PasswordServer with ICA

  • This topic is empty.
Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #6711
    AvatarNapsty
    Member
    • Total Post: 6
    • Newbie

    Hello,

    In my config I’m using the parameter PasswordServer in case user passwords are expired. Authentication is done via NTLM on the Domain Controller.
    As PasswordServer I’m using the main citrix server.

    In our Test VLAN everything works fine. We have set that the user must create a new password at next login. User tries to log in, a message appears that the password needs to be renewed and a Windows session is opened which allows to change the password. Then the Windows session is automatically logged off.

    Now we’re experiencing problems from another VLAN. We tried exactly the same, but instead no message appears on the Wyse, that the password needs to be changed. In the WTOS eventlog I’ve found the entry:

    citrix signon: no such file or directory

    Does anyone of you know what Wyse is trying to access from the Citrix server? The network dept assured me that there is no Firewall between the two VLANs and the Citrix server. Could it be a setting on the Citrix server itself?

    Thanks in advance for any ideas.

    #20682
    ConfGenConfGen
    Keymaster
    • Total Post: 11100
    • Jedi Master
    • ★★★★★★★

    I would like to know some different things.
    Why are you using NTLM authentication and do not authenticate directly to your Citrix environment?
    When doing latter you can remove the Passwordserver parameter from the wnos.ini and enable password change on the Citrix system and all should be good.

    CG

    #21305
    AvatarAmerist
    Participant
    • Total Post: 61
    • Back Stage Pass
    • ★★★★

    @ConfGen wrote:


    When doing latter you can remove the Passwordserver parameter from the wnos.ini and enable password change on the Citrix system and all should be good.

    CG

    I have a question about this. How do you “enable password change on the Citrix system” ? I am having trouble with this on my C10LE winterms that our company uses. Users with Expired or “must-change” domain password are unable to do so from the thinOS login. Users get an error:

    Citrix sign-on failed

    I have been working hard for the last three days to resolve this problem and looking in the Wyse support site is no help because they offer solutions that don’t work, such as adding the passwordserver parameter.

    Wyse self-service site portal is confusing and it’s hard to find what you are looking for unless you have been in there before and know what to click on.

    #21315
    ConfGenConfGen
    Keymaster
    • Total Post: 11100
    • Jedi Master
    • ★★★★★★★

    Go to Products – Wyse ThinOS and search for a document called “Password change in a Citrix environment ” on this website.

    CG

    #21484
    AvatarAmerist
    Participant
    • Total Post: 61
    • Back Stage Pass
    • ★★★★

    @ConfGen wrote:

    Go to Products – Wyse ThinOS and search for a document called “Password change in a Citrix environment ” on this website.

    CG

    I realize this is an old thread but I have come here because our Wyse Thin OS devices (running 7.0.1_33) suddenly stopped enabling logons for those with expired passwords or must change password on next logon option set on their account.

    WE had this fixed before using the following settings in our WNOS.INI file:

    Signon=ntlm DisableGuest=yes
    Passwordserver=”10.201.8.33;10.201.8.34″ Connect=RDP

    edit: these IP addresses correspond to domain controllers

    Now today we discovered that this is no longer working so I want to figure out how to make the ICA form of this work on the devices. I already checked out the document you referenced above but this refers to a delivery services console and a web interface management console which I don’t have. I’m on PS 4.5 in a total Win2k3 environment.

    Any pointers you can give me are appreciated. I do have an “Access Management Console” and depending on where I log in with that I have some different options but I saw nothing like the screenshot provided in that document you provided.

    Thanks for your help. I’m really stuck this time on this one.

    #21488
    ConfGenConfGen
    Keymaster
    • Total Post: 11100
    • Jedi Master
    • ★★★★★★★

    Even with PS4.5 you have a “Citrix Web Interface Management” console. Check Start-Programs-Citirix-Management Console. If it is not there you can install the console easily from your installation media.
    There you have to right click your PNAgent site and select “Authentication Methods” followed by “Properties”. The rest is the same as documented in the PDF.

    CG

    #21494
    AvatarAmerist
    Participant
    • Total Post: 61
    • Back Stage Pass
    • ★★★★

    I was able to RDP into the server that my xenapp client points to for its published desktops and streamed apps and found the Access Management Console. From there, I drilled down through Citrix Resources -> Configuration Tools -> Web Interface -> (PNAGENT SITE)->Config.xml and from there I could Right-click on the xml and choose “Configure Authentication Methods.” This allowed me to see a box that was similar to what you had in the screenshot. I verified that I already had the enable password change on server option enabled.

    So, now I just need to figure out how to switch from NTLM to ICA password changes. Simply taking out these two lines

    Signon=ntlm DisableGuest=yes
    Passwordserver="10.201.8.33;10.201.8.34" Connect=RDP

    and replacing them with

    Signon=1 DisableGuest=yes 

    is not sufficient. Thanks, ConfGen, for your help.

    #21497
    ConfGenConfGen
    Keymaster
    • Total Post: 11100
    • Jedi Master
    • ★★★★★★★

    You need SignOn=yes or =1 and PNliteServer=your_Pnagent_site

    Along with the correct PNAgent site config we already discussed, it should work fine.

    CG

    #21515
    AvatarAmerist
    Participant
    • Total Post: 61
    • Back Stage Pass
    • ★★★★

    I figured out what happened. Somehow down lower in the wnos.ini there was a line:

    signon=yes

    that was overriding my signon=1 or signon=ntlm. Once I removed this stray setting I got RDP password change working again.

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.