Link to home
Start Free TrialLog in
Avatar of jnordeng

asked on

Enter Password wrong once locks Domain Account in a Netscaler/Storefront/XenApp env.

We have a Netscaler in front of Storefront accessing a XenApp 6.5 backend.  We recently forced users to start using Netscaler URL to access Citrix.  They are currently finding that if they Login with Wrong Password just once, their domain account gets locked out and they just receive the pop up that circles over and over, cannot complete request.  We are not using single sign-on as we have 3 domains users can authenticate with.  

I have done some looking and it seems this is a common issue but not solved.  Suggestions?

Thanks in advance.  Not fun dealing with grumpy users... and don't blame them.
Avatar of Dirk Kotte
Dirk Kotte
Flag of Germany image

do you use more than one authentication server?

I mean  ... 2-4 Domain/LDAP-Server for redundancy / 2Factor auth with Radius ...

Do you loadbalance the auth-servers?

You may check the authentication log too. 

NS should not make more than one request to the same server..

Avatar of jnordeng


We have 3 different domains that are using LDAP.  So there are 3 LDAP Policies, one for each domain.  The policy for the domain the majority of our users login to is using a Load Balanced Global URL for the LDAP servers and the other 2 are currently pointed to a specific domain controller since we don't have a LB URL for them.

The one that seems to be locking accounts thus far is actually the policy using the LB URL.

I'll look for the authentication log.
Avatar of jnordeng

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial