The following error message is displayed when trying to log on:

The system could not log you on. Make sure your user name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case.

When the error message is displayed, click OK to re-enter the credential and establish the session successfully. It is not necessary to type the credentials again because you have already entered the details when logging on to the Web Interface. These credentials are automatically supplied to the session.

If the user is in a child domain of one forest while the XenApp server is in a child domain of another forest, there is a forest level trust between the two domains. When the error is observed, ensure that the domain shown in the logon Graphical Identification and Authentication (GINA) library is that of the XenApp server and not that of the user domain. Therefore, automatic log on cannot work because the domain supplied to the XenApp server is incorrect.

Resolution 1

To resolve the issue, add explicit trust between the child domains.

Resolution 2

Alternatively, you can place all servers in the same domain as follows:

1. Create a Local Group in the domain.

2. Populate this Domain Local Group with Global Groups from other domains.

Problem Cause

Although a forest level trust exists between these forests, there is no explicit trust between the two child domains in the separate forests. In a Citrix XenApp environment, a Forest level trust does not allow a transitive trust among all child domains in the trusted forests.

With Windows Active Directory forests, you can create a two-way forest trust that enables a transitive trust among child domains in the trusted forests. However, Presentation Server does not support the use of this type of trust among child domains.