Jonathan Clark1709155079 Posted June 12, 2019 Share Posted June 12, 2019 (edited) Running into an interesting problem. NetScaler 12.1 49.23 with Storefront 3.12.4000. End-users can login perfectly fine using the Web or Receiver for Windows. Whenever end-users attempt to logon with Receiver for iOS we get an error on the storefront log saying: An authentication attempt was made for user: <USERNAME> that resulted in: Failed (Windows Error Code: 1326). Sometimes it will give additional details as: Password expiry information was requested but none was returned. The security event log shows a corresponding entry showing: An account failed to log on. Subject: Security ID: NETWORK SERVICE Account Name: <SERVERNAME>$ Account Domain: <DOMAIN> Logon ID: 0x3E4 Logon Type: 8 Account For Which Logon Failed: Security ID: NULL SID Account Name: <USERNAME> Account Domain: <DOMAIN> Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A Process Information: Caller Process ID: 0x15fc Caller Process Name: C:\Program Files\Citrix\Receiver StoreFront\Services\DefaultDomainServices\Citrix.DeliveryServices.DomainServices.ServiceHost.exe Network Information: Workstation Name: <SERVERNAME> Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 I have tried swapping the Storefront in NetScaler Authentication --> Password Validation from Active Directory to Delivery Controller but that just swaps the error messages to the Delivery Controller instead of the Storefront server. I have also tried disabling Password Expiration notifications in the Web.conf and in the Storefront interface. This was working just a few days ago. We have not made any changes to the NS or Storefront so we are baffled as to why this occurs. If end-users come internal to the network they can connect to Storefront directly without NetScaler it works. I don't understand why it was working and then just stopped working. One item to note, we are using RFWebUI theme in NetScaler. I have not tried yet not using that theme. Any help would be appreciated. Thanks Edited June 12, 2019 by jonathanbclark1 added RFWEBUI Theme details Link to comment Share on other sites More sharing options...
Aseem Shaikh Posted June 14, 2019 Share Posted June 14, 2019 Hi, Looks like you are facing something very similar as this one:https://discussions.citrix.com/topic/381394-citrixagbasic-single-sign-on-failed-because-the-credentials-failed-verification-with-reason-failed/ Let me know if it works for you. Cheers, Aseem Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted June 14, 2019 Author Share Posted June 14, 2019 Turns out there was a traffic policy bound to the Gateway vServer for Single Sign On. I don't know why it was there or why it didn't effect anything except for the iOS logins. As soon as I removed the traffic policy everything worked. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now