Netscaler Vpx Storefront Your Logon Has Expired Please Logon Again to Continue

Upshot: StoreFront Fault Your Logon Has Expired

Issue and Background

Recently while working with one of our managed services customers, an unexpected error crept into the environment affecting users of a specific forest trusted by the infrastructure (hosting) domain. Immediately upon successfully authenticating to Citrix Gateway and existence passed to StoreFront, or authenticating directly TO StoreFront users immediately receive the following message "Your logon has expired. Please log on again to keep."

No known changes occurred to the Citrix surroundings including patching of Os or Citrix effectually the time the issue commenced manifesting itself. No errors in StoreFront logs were noted either, and StoreFront security logs indicated the login was successful for the user.

Environment particulars are as follows:

• Citrix XenApp Site vii.15 LTSR CU5
• Two Citrix Sites (one per data centre), users with issue access resources simply from 1 Site (Site A)
• StoreFront 3.12 LTSR CU5
• StoreFront and VDAs in Domain A
• Users with logon effect in Domain B (two-fashion trust between domains)

We troubleshot the issue through various ways including the following, without comeback:

• CTX204766 (No improvement)
• Adding DNS suffix search list for Domain B on the StoreFront servers
• Rebooting Controllers and StoreFront servers
• Rebooting Domain B'southward Domain Controllers
• Confirmed the computer-level security setting "Access this computer from the network" had not been altered (checked via RSOP and gpedit.msc) and locked down to groups that would forbid the login from occurring as outlined in this Reddit post
• Checked GPO modification dates, no changes for months on whatever related GPOs
• Validated betwixt DCs that trusts were still valid and operational
• Performed tests from the StoreFront servers in Site A where the users connect via test-netconnection PoSH command to ostend all TCP Advertizing ports (other than RPC port checks) were open

Resolution

After a battery of various tests nosotros worked on a hunch that there may exist issues enumerating against the Commitment Controllers being aggregated into StoreFront. Two sets of Controllers were present; ane for each Site. This was non immediately suspected as a likely cause every bit the platform worked fine for most of the year, since the aggregation was implemented up until recently.

As the users of Domain B merely access resource in Site A (whereas other users of the platform in Domain A do use resources from both Site A and Site B), nosotros elected to throw in User Farm Mapping as a means to better control enumeration for users of Domain B while leaving users of Domain A unaffected.

Certain enough, once this was propagated, users of Domain B could successfully log in over again.

The root crusade appeared to be Advertizing communication issues between the Site B XML brokers and Domain B'due south Domain Controllers, suspecting something at the firewall or routing level changed more recently.

In this case, this fix is not deemed a "workaround" equally the users practise not "need" to enumerate against Site B at nowadays fourth dimension, and leveraging User Farm Mapping actually helps reduce communication flows to just those that are critical to the user'southward needs.

For more than details on User Farm Mapping and Multi-Site aggregation, I encourage reading of Sarah Steinhoff'due south TechZone article on the subject in add-on to Citrix Docs. Amidst other things, in AD environments where this is feasible, using user groups to isolate XML enumeration without using separate Stores can simplify deployments, amend StoreFront login times modestly, and avert unecessary cross-data centre traffic.

Michael Shuster is Ferroque Systems' Chief Architect and noted Citrix authority. A passionate virtualization and digital workspaces abet, he has designed, engineered, or otherwise brash clients on Citrix, VMware, and Microsoft technology platforms beyond the earth.

estradasuccionoth73.blogspot.com

Source: https://www.ferroquesystems.com/resource/issue-storefront-error-your-logon-has-expired/

Share this post