Director 7.7 - Windows Authentication

[Franco Koenig]

Hi all

 

i have installed on a w2k12r2 server the delivery controller and studio and director on the same machine. i have follow up the guides from carl stalhood, but i get no logon page, where i can change the authentication type for logon. i have prepare the IIS settings, and set the snp also. but no sso login will work. on the controller/director itself works. not from another computer! is there something i have forgotten?

 

regards

[CarlStalhood]

Did you also configure the SCP? See https://discussions.citrix.com/topic/374072-director-77-windows-authentication-not-working-with-ns-lb

[Franco Koenig]

Hi carl

When you mean if i set the setspn -S xxxx than yes.

( setspn -S "http/server_URL" domain\server (single server) )

Or did you mean something other, because you write scp.

[Philip Stone]

Hi,

 

I do have the same problems to enable SSO. Director is located on a Controller and when I open the page it loads forever.

 

I have found this on my event logs.

 

WebHost failed to process a request.

 Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/23634175

 Exception: System.ServiceModel.ServiceActivationException: The service '/Director/service.svc' cannot be activated due to an exception during compilation.  The exception message is: The authentication schemes configured on the host ('IntegratedWindowsAuthentication') do not allow those configured on the binding 'Secure_WebHttp' ('Anonymous').  Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.  Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.. ---> System.NotSupportedException: The authentication schemes configured on the host ('IntegratedWindowsAuthentication') do not allow those configured on the binding 'Secure_WebHttp' ('Anonymous').  Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.  Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.

   at System.ServiceModel.Channels.HttpTransportBindingElement.UpdateAuthenticationSchemes(BindingContext context)

   at System.ServiceModel.Channels.HttpsTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)

   at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)

   at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)

   at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)

   at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)

   at System.ServiceModel.ServiceHostBase.InitializeRuntime()

   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(ServiceActivationInfo serviceActivationInfo, EventTraceActivity eventTraceActivity)

   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)

   --- End of inner exception stack trace ---

   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)

   at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath, EventTraceActivity eventTraceActivity)

 Process Name: w3wp

 Process ID: 1272

[Tracy Winchester1709152311]

having trouble accessing director 7.7 with Windows Authentication.

When it is enabled,  and I access the URL from another server , it will auto log me in, but it get "Cannot Retrieve the Data"  .    If I turn off the Windows Authentication and login with credentials everything works fine.   I'm accessing a XenApp 7.6 site. 

[Zeya Winn]

Did  you ever get this working? I have the exact message you have and can only sort of get it working by still having anonymous auth enabled at which point it drops me at the login screen then allows SSO to work. if I disable anonymous then it just goes to the spinning dots and drops the above message in eventvwr.. my env was uprgaded from 7.6 to 7.11

[Matthew Gehlhausen]

On 1/8/2016 at 5:44 AM, Philip Stone said:

Hi,

 

I do have the same problems to enable SSO. Director is located on a Controller and when I open the page it loads forever.

 

I have found this on my event logs.

 

Did you guys ever get this working? I get the same error in event log as phillip.stone and circle spins forever on login page. We are now running 7.15, but also had this same issue the last time we tried to enable SSO on 7.9. We just gave up last time, but would really like to get this working.

[Kyrian Arensman]

I've had a similar issue: New environment (Dev, Test, Acc) and the DDC and Director role combined. When logging into director the circle just spins without any other response.

 

We managed to solve this by editing the web.config file in the director directory.

on line 274 (in our case), right below '<system.serviceModel>' we see the following line:
 

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />

 

by adding multipleSiteBindingsEnabled="true" to that line and perform an IISReset we were able to login into director and actually see something else then the rolling spinner :-)

 

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>