Our Citrix FAS implementation is working fine for initial authentication. All users are able to access their virtual desktops with no problems or errors on any of the components. The problem that we're having occurs 10 hours after the initial login.
If a user logs in and then disconnects the session, then the VDA crashes (and reboots) exactly 10 hours after the initial login. We know that this is caused by our recent FAS implementation because the crash is preceded by a large number of Event ID 107 logged in the application event log of the VDA (event details below). No errors are found on the FAS, StoreFront, DDC, or CA servers; the errors are only found on the VDA. We do not use session limits or power management on our virtual desktops -- our users have always been able to maintain a session for days at a time.
Our Citrix components are all on the 1808 version.
Log Name: Application
Source: Citrix.Authentication.IdentityAssertion
Date: 1/23/2019 4:00:47 AM
Event ID: 107
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xd10g-x86-0199.asco.local
Description:
[S107] HdxCredentialSelector::PerformCertificateHash() Failed: [Error: Access Denied
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Citrix.Authentication.UserCredentialServices.ILogonCsp.SignHash(String cookie, String containerName, Int32 keyNumber, Int32 hashId, Byte[] hashToBeSigned)
at Citrix.Authentication.IdentityAssertion.HdxCredentialSelector.<>c__DisplayClass14.<PerformCertificateHash>b__13()]
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Citrix.Authentication.IdentityAssertion" />
<EventID Qualifiers="0">107</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-01-23T09:00:47.953931400Z" />
<EventRecordID>25287</EventRecordID>
<Channel>Application</Channel>
<Computer>xd10g-x86-0199.asco.local</Computer>
<Security />
</System>
<EventData>
<Data>[S107] HdxCredentialSelector::PerformCertificateHash() Failed: [Error: Access Denied
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Citrix.Authentication.UserCredentialServices.ILogonCsp.SignHash(String cookie, String containerName, Int32 keyNumber, Int32 hashId, Byte[] hashToBeSigned)
at Citrix.Authentication.IdentityAssertion.HdxCredentialSelector.<>c__DisplayClass14.<PerformCertificateHash>b__13()]</Data>
</EventData>
</Event>
Question
John Taussig
Our Citrix FAS implementation is working fine for initial authentication. All users are able to access their virtual desktops with no problems or errors on any of the components. The problem that we're having occurs 10 hours after the initial login.
If a user logs in and then disconnects the session, then the VDA crashes (and reboots) exactly 10 hours after the initial login. We know that this is caused by our recent FAS implementation because the crash is preceded by a large number of Event ID 107 logged in the application event log of the VDA (event details below). No errors are found on the FAS, StoreFront, DDC, or CA servers; the errors are only found on the VDA. We do not use session limits or power management on our virtual desktops -- our users have always been able to maintain a session for days at a time.
Our Citrix components are all on the 1808 version.
Log Name: Application
Source: Citrix.Authentication.IdentityAssertion
Date: 1/23/2019 4:00:47 AM
Event ID: 107
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xd10g-x86-0199.asco.local
Description:
[S107] HdxCredentialSelector::PerformCertificateHash() Failed: [Error: Access Denied
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Citrix.Authentication.UserCredentialServices.ILogonCsp.SignHash(String cookie, String containerName, Int32 keyNumber, Int32 hashId, Byte[] hashToBeSigned)
at Citrix.Authentication.IdentityAssertion.HdxCredentialSelector.<>c__DisplayClass14.<PerformCertificateHash>b__13()]
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Citrix.Authentication.IdentityAssertion" />
<EventID Qualifiers="0">107</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-01-23T09:00:47.953931400Z" />
<EventRecordID>25287</EventRecordID>
<Channel>Application</Channel>
<Computer>xd10g-x86-0199.asco.local</Computer>
<Security />
</System>
<EventData>
<Data>[S107] HdxCredentialSelector::PerformCertificateHash() Failed: [Error: Access Denied
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Citrix.Authentication.UserCredentialServices.ILogonCsp.SignHash(String cookie, String containerName, Int32 keyNumber, Int32 hashId, Byte[] hashToBeSigned)
at Citrix.Authentication.IdentityAssertion.HdxCredentialSelector.<>c__DisplayClass14.<PerformCertificateHash>b__13()]</Data>
</EventData>
</Event>
Link to comment
21 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now