Jump to content
Welcome to our new Citrix community!
  • 0

"Your logon has expired" when using LDAP with UserPrincipalName


I'm having an issue with getting the pass through to Storefront working but only with a specific set of LDAP policies. To give you an idea of what is going on, I have two storefront services load balanced and people were connecting through remoteaccess.domain.com using their sAMAccountName. This still works and is bound to a set of LDAP policies using sAMAccountName as the logon name attribute.


So now I have created another Netscaler VIP with new session policies and new LDAP settings. Instead, this time I put userPrincipalName for the server logon name attribute and this VIP connects to the same storefront cluster but a different store (Store2 instead of Store).


The problem is I can login but when it goes to the storefront (Store2Web) it gets "Your logon has expired. Please log on again to continue". As a test I bound this new VIP to the existing LDAP policies that use sAMAccountName and it works fine. So I think it is something with the logon attribute passing to Storefront for whatever reason. 


But what could it be? Not much in the event logs on the storefront servers and i've even tried taking one storefront out of the picture by disabling it in the load balancer. 


I tried this directly on Storefront and it does the same thing. So it appears this is nothing with passing credentials from Netscaler to Storefront and solely a problem with Storefront. Not sure what yet.

Link to comment

2 answers to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...