Jump to content
Welcome to our new Citrix community!
  • 0

RemotePC in Trusted Domain Produces Error: You cannot access this session because you are not the brokered user


Britton Cain

Question

Scenario:

 

Citrix Environment (DDC's, Storefront, App Hosts, etc) are all in Domain A

RemotePC workstation is in Domain A

End user's AD account is in Domain A

This works as expected - user can sign into Storefront and connect to their physical RemotePC desktop.

 

RemotePC desktop and the user's AD account are migrated to trusted Domain B

With help from Citrix support, added the SPN's for the DDC's to the registry of the RemotePC and edited the VDA config file to state "AllowNTLM=True"

On the DDC's we have enabled support for multiple forests.

RemotePC registers successfully and will accept a connection.

GPO is applied to RemotePC workstation to prompt for user credentials instead of passing through from the Citrix session.

User logs into Storefront, which is on Domain A then clicks on their RemotePC icon which is on Domain B

Session starts, user is prompted for workstation credentials and they log into Domain B and are presented with "You cannot access this session because you are not the brokered user"

If the user enters their Domain A credentials they are allowed in, however email, etc has all been migrated to Domain B so this is useless to them.

 

I realize that this message is because they logged into Storefront using Domain A credentials, and the workstation using Domain B credentials.

 

We have other trusted domains where this workflow is working normally. User logs into Citrix with Domain A credentials, launches their RemotePC which is in Domain C and can log into it with Domain C credentials.

 

I'm working with support and going through all of the things that I originally went through to get this working on the other trusted domains but am not finding what is different. Would appreciate any suggestions from anyone that may have encountered this before.

 

Thanks

Link to comment

2 answers to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...