Unable to start application with SAML authentication "Cannot Start App" Event ID 28 Could not contact any Federated Authentication Servers

Unable to start application with SAML authentication "Cannot Start App" Event ID 28 Could not contact any Federated Authentication Servers

book

Article ID: CTX237741

calendar_today

Updated On:

Description

Launching an application or desktop fails when StoreFront is configured for FAS/SAML authentication. 

Error seen when user tries to launch an application or desktop:

User-added image
No errors are logged on the FAS server.
Storefront will show event ID 28 with error showing "...Could not contact any Federated Authentication Servers"
  

Log Name:      Citrix Delivery Services
Source:        Citrix Store Service
Date:           PM
Event ID:      28
Task Category: (2001)
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      storefrontServer.domain.com
Description:
Failed to launch the resource 'ApplicationName' using the Citrix XML Service at address '??'. An unknown error occurred interacting with the Federated Authentication Service. See the inner exception for more details.
Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider.Diagnostics.FasException, Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider, Version=3.12.0.0, Culture=neutral, PublicKeyToken=null
An unknown error occurred interacting with the Federated Authentication Service. See the inner exception for more details.
   at Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider.FasLogonDataProvider.GetVdaLogonData(IClaimsPrincipal claimsPrincipal, HttpContextBase httpContext)
   at com.citrix.wing.core.mpssourceimpl.MPSFarmFacade.GetVdaLogonData(Context context)
   at com.citrix.wing.core.mpssourceimpl.MPSFarmFacade.GetAddress(Context ctxt, String appName, String deviceId, String clientName, Boolean alternate, MPSAddressingType requestedAddressType, String friendlyName, String hostId, String hostIdType, String sessionId, NameValuePair[] cookies, ClientType clientType, String retryKey, LaunchOverride launchOverride, Nullable`1 isPrelaunch, Nullable`1 disableAutoLogoff, Nullable`1 tenantId, String anonymousUserId)
   at com.citrix.wing.core.mpssourceimpl.MPSLaunchImpl.GetAddress(Context env, String appName, String deviceId, String clientName, Boolean alternate, MPSAddressingType requestedAddressType, String friendlyName, String hostId, String hostIdType, String sessionId, NameValuePair[] cookies, ClientType clientType, String retryKey, LaunchOverride launchOverride, Nullable`1 isPrelaunch, Nullable`1 disableAutoLogoff, Nullable`1 tenantId, String anonymousUserId)
   at com.citrix.wing.core.mpssourceimpl.MPSLaunchImpl.LaunchRemoted(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.mpssourceimpl.MPSLaunchImpl.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.applyaccessprefs.AAPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.clientproxyprovider.CPPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.connectionroutingprovider.CRPLaunch.LaunchInternal(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams, Boolean useAlternateAddress)
   at com.citrix.wing.core.connectionroutingprovider.CRPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.bandwidthcontrolprovider.BCPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at Citrix.DeliveryServices.ResourcesCommon.Wing.WingAdaptors.OverrideIcaFileLaunch.Launch(Dictionary`2 launchParams, Context env, AppLaunchParams appLaunchParams)
   at Citrix.DeliveryServices.ResourcesCommon.Wing.WingAdaptors.LaunchUtilities.IcaLaunch(IRequestWrapper request, Resource resource, LaunchSettings launchSettings, String retryKey)
 
System.ServiceModel.FaultException`1[[Citrix.Authentication.UserCredentialServices.FederatedAuthenticationServerFault, Citrix.Authentication.UserCredentialServices, Version=7.15.2000.226, Culture=neutral, PublicKeyToken=a80ce61cfbf8b47a]], System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Could not contact any Federated Authentication Servers
   at Citrix.Authentication.UserCredentialServices.FederatedAuthenticationServer.Pick(String upn)
   at Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider.FasLogonDataProvider.GetVdaLogonData(IClaimsPrincipal claimsPrincipal, HttpContextBase httpContext)
 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Citrix Store Service" />
    <EventID Qualifiers="0">28</EventID>
    <Level>3</Level>
    <Task>2001</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="" />
    <EventRecordID>820910</EventRecordID>
    <Channel>Citrix Delivery Services</Channel>
    <Computer> storefrontServer.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Failed to launch the resource 'ApplicationName' using the Citrix XML Service at address '??'. An unknown error occurred interacting with the Federated Authentication Service. See the inner exception for more details.
Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider.Diagnostics.FasException, Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider, Version=3.12.0.0, Culture=neutral, PublicKeyToken=null
An unknown error occurred interacting with the Federated Authentication Service. See the inner exception for more details.
   at Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider.FasLogonDataProvider.GetVdaLogonData(IClaimsPrincipal claimsPrincipal, HttpContextBase httpContext)
   at com.citrix.wing.core.mpssourceimpl.MPSFarmFacade.GetVdaLogonData(Context context)
   at com.citrix.wing.core.mpssourceimpl.MPSFarmFacade.GetAddress(Context ctxt, String appName, String deviceId, String clientName, Boolean alternate, MPSAddressingType requestedAddressType, String friendlyName, String hostId, String hostIdType, String sessionId, NameValuePair[] cookies, ClientType clientType, String retryKey, LaunchOverride launchOverride, Nullable`1 isPrelaunch, Nullable`1 disableAutoLogoff, Nullable`1 tenantId, String anonymousUserId)
   at com.citrix.wing.core.mpssourceimpl.MPSLaunchImpl.GetAddress(Context env, String appName, String deviceId, String clientName, Boolean alternate, MPSAddressingType requestedAddressType, String friendlyName, String hostId, String hostIdType, String sessionId, NameValuePair[] cookies, ClientType clientType, String retryKey, LaunchOverride launchOverride, Nullable`1 isPrelaunch, Nullable`1 disableAutoLogoff, Nullable`1 tenantId, String anonymousUserId)
   at com.citrix.wing.core.mpssourceimpl.MPSLaunchImpl.LaunchRemoted(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.mpssourceimpl.MPSLaunchImpl.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.applyaccessprefs.AAPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.clientproxyprovider.CPPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.connectionroutingprovider.CRPLaunch.LaunchInternal(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams, Boolean useAlternateAddress)
   at com.citrix.wing.core.connectionroutingprovider.CRPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.bandwidthcontrolprovider.BCPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at Citrix.DeliveryServices.ResourcesCommon.Wing.WingAdaptors.OverrideIcaFileLaunch.Launch(Dictionary`2 launchParams, Context env, AppLaunchParams appLaunchParams)
   at Citrix.DeliveryServices.ResourcesCommon.Wing.WingAdaptors.LaunchUtilities.IcaLaunch(IRequestWrapper request, Resource resource, LaunchSettings launchSettings, String retryKey)
 
System.ServiceModel.FaultException`1[[Citrix.Authentication.UserCredentialServices.FederatedAuthenticationServerFault, Citrix.Authentication.UserCredentialServices, Version=7.15.2000.226, Culture=neutral, PublicKeyToken=a80ce61cfbf8b47a]], System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Could not contact any Federated Authentication Servers
   at Citrix.Authentication.UserCredentialServices.FederatedAuthenticationServer.Pick(String upn)
   at Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider.FasLogonDataProvider.GetVdaLogonData(IClaimsPrincipal claimsPrincipal, HttpContextBase httpContext)
</Data>
  </EventData>
</Event>

 

Resolution

This behavior is observed when Storefront Server is unable to resolve FAS server's hostname.
Ensure DNS is working properly in the environment. Recommended actions:
  • Perform a nslookup query to FAS server, make sure DNS entry is set correctly
  • For testing purposes edit the hostile on Storefront server and add the FAS Server Hostname and IP. (i.e: C:\Windows\System32\drivers\etc\hosts ), use a notepad editor to edit file save. See example below:
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
#
# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost
1.1.1.1				fas.server.com
  • Once changes performed user will be able to launch application or desktop successfuly when SAML authentication is used on Receiver for Web.

 

Problem Cause

Storefront is unable to contact the Federated Authentication Server due to a DNS related problem.

Issue/Introduction

Launching an application or desktop fails when StoreFront is configured for FAS/SAML authentication.
Powered by Wolken Software