Jump to content
Welcome to our new Citrix community!
  • 0

Citrix Probe 2108 - Workspace Credentials Fail to Authenticate


Jason McCutcheon

Question

Hey All,

 

Hopefully posting into the right forum 

 

I am attempting to configure Citrix Probe 2108 but seem to be falling short at the first hurdle when configuring Workspace Credentials - which generates the dreaded Workspace Credentials fail to authenticate. The password is definitely correct and logs into Storefront without any immediate issues with the UPN format. It should be noted that Storefront has been configured to use trusted domains and has two domains present - hence having to use UPN. The over CVAD site is running 1912 LTSR CU2 across all its components.

 

Troubleshooting carried out:

 

  • Targeted a single Storefront server via the hosts file to rule out any LB VIP persistence settings that might be skewing the authentication
  • Confirmed that the organisation is licensed for the use of Citrix Probe
  • Verified from client machine that I can reach Storefront.
  • Whitelisted CitrixProbe within Windows Firewall
  • Checked Event Logs on both Storefront and client machines - there doesn't appear to be any errors being generated on either Storefront or client machine
  • Cycled through other known working accounts - same deal
  • Enabled SchUseStrongCrypto=1 on .NET Framework registry under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 and Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 just in case the connection was being initiated under an unsupported TLS protocol
  • Run Fiddler on the box, which I can see the connections are handshaking over TLS 1.2. If I try and intercept/decrypt the HTTPS traffic in transit and attempt to authenticate Citrix Probe hangs on "Operation in Progress, please wait"
  • Checked Citrix Probe logs which have pulled out the following:

 

2021-09-17 10:39:12,285 [10] INFO ProbeEndPoint.Log - Reading the SF and DIR values
2021-09-17 10:39:12,285 [10] DEBUG ProbeEndPoint.Log - param1
2021-09-17 10:39:12,285 [10] DEBUG ProbeEndPoint.Log - param2
2021-09-17 10:39:12,285 [10] DEBUG ProbeEndPoint.Log - param3
2021-09-17 10:39:12,285 [10] DEBUG ProbeEndPoint.Log - param4
2021-09-17 10:39:12,285 [10] INFO ProbeEndPoint.Log - Retreiving
2021-09-17 10:39:12,285 [10] INFO ProbeEndPoint.Log - System.Security.Cryptography.CryptographicException: The parameter is incorrect.

   at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
   at ProbeEndPoint.KeyManager.Decrypt(Byte[] toDecrypt)
2021-09-17 10:39:12,285 [10] ERROR ProbeEndPoint.Log - System.Security.Cryptography.CryptographicException: The parameter is incorrect.
 ---> System.Security.Cryptography.CryptographicException: The parameter is incorrect.

   at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
   at ProbeEndPoint.KeyManager.Decrypt(Byte[] toDecrypt)
   --- End of inner exception stack trace ---
   at ProbeEndPoint.KeyManager.Decrypt(Byte[] toDecrypt)
   at ProbeEndPoint.ConfigManager.RetrieveConfigSF()

 

I have tried researching the error message myself, but the results seem more orientated to people developing code rather than any guidance on how to troubleshoot this further. Hopefully its something relatively straightforward to the experts on these forums.

 

Thanks for reading!

 

Cheers

 

Jason

Link to comment

1 answer to this question

Recommended Posts

  • 0

Jason,

 

Not sure if you ever got this sorted but I hit exactly the same problem and found that disabling Trusted Domains on StoreFront allowed for the install of the Citrix Probe to complete and function as expected.  The downside is that when you re-enable Trusted Domains the Probe will fail the test and report back to Director a result of "StoreFront Authentication Failed".

 

One for Citrix to fix I think.

 

Cheers,

Matt

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...