Jump to content
Welcome to our new Citrix community!

User logs into SF3.7 gets another users apps showing in portal

Brad Langford

Recommended Posts

Citrix XenApp farm 7.6, StoreFront 3.7


"Bob" 1st authenticates using SmartCard via a Cisco ASA Firewall which then brings up the Citrix 3.7 StoreFront.  "Bob" logs in there with domain credentials.  Once "Bob" gets the app page he notices that an app or two is missing, but he goes ahead and launches our RDP published app.  it connects to a desktop which he then notices that it's someone else's desktop PC and she is logged in and working in it.  


"Bob" then logs off the session and relaunches the same RDP app and gets the same lady's desktop and seems to be able to have control in the session.


He then logs completely out of the session and SF, goes for a coffee and logs back in the same way he had before and sees all his published apps and connects to his own PC via the published RDP app and all is well.  He's not had the problem before or since then (3 days ago).


When I look at director I see "Bob"s end client (home PC) machine name with the lady's name as the user at the time when "Bob" had actually logged in.  I also see the lady had already been logged in for about an hour or so before "Bob" had logged on.


Neither user is in the remote access for the other persons PC, We do not see "Bob"s profile folder on the lady's pc, so he was logged in as her, viewing her session.


"Bob" was the one who reported the issue (to our VP no less), so I don't suspect foul play here.


We see "Bob"s user ID log in at like 8:00:32 in the network logs and then at 8:00:33 we see the lady's credentials where "Bob" was.


  It's like when "Bob" logged into StoreFront, A.D. or kerberos changed his log in to the lady's that granted him access to all her apps.


  Citrix support says they've never seen this and this had to be user error (which makes no sense how that could happen).


  I see where in old forum posts and such that in 6.0 or 6.5 sessions could be "stolen" but I'm not seeing anything similar for 7.6


  I can go in to the local server group policies on each of the hosting servers and set RDP to only allow one session instance per user, but I'm not sure that will fix this issue.  We've never seen it before (or at least no one's reported it before) and I've been working the Citrix team for 12 yrs now for our company and have never seen nor heard of this issue.


  We've not been able to replicate the issue.


This could potentially cause us to stop using Citrix (ironically our renewal is VERY close) especially since Citrix didn't seem really interested in fixing the issue (I spoke with two different support reps on two different occasions today about this).



Link to comment
Share on other sites

@Carl Behrent -

1)  So did you see this issue repetitively? 


2)  What are you guys using in front of your StoreFront server?  NetScaler?


3)  what "solution" did you guys come up with?  Unfortunately I have to come up with some sort of an answer.



  What I"m doing now is going thru local group policy on each of my RDP app host servers and setting the Remote Desktop session to "allow only one instance.." and also setting the ability to Remote control an RDP session to "no remote control allowed".


  I'm hoping this will stop something like this as it's totally weird and a bit scary.


  Our servers all have the latest MS patches.  I have a XenApp 7.15 LTSR farm waiting to be tested and released, but I'm not sure that is the answer.

Link to comment
Share on other sites

@Nathan Joseph - Instead of a NetScaler, at this time we have a Cisco ASA firewall.  Once the user logs in with their SmartCard there, they are presented with the StoreFront 3.7 server (in Classic Mode) and log in with their domain credentials manually.


  Citrix told me it's an IIS issue and to call Microsoft.  I called Microsoft and was told by them it's a Citrix issue.  Imagine that.  So now I have to get them both on the phone so they can work it out.  Stay tuned.

Link to comment
Share on other sites

  • 5 months later...

sorry for the VERY late response to this.  Microsoft took ownership of this issue and due to a failure on our one of our teams fault, the logs rolled over the necessary info and could be recouped.  However we've not seen or heard about this issue again at this time.

Link to comment
Share on other sites

  • 4 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...