Jump to content
  • 0

Citrix Receiver on non domain-joined machine can't use email account to login but server address login is working fine


yangping dong1709160718

Question

Posted

Hi ,

 

I have a strange issue. I can't login to citrix receiver by using email account if I tried it on a machine which is non domain-joined and on a separated vlan. However, if I use the storefront server fqdn, it is fine. Besides, on the domain-joined machine which is located on the same vlan, I could use both email and server address to login citrix receiver. I have imported the root cert to the non-domain joined PC and server fqdn login is fine, I guess somehow it means the cert is accepted, right? Also the DNS SRV record for _citrixreceiver._tcp.domain i created. Otherwise, even the domain joined pc can't use  Therefore,  I have no clue to know what might be the root cause. If anyone knows, please help! Much thanks! Or maybe, someone could help to explain the technical details on how citrix receiver works and interaction with storefront servers if possible. 

 

My environment:

 

1 DDC, 1 Storefront, version 7.6

I put the VM on Vmware vcenter 6.0

I AD server with CA feature. So I got self-signed domain wildcard cert. DNS configured correctly. I tried the latest receiver and also old version 4.1.200.x. I aslo tried on both windows and linux receiver. They all got same issue. However, on a domain-joined windows pc which is located on the same vcenter is fine. And the linux pc on the same vcenter is fine. My physical PC is located on a different Vlan and non domain joined. Now it works fine if I use server fqdn but not working if I put the email address. On Windows one I got err msg: Server Certificate not trusted (but actually I have import the root cert and If I open storefront on browser and it shows trusted). On physical Linux client, I got err msg "can't use this server address to add your account" when using email address but interesting thing is if I use server address, it is fine... haha, guess this msg is confusing.

 

 

3 answers to this question

Recommended Posts

Posted

I turned the authManager logging on and found the working one will search for storefront URL

 

 CServerProbe::ProbeForSF
03/01/19 03:50:19     < T:00001154        .   .   .   {
03/01/19 03:50:19       T:00001154        .   .   .   .   URL=https://ctxsf01.yp.int/Citrix/Roaming/accounts
03/01/19 03:50:19     > T:00001154        .   .   .   .   CWindowsHttpTransaction2::CWindowsHttpTransaction2
03/01/19 03:50:19     < T:00001154        .   .   .   .   {
03/01/19 03:50:19       T:00001154        .   .   .   .   .   CWindowsHttpTransaction2::SetSSLContext: Server: '' HINTERNET: '00266270' State: 'ClientCertificate_Unset' Certificate: '(none)'
03/01/19 03:50:19     < T:00001154        .   .   .   .   }
03/01/19 03:50:19       T:00001154        .   .   .   .   CWindowsSSLContext has created WinHttp session handle 002A2C50 with state ClientCertificate_Unset
03/01/19 03:50:19       T:00001154        .   .   .   .   CWindowsHttpTransaction2::SetSSLContext: Server: 'https://ctxsf01.yp.int/' HINTERNET: '002A2C50' State: 'ClientCertificate_Unset' Certificate: '(none)'
03/01/19 03:50:19     > T:00001154        .   .   .   .   CWindowsHttpTransaction2::CheckedSendAndReceive
03/01/19 03:50:19     < T:00001154        .   .   .   .   {
03/01/19 03:50:19     > T:00001154        .   .   .   .   .   CWindowsNetworkServices::TryGetIEProxyInfoForUrl url=https://ctxsf01.yp.int/Citrix/Roaming/accounts
03/01/19 03:50:19     < T:00001154        .   .   .   .   .   {
03/01/19 03:50:19     > T:00001154        .   .   .   .   .   .   CWindowsNetworkServices::TryGetIEProxyConfigForCurrentUser
03/01/19 03:50:19     < T:00001154        .   .   .   .   .   .   {
03/01/19 03:50:19       T:00001154        .   .   .   .   .   .   .   Succeeded
03/01/19 03:50:19     < T:00001154        .   .   .   .   .   .   }
03/01/19 03:50:19       T:00001154        .   .   .   .   .   .   Checking for auto proxy info with existing session.
03/01/19 03:50:19       T:00001154        .   .   .   .   .   .   Using manual proxy config.
03/01/19 03:50:19       T:00001154        .   .   .   .   .   .   The manual proxy info settings contains an empty proxy list string.
03/01/19 03:50:19       T:00001154        .   .   .   .   .   .   No proxy info found

 

 

 

 

However,  the problematic one won't probe for SF and it just tried twice and destroyed the authManager. Any idea why?? Thanks!

 

Checking for auto proxy info with existing session.
03/01/19 03:32:57     > T:00004568        .   .   .   .   .   Trying proxy info from auto config URL (PAC)
03/01/19 03:32:57     < T:00004568        .   .   .   .   .   {
03/01/19 03:32:57       T:00004568        .   .   .   .   .   .   PAC url=http://127.0.0.1:25378/echo-pac?t=160895328
03/01/19 03:32:57     > T:00004568        .   .   .   .   .   .   CWindowsNetworkServices::TryGetAutoProxyForUrl
03/01/19 03:32:57     < T:00004568        .   .   .   .   .   .   {
03/01/19 03:32:57     < T:00004568        .   .   .   .   .   .   }
03/01/19 03:32:57     < T:00004568        .   .   .   .   .   }
03/01/19 03:32:57       T:00004568        .   .   .   .   .   Using manual proxy config.
03/01/19 03:32:57       T:00004568        .   .   .   .   .   The manual proxy info settings contains an empty proxy list string.
03/01/19 03:32:57       T:00004568        .   .   .   .   .   No proxy info found
03/01/19 03:32:57     < T:00004568        .   .   .   .   }
03/01/19 03:32:57     < T:00004568        .   .   .   }
03/01/19 03:32:57     > T:00004568        .   .   .   CWindowsHttpTransaction2::GetServerCertificate
03/01/19 03:32:57     < T:00004568        .   .   .   {
03/01/19 03:32:57       T:00004568        .   .   .   .   certificate='Hash [a7-f5-59-68...]'
03/01/19 03:32:57     < T:00004568        .   .   .   }
03/01/19 03:32:57     > T:00004568        .   .   .   CWindowsHttpTransaction2::GetServerCertificate
03/01/19 03:32:57     < T:00004568        .   .   .   {
03/01/19 03:32:57       T:00004568        .   .   .   .   certificate='Hash [a7-f5-59-68...]'
03/01/19 03:32:57     < T:00004568        .   .   .   }
03/01/19 03:32:57       T:00004568        .   .   .   ReleaseSessionHandleWrapper closing WinHttp session handle 00085278
03/01/19 03:32:57     < T:00004568        .   .   }
03/01/19 03:32:57     < T:00004568        .   }
03/01/19 03:32:57     < T:00004568        }
03/01/19 03:32:57     > T:00004568        CAuthManager::CancelAllCalls client='AppReceiver WinSSLValidation:Receiver.exe:23372:2' object=authman#2
03/01/19 03:32:57     < T:00004568        {
03/01/19 03:32:57     > T:00004568        .   CAuthManImpl::CancelAllCalls
03/01/19 03:32:57     < T:00004568        .   {
03/01/19 03:32:57     < T:00004568        .   }
03/01/19 03:32:57     < T:00004568        }
03/01/19 03:32:57       T:00004568        Destroyed authman#2
 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...