citrix presentation server 4.0 passwords

Posted on 2009-04-08
Medium Priority
Last Modified: 2012-05-06
We have a citrix presentation server 4.0 - users are using pna agent and xen app agent to access their applications - Each time a create a user i need to set it so that their passwords never expire - i want to be able to promp the user to change the password after so many days, but i do not get the prompt, i just get a message that "specified password is no longer valid" and the user has no way of changing their password. Does anyone know step by step what i need to do to get password changes to work
Question by:zingab
  • 4
  • 3
LVL 11

Expert Comment

ID: 24112430
Checking "user must change password at next logon" in their Account will force them to change it at their first logon on their XP workstation- is there some reason you can't use that?

PNagent doesn't really give you a "password change" option. - your options are:

A) have the user change the password on their Desktops (Are the users not logging into the domain here? - PNagent is really designed for a workstation that logs into a domain)

B) Enable Password changes via Web Interface Site (not PNA)
1) Launch Access Manager Console on the Web Interface Server
2) Discover if it's not already done
3) MetaFrame Presentation Server > Suite Components > Configuration Tools > Web Interface > <your Web interface site>
Note if you only have your PNagent site here, you will need to right click Web Interface and Create Site and make a MetaFrame Presentation Server Site (web Interface)
4) in the Middle under Common Tasks, click Configure authentication methods
5) On this first screen select Allow user to change password: At Any Time
6) set up the rest of the authentication as you see fit for your environment - now users will be able to browse to your Web Interface site http://<servername> and there is a Padlock icon where they can change their password after they logon.


Author Comment

ID: 24181378
not sure if you answered my question
LVL 11

Expert Comment

ID: 24226514
The simple answer is, if you create an account with "password never expire" - as you stated in your question, then it's working as intended, the user will ever get prompted to change their password. You have to uncheck this to allow domain/computer policies to take over and force the user to change the password.

To set the Domain Policy:
Use gpmc.msc (or dsa.msc for older domains)

In the Default Domain Policy at the root of AD

Security Settings > Account Policies > Password Policy

To set a local computer (note a domain policy will overwrite this in a AD environment if it's set):
Computer Settings > Security Settings > Account Policies > Password Policy.

If that doesn't cover it then I'll need some more clarity of what it is exactly you are trying to do.
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.


Author Comment

ID: 24231716
That does not cover it. When setting the password to expire in policy the users do not get prompted to change their passwords when logging into their pna agent. I need the pna agent to have the chbange passwords field to allow the users to change them.

Author Comment

ID: 24271018
can someone answer this or not.
LVL 11

Accepted Solution

pfcjoker earned 2000 total points
ID: 24273270
Ok now that makes sense, no the PNAgent does not change passwords (and as far as I know has zero code for prompting password changes). Because Citrix designed the PNagent to be used on internal clients it assumes that the user is already logged into a domain on the workstation running PNagent and as a result expects any password change / policy notices of impending password change to occur at the workstation OS level.

Here are the only real places where the user will be prompted to change their password in a Citrix enviornment:

A) On the client device (assuming login to Domain at client level - otherwise no prompt)
B) At the Web Interface level (if configured - Web Interface will notify the user that their password is expired or about to expire and allow them to change the password at the Web Interface level via their IE)
C) At the Server level when you connect to a published app (won't work if the password is already expired as the user won't be able to get published applications in the first place from PNa or PN due to the expired password.)

My suggestion to "workaround" what you are trying to do (pick one - don't have to do them both):

A) connect the client PCs to the domain and make sure the user logs into the domain. Also make sure your GPOs apply to these workstations in a way where password expire notifications are prompted starting a set # of days (7 days is usually good, some environments go as high as 14 days).

B) stop using the PN and PNa client on these systems and instead use Web Interface properly configured to allow password changes.

Author Closing Comment

ID: 31568098

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question