Pearson VUE ATS Posted April 4, 2019 Share Posted April 4, 2019 We need to get this working as it's the first step in moving to the Netscaler/Storefront configuration and then we can complete our migration to XenApp 7.15 on Win16 (which is in progress). Configuration: Netscaler MPX 9700’s pointing to StoreFront 3.15 VM’s (Windows 2012), pointing to XenApp 6.5.Issue: Authentication failure when trying to login thru both Netscaler and Storefront. Narrowed down via troubleshooting, seems the StoreFront is not passing traffic to domain for authentication.What is logged in Event Logs on StoreFront Server: Security Log: Event ID 4625 Unknown user name or bad password. Citrix Delivery Services Log: An authentication attempt was made for user: testuser that resulted in: Failed (Windows Error Code: 1326) Password expiry information was requested but none was returned. StoreFront Splash error when accessing URL: "Incorrect Username or Password" DebugView log: An authentication attempt was made for user: testuser resulting in: Failed (Windows Error: 1326) Citrix.DeliveryServices.Explicit Warning: 0 : Expiry information was requested, but none was returned Citrix.DeliveryServices.Localisation Verbose: 0 : ResXNamespacedResourceManager found value 'Incorrect user name or password' for key 'ExplicitCore:Failed' Verified: I can telnet the Domain Controller's/Active Directory from StoreFront over port 389, success. Loopback to onUsingHttp is set in StoreFront. None of these attempts are logged on the Domain Controller itself. Any additional thoughts on how to troubleshoot this? Thanks in advance. Link to comment Share on other sites More sharing options...
CarlStalhood Posted April 4, 2019 Share Posted April 4, 2019 In your Session Policy/Profile, is the Single Sign-on Domain configured on the Published Applications tab? Link to comment Share on other sites More sharing options...
Pearson VUE ATS Posted April 4, 2019 Author Share Posted April 4, 2019 Thank you for your reply. We have multiple domains. I've verified on the Netscaler's that I do not have Single-Sign on enabled. I have also verified in the Manage Receiver for Web Sites configuration that I do not have Domain pass-through enabled. The issue is if I bypass the NetScaler for troubleshooting, I end up with the same situation. So it seems to be an issue on the StoreFront system. Link to comment Share on other sites More sharing options...
Daniel O Onyando Posted May 13, 2019 Share Posted May 13, 2019 Did we ever get a solution to this challenge, am experiencing the same. Link to comment Share on other sites More sharing options...
Pearson VUE ATS Posted May 13, 2019 Author Share Posted May 13, 2019 Hello. Seems for me the issue was though at the authentication level in "Manage Authentication Methods" in Storefront, under the option for the Pass-through from NetScaler Gateway, under Configure Password Validation, I had not selected Delivery Controllers and do the 'configure' step to include Delivery Controllers. Seems redundant, but I'm assuming these may be different systems in some environments. Hope that helps. 1 Link to comment Share on other sites More sharing options...
vadiraj joshi Posted July 18, 2019 Share Posted July 18, 2019 is thiere any update on the above issue Link to comment Share on other sites More sharing options...
Pearson VUE ATS Posted July 18, 2019 Author Share Posted July 18, 2019 Hello. I understand a couple of you have run into the same issue. Here is what I did to fix it. Hello. Seems for me the issue was though at the authentication level in "Manage Authentication Methods" in Storefront, under the option for the Pass-through from NetScaler Gateway, under Configure Password Validation, I had not selected Delivery Controllers and do the 'configure' step to include Delivery Controllers. Seems redundant, but I'm assuming these may be different systems in some environments. Hope that helps. Thanks Link to comment Share on other sites More sharing options...
vadiraj joshi Posted July 18, 2019 Share Posted July 18, 2019 noop but this error is on user name and password page window, when my external users are coming via netscaler then tehy are facing this issue Link to comment Share on other sites More sharing options...
vadiraj joshi Posted July 18, 2019 Share Posted July 18, 2019 please check Link to comment Share on other sites More sharing options...
Pearson VUE ATS Posted July 18, 2019 Author Share Posted July 18, 2019 I suspect there is more than one reason for this, I know that I encountered a similar issue with my 6.5 environment. I had a mismatch at the IIS level on the StoreFront system with the port being used, as I had 80 (default) instead of changing to 8080. As this needs to match up to the loopback port set in StoreFront. Once these matched, that was working. Though I have the same problem with my XenApp 7.15 farm as it is using the same Storefront/NetScaler systems, but haven't solved it there. Maybe a place to start. Link to comment Share on other sites More sharing options...
vadiraj joshi Posted July 18, 2019 Share Posted July 18, 2019 Thanks appreciate your reply on the same..would like to tell you some information...when the new store is created it works fine it gets opened. but once i configure trusted domain in authentication option its starts giving error. Although if i revert it back by removing the domain address from the trusted domain..then too it dosent work. it only work on the fresh store when i create. Link to comment Share on other sites More sharing options...
Pearson VUE ATS Posted July 18, 2019 Author Share Posted July 18, 2019 That is odd, what version of StoreFront are you using? Are you setting single-sign on? I didn't enable that since we have multiple domains. Link to comment Share on other sites More sharing options...
vadiraj joshi Posted July 18, 2019 Share Posted July 18, 2019 storefront 3.12.4000 yes sso is enabled. Link to comment Share on other sites More sharing options...
Pearson VUE ATS Posted July 18, 2019 Author Share Posted July 18, 2019 I'm using version 3.15.0.18019. Perhaps something to do with the version? Possible bug? Does it work if you don't enable SSO? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now