?
Solved

The supplied credentials could not be validated

Posted on 2007-08-10
16
Medium Priority
?
8,759 Views
Last Modified: 2012-06-27
Hi

We have recently installed a new Citrix Presentation Server 4.5 on a Windows 2003 box and cannot login to the web interface with user credentials. It gives the following error:

The supplied credentials could not be validated. Either they are incorrect, or there is a problem with the authentication system. Try again, or contact your help desk or system administrator for help.


We can login with the domain admin, and any user added to the local admin group, but domain users do not seem to have permissions to login. We dont really want to give them local admin rights on the server!

I have seen a few threads about this, some concerened with xml ports and the like - I have tried those and they dont seem to help - I am pretty sure its a permissions error with either Windows or Citrix, but cant seem to find out what exactly.

Help!

Thanks in advance
0
Comment
Question by:5t34lth_G33k
  • 6
  • 5
  • 3
14 Comments
 
LVL 18

Expert Comment

by:mgcIT
ID: 19670215
in Windows 2003 you need to add users to the Remote Desktop Users group in order for them to be abe to log in.
0
 
LVL 7

Author Comment

by:5t34lth_G33k
ID: 19670246
Sorry, I forgot to add that I have done that - I have added domain users group to remote desktop users as well as the terminal server users group.
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 19670736
what about giving them rights to the ICA connection properties using the Citrix Connection Configuration Tool?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Expert Comment

by:semetrix
ID: 19670738
On which port do you run your XML service now, does it share same port number as IIS or does it use different port number? Metarame console > properties of citrix server>metaframe settings > citrix XML service.
0
 
LVL 7

Author Comment

by:5t34lth_G33k
ID: 19673763
mgcIT - I cant see that option, I only really have access to the Access management console or the Presentation Server Console - is the option in one of those? If not, where is it in the start menu?

semetrix - IIS is on port 80, I have configured xml service to be on port 8080 as per one of the Citrix FAQ's
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 19673942
i can't recall if this is still in 4.5 but it would be under:

Start > Programs > Citrix > Administrative Tools > Citrix Connection Configuration Tool


Or you can also access it via the Terminal Services config at:

Start > Programs > Administrative Tools > Terminal Services Configuration
0
 

Expert Comment

by:semetrix
ID: 19682159
You can try telnet to port to find you if it's running. Telnet (PS server name) XMLport for exmaple : telnet SERVER1 8080 if it works and port is open you will recieve response like this
HTTP/1.1 400 Bad request
Server: Citrix Web PN Server
Date: Mon, 13 Aug 2007 08:25:43 GMT
Connection: Close

Check your XML service if it's regitered and running in system service. Last thing what helped me was to try repairing web browser component in Access suite console suite components>configuration tools>web interafce>local site tasks > repair site.
0
 
LVL 7

Author Comment

by:5t34lth_G33k
ID: 19682252
mgcIT - I have set my user account explicitly full control on both the RDP and the ICA protocol, I still cant login but the domain admin can.

semetrix - XML service is responding on 8080, I got the response you posted. Also, the repair install didnt seem to work. I did notice something, however - if I enter the wrong password, I get this message:

"The supplied credentials were invalid. Please try again or contact your system administrator for help."

Whereas I get this message if the credentials are correct:

"The supplied credentials could not be validated. Either they are incorrect, or there is a problem with the authentication system. Try again, or contact your help desk or system administrator for help."

So Im guessing its just a Citrix permissions issue - I can rdp to the server and login, but just cant login via the web interface!
0
 

Expert Comment

by:semetrix
ID: 19682356
Can you please check what version of .NET framework are you using? .NET 2.0 doesn't seem to work correctly sometimes. It's better to use .NET 1.1 you can check it in add/remove programs.
0
 
LVL 7

Author Comment

by:5t34lth_G33k
ID: 19682453
We're using 2.0 - should I just install 1.1 and leave 2.0 or remove it?
0
 

Expert Comment

by:semetrix
ID: 19682643
I had uninstalled 2.0 and installed 1.1. After installation run web interface repair again. Repair just ensures that all necessary files are present and that web interface is fully functional.
0
 
LVL 7

Author Comment

by:5t34lth_G33k
ID: 19682818
Hi

I couldnt start the console after uninstalling .Net 2.0 - I tried to install 1.1, but it said that it was already installed with the operating system. I am reinstalling 2.0

I have also tried uninstalling and reinstalling the web interface component from scratch - I set the XML port to be 8080 again during install and it still responds when telnetting to that port. Domain admin can still login, but my own user account cant.

Also, I cant remote desktop to the server with my own username - the domain admin can, but even with logon locally rights set through Group Policy, adding myself as a member to the remote users group and setting full control on my user acount within terminal server configuration, I still cannot login via the web interface or RDP. Im going to ty to remove the server from the domain and continue troubleshooting, at least there will be no funky GP issues making matters worse. I ran the Resultant Set of Policy to see what GPO's were being applied to the server, it was really only the 'allow logon locally' object within Computer settings->Security->local account policies - I have added my own username to the list of allowed usernames, alongside the domain admin account.
0
 

Expert Comment

by:semetrix
ID: 19683120
Plese check in Citrix connection configuration (should be present on ICA toolbar) edit on ICA-TCP>advanced on right side Only lunch published apps if it's checked uncheck it. When I installed my farm it was initialy checked and I couldn't RDP there as well.
0
 
LVL 7

Accepted Solution

by:
5t34lth_G33k earned 0 total points
ID: 19683232
Hi

I have finally managed to get it working - I forgot that removing it from the domain would cause everything to stop working, but re-adding to the domain seems to have sorted out the authentication issues - I can now login, and so can anyone else added to the 'allow logon locally' object within Group Policy.

Very very strange, I had tested this earlier, but it seems readding to the domain got it working

Thanks semetrix and mgcIT, I really do appreciate your input - sincere apologies if I have wasted your time!!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
#Citrix #Citrix Policies #XenDesktop #VDI #POC #Citrix Univeral Printer Driver #Citrix UPD
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question