ThinOS 8.3 connection to Citrix NetScaler / VMware Access Point with 2FA fails

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #43785
    • Total Post: 1
    • Newbie

    we’re trying to connect a T10D client with the latest ThinOS 8.3 to a Citrix XenApp 7 over NetScaler 11.0 / VMware Horizon View 7 over VMware Access Point 2.8.

    For security reasons connections are only allowed using 2FA (1st Username + PW, 2nd PIN)

    Using Netscaler Gateway
    After authentication ThinOS but comes back with “Invalid Credential, please retry”.
    System information log shows the following messages:
    csg account abnormal
    csg login fail 0 times, exit
    SF: roam service failed rc=2
    SF: account state 7

    I tried CAGAuthMethod=LDAP / LDAP+RSA / RSA+LDAP / RSA in wnos.ini

    Using View Access Point
    After Username + PW authentication ThinOS presents a SecureID input dialog for the PIN, but comes back with “Invalid Credential, please retry”.

    System information log shows the following message:
    “vdi broker initialization failed”.

    Can somebody confirm that connecting via Netscaler / Access Point with 2FA is supported / has been successfully tested? Any hints about client / gateway configuration needs?

    We don’t have issues with internal connections over Netscaler (without 2FA).


    Thanks in advance!

    • Total Post: 16
    • Regular Joe
    • ★★

    Did you resolve this? 😉

    We have the same issue. We got it working internally except for ThinOS.

    USB logging output:

    09:30:13.395 SF: csg redirect to https://gdt2fa.gouda.lok/vpn/index.html
    09:30:13.395 SF: use cgi/login to try
    09:30:13.395 SF: csg path http://gdt2fa.gouda.lok/cgi/login
    09:30:13.396 SF: csg method start
    09:30:13.396 SF: [request] http://gdt2fa.gouda.lok/cgi/login, get 0
    09:30:13.396 SF: [url] http://gdt2fa.gouda.lok
    09:30:13.481 SF: http get code 200, len 1151
    09:30:13.481 SF: csg need passcode
    09:30:26.175 SF: [request] http://gdt2fa.gouda.lok/cgi/dlge, get 0
    09:30:26.175 SF: [url] http://gdt2fa.gouda.lok
    09:30:26.240 SF: no code from http!
    09:30:26.240 SF: http get code 302, len 15
    09:30:26.240 SF: csg account abnormal…
    09:30:26.240 SF: csg login fail, exit
    09:30:26.240 SF: roam service failed rc=-2
    09:30:26.240 SF: password related state
    09:30:26.240 SF: account state 7

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.