The Authentication Session Has Expired Please Login Again
Upshot: StoreFront Error Your Logon Has Expired
Result and Background
Recently while working with one of our managed services customers, an unexpected error crept into the surroundings affecting users of a specific wood trusted by the infrastructure (hosting) domain. Immediately upon successfully authenticating to Citrix Gateway and existence passed to StoreFront, or authenticating directly TO StoreFront users immediately receive the post-obit message "Your logon has expired. Please log on again to continue."
No known changes occurred to the Citrix surroundings including patching of Os or Citrix around the time the issue commenced manifesting itself. No errors in StoreFront logs were noted either, and StoreFront security logs indicated the login was successful for the user.
Surroundings particulars are as follows:
- Citrix XenApp Site seven.xv LTSR CU5
- Two Citrix Sites (one per information centre), users with result access resources only from ane Site (Site A)
- StoreFront three.12 LTSR CU5
- StoreFront and VDAs in Domain A
- Users with logon issue in Domain B (two-style trust between domains)
We troubleshot the issue through diverse means including the following, without improvement:
- CTX204766 (No improvement)
- Adding DNS suffix search list for Domain B on the StoreFront servers
- Rebooting Controllers and StoreFront servers
- Rebooting Domain B's Domain Controllers
- Confirmed the computer-level security setting "Access this computer from the network" had not been altered (checked via RSOP and gpedit.msc) and locked down to groups that would foreclose the login from occurring every bit outlined in this Reddit post
- Checked GPO modification dates, no changes for months on any related GPOs
- Validated between DCs that trusts were still valid and operational
- Performed tests from the StoreFront servers in Site A where the users connect via test-netconnection PoSH command to confirm all TCP Advertizing ports (other than RPC port checks) were open
Resolution
After a battery of various tests nosotros worked on a hunch that there may exist issues enumerating against the Delivery Controllers being aggregated into StoreFront. Two sets of Controllers were present; one for each Site. This was not immediately suspected as a probable cause as the platform worked fine for most of the year, since the aggregation was implemented up until recently.
As the users of Domain B only access resources in Site A (whereas other users of the platform in Domain A do use resources from both Site A and Site B), we elected to throw in User Farm Mapping as a means to better command enumeration for users of Domain B while leaving users of Domain A unaffected.
Sure enough, one time this was propagated, users of Domain B could successfully log in once more than.
The root crusade appeared to be Advertizing communication problems between the Site B XML brokers and Domain B's Domain Controllers, suspecting something at the firewall or routing level inverse more than recently.
In this case, this fix is not accounted a "workaround" as the users exercise non "need" to enumerate confronting Site B at present time, and leveraging User Farm Mapping actually helps reduce communication flows to only those that are critical to the user'southward needs.
For more details on User Farm Mapping and Multi-Site aggregation, I encourage reading of Sarah Steinhoff's TechZone commodity on the subject in addition to Citrix Docs. Among other things, in Advertisement environments where this is feasible, using user groups to isolate XML enumeration without using separate Stores tin simplify deployments, ameliorate StoreFront login times modestly, and avert unecessary cross-information middle traffic.
Michael Shuster is Ferroque Systems' Primary Architect and noted Citrix authority. A passionate virtualization and digital workspaces advocate, he has designed, engineered, or otherwise advised clients on Citrix, VMware, and Microsoft technology platforms across the globe.
Source: https://www.ferroquesystems.com/resource/issue-storefront-error-your-logon-has-expired/
0 Response to "The Authentication Session Has Expired Please Login Again"
Post a Comment