Jump to content
Welcome to our new Citrix community!
  • 0

Citrix FAS | Unable to launch Publish VDA using FAS, getting error “Username or password incorrect”


Sasi Tzdaka

Question

Users are unable to launch Publish VDA using FAS, getting error “Username or password incorrect”.
 

On VDA Event Logs following Event are seen

Event ID 3:

Error Code: 0x3e KDC_ERR_CLIENT_NOT_TRUSTED

Extended Error: 0x800b0112 KLIN(0)

Error Code: 0x19 KDC_ERR_PREAUTH_REQUIRED

 

However when running certutil doesn’t show any certificate exception

Link to comment

4 answers to this question

Recommended Posts

  • 0

Hi Sasi

 

have all the pre-requisites for Citrix FAS been met?

 

e.g.

do the User UPNs or alternate UPNs match the domain name?

Has the FAS GPO been applied to the OU containing the VDAs?

Has the FAS plugin been installed onto the StoreFront  server(s)?

Has "Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true" been set?

etc, etc

 

Regards

 

Ken

Link to comment
  • 0

We are testing Citrix Cloud and set up Azure AD authentication and to make starting an published application as smooth as possible, FAS has been set up. This worked perfectly for one day...

 

Starting an applications now gives: The user name or password is incorrect or a message The request is not supported.

 

Anyone knows what might be causing this? And how to resolve it?

Link to comment
  • 0

Ian

 

you need to give a bit more info about your environment. did you build the environment, or did you inherit it and are trying to support it?

 

I'm assuming that your using a Citrix ADC with SAML authentication as the remote portal (otherwise why use FAS)?

what error messages are in the StoreFront or delivery controller event logs?

are all accounts under the same domain/forest?

Is the Active Directory synced up to the site with SAML is authenticating to?

Do the default UPNs for the users match their email addresses/domain name?

If you built it, what documentation did you follow to configure the FAS?

 

I've just completed (last week) a NetScaler/SAML and Citrix FAS deployment for a customer with no issues, using latest NetScaler firmware and Citrix FAS software (but logging into a 1912 LTSR farm)

 

Regards

 

Ken Z

Link to comment
  • 0

Hi Ken,

 

The environment is build by me and now I am trying to support it ?

Today, however, I am able to start an application without getting an error like user name or password is incorrect. My test user still get this error though.

 

The entry to start an Citrix application is the Citrix Cloud portal where the user signs in with their Azure AD account.

Because there is no SSO when the user starts an application, there is where FAS is needed.

 

With the move to Citrix Cloud, there are no on-premise NetScaler, Delivery controller and StoreFront servers needed anymore .

 

The following sites I have been using to configure FAS:

https://www.jasonsamuel.com/2019/07/02/how-to-use-citrix-cloud-enabled-federated-authentication-service-fas-with-microsoft-azure-ad-and-citrix-workspace-for-full-windows-password-less-single-sign-on-to-virtual-desktops-and-apps/

https://carlstalhood.com/citrix-federated-authentication-service-saml/

https://docs.citrix.com/en-us/federated-authentication-service/install-configure.html

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...