Jump to content
Welcome to our new Citrix community!
  • 2

Citrix receiver continually prompting for password (external access)


Joseph Daly

Question

Im probably going to open a case for this soon but was wondering if anyone had seen/resolved this issue in the past.

 

Our setup is as follows XA 7.8, Storefront 3.x, NS 10.5 running access gateway. Receiver is configured to point to our XA environment.

 

Internally everything is working as it should. Users login and receiver SSO integration allows them to open receiver/launch apps.

 

Externally the users are hitting our netscaler via beacons which requires username, password, and RSA key. This is also working as expected however upon logging in receiver will keep opening the login dialog box even if a user is not trying to launch any applications.

 

I can see this becoming a real problem if the login dialog pops up all the time.

 

Seems like others are reporting the issue but there are scare results from it.

http://discussions.citrix.com/topic/377529-windows-7-receiver-44-logon-prompt-on-clients/

 

Link to comment

Recommended Posts

  • 1

See CTX232184 (04092019) - we had this issue before.  Applied GPO to Citrix App Servers, applying to Domain Computers, with loop back processing on.  As users logged onto Citrix the registry settings would apply to their campus computers.  However; FYI - it seems login pop-ups are back with Workspace App v19.3.  Users are not logged on to Citrix and pop-up on task bar repeats in its prompt to login/password.  So you can see how GPO does not apply yet.  Key word was "dazzle" (registry setting).  I tried to apply the settings to my local registry but it did not appear to help.  I have a service call open.

  • Like 1
Link to comment
  • 0

I did follow your page as a guide.

 

Storefront server load balancing does have persistence set as well as having the separate Primary/Secondary LDAP/Radius authentication set for web browser vs receiver app. The credential index for receiver is set to secondary.

 

I think this may be more of an issue with the receiver client itself because when the credentials window pops up you enter you username,password, and rsa key everything works as expected.

 

its just that upon logging into windows the receiver client is popping the credentials box up. Ideally it should only request credentials when opening the receiver client or trying to launch an app.

Link to comment
  • 0

I am also seeing the same issue and have logged a call with Citrix, but they haven't come back with a resolution as yet.

 

I am trying to narrow down if this only happens in certain circumstances, such as the laptop was connected internally with Receiver logged on to Storefront, and then the laptop moved to an external network where Receiver tries to reconnect after a timeout period and then keeps prompting.

 

I don't think this is happening when the laptop is started up on an external network and Receiver hasn't logged on, but I need to carry out further testing.

Link to comment
  • 0

I also have a case open with them. The technician I spoke with pointed me to the same registry key that was mentioned in the the link from my original post. I don't put much weight in this since I provided that link during the opening of my case.

 

When I asked him what that registry key was used for his response was "Citrix uses thousands of registry keys we can't know them all" so that answer didn't fly with me.

 

In my initial testing that reg key swap does appear to resolve the issues but without knowing what else it may affect I can not push this out to production.

Link to comment
  • 0

Citrix did provide me with some information on that reg key and it doesn't look like a solution:-

 

Native Receivers (not browser-based receivers) use this value to determine what credentials are needed to log the user on to a gateway, which will determine what is shown in the logon UI. The possible values for AUTH key are:

 

0 - RSA passcode only

1 - None (ie anonymous)

2 - Domain password only

3 - Domain password and RSA passcode

4 - SMS-based auth

5 - Gateway auth is self-describing.

 

Selecting "1" will stop the prompt, but it's not a solution to your problem:

 

- anonymous gateway auth isn't supported by native Receivers.

Additionally, Receiver will periodically refresh this registry entry with data supplied by the SF server, at which point your change will be overwritten.

 

 

  • Like 1
Link to comment
  • 0

Thanks for the additional info. The citrix technician I was working with only sent me the snippit with the numbers. I think he purposely left out the additonal info about the native receivers. I have since pushed back on this case. There are several other discussion topics with the same issues so there is something going on, it just seems like they may not want to admit it. 

Link to comment
  • 0

We are having the exact same issue with Receiver 4.5.0.10018.

 

Users are fine when on the network, SSO does the job, but when off the network the user will receive the prompt continously coming back when cancelled.

 

We would only like it if the user was prompted when they tried to launch and application but it appears that Receiver wants to sign them in regardless.

 

I have been dabbling with Registry settings with not much luck, I thought it might of been pre-launch trying to kick off a session but I think I have found all the settings to disable pre-launch and the login box is still occuring.

 

Any assistance, bug ID etc would be useful.  The users are getting frustrated with me on this.

Link to comment
  • 0

Hello Phil!

I do not have any reference, but I have not got any more popups after I upgraded to Receiver 4.7.  With Receiver 4.5 and 4.6 installed I got the popup constantly.

Unfortunately Receiver 4.7 introduces a new bug.  When you launch a published desktop in full-screen you got a grey border around your published desktop. (https://discussions.citrix.com/topic/386050-bug-receiver-47-grey-frame-when-launching-desktop-viewer-in-full-screen/)

Link to comment
  • 0

UPDATE:

 

I tested 4.7 and can confirm that it's not fixed in this version

 

I then did some more digging and discovered that the pop up happens on a state change (PC wake up, LAN move from internal to external), and then sporadically.  When i saw it happen sporadically, it led me to dig more into the AuthManager and SelfService logs.  I discovered this is happening on a schedule.  (every hour)

 

So this means.... Receiver will refresh the user's apps every 60 minutes, by default.  When the Receiver is internal, by beacons, SSO is in play and thus no prompting.   When Receiver is external, by beacons, there is no SSO so the user is prompted because it must authenticate to the Netscaler (AGEE).  So when the Receiver attempts to refresh, it prompts the user.  If the user does nothing, the prompt will timeout (2 minutes). An hour later, the refresh will try again, and a new prompt. over and over.....

 

If the user logs into the Receiver (Netscaler) and maintains the session, it never prompts again because the future refreshes are successful.

 

I called support to ask about this refresh time and discovered that this interval is configurable

http://discussions.citrix.com/topic/366465-automatic-application-refresh-interval/

 

I tested this key by setting it to 3 minutes and was able to see it prompt over and over.  This confirmed my assumptions and I could see this in the logs.

 

64-bit Windows Location: HKLM\Software\Wow6432Node\Citrix\Dazzle 

Name: RefreshMs 
Type: REG_SZ 
Value: 3600000 

32-bit Windows Location: HKLM\Software\Citrix\Dazzle 
Name: RefreshMs 
Type: REG_SZ 
Value: 3600000 

 

 

The support tech also acknowledged that this is a known issue and is scheduled to be released end of Q2 with the next version 4.8 &  4.4 LTSR (4.4.5000)

 

She also was able to provide me private binaries that fixed the problem.  I tested the binaries in my lab, and confirmed it work for me.  I see the Receiver (3 min refresh) in the logs, but no prompt.  

 

Personally, I've not deployed the private binaries into our enterprise.  I'll wait for the final build at end of Q2, and deploy the registry changes to problem users.   I'll set those individuals to a very long interval (72 hours)

 

I hope this helps others....

 

~Phil

  • Like 1
Link to comment
  • 0

UPDATE:

 

I tested 4.7 and can confirm that it's not fixed in this version

 

I then did some more digging and discovered that the pop up happens on a state change (PC wake up, LAN move from internal to external), and then sporadically.  When i saw it happen sporadically, it led me to dig more into the AuthManager and SelfService logs.  I discovered this is happening on a schedule.  (every hour)

 

So this means.... Receiver will refresh the user's apps every 60 minutes, by default.  When the Receiver is internal, by beacons, SSO is in play and thus no prompting.   When Receiver is external, by beacons, there is no SSO so the user is prompted because it must authenticate to the Netscaler (AGEE).  So when the Receiver attempts to refresh, it prompts the user.  If the user does nothing, the prompt will timeout (2 minutes). An hour later, the refresh will try again, and a new prompt. over and over.....

 

If the user logs into the Receiver (Netscaler) and maintains the session, it never prompts again because the future refreshes are successful.

 

I called support to ask about this refresh time and discovered that this interval is configurable

http://discussions.citrix.com/topic/366465-automatic-application-refresh-interval/

 

I tested this key by setting it to 3 minutes and was able to see it prompt over and over.  This confirmed my assumptions and I could see this in the logs.

 

64-bit Windows Location: HKLM\Software\Wow6432Node\Citrix\Dazzle 

Name: RefreshMs 

Type: REG_SZ 

Value: 3600000 

 

32-bit Windows Location: HKLM\Software\Citrix\Dazzle 

Name: RefreshMs 

Type: REG_SZ 

Value: 3600000 

 

 

The support tech also acknowledged that this is a known issue and is scheduled to be released end of Q2 with the next version 4.8 &  4.4 LTSR (4.4.5000)

 

She also was able to provide me private binaries that fixed the problem.  I tested the binaries in my lab, and confirmed it work for me.  I see the Receiver (3 min refresh) in the logs, but no prompt.  

 

Personally, I've not deployed the private binaries into our enterprise.  I'll wait for the final build at end of Q2, and deploy the registry changes to problem users.   I'll set those individuals to a very long interval (72 hours)

 

I hope this helps others....

 

~Phil

 

Hi Phil,

 

We've been troubleshooting this over the last few days, but unfortunately even with 4.8 installed, multiple registry keys adjusted, we are still getting the popup. Could you by any chance share these private binaries that you've received? I'm guessing these didn't make the 4.8 final release and am personally hoping these will be in the next release.

 

Kind regards,

 

Niels

Link to comment
  • 0

I opened a case with Citrix about this issue. Our Receiver (4.3.3) was asking for login when users are external and not trying to launch a Citrix application.

In our testing, Installing Receiver 4.9 and adding the regkey below seems to have resolved the issue.

 

PATH : HKLM\SOFTWARE\WOW6432Node\Citrix\Dazzle
NAME : SelfServiceFlags
TYPE : DWORD
VALUE : 5

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...