Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1214
  • Last Modified:

Citrix, Citrix Presentation Server, 4.5, TERMINAL SERVER, logon issue

When a user tries to run a published application via citirx, they are first prompted for an RDP username and password after they are already authenticated via the web interface.
citrix-rdp-prompt.bmp
0
mjm21
Asked:
mjm21
  • 6
  • 2
  • 2
  • +1
2 Solutions
 
Ron9909Commented:
From the screenshot, your user's credentials are trying to use the local computer domain, rather than your AD.

Are your users using pass-through authentication?  If so, have you made the required mods to the user's Appsrv.ini file (on the client, located within the user's profile.  Add EnableSSOnThruICAFile=On
SSOnUserSetting=On to the WFCLIENT section)

Have you tried configuring domains within the configured authentication methods for WI within the Access Suite Console?

Its also possible to configure a default logon domain by modifying the Winlogon entry for your servers - provided that your users all belong to the same domain.

If none of this helps, can you give me a complete description of the setup - how users access WI, how its configured, where users and servers are located etc.  Thanks.
0
 
mjm21Author Commented:
Hi, Thanks.

1. No passthrough.
2. do not think so, will have to check.  Remember this is after they logon through web interface and click the published app.
3. There is only one domain.

Let me take a look.  Can I get back to you.....

Scenario:  users access citrix apps via web interface/ secure gateway. 3 PS servers, 1 farm, separate license server, one of the three server in the far is running terminal server licensing, several published apps.
0
 
sk_raja_rajaCommented:
open the Program Neighborhood, go to Tools>ICA Settings
Check 'Allow pass through'
Check Use local credentials.
Close Program Neighborhood.
Log off windows (don't reboot), then logon again.
Open program neighborhood
Right click and go to properties on published application/application set, go to 'Logon Information'  
input the username and password and domain


0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
sk_raja_rajaCommented:
0
 
mjm21Author Commented:
I am taking a look now to what is going on.   I will get back to you.
0
 
mjm21Author Commented:
I will have more info tomorrow when the group of users are in.....they are from Germany
0
 
EricIT ManagerCommented:
See attached.  You may not be able to use passthrough.
I dont allow it on my network.

citrix-policy.jpg
0
 
mjm21Author Commented:
I figured it out.  I physically went to the server that was causing the issue.  Took a keyboard, mouse and monitor and hooked them up.

What I saw was the log in prompt was set as the following:

username: domainname\username
Password:
local server: local server hostname

Someone logged on locally to this server..and that was the issue.

Solution:  Logged in as domain administrator with the the domain name, not the local server.

Logged off.  Issue resolved!!  Had a user test and worked fine.

Wierd, but it worked....  Great!

I will see tomorrow if the other users from Germany have no problem as well.
0
 
EricIT ManagerCommented:
That was Ron's First suggestion for the record.
0
 
mjm21Author Commented:
this:  From the screenshot, your user's credentials are trying to use the local computer domain, rather than your AD.

I agree, but who knew you had to go to the local machine and check this.  It is as if the server forced local log in via citrix session.
0
 
Ron9909Commented:
Yes - in this case, if you haven't specified a logon domain, either through WI authentication, or through the DefaultDomainName registry entry, then it uses the domain/realm of the locally logged on user.  To prevent this happening again, you should specifiy the domain to be used.  Easiest way is through the Access Suite console - authentication methods for the WI site.
0
 
mjm21Author Commented:
I am specifying the domaon name being used through web interface man.....I will provide for you screen shots...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now