Users not receiving a UPM profile when logging into application.

When logging in UPM fails, within the UPM logs we only see the following logged :-

2016-08-25;14:11:45.659;INFORMATION;EXTRANET;x9027690;3;15276;CADUser::Init: Determined user and DNS domain name: <x9027690>, <EXTRANET.COMPANY.COM>

2016-08-25;14:11:45.737;ERROR;EXTRANET;x9027690;3;15276;GetUserNameExAPIWrapper: GetUserNameEx failed to return the buffer size with: 0x525, The specified account does not exist.

2016-08-25;14:11:45.737;ERROR;EXTRANET;x9027690;3;15276;CADUser::Init: Determining the DNS domain and ADsPath failed with: The specified account does not exist.

2016-08-25;14:11:45.737;INFORMATION;EXTRANET;x9027690;3;15276;ImpersonateClientStop: Successfully stopped client impersonation.

2016-08-25;14:11:45.737;ERROR;EXTRANET;x9027690;3;15276;DispatchLogonLogoff: Updating Perfmon Logon/Logoff Counters failed.

2016-08-25;14:11:45.737;INFORMATION;EXTRANET;x9027690;3;15276;ImpersonateClientStart: Successfully impersonated a client.

2016-08-25;14:11:45.737;INFORMATION;EXTRANET;x9027690;3;15276;ImpersonateClientStop: Successfully stopped client impersonation.

2016-08-25;14:11:45.737;ERROR;EXTRANET;x9027690;3;15276;DispatchLogonLogoff: --------

Issue looks to be internal in the customers environment.

We have confirmed that the name resolution has failed when manually running the Get-Username function from PowerShell outside of UPM components.

When we make the call to the Get-Username Microsoft function from PoSH we are failing to resolve the username. This is inside a console session and outside of any UPM components involved.

Here we see a failed attempt to resolve the username

Here is a working example where we see the name resolved in yellow below....

---

Problem Cause

When loggin in UPM fails and within the UPM logs we only see the following logged :-
2016-08-25;14:11:45.659;INFORMATION;EXTRANET;x9027690;3;15276;CADUser::Init: Determined user and DNS domain name: <x9027690>, <EXTRANET.COMPANY.COM>
2016-08-25;14:11:45.737;ERROR;EXTRANET;x9027690;3;15276;GetUserNameExAPIWrapper: GetUserNameEx failed to return the buffer size with: 0x525, The specified account does not exist.
2016-08-25;14:11:45.737;ERROR;EXTRANET;x9027690;3;15276;CADUser::Init: Determining the DNS domain and ADsPath failed with: The specified account does not exist.
2016-08-25;14:11:45.737;INFORMATION;EXTRANET;x9027690;3;15276;ImpersonateClientStop: Successfully stopped client impersonation.
2016-08-25;14:11:45.737;ERROR;EXTRANET;x9027690;3;15276;DispatchLogonLogoff: Updating Perfmon Logon/Logoff Counters failed.
2016-08-25;14:11:45.737;INFORMATION;EXTRANET;x9027690;3;15276;ImpersonateClientStart: Successfully impersonated a client.
2016-08-25;14:11:45.737;INFORMATION;EXTRANET;x9027690;3;15276;ImpersonateClientStop: Successfully stopped client impersonation.
2016-08-25;14:11:45.737;ERROR;EXTRANET;x9027690;3;15276;DispatchLogonLogoff: ---------- Finished logon processing with errors in [s]: <2.67>.

Within our UPM code we make a call to MS funtion GetUserName function via our Get-UserName wrapper.
This function is used to retrive the user name in a specified format with the current thread in use.
In this scenario we are failing to resolve the username being used within the UPM session.
When we manually execute this command via PoSH we can confirm that the username is still failing to resolve. This is outside any UPM/Citrix components involved.

Reviewing the customers environment there are kerberos errors along with SPN specific errors on customer servers indicated further Kerberos problems.
Customer has also confirmed that they are using SAML authentication at times which is not supported.
 

https://msdn.microsoft.com/en-us/library/windows/desktop/ms724432(v=vs.85).aspx