Published apps present windows logon screen?, in the Citrix XenApp / Presentation Server forum on BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.

Published apps present windows logon screen?, in the Citrix XenApp / Presentation Server forum on BrianMadden.com

rated by 0 users
Answered (Not Verified) This post has 0 verified answers | 12 Replies | 1 Follower

Not Ranked
Points 160
Stuart Macintyre posted on Thu, Sep 27 2007 3:04 AM
Published apps presenting server logon screen?

The problem I have is that we have a customer that had a local jet datastore. It got corrupted so one of our guys restored the datastore and migrated it to an SQL server. All fine so far, as the SQL DB is our preference. Anyway the farm is up and running but when you try to connect to a published app, refresh the farm or recreate the farm on any client workstation, in program neighbourhood. The server logon screen in presented. This is a small site and only has one app server. I have checked the obvious stuff like the correct gina's in the winlogon key etc, and have reregistered ctxgina. regmon and filemon don’t seem to flag any obvious issues (but I could have missed something). Autoruns.exe shows that the correct gina's are in use and that the appsetup key in the registry has the correct stuff; CtxHide.exe UsrLogon.Cmd,cmstart.exe,updatdrv.exe. DSCheck didn’t show any problems with the datastore and when I run profiler on the SQL server I can see the citrix server accessing the datastore fine, using the correct account.

The server is windows 2k sp4, PS4 RO3 (+ a couple of HF's).

Even though the server is configured to only run published apps (no desktops), on the ICA protocol it is still presenting users with the logon screen.

I have been focusing my attention on ctxgina not passing the credentials, but can’t find a problem.

The workaround that we have in place for now is to use custom ICA connections, they work but we don’t really want to use this as a solution.

Any suggestions would be greatly welcome.

  • | Post Points: 65

All Replies

Top 500 Contributor
Points 423
Any errors showing up in the Event log related to each login attempt?

I've seen this problem when there was a problem with the MS TS Licensing.
I've also saw this issue a long time ago with Nfuse/MetaFrame XP, where the user's (mine) was more than 12 characters long. I imagine that problem has been fixed, but thought I'd mention it.

Have you tested having the user log in using RDP ?
  • | Post Points: 20
Guest replied on Thu, Sep 27 2007 2:12 PM
Thx for the reply. The user logon names are all 7 or 8 characters long (generic logons due to front of house operation, high user turnover). No errors in the event log at all, with any relevance to this. I also changed the local security policy to log all logon failures for accounts and process, nothing is shown.
If i try to log onto an RDP desktop, with a user account, the policy kicks in and rejects the logon atempt, only admins can log on ..... etc. But with the published app, if the user eneters their logon details (they dont actualy know them as they are pre confirgured) then they can in fact get a desktop to load??? Very not what we want!
  • | Post Points: 20
Not Ranked
Points 160
sorry that last post was in fact me. forgot to sign in :-O
  • | Post Points: 20
Top 10 Contributor
Points 88,051
your talking about the windows logon right? Is it showing the correct domain when it pops up?
  • | Post Points: 20
Top 100 Contributor
Points 1,710
You say that you're being prompted to login and then when you login you're presented with a desktop in place of a seamless application, right? Once you're logged into the desktop session is WFSHELL.EXE process (Citrix Seamless Engine) running?

You also mentioned refresh or recreate the farm, does that mean your using Program Neighborhood? If so are you application sets configured to use Seamless Windows and is the login method configured correctly? (Local User - Pass-through authentication).

Another thing worth checking, going back to the credential pass-through stuff, if you launch Terminal Services Configuration, open the properties for the ICA-TCP connection and look at the Logon Settings, it should be set to "Use client-provided logon information". If you've got anything entered into the "Always use the following logon information" fields this will cause the logon screen to flash up each time you launch an application....
Mitch Beaumont MBCS MIET CCA CCEA 4
I've never met anyone I couldn't learn something from.
  • | Post Points: 20
Not Ranked
Points 160
Hi Jeff, yes the correct domain is displayed
  • | Post Points: 5
Not Ranked
Points 160
Mitch that’s correct a standard windows logon followed by a desktop. It is an ica desktop. I will check today if the wfshell is running in the desktop, but I don’t think it will be.

Yes we are using PN, and all apps are seamless windows. The login is configured as user supplied credentials in the properties of the farm item in PN. We have reasons for doing this rather than use locally entered credentials (as in the current logged on user). But this will not be the issue as its pretty standard for our roll outs, and has been fine at this site for over a year.
If the credentials within PN where not working, we should be presented with a citrix authentication box, not the server/windows one. Then the farm would be enumerated and the apps presented. But the citrx logon window is never presented!

The ICA connection is configured for "Use client-provided logon information".

Cheers

Stuart
  • | Post Points: 20
Top 100 Contributor
Points 1,710
Chad, lets hope WFSHELL.exe is running, if not that'll be why you're not getting any seamless windows.

Another quick check would be to see whether or not you're getting client local printers auto-created within your sessions. WFSHELL.exe is also responsible for this.

Make sure the following registry key exists, as this contains all the configuration information for WFSHELL.exe - HKLM\SYSTEM\CurrentControlSet\Control\Citrix\wfshell

good luck!
Mitch Beaumont MBCS MIET CCA CCEA 4
I've never met anyone I couldn't learn something from.
  • | Post Points: 20
Not Ranked
Points 160
WFshell is not running.
  • | Post Points: 20
Top 500 Contributor
Points 520
Stuart,

Do you have anything specified in Environment Tab in the AD user account under the section "Start the folliwng program"? maybe that's launching the explorer..

Thanks,
Prashant
  • | Post Points: 5
Top 10 Contributor
Points 24,605
Hi,

If WFSHELL isn't loading then perhaps you have a problem with your Userinit key in the registry. Brian wrote a good article on the login process that explains the role of wfshell and how it gets launched here:

http://www.brianmadden.com/content/article/Understanding-the-Citrix-MetaFrame-Logon-and-Logoff-Process

Cheers,

Alan Osborne

President (MCSE, CCNA, VCP, CCA)

VCIT Consulting - Citrix/Terminal Services Remote Desktop Solutions for SMB

VCIT website My Blog

  • | Post Points: 5
Not Ranked
Points 25
Suggested by Steve@IHS

In Terminal Services Configuration, open the ICA-TCP settings and turn off "Always prompt for password."

  • Post Points: 5
Page 1 of 1 (13 items) | RSS