Netscaler Vpx Storefront Your Logon Has Expired Please Login Again to Continue

Issue: StoreFront Error Your Logon Has Expired

Result and Background

Recently while working with one of our managed services customers, an unexpected fault crept into the environment affecting users of a specific forest trusted by the infrastructure (hosting) domain. Immediately upon successfully authenticating to Citrix Gateway and being passed to StoreFront, or authenticating directly TO StoreFront users immediately receive the following message "Your logon has expired. Please log on again to go on."

No known changes occurred to the Citrix environment including patching of OS or Citrix around the time the issue commenced manifesting itself. No errors in StoreFront logs were noted either, and StoreFront security logs indicated the login was successful for the user.

Environment particulars are equally follows:

• Citrix XenApp Site 7.15 LTSR CU5
• Two Citrix Sites (ane per data centre), users with upshot access resources merely from one Site (Site A)
• StoreFront 3.12 LTSR CU5
• StoreFront and VDAs in Domain A
• Users with logon consequence in Domain B (2-way trust between domains)

We troubleshot the issue through various ways including the following, without improvement:

• CTX204766 (No comeback)
• Adding DNS suffix search list for Domain B on the StoreFront servers
• Rebooting Controllers and StoreFront servers
• Rebooting Domain B's Domain Controllers
• Confirmed the computer-level security setting "Access this computer from the network" had non been altered (checked via RSOP and gpedit.msc) and locked down to groups that would forbid the login from occurring as outlined in this Reddit mail service
• Checked GPO modification dates, no changes for months on whatsoever related GPOs
• Validated between DCs that trusts were still valid and operational
• Performed tests from the StoreFront servers in Site A where the users connect via test-netconnection PoSH command to confirm all TCP AD ports (other than RPC port checks) were open

Resolution

After a battery of various tests we worked on a hunch that at that place may be issues enumerating against the Delivery Controllers beingness aggregated into StoreFront. Two sets of Controllers were nowadays; 1 for each Site. This was not immediately suspected as a probable cause as the platform worked fine for nearly of the yr, since the aggregation was implemented up until recently.

Every bit the users of Domain B only access resources in Site A (whereas other users of the platform in Domain A practise use resources from both Site A and Site B), we elected to throw in User Farm Mapping as a ways to amend command enumeration for users of Domain B while leaving users of Domain A unaffected.

Certain enough, in one case this was propagated, users of Domain B could successfully log in one time more than.

The root cause appeared to be AD communication issues betwixt the Site B XML brokers and Domain B's Domain Controllers, suspecting something at the firewall or routing level changed more recently.

In this case, this fix is not deemed a "workaround" every bit the users exercise non "need" to enumerate against Site B at nowadays time, and leveraging User Farm Mapping really helps reduce communication flows to only those that are critical to the user'south needs.

For more than details on User Subcontract Mapping and Multi-Site assemblage, I encourage reading of Sarah Steinhoff'south TechZone article on the subject in add-on to Citrix Docs. Amongst other things, in AD environments where this is feasible, using user groups to isolate XML enumeration without using dissever Stores tin simplify deployments, improve StoreFront login times modestly, and avert unecessary cross-data center traffic.

Michael Shuster is Ferroque Systems' Chief Architect and noted Citrix dominance. A passionate virtualization and digital workspaces abet, he has designed, engineered, or otherwise brash clients on Citrix, VMware, and Microsoft technology platforms beyond the globe.

ellerdiespithe.blogspot.com

Source: https://www.ferroquesystems.com/resource/issue-storefront-error-your-logon-has-expired/

Share this post