Brian Madden Logo
Your independent source for application and desktop virtualization.
Discussion Forums » Tech Support Forums » Citrix XenApp / Presentation Server » Published apps present windows logon screen?
Marketplace

advertisement

Published apps present windows logon screen?, in the Citrix XenApp / Presentation Server forum on BrianMadden.com

rated by 0 users
Not Answered This post has 0 verified answers | 11 Replies | 0 Followers

Not Ranked
Points 145
Stuart Macintyre posted on 09-27-2007 3:04 AM
Published apps presenting server logon screen?

The problem I have is that we have a customer that had a local jet datastore. It got corrupted so one of our guys restored the datastore and migrated it to an SQL server. All fine so far, as the SQL DB is our preference. Anyway the farm is up and running but when you try to connect to a published app, refresh the farm or recreate the farm on any client workstation, in program neighbourhood. The server logon screen in presented. This is a small site and only has one app server. I have checked the obvious stuff like the correct gina's in the winlogon key etc, and have reregistered ctxgina. regmon and filemon don’t seem to flag any obvious issues (but I could have missed something). Autoruns.exe shows that the correct gina's are in use and that the appsetup key in the registry has the correct stuff; CtxHide.exe UsrLogon.Cmd,cmstart.exe,updatdrv.exe. DSCheck didn’t show any problems with the datastore and when I run profiler on the SQL server I can see the citrix server accessing the datastore fine, using the correct account.

The server is windows 2k sp4, PS4 RO3 (+ a couple of HF's).

Even though the server is configured to only run published apps (no desktops), on the ICA protocol it is still presenting users with the logon screen.

I have been focusing my attention on ctxgina not passing the credentials, but can’t find a problem.

The workaround that we have in place for now is to use custom ICA connections, they work but we don’t really want to use this as a solution.

Any suggestions would be greatly welcome.

All Replies

Top 500 Contributor
Points 393
Reply
John Radcliffe replied on 09-27-2007 8:36 AM
Any errors showing up in the Event log related to each login attempt?

I've seen this problem when there was a problem with the MS TS Licensing.
I've also saw this issue a long time ago with Nfuse/MetaFrame XP, where the user's (mine) was more than 12 characters long. I imagine that problem has been fixed, but thought I'd mention it.

Have you tested having the user log in using RDP ?
  • | Post Points: 20
Reply
Guest replied on 09-27-2007 2:12 PM
Thx for the reply. The user logon names are all 7 or 8 characters long (generic logons due to front of house operation, high user turnover). No errors in the event log at all, with any relevance to this. I also changed the local security policy to log all logon failures for accounts and process, nothing is shown.
If i try to log onto an RDP desktop, with a user account, the policy kicks in and rejects the logon atempt, only admins can log on ..... etc. But with the published app, if the user eneters their logon details (they dont actualy know them as they are pre confirgured) then they can in fact get a desktop to load??? Very not what we want!
  • | Post Points: 20
Not Ranked
Points 145
Reply
Stuart Macintyre replied on 09-27-2007 2:15 PM
sorry that last post was in fact me. forgot to sign in :-O
  • | Post Points: 20
Top 10 Contributor
Points 87,162
Reply
Jeff Pitsch replied on 09-27-2007 3:42 PM
your talking about the windows logon right? Is it showing the correct domain when it pops up?
  • | Post Points: 20
Top 75 Contributor
Points 1,695
Reply
Mitch Beaumont replied on 09-27-2007 10:43 PM
You say that you're being prompted to login and then when you login you're presented with a desktop in place of a seamless application, right? Once you're logged into the desktop session is WFSHELL.EXE process (Citrix Seamless Engine) running?

You also mentioned refresh or recreate the farm, does that mean your using Program Neighborhood? If so are you application sets configured to use Seamless Windows and is the login method configured correctly? (Local User - Pass-through authentication).

Another thing worth checking, going back to the credential pass-through stuff, if you launch Terminal Services Configuration, open the properties for the ICA-TCP connection and look at the Logon Settings, it should be set to "Use client-provided logon information". If you've got anything entered into the "Always use the following logon information" fields this will cause the logon screen to flash up each time you launch an application....
Mitch Beaumont MBCS MIET CCA CCEA 4
I've never met anyone I couldn't learn something from.
  • | Post Points: 20
Not Ranked
Points 145
Reply
Stuart Macintyre replied on 09-28-2007 2:36 AM
Hi Jeff, yes the correct domain is displayed
  • | Post Points: 5
Not Ranked
Points 145
Reply
Stuart Macintyre replied on 09-28-2007 2:45 AM
Mitch that’s correct a standard windows logon followed by a desktop. It is an ica desktop. I will check today if the wfshell is running in the desktop, but I don’t think it will be.

Yes we are using PN, and all apps are seamless windows. The login is configured as user supplied credentials in the properties of the farm item in PN. We have reasons for doing this rather than use locally entered credentials (as in the current logged on user). But this will not be the issue as its pretty standard for our roll outs, and has been fine at this site for over a year.
If the credentials within PN where not working, we should be presented with a citrix authentication box, not the server/windows one. Then the farm would be enumerated and the apps presented. But the citrx logon window is never presented!

The ICA connection is configured for "Use client-provided logon information".

Cheers

Stuart
  • | Post Points: 20
Top 75 Contributor
Points 1,695
Reply
Mitch Beaumont replied on 09-28-2007 4:07 PM
Chad, lets hope WFSHELL.exe is running, if not that'll be why you're not getting any seamless windows.

Another quick check would be to see whether or not you're getting client local printers auto-created within your sessions. WFSHELL.exe is also responsible for this.

Make sure the following registry key exists, as this contains all the configuration information for WFSHELL.exe - HKLM\SYSTEM\CurrentControlSet\Control\Citrix\wfshell

good luck!
Mitch Beaumont MBCS MIET CCA CCEA 4
I've never met anyone I couldn't learn something from.
  • | Post Points: 20
Not Ranked
Points 145
Reply
Stuart Macintyre replied on 10-02-2007 5:52 AM
WFshell is not running.
  • | Post Points: 20
Top 500 Contributor
Points 505