Jump to content
Welcome to our new Citrix community!
  • 0

7.15 VDA's in trusted domain fail to register

Daniel Wiles


Hi all,


Hoping someone has had this error before and found a resolution as we've had a support call running for over a month with no resolution and seriously affecting project.


We have created a new 7.15 environment in a new data centre, we have a existing 7.6 environment that is working and plan to migrate users to the new data centre/environment.


Now the old environment has VDA's in two seperate Domains, DomainA is Production and DomainB is Dev, the delivery controllers are located in DomainA. There is an External non transitive two way trust between DomainA and DomainB. Everything is working in both Production and Dev.


Come to the new environment, Production is working fine but Dev VDA's are failing to register.


I have made the suggested changes ListOfDDC, ListOfSIDs & SupportMultipleForest registry additions, reverse lookup DNS and AllowNtlm='true', used a fresh vanilla image, reconfigured working 7.15 vdisk and reconfigured working 7.6 vdisk. All fail to register with the following event: Event ID: 1002


The Citrix Desktop Service cannot connect to the delivery controller 'http://DDC01.DomainA.local:80/Citrix/CdsController/IRegistrar' (IP Address '') 


Check that the system clock is in sync between this machine and the delivery controller. If this does not resolve the problem, please refer to Citrix Knowledge Base article CTX117248 for further information. 


Error Details: 

Exception 'Error occurred when attempting to connect to endpoint at address http://DDC01.DomainA.local:80/Citrix/CdsController/IRegistrar, binding WsHttpBindingIRegistrarEndpoint and contract Citrix.Cds.Protocol.Controller.IRegistrar: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.

   at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)

   at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)

   --- End of inner exception stack trace ---


Server stack trace: 

   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)

   at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)

   at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)

   at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)

   at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)


Exception rethrown at [0]: 

   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

   at System.ServiceModel.ICommunicationObject.Open()

   at Citrix.Cds.BrokerAgent.ControllerConnectionFactory.AttemptConnection[T](EndpointReference endpoint, Boolean throwOnError, Boolean allowNtlmAuthentication, String connectUsingIpThisIpAddress, Boolean cacheFactory)' of type 'Citrix.Cds.BrokerAgent.ConnectionFailedException'..

Link to comment

4 answers to this question

Recommended Posts

  • 0

Any differences in network layouts? These sort of oddities always stink of Networking - I am assuming Citrix have tested all the basics with you around XD Ping and the usual troubleshooting bits...TimeSync, Kerberos all the usual bits and bobs...


No firewalls, IPS systems etc in the way?

Link to comment
  • 0

At first it screamed of networks to me.


However we have been working closely with the Network team, it is a new data center so has a different IP ranges and firewalls, but have added all the same rules (have even added ANY ANY rules between VDA, DDC and DC's to test) and can telnet on all ports successfully.



Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...