Solved

Web Interface prompts some users for username and password

Posted on 2007-11-28
11
365 Views
Last Modified: 2009-02-13
Some users are getting prompted for username and password when they access the web interface. Web Interface is version 4. Most users access it by going to http://webinterfaceaddress and they see their published applications. A few users go to http://webinterfaceaddress and they're prompted for username and password. Once the enter their username and password they see their published apps.

Any ideas what is causing some users to be prompted?

Web  Interface is configured for pass-through. All users are in the same domain and site. All users have log on locally right.

Any ideas? Thanks.
0
Comment
Question by:mpopal
  • 6
  • 5
11 Comments
 
LVL 21

Expert Comment

by:robocat
ID: 20367258
Perhaps a stupid question, but does everybody use the same browser (firefox vs IE) ?
0
 
LVL 3

Author Comment

by:mpopal
ID: 20367802
Yes. Everyone uses the same browser: IE 6 SP 2.
0
 
LVL 21

Expert Comment

by:robocat
ID: 20367980

The users that get prompted for a password; is the website classified by IE as internet or local intranet ?
0
 
LVL 3

Author Comment

by:mpopal
ID: 20368530
All the users that get prompted, IE classifies the web interface site as Local Intranet.
0
 
LVL 21

Expert Comment

by:robocat
ID: 20368836
What happens if you add the server to the trusted sites in IE?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Author Comment

by:mpopal
ID: 20370843
Added to trusted sites in IE and still prompts for username and password. It doesn't prompt everyone. Only probably about 100 people out of 5000. I thought it might be a security template or something that could be causing the problem, but I can log in on the problem workstation and it works fine for me. But if the user tries with his or her account, on any workstation, it prompts them for username and password.

I also made a couple of the problem users a local admin across the entire citrix farm including web interface servers and still prompted them for a password. I have two Web Interface servers set up with Microsoft NLB for load balance.
0
 
LVL 21

Expert Comment

by:robocat
ID: 20372342

Can you check the APPSRV.ini file in the user's profile\citrix ?

Do these lines exist ?
 
[WFClient]
EnableSSOnThruICAFile=On
SSOnUserSetting=On

0
 
LVL 3

Author Comment

by:mpopal
ID: 20374059
The appsrv.ini file does have those settings you mentioned. However, those settings only affect the citrix client when a user clicks on a published application, it will load an application without being prompted by windows to log in.

Users are being prompted well before the citrix clients ever gets involved. When a user connects to http://webinterfaceserver, they should see their published applications displayed without being prompted.
0
 
LVL 21

Expert Comment

by:robocat
ID: 20380700

It sounds like your basic config is ok, as less than 1% of your users have this problem. I only have 2 suggestions left:

1.You could try enabling auditing both on the client and the server and try to figure out what exactly is happening.
2. Try to clean out the user profile entirely and see if the problem goes away.

0
 
LVL 3

Author Comment

by:mpopal
ID: 20386882
I've deleted user profiles, so that eliminates option 2. The only kind of auditing I can think of enabling is IIS. I've enabled that as well and nothing is pointing to a problem. I've also enabled the security log to log successful and faled attempts, and nothing so far. Thanks for all your help.
0
 
LVL 3

Accepted Solution

by:
mpopal earned 0 total points
ID: 23504459
Sorry for the late late response, but I figured the problem a while ago. If a user enters the FQDN, such as http://webinterface.domain.com, the user sees published apps without being prompted. If a user enters http://webinterface, the user is prompted. So by entering the FQDN users are not prompted. Not sure what is so unique by entering FQDN.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Citrix XenDesktop 7.6 Citrix Policies Disable Peripherals
Several part series to implement Internet Explorer 11 Enterprise Mode
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now