5t34lth_G33k
asked on
The supplied credentials could not be validated
Hi
We have recently installed a new Citrix Presentation Server 4.5 on a Windows 2003 box and cannot login to the web interface with user credentials. It gives the following error:
The supplied credentials could not be validated. Either they are incorrect, or there is a problem with the authentication system. Try again, or contact your help desk or system administrator for help.
We can login with the domain admin, and any user added to the local admin group, but domain users do not seem to have permissions to login. We dont really want to give them local admin rights on the server!
I have seen a few threads about this, some concerened with xml ports and the like - I have tried those and they dont seem to help - I am pretty sure its a permissions error with either Windows or Citrix, but cant seem to find out what exactly.
Help!
Thanks in advance
We have recently installed a new Citrix Presentation Server 4.5 on a Windows 2003 box and cannot login to the web interface with user credentials. It gives the following error:
The supplied credentials could not be validated. Either they are incorrect, or there is a problem with the authentication system. Try again, or contact your help desk or system administrator for help.
We can login with the domain admin, and any user added to the local admin group, but domain users do not seem to have permissions to login. We dont really want to give them local admin rights on the server!
I have seen a few threads about this, some concerened with xml ports and the like - I have tried those and they dont seem to help - I am pretty sure its a permissions error with either Windows or Citrix, but cant seem to find out what exactly.
Help!
Thanks in advance
mgcIT
in Windows 2003 you need to add users to the Remote Desktop Users group in order for them to be abe to log in.
ASKER
Sorry, I forgot to add that I have done that - I have added domain users group to remote desktop users as well as the terminal server users group.
what about giving them rights to the ICA connection properties using the Citrix Connection Configuration Tool?
On which port do you run your XML service now, does it share same port number as IIS or does it use different port number? Metarame console > properties of citrix server>metaframe settings > citrix XML service.
ASKER
mgcIT - I cant see that option, I only really have access to the Access management console or the Presentation Server Console - is the option in one of those? If not, where is it in the start menu?
semetrix - IIS is on port 80, I have configured xml service to be on port 8080 as per one of the Citrix FAQ's
semetrix - IIS is on port 80, I have configured xml service to be on port 8080 as per one of the Citrix FAQ's
i can't recall if this is still in 4.5 but it would be under:
Start > Programs > Citrix > Administrative Tools > Citrix Connection Configuration Tool
Or you can also access it via the Terminal Services config at:
Start > Programs > Administrative Tools > Terminal Services Configuration
Start > Programs > Citrix > Administrative Tools > Citrix Connection Configuration Tool
Or you can also access it via the Terminal Services config at:
Start > Programs > Administrative Tools > Terminal Services Configuration
You can try telnet to port to find you if it's running. Telnet (PS server name) XMLport for exmaple : telnet SERVER1 8080 if it works and port is open you will recieve response like this
HTTP/1.1 400 Bad request
Server: Citrix Web PN Server
Date: Mon, 13 Aug 2007 08:25:43 GMT
Connection: Close
Check your XML service if it's regitered and running in system service. Last thing what helped me was to try repairing web browser component in Access suite console suite components>configuration tools>web interafce>local site tasks > repair site.
HTTP/1.1 400 Bad request
Server: Citrix Web PN Server
Date: Mon, 13 Aug 2007 08:25:43 GMT
Connection: Close
Check your XML service if it's regitered and running in system service. Last thing what helped me was to try repairing web browser component in Access suite console suite components>configuration tools>web interafce>local site tasks > repair site.
ASKER
mgcIT - I have set my user account explicitly full control on both the RDP and the ICA protocol, I still cant login but the domain admin can.
semetrix - XML service is responding on 8080, I got the response you posted. Also, the repair install didnt seem to work. I did notice something, however - if I enter the wrong password, I get this message:
"The supplied credentials were invalid. Please try again or contact your system administrator for help."
Whereas I get this message if the credentials are correct:
"The supplied credentials could not be validated. Either they are incorrect, or there is a problem with the authentication system. Try again, or contact your help desk or system administrator for help."
So Im guessing its just a Citrix permissions issue - I can rdp to the server and login, but just cant login via the web interface!
semetrix - XML service is responding on 8080, I got the response you posted. Also, the repair install didnt seem to work. I did notice something, however - if I enter the wrong password, I get this message:
"The supplied credentials were invalid. Please try again or contact your system administrator for help."
Whereas I get this message if the credentials are correct:
"The supplied credentials could not be validated. Either they are incorrect, or there is a problem with the authentication system. Try again, or contact your help desk or system administrator for help."
So Im guessing its just a Citrix permissions issue - I can rdp to the server and login, but just cant login via the web interface!
Can you please check what version of .NET framework are you using? .NET 2.0 doesn't seem to work correctly sometimes. It's better to use .NET 1.1 you can check it in add/remove programs.
ASKER
We're using 2.0 - should I just install 1.1 and leave 2.0 or remove it?
I had uninstalled 2.0 and installed 1.1. After installation run web interface repair again. Repair just ensures that all necessary files are present and that web interface is fully functional.
ASKER
Hi
I couldnt start the console after uninstalling .Net 2.0 - I tried to install 1.1, but it said that it was already installed with the operating system. I am reinstalling 2.0
I have also tried uninstalling and reinstalling the web interface component from scratch - I set the XML port to be 8080 again during install and it still responds when telnetting to that port. Domain admin can still login, but my own user account cant.
Also, I cant remote desktop to the server with my own username - the domain admin can, but even with logon locally rights set through Group Policy, adding myself as a member to the remote users group and setting full control on my user acount within terminal server configuration, I still cannot login via the web interface or RDP. Im going to ty to remove the server from the domain and continue troubleshooting, at least there will be no funky GP issues making matters worse. I ran the Resultant Set of Policy to see what GPO's were being applied to the server, it was really only the 'allow logon locally' object within Computer settings->Security->local account policies - I have added my own username to the list of allowed usernames, alongside the domain admin account.
I couldnt start the console after uninstalling .Net 2.0 - I tried to install 1.1, but it said that it was already installed with the operating system. I am reinstalling 2.0
I have also tried uninstalling and reinstalling the web interface component from scratch - I set the XML port to be 8080 again during install and it still responds when telnetting to that port. Domain admin can still login, but my own user account cant.
Also, I cant remote desktop to the server with my own username - the domain admin can, but even with logon locally rights set through Group Policy, adding myself as a member to the remote users group and setting full control on my user acount within terminal server configuration, I still cannot login via the web interface or RDP. Im going to ty to remove the server from the domain and continue troubleshooting, at least there will be no funky GP issues making matters worse. I ran the Resultant Set of Policy to see what GPO's were being applied to the server, it was really only the 'allow logon locally' object within Computer settings->Security->local account policies - I have added my own username to the list of allowed usernames, alongside the domain admin account.
Plese check in Citrix connection configuration (should be present on ICA toolbar) edit on ICA-TCP>advanced on right side Only lunch published apps if it's checked uncheck it. When I installed my farm it was initialy checked and I couldn't RDP there as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.