ThinOS 8.3 connection to Citrix NetScaler / VMware Access Point with 2FA fails - Technicalhelp: A Flexible Computing Service

Tagged: thinos 8.3; vmware horizon view; citrix netscaler; vmware view access point;T10D

This topic has 1 reply, 2 voices, and was last updated 4 years, 4 months ago by MarvinS.

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
February 1, 2017 at 12:34 pm #43785
gugi
Participant
- Total Post: 1
- Newbie
Hi,
we’re trying to connect a T10D client with the latest ThinOS 8.3 to a Citrix XenApp 7 over NetScaler 11.0 / VMware Horizon View 7 over VMware Access Point 2.8.

For security reasons connections are only allowed using 2FA (1st Username + PW, 2nd PIN)

Using Netscaler Gateway
After authentication ThinOS but comes back with “Invalid Credential, please retry”.
System information log shows the following messages:
csg account abnormal
csg login fail 0 times, exit
SF: roam service failed rc=2
SF: account state 7

I tried CAGAuthMethod=LDAP / LDAP+RSA / RSA+LDAP / RSA in wnos.ini

Using View Access Point
After Username + PW authentication ThinOS presents a SecureID input dialog for the PIN, but comes back with “Invalid Credential, please retry”.

System information log shows the following message:
“vdi broker initialization failed”.

Can somebody confirm that connecting via Netscaler / Access Point with 2FA is supported / has been successfully tested? Any hints about client / gateway configuration needs?

We don’t have issues with internal connections over Netscaler (without 2FA).

Certificates

Thanks in advance!
November 19, 2019 at 10:52 am #51229
MarvinS
Participant
- Total Post: 16
- Regular Joe
Did you resolve this? 😉

We have the same issue. We got it working internally except for ThinOS.

USB logging output:

09:30:13.395 SF: csg redirect to https://gdt2fa.gouda.lok/vpn/index.html
09:30:13.395 SF: use cgi/login to try
09:30:13.395 SF: csg path http://gdt2fa.gouda.lok/cgi/login
09:30:13.396 SF: csg method start
09:30:13.396 SF: [request] http://gdt2fa.gouda.lok/cgi/login, get 0
09:30:13.396 SF: [url] http://gdt2fa.gouda.lok
09:30:13.481 SF: http get code 200, len 1151
09:30:13.481 SF: csg need passcode
09:30:26.175 SF: [request] http://gdt2fa.gouda.lok/cgi/dlge, get 0
09:30:26.175 SF: [url] http://gdt2fa.gouda.lok
09:30:26.240 SF: no code from http!
09:30:26.240 SF: http get code 302, len 15
09:30:26.240 SF: csg account abnormal…
09:30:26.240 SF: csg login fail, exit
09:30:26.240 SF: roam service failed rc=-2
09:30:26.240 SF: password related state
09:30:26.240 SF: account state 7
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.