Solved

citrix presentation server 4.0 passwords

Posted on 2009-04-08
7
755 Views
Last Modified: 2012-05-06
We have a citrix presentation server 4.0 - users are using pna agent and xen app agent to access their applications - Each time a create a user i need to set it so that their passwords never expire - i want to be able to promp the user to change the password after so many days, but i do not get the prompt, i just get a message that "specified password is no longer valid" and the user has no way of changing their password. Does anyone know step by step what i need to do to get password changes to work
0
Comment
Question by:zingab
  • 4
  • 3
7 Comments
 
LVL 11

Expert Comment

by:pfcjoker
ID: 24112430
Checking "user must change password at next logon" in their Account will force them to change it at their first logon on their XP workstation- is there some reason you can't use that?

PNagent doesn't really give you a "password change" option. - your options are:

A) have the user change the password on their Desktops (Are the users not logging into the domain here? - PNagent is really designed for a workstation that logs into a domain)

B) Enable Password changes via Web Interface Site (not PNA)
1) Launch Access Manager Console on the Web Interface Server
2) Discover if it's not already done
3) MetaFrame Presentation Server > Suite Components > Configuration Tools > Web Interface > <your Web interface site>
Note if you only have your PNagent site here, you will need to right click Web Interface and Create Site and make a MetaFrame Presentation Server Site (web Interface)
4) in the Middle under Common Tasks, click Configure authentication methods
5) On this first screen select Allow user to change password: At Any Time
6) set up the rest of the authentication as you see fit for your environment - now users will be able to browse to your Web Interface site http://<servername> and there is a Padlock icon where they can change their password after they logon.



0
 

Author Comment

by:zingab
ID: 24181378
not sure if you answered my question
0
 
LVL 11

Expert Comment

by:pfcjoker
ID: 24226514
The simple answer is, if you create an account with "password never expire" - as you stated in your question, then it's working as intended, the user will ever get prompted to change their password. You have to uncheck this to allow domain/computer policies to take over and force the user to change the password.

To set the Domain Policy:
Use gpmc.msc (or dsa.msc for older domains)

In the Default Domain Policy at the root of AD

Security Settings > Account Policies > Password Policy


To set a local computer (note a domain policy will overwrite this in a AD environment if it's set):
Secpol.msc
Computer Settings > Security Settings > Account Policies > Password Policy.


If that doesn't cover it then I'll need some more clarity of what it is exactly you are trying to do.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:zingab
ID: 24231716
That does not cover it. When setting the password to expire in policy the users do not get prompted to change their passwords when logging into their pna agent. I need the pna agent to have the chbange passwords field to allow the users to change them.
0
 

Author Comment

by:zingab
ID: 24271018
can someone answer this or not.
0
 
LVL 11

Accepted Solution

by:
pfcjoker earned 500 total points
ID: 24273270
Ok now that makes sense, no the PNAgent does not change passwords (and as far as I know has zero code for prompting password changes). Because Citrix designed the PNagent to be used on internal clients it assumes that the user is already logged into a domain on the workstation running PNagent and as a result expects any password change / policy notices of impending password change to occur at the workstation OS level.

Here are the only real places where the user will be prompted to change their password in a Citrix enviornment:

A) On the client device (assuming login to Domain at client level - otherwise no prompt)
B) At the Web Interface level (if configured - Web Interface will notify the user that their password is expired or about to expire and allow them to change the password at the Web Interface level via their IE)
C) At the Server level when you connect to a published app (won't work if the password is already expired as the user won't be able to get published applications in the first place from PNa or PN due to the expired password.)

My suggestion to "workaround" what you are trying to do (pick one - don't have to do them both):

A) connect the client PCs to the domain and make sure the user logs into the domain. Also make sure your GPOs apply to these workstations in a way where password expire notifications are prompted starting a set # of days (7 days is usually good, some environments go as high as 14 days).

B) stop using the PN and PNa client on these systems and instead use Web Interface properly configured to allow password changes.
0
 

Author Closing Comment

by:zingab
ID: 31568098
ty
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Citrix XenDesktop, Citrix Studio, Citrix Policies, Citrix XenApp
CITRIX XENAPP 6.5 FARM CUSTOM POLICY - CHANGE MANAGEMENT WINDOW REBOOT SCHEDULE
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now