jnordeng
asked on
Enter Password wrong once locks Domain Account in a Netscaler/Storefront/XenApp env.
We have a Netscaler in front of Storefront accessing a XenApp 6.5 backend. We recently forced users to start using Netscaler URL to access Citrix. They are currently finding that if they Login with Wrong Password just once, their domain account gets locked out and they just receive the pop up that circles over and over, cannot complete request. We are not using single sign-on as we have 3 domains users can authenticate with.
I have done some looking and it seems this is a common issue but not solved. Suggestions?
Thanks in advance. Not fun dealing with grumpy users... and don't blame them.
I have done some looking and it seems this is a common issue but not solved. Suggestions?
Thanks in advance. Not fun dealing with grumpy users... and don't blame them.
ASKER
We have 3 different domains that are using LDAP. So there are 3 LDAP Policies, one for each domain. The policy for the domain the majority of our users login to is using a Load Balanced Global URL for the LDAP servers and the other 2 are currently pointed to a specific domain controller since we don't have a LB URL for them.
The one that seems to be locking accounts thus far is actually the policy using the LB URL.
I'll look for the authentication log.
The one that seems to be locking accounts thus far is actually the policy using the LB URL.
I'll look for the authentication log.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
do you use more than one authentication server?
I mean ... 2-4 Domain/LDAP-Server for redundancy / 2Factor auth with Radius ...
Do you loadbalance the auth-servers?
You may check the authentication log too.
NS should not make more than one request to the same server..