- This topic is empty.
-
AuthorPosts
-
March 4, 2008 at 10:34 am #992
Hello,
We are having a problem with users who’s password has expired. When logging in to their S10 or V10 they aren’t prompted to change their password. I’ve read through multiple faq’s including https://support.wyse.com/OA_HTML/csksxvm.jsp?nSetId=22363&nUsePub=NO&jttst0=4476_50785,50785,-1,0,&jtfm0=_0_0_0_-1_f_nv_&etfm1=&jfn=ZG713AE071D10018D7177E7998E029042DCCD17E7DDDEA744C446515CB38D4897FC481B5AABE0EC0807EEB8106BEF8606C12&oas=j_ToyHtS55gTYyK79U1ehQ..
But when we try this it doesn’t work. I’ve placed the PasswordServer= variable followed by ip-adres, fqdn, or servername, none of them work.when I check my DC logs all I get is a Security audit failure, event 672 with kerberos error code 0x17, which indicates that the user’s password has expired.
The only thing meaningfull is in the system information log on the thin itself. It says the following:
PN Agent sign-on to Servername
Http header: bad response!
PN Agent sign-on failedAnyone any thoughts? I hope I’ve provided sufficient information, so if you require anything additional, just ask.
Thanks in advance
March 4, 2008 at 12:21 pm #11964Hi,
Can you post the solution ID from Wyse you looked at, unfortunately the Wyse knowledge base makes dynamic links so you can not cut and past them.
Also, what firmware are you using?
Cheers,
-TTMarch 4, 2008 at 12:55 pm #11966Ah didn’t see that 🙂
Knowledgebase article is 15330
Firmware:
V10 6.0.0_20
S10: 5.3.0_106.1 is on it’s way
March 4, 2008 at 10:44 pm #11985Have you entered the IP address of one of your Citrix server as a passwordserver?
CG
March 5, 2008 at 7:35 am #11992Yes, I tried with the ip address, with the netbios name, and the fqdn-name, none seem to work.
March 5, 2008 at 10:16 am #11996Does the Citrix Server defined as the password change server allow direct connections to the server desktop or only published applications? You may need to allow direct connections,
Cheers,
-TTMarch 5, 2008 at 1:42 pm #12003It didn’t allowed direct connections, since we only use applications, but I tested by enabling it, but no difference.
Maybe something wrong in our setup?
Our Wyse boxes use the PNA to connect to a citrix web interface which contains the configuration file. From there the short cuts towards the applications are published.
so I think they always try the PNA logon, and I think the problem is related to this. Anyone any thoughts?
March 11, 2008 at 6:37 am #12094Ahh, now I know the issue.
Unfortunately when you said you used a IP address for the PNagent= value I “assumed” you were pointing directly to the XML service on a DC.
There is an issue where the password changed does not work if you are using WTOS with a PN agent Web Interface site. You will need to contact Wyse support and open a call on this one, it was only brought to my attention recently about this problem. The workaround is not to use the Web Interface site but you will lose zone preferences with the workaround,
Cheers,
-TT(once again i am reminded to never assume 😳 )
March 11, 2008 at 8:44 am #12095Ah okido 🙂
Willl do that when I’m back in the office next week.
Thanks a lot for your time and explanation. -
AuthorPosts
- You must be logged in to reply to this topic.