Jump to content
Welcome to our new Citrix community!

After upgrading from 12.1 to 13.0 build 91.12 we are getting incorrect username or password in workspace


Recommended Posts

Hello everyone, 

I have a very weird issue, after upgrading our NetScaler from 12.1 to 13.0 build 91.12 

we are not able to login to Citrix using the workspace app in windows anymore, but web is working fine and able to login and launch apps ..

we changed nothing in our Citrix farm or even in ADC policies, the only change we did was the ADC upgrade .. 


we have 2 sessions policies: 

1 - web

2 - CitrixReceiver app  using this policy:  REQ.HTTP.HEADER User-Agent CONTAINS CITRIXRECEIVER


we have 2FA authentication , LDAP + RSA radius 

monitoring using aaad.debug shows AD + RSA token pass and successfully authenticated 


so I have no idea why,  when we use the workspace, it prompt for username AD + password + token, the window disappear "as per aaad,debug all good ad + token" and then it gives "incorrect username or password" for the user .. 


for now I suggest to my users to login to the web using the URL, since it is working fine, and launch the apps from there, but still I'm really confused with this issue and not sure where to look.


any suggestions ? 


thank you you all in advance .





Link to comment
Share on other sites

4 minutes ago, Carl Stalhood1709151912 said:

In Session Policies, set the Client Idle Time-out and Session Time-out to 720 or similar.

thanks Carl for your reply, I did and still the same, by the way i just logged in to my xendesktop server and I saw event ID in windows logs > security 

ID 4625 

would this indicate anything ? 


Failure Information:
    Failure Reason:        Unknown user name or bad password.
    Status:            0xC000006D
    Sub Status:        0xC000006A

Process Information:
    Caller Process ID:    0x820
    Caller Process Name:    C:\Program Files\Citrix\Receiver StoreFront\Services\DefaultDomainServices\Citrix.DeliveryServices.DomainServices.ServiceHost.exe


Detailed Authentication Information:
    Logon Process:        Advapi  
    Authentication Package:    Negotiate
    Transited Services:    -
    Package Name (NTLM only):    -
    Key Length:        0

Link to comment
Share on other sites

Are you using AAA for your authentication method?  On earlier firmware the default Authorization Action was Allow, and with the newer versions it is set to Deny.


You can either change that under AAA Global Session Settings, or enable it under Session policies directly.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...