Citrix Cloud - User cannot session,. Event ID 1050: 'hashexchangefailed'
Article ID: CTX560790
Updated On:
Description
After migrating from on-prem to Citrix Cloud, user is unable to launch a session to their VDA.
VDA shows event viewer error: Event id 1050: Citrix connection validation failed on domain "for user" for reason 'hashexchangefailed'
Resolution
To resolve this issue, you will need to run some commands on your cloud account.
To do this, you will need to download the PowerShell Posh SDK
Download the Posh SDK here - https://www.citrix.com/downloads/citrix-cloud/product-software/xenapp-and-xendesktop-service.html
Run command: Get-XdAuthentication
(this will prompt you to login to your cloud account so you can run commands from your cloud enviroment)
Get-BrokerDesktopGroup
(Check if this returns MachineLogOnType as LocalMappedAccount)
If it does, can you change this to Active Directory instead.
To do this, please run command:
Set-BrokerDesktopGroup -MachineLogOnType ActiveDirectory
Once set, restart the VDA and try again and test launching the VDA.
You should see that you are now able to launch the VDA without issues.
In Create Delivery Group > Users, you can check a box for "Allow users not in Active Directory to use this delivery group". Checking this box will set the logon type to LocalMappedAccount.
The combination of LocalMappedAccount configured as logon type and the launch request coming through a Cloud Connector results in using two different tickets - one is sent to the VDA in the PrepareSession request, the other one is sent to the endpoint to present to the VDA. As a result, validation fails because of ticket mismatch.
To do this, you will need to download the PowerShell Posh SDK
Download the Posh SDK here - https://www.citrix.com/downloads/citrix-cloud/product-software/xenapp-and-xendesktop-service.html
Run command: Get-XdAuthentication
(this will prompt you to login to your cloud account so you can run commands from your cloud enviroment)
Get-BrokerDesktopGroup
(Check if this returns MachineLogOnType as LocalMappedAccount)
If it does, can you change this to Active Directory instead.
To do this, please run command:
Set-BrokerDesktopGroup -MachineLogOnType ActiveDirectory
Once set, restart the VDA and try again and test launching the VDA.
You should see that you are now able to launch the VDA without issues.
Problem Cause
Issue related to ticketing.In Create Delivery Group > Users, you can check a box for "Allow users not in Active Directory to use this delivery group". Checking this box will set the logon type to LocalMappedAccount.
The combination of LocalMappedAccount configured as logon type and the launch request coming through a Cloud Connector results in using two different tickets - one is sent to the VDA in the PrepareSession request, the other one is sent to the endpoint to present to the VDA. As a result, validation fails because of ticket mismatch.
Issue/Introduction
After migrating from on-prem to Citrix Cloud, user is unable to launch a session to their VDA.
VDA shows event viewer error: Event id 1050: Citrix connection validation failed on domain "for user" for reason 'hashexchangefailed'
Was this article helpful?
Yes
No
Powered by
