Enter Password wrong once locks Domain Account in a Netscaler/Storefront/XenApp env.
We have a Netscaler in front of Storefront accessing a XenApp 6.5 backend. We recently forced users to start using Netscaler URL to access Citrix. They are currently finding that if they Login with Wrong Password just once, their domain account gets locked out and they just receive the pop up that circles over and over, cannot complete request. We are not using single sign-on as we have 3 domains users can authenticate with.
I have done some looking and it seems this is a common issue but not solved. Suggestions?
Thanks in advance. Not fun dealing with grumpy users... and don't blame them.
CitrixNetScaler
Last Comment
jnordeng
8/22/2022 - Mon
Dirk Kotte
do you use more than one authentication server?
I mean ... 2-4 Domain/LDAP-Server for redundancy / 2Factor auth with Radius ...
Do you loadbalance the auth-servers?
You may check the authentication log too.
NS should not make more than one request to the same server..
jnordeng
ASKER
We have 3 different domains that are using LDAP. So there are 3 LDAP Policies, one for each domain. The policy for the domain the majority of our users login to is using a Load Balanced Global URL for the LDAP servers and the other 2 are currently pointed to a specific domain controller since we don't have a LB URL for them.
The one that seems to be locking accounts thus far is actually the policy using the LB URL.
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
do you use more than one authentication server?
I mean ... 2-4 Domain/LDAP-Server for redundancy / 2Factor auth with Radius ...
Do you loadbalance the auth-servers?
You may check the authentication log too.
NS should not make more than one request to the same server..