Jump to content
Welcome to our new Citrix community!

Citrix nFactor Authentication through Windows Citrix Workspace App (2002) Your account cannot be added using this server address. Make sure you entered it correctly. you may need to enter your email address instead


Inam Ghafoor

Recommended Posts

Hi

 

Hopefully everyone is safe and healthy,  can someone point me in the right direction with my issue please?

 

I have Citrix ADC Applicance (NS13.0 47.22.nc) using direct LDAP no RADIUS. Storefront 3.12.0.17, 

 

nFactor authentication is setup using OTP codes, LDAP policies are setup using AAA groups with 2 session policies within it, 1 for web and 1 for Citrix Receiver, NO session policies directory on the gateway.

 

AAA Group policy expressions:

image.thumb.png.c55bed7b9efd0bd7109acfa557e5cf16.png

 

image.thumb.png.12138cc85151907bb33f5f11a584a1e6.png

 

When logging onto the gateway url through web browser it all works fine, entering username, password and passcode is accepted and can launch applications with no issues however when setting up the Citrix Workspace App (2002) for windows, I enter the Citrix URL, it accepts it and i get presented with username, password and passcode fields, I enter the credentials and get the below error

 

"Your account cannot be added using this server address. Make sure you entered it correctly. you may need to enter your email address instead"

 

image.thumb.png.83b10ef0774faf1238722ca548ce46ad.png

 

No errors are reported in the Storefront Logs

 

I have noticed if I unbind the Citrix Receiver AAA Group Session policy and bind it directly to the gateway, and then try again it accepts everything fine with no issues and I can log in and see all my apps as normal

 

If I remove nfactor authentication configuration and do standard username/password authentication using the same LDAP server and AAA Group Session policies I can log in fine with no issues using the web browser and the same Citrix Workspace app.

 

I have tested using the Citrix Workspace app and connecting directly to the storefront address and this works fine no issues, so it seems like a issue within the Citrix Receiver session policy but I don't understand why the same policy works when i bind it directly to the gateway and doesn't work when i bind it to the AAA group when I make no changes to the session policy itself.

 

Case has been logged with Citrix and I'm awaiting Log analysis, but I really want to get on a resolve this.

 

any help is greatly appreciated

 

thanks

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...

Sorry somehow I missed the alerts for the reply, this Case was raised with Citrix and escalated, the last contact I had from Citrix started it was escalated again to the development team.

 

however i needed to progress with my rollout so 

 

Link to comment
Share on other sites

I actually got mine to work - though I don't have the exact steps I went through - but here's the gist (and where my thought process was):
The workstation I had the trouble with was built/configured by my predecessor.  His domain account has been long gone and I feared there was something hung up on my machine that only he had rights to triggering this (I had found an article suggesting this can be problematic).  My normal user account is not an administrator of any kind.  To in stall 2002, I went to add/remove programs, then entered the admin creds when prompted to remove it, and then to reinstall  I'd right click my batch file and "run as administrator" and then enter my admin creds right then.  This lead to the same problems you see above.

 

I didn't document the whole process, but this covers my general approach and a couple details: 

  • Temporarily promoting my user account to be a local admin of the computer
  • Rebooting
  • Uninstall Workspace
  • Running the cleanup utility: https://support.citrix.com/article/CTX137494 which threw an error about some registry keys that it could not do anything about 
  • Open Regedit, find the keys that it errored on - change the permissions of them so that I had access to them, then deleted them.
  • Demote myself on computer so I'm a normal user
  • Reboot
  • log in as my normal user account
  • Run a command prompt as administrator
  • from the command prompt, launch my 2002 installer bat file (completely silent install runs without error)
  • everything seems to work now.

I'd be curious as to whether a similar pattern works for you.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...