Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Logon problems with account from trusted domain

Status
Not open for further replies.
ozihcs

ozihcs

IS-IT--Management
Jan 10, 2005
12
NO
We have a citrix farm residing in domain A which needs to log on users from trusted domain B. The users are able to log in to the web interface, so we know that they are being authenticated.

The problem is that when they start the published application the connection hangs during the "checking credentials" phase and eventually fails with the following error:

<b>"the specified domain either does not exist or could not be contacted"</b>

inspecting the firewall logs I can see that the Citrix server has tried to contact several domain controllers in the trusted domain on port LDAP-UDP (udp 389), but in our case only the domain controllers in our local domain are allowed to speak with the remote DCs so the communication is blocked. This is all that should be necessary too, as the authentication should be performed by our local DC and not directly from client to remote DC .. or so we are led to believe anyway.

A further fact relevant to the problem is that while it takes a while, we can indeed log on to terminal services using the same account so this problem seems strictly limited to Citrix.

Anyone have any idea what might be happening?
 
Sort by date Sort by votes
ozihcs,
Do you have a d/c from domain B on the same A/D site as your Citrix servers?

From what I understand is that you have 2 domains (A and B).
Your citrix servers are probably on the domain A with the D/C's from A. The d/c's from domain A have a trust relationship with domain B. So the Citrix servers probably are "aware" that D/C's from domain B are a different site so they are trying to communicate to it.

I would suggest setting up a domain B d/c in the same A/D site as your domain A d/c's and Citrix servers.
That way the blocked ports should not be an issue.

please post back if that's not the case.

Hope that helps.
 
Upvote 0 Downvote
Thanks for the reply, enigma99

Unfortunately Domain B is hosted by a sourcing company and setting up a dc in our own network is not an option I'm afraid.

But so far Citrix Metaframe has been the only application/service which we've been unable to log on with accounts from domain B - as I said, we can even log on to terminal services on the same computer with accounts from dom B.

If I knew how Citrix differs from other authentication / logon scenarios I could probably remedy the situation.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gazonk.del
  • Locked
  • Question
How to Copy save_set from Tape to Disk -- Continuation
Replies
0
Views
134
gazonk.del
gazonk.del
bklabel1
  • Locked
  • Question
Reflections Attachmate with OpenVMS
Replies
1
Views
134
yamyam
yamyam
dumbchemist
  • Locked
  • Question
Using IDE to SATA/SATA to IDE converters with Netware 5
Replies
18
Views
277
goombawaho
goombawaho
treedstang
  • Locked
  • Question
SAMBA4 DOMAIN NOT SEEING IMPORTED USERS OR GROUPS FROM SAMBA3 DOMAIN
Replies
0
Views
88
treedstang
treedstang
maybeimaleo
  • Locked
  • Question
Multiple logon id's for one account? 1
Replies
4
Views
103
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top