Jump to content
Welcome to our new Citrix community!
  • 0

Different user logins on one device - is this possible?


Chad Brouwer

Question

We are finally moving away from the legacy PN / custom ica connections so that we can utilize the workspace control feature of the newer Citrix Receiver Clients. The issue that we are having is that we have some workstations where multiple / different users have to login to a published desktop at the same time on the same device(users then toggle between sessions as needed). The newer Citrix clients do not appear to allow me to do this as they simply prompt for a single username and password.

Does anyone know how i can accomplish this? It seems that this would be a common problem since 2010 when PN connections were removed from the Citrix Clients but I am having a hard time finding any useful posts related to this issue.

Thanks,
Chad

Link to comment

Recommended Posts

  • 1

Hello,

You could try to disable the "Session Sharing" flag in the seamless settings in the registry: http://support.citrix.com/article/CTX101644/

or

You could Restrict each user to a single session in the "Remote Desktop Session Host Configuration" on each XenApp Server. This may cause an issue with running out of RDP licenses faster since each individual app will take up an individual license

  • Like 1
Link to comment
  • 1

If your are not tied to PN, you could also setup WI, and then:

1. Log in as user #1 through WI, start the app/desktop. Then log out of WI.
2. Log in as user #2 through WI, start the app/desktop. Then log out of WI.
3. Etc...

Even though you log out of WI, the published desktops/applications will still be running.

  • Like 1
Link to comment
  • 0

Do you need multiple users logged on concurrently, or can you have user 1 log on, launch their app, then log off PNAgent (NOT the app), then have user 2 log on and lauch their app, etc..
Then you can toggle through the apps.

Did the old PNAgent allow multiple users to be logged on simultaneously? I don't remember that.

Link to comment
  • 0

They need to be logged on concurrently. I do not beleive that PNAgent could ever support multiple logged on simultaneously but I am not sure because I havn't used it:). I just continued to use the old PN custom ica connections because they clearly let me do this. But now I need workspace control to work and I probably should get on a newer client.

Link to comment
  • 0

Good question. Really the only issue I am having now without workspace control is unexpected and unpredictable "session stealing". For example, account "Generic1" logs in to device A. The same "Generic1" account needs to log in to device B. We do NOT want the Generic1 session to roam to device B, we want a new and seperate session to log onto device B so the Gerneric1 account can be logged on twice.

We have 10 XenApp Servers. With our current legacy Citrix clients, if the second Generic1 account happens to logon to the same server as the first Generic1 account session it will "steal" the session from the first account. If it happens to logon to a seperate server everything is fine and it creates a new session as desired.

If we used the new Citrix client with PNAgent we could use workspace control to only connect to disconnected sessions. But we have been histant to upgrade because of the multiple logons on one device issue.

Another solution to this problem would be to find a way to make it so that session stealing doesn't happen while using the legacy clients but I havn't been able to find a way to do that without a client connection method that supports workspace control. In the end though I really need to find a way to make this work with the newest Citrix client since I hate to depend on a legacy and unsupported client as a long-term solution.

Link to comment
  • 0

That would only work if we are using the PNAgent or web interface (hence my issue). When using the legacy custom ica connections they do not talk to the PNAgent or webinterface sites where those workspace control settings are set. We just point our custom ica connections to our zone data collector which then allows users to connect to published desktops / applications. Is there by chance a setting that is local to each XenApp server that would disable "session stealing"?

Link to comment
  • 0

That sounded like a good plan! I was actually trying to find those settings before but could not.

I just tried the registry setting but it did not prevent "session stealing". I then checked out the Remote Desktop Session Host Configuration settings and found that users were already restricted to a single session... so that is odd. See attachment. Maybe that setting wouldn't make a difference though because if a session is "stolen" there would still only be a single session...

Edited by: Chad Brouwer on Jul 3, 2012 4:08 PM

Edited by: Chad Brouwer on Jul 3, 2012 4:10 PM

Restrict to single session.JPG

Link to comment
  • 0

I found that if I do the opposite of what you said:) that it actually fixes my issue with session "stealing". If I do not restrict each user to a single session I am able to log in as the same user on the same XenApp host as two seperate sessions. That is good news.

Now back to my origional question...
Is there a way to login with multiple user accounts on the same client at the same time using PNAgent? I still have a hard time beleiving I am the only one who wants to do this but either that is true, I am missing something, or there are a lot of people still using legacy custom ica connections. Hopefully I am missing something.

Link to comment
  • 0

Chad,

I am not sure how your second question would be possible with a PNAgent site as you have to login explicitly using only 1 set of credentials. The only feasible way of doing this with a Citrix client utilizing a services site would be to login with 1 user, launch an application then logoff the client. Log back in with another account and launch a second app.

Only 1 client per profile can run at a time on a Workstation.

Thanks

Link to comment
  • 0

>Now back to my origional question...
>Is there a way to login with multiple user accounts on the same client at the same time using PNAgent? I still have >a hard time beleiving I am the only one who wants to do this but either that is true, I am missing something, or >there are a lot of people still using legacy custom ica connections. Hopefully I am missing something.

As Sam said, not possible. I have never heard of this requirement. It's not very common, I imagine most companies would not want this due to the security issues.

What about publishing the applications to Anonymous users? This way a logon is not actually required to launch the application and XenApp will assign one of the local anonymous user accounts to the session.

I've never ever used it or tested it though so can't say what issues you would run into. Might not work for your app anyway if it requires some AD authentication.

----------

Shaun Ritchie
[www.shaunritchie.co.uk|www.shaunritchie.co.uk]
[Follow me on Twitter|www.twitter.com/shaunritchie_uk]

Link to comment
  • 0

Basically we have generic location specific accounts setup that login to a published desktop to use an industry specific app. Each location has its own login because it has specific settings that are stored in the user profile (different printers, different report form defaults, etc).

We have a PC with three screens that we have a user login to 3 times. One with their personal account for email, SharePoint access, and anything else where security matters. One with the Paris account so that they can take phone calls for the Paris location, enter data, and print out necessary reports. And one with the Timbuktu account so that they can take phone calls for that location, enter data, and print out necessary reports.

It sounds like if I want to keep this design that I will either need to stay on an old client that supports PN connections or perhaps use a new client and the Citrix Quick Launch Tool to create a few additional custom ica connections...

Link to comment
  • 0

Are the devices at these locations joined to a domain and use the same credentials as your farm? You can enforce single sign on.

I've also only tried this with RDP. In a user's AD account there's a feature called Logon Workstations. Any computers added in this list are the only computers said user can log into. I noticed with terminal server. One can put in the remote client and terminal server pair the user will use. Perhaps this is a way to prevent session stealing once and for all?

Do you allow your users to shadow?

Going forward other then as you said you need to use Quick Launch to make a set of ICA files. You lose Workspace Control though. You need XenApp 6.5 Hotfix Rollup 1 to fix an issue with getting back into a disconnected session too.

I also liked use PNAgent with my older WinCE thin clients. I know a user can log off from the systray icon but college students are too lazy to do that in a public computing environment. They barely remember to logoff their Windows/Mac desktop when they logoff a regular PC let alone a WES 7 thin client running ICA client.

Citrix Receiver was built for users with their own computers in mind not for shared/public computing environments.

Link to comment
  • 0

Thank you all for your input. I really wanted to make sure that I wasn't missing something before throwing in the towel. The logging in and out of WI could work in a pinch, otherwise I am just going to have to use the Quick Launch tool or find a way for users to conveniently use one account per device. At least we figured out the session roaming / stealing issues.

Link to comment
  • 0

Chad,

The WI approach would work - I'm using that from time to time, too.

But make sure the users do not logoff within WI, otherwise the session will be logged of, too (at least by default, you can disable that to happen). Closing / Reopening the browser for the 2nd login would work. too.

BfN, Konrad

Link to comment
  • 0

Chad,

Just wondering why all these apps can't run under one logon?

Sounds like you are using seperate logons so that you can implement seperate settings?

Could you not use a profile management solution to do this?

Perhaps there's an oportunity to make your user experience better? Logging in 3 times for every user must be a bit frustrating?

Anyway, just a suggestion.

----------

Shaun Ritchie
[www.shaunritchie.co.uk|www.shaunritchie.co.uk]
[Follow me on Twitter|www.twitter.com/shaunritchie_uk]

Link to comment
  • 0

The application stores its setting in the user's home folder. Using different user accounts for different locations allows for a very simple way to customize the setting for each account. It also allows us to label the connection and change the background for each account. So when you login to the Paris account it says Paris at the top of the screen and the background also says Paris. It is very important that employees handling multiple locations do not get them mixed up so this has been a good solution for us.

If there is a tool that could allow me to do something like this with only one login that would be great!

Link to comment
  • 0

This should all be achievable using Citrix User Profile Manager. Off the top of my head this is how you would do it.

You would simply need to have different OUs for the Paris and Timbuktu locations, put your XenApp servers in them.

Create different settings folders in the user's home drive. E.G If there home drive is H: then create H:\ParisSettings and H:\TimbuktuSettings

Create GPOs for the different OUs and enable loopback. Apply the different GPOs to each of the OUs. In the policy you would set the background using normal GPO and then in the UPM node of the GPO you would create a setting to update the portion of the registry that your app uses to define the setting folder.

E.G in the Paris policy you would set

HKCU\Software\YourAppName\Settings AppSettingsFolder= H:\ParisSettings

and in the Timbuktu policy you would set

HKCU\Software\YourAppName\Settings AppSettingsFolder= H:\TimbuktuSettings

When the user logs on at the different locations UPM will update the registry key to point at the correct settings folder.

Event better than using H:\ would be to use %homdrive% but I am not sure if Citrix UPM resolves that before writing it, you can check this easily though or someone else will confirm.

----------

Shaun Ritchie
[www.shaunritchie.co.uk|www.shaunritchie.co.uk]
[Follow me on Twitter|www.twitter.com/shaunritchie_uk]

Link to comment
  • 0

Hi Chad,

 

Did you manage to find a solution for this?

 

I think you asked a very interesting question about the feature which would be very useful in XenApp 7.x in many scenarios.

 

I have hundreds of (XenApp 6.x / Wyse thin clients) workstations which allow users to have multiple shared Windows desktops or apps started at the same time with different credentials and switch between them using thin client Taskbar. 

 

However, in order to migrate the workstations to XenApp7 I had to force them to log in to Wyse terminals and log off in order to switch to other apps or desktops - very frustrating solution which causes lots of complains.

 

Wyse/Dell says it is a Citrix feature (limitation of Citrix Receiver to just one logged on user) and there is no workaround on their side. I requested from Citrix to enable direct connections to controllers (as it was possible in XenApp 6) but got no response.

 

Very frustrating situation where new software instead to allow us to achieve more, just introduces limitations.

 

Regards,

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...