asked on
Enter Password wrong once locks Domain Account in a Netscaler/Storefront/XenApp env.
We have a Netscaler in front of Storefront accessing a XenApp 6.5 backend. We recently forced users to start using Netscaler URL to access Citrix. They are currently finding that if they Login with Wrong Password just once, their domain account gets locked out and they just receive the pop up that circles over and over, cannot complete request. We are not using single sign-on as we have 3 domains users can authenticate with.
I have done some looking and it seems this is a common issue but not solved. Suggestions?
Thanks in advance. Not fun dealing with grumpy users... and don't blame them.
I have done some looking and it seems this is a common issue but not solved. Suggestions?
Thanks in advance. Not fun dealing with grumpy users... and don't blame them.
CitrixNetScaler
Last Comment
jnordeng
ASKER
We have 3 different domains that are using LDAP. So there are 3 LDAP Policies, one for each domain. The policy for the domain the majority of our users login to is using a Load Balanced Global URL for the LDAP servers and the other 2 are currently pointed to a specific domain controller since we don't have a LB URL for them.
The one that seems to be locking accounts thus far is actually the policy using the LB URL.
I'll look for the authentication log.
The one that seems to be locking accounts thus far is actually the policy using the LB URL.
I'll look for the authentication log.
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionExperts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
do you use more than one authentication server?
I mean ... 2-4 Domain/LDAP-Server for redundancy / 2Factor auth with Radius ...
Do you loadbalance the auth-servers?
You may check the authentication log too.
NS should not make more than one request to the same server..