Jump to content


Photo

Second Windows Login Prompt When Launching Applications from Windows 2012 Server

Started by Karel Liebscher , 21 July 2017 - 08:34 AM
2 replies to this topic

Karel Liebscher Members

Karel Liebscher
  • 2 posts

Posted 21 July 2017 - 08:34 AM

Hello,

We have this XA environment:  Netscaller Gateway  (with ICA only), StoreFront Servers, one Citrix Farm XenApp 6.5 (on Windows 2008 Server platform), second Citrix Farm XenApp 7.14.1 (on Windows 2012 Server platform) and PVS Farm (streaming for all XA servers).

 

On StoreFront servers we have authentication method “Pass-through from Netscaler Gateway”.  In this case when we log on to Netscaller, we can see published apps/desktops, then we can start them without problem from “Windows 2008 Servers”, but when we start some apps/desktop from “Windows 2012 Servers”, we got the windows login prompt with pre-populated domain/username and we have to enter password to complete login process.

 

When we try this only via StoreFront server/portal with method “User name and password”, we haven’t problem to start apps/desktops from “Windows 2008 Servers”, but apps/desktops from “Windows 2012 Servers” still need to enter password to login windows prompt.

 

On „“Windows 2012 Servers” we disabled password prompt settings via group policy (gpedit-> Computer Configuration/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security ->Always prompt for password upon connection), but without effect.

 

How can we prevent the second login prompt on Windows 2012 server?

 

Many Thanks.

Regards, Karel

 

 



Carl Stalhood CTP Member

Carl Stalhood
  • 12,275 posts

Posted 21 July 2017 - 12:14 PM

Did you install any software on the 2012 VDA that impacts the logon screen (I.e. GINA)?

Are the clocks correct on the 2012 VDAs?

Karel Liebscher Members

Karel Liebscher
  • 2 posts

Posted 21 July 2017 - 01:35 PM

There are only standard software without modifing gina/windows logon. Connectivity to the domain, time synchronization, AD computer account - everything seems ok. I have tried analyze this behaviour throught Scout/CIS, but everything is OK. I have found this information records in CDF trace in time of manually entering password ...

1345 - 07/19/2017 04:59:08, TID: 7140, PID:    1324
    BrokerAgent:2:1:LaunchManager.ProcessValidationResponse: Exit, Domain: CXCDOM, Client: testerctx2, IsReconnect: False, IsValidated: Allow

1346 - 07/19/2017 04:59:08, TID: 7140, PID:    1324
    BrokerAgent:8:5:LaunchManager.ValidateConnection: Exit(Validated:Allow)

1348 - 07/19/2017 04:59:08, TID: 7140, PID:    1324
    BrokerAgent:2:1:StackManager.ValidateConnection3: Reply Domain: CXCDOM, User Name: testerctx2, CredentialsType: Password
1350 - 07/19/2017 04:59:08, TID: 7140, PID:    1324
    BrokerAgent:2:1:StackManager.ValidateConnection3: ValidateResult ALLOW, Session Key 6f855678-2e9d-4f6b-ac01-937c5ae59506, Brokered User SID S-1-5-21-213760605-1112973888-173998671-304943, IsReconnect False, CredentialsType Password

Thank you very much.