes, Excel, etc), attempts to print and from the printer dialogue box, notices that not all printers have been mapped.  If the user's ID properties are viewed in AD Users & Computers, the account is locked-out.

The intermittent lock-out has been occurring for a long time, with the thought being an NT PDC/BDC sync'ing issue.  We have since upgraded the entire environment as follows: Citrix Presentation Server 4.0 environment (upgraded from Citrix XPe) running on two Windows 2003 servers, behind a firewall, accessible via Citrix Securegateway 3.0 in the DMZ with Windows 2000 DC's.  

This affects users with local printers (remote sites) using local IDs for their machine and logging into Citrix via their Domain ID as well as domain users (logging into Citrix from their head-office machine - i.e. on same network as the Citrix servers).  Most users are running Presentation Server Client v9 though there are some v8 clients.  Issue affects all users.

And further info ...

Encounter CPSVC.exe (Citrix Print Manager) errors occasionally on the Citrix servers. Service is restarted.

When attempting to view printer properties of session printers, an error message is encountered: You do not have access to this printer -> Reviewed all the ID rights for CtxSmaUser (as per Citrix Knowledge Base article: CTX106393) and everything appears to have been setup correctly by the system at installation.

We have deleted user profiles on the Citrix server incase there was cached password info -> No affect.

In the Security Event Log on the DC, Event ID 529 / Logon/Logoff is logged 5 times:

Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      JoeUser
       Domain:            MyDomain
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      MyCITRIX1

And after lock out Event ID 539 / Logon/Logoff is logged numerous times.

Logon Failure:
       Reason:            Account locked out
       User Name:      JoeUser
       Domain:      MyDomain
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      MyCITRIX1

Issue is incredibely frustrating (for all involved) and any suggestions would be most appreciated.  Thank you!
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 9 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros