ICA or RDP Connections to XA7.6 server VDAs are interrupted before logon

ICA or RDP Connections to XA7.6 server VDAs are interrupted before logon

book

Article ID: CTX203519

calendar_today

Updated On:

Description

XA 7.6 servers will randomly stop accepting new ICA or RDP connections. The session launch process is interrupted before the user can authenticate.
RDSWatcher shows that new connection attempts will gain the username of an existing connection.
 
>>>>>>>>>>>>>>>>>> Citrix RDSWatcher 
 
13-8-2015 08:23:20 New session found ==> ID: 0 | Username: N/A | State: Disconnected | Client IP: 0.0.0.0 | Workstation: Services.
13-8-2015 08:23:20 New session found ==> ID: 1 | Username: D1\srv-pascal1 | State: Active | Client IP: 0.0.0.0 | Workstation: Console.
13-8-2015 08:23:20 New session found ==> ID: 2 | Username: Domain1\John.doe | State: Active | Client IP: 10.10.71.172 | Workstation: ICA-CGP#0.
13-8-2015 08:23:20 New session found ==> ID: 65536 | Username: N/A | State: Listen | Client IP: 255.255.184.22 | Workstation: ICA-CGP.
13-8-2015 08:23:20 New session found ==> ID: 65537 | Username: N/A | State: Listen | Client IP: 255.255.184.22 | Workstation: ICA-CGP-1.
13-8-2015 08:23:21 New session found ==> ID: 65538 | Username: N/A | State: Listen | Client IP: 255.255.184.22 | Workstation: ICA-CGP-2.
13-8-2015 08:23:21 New session found ==> ID: 65539 | Username: N/A | State: Listen | Client IP: 255.255.184.22 | Workstation: ICA-CGP-3.
13-8-2015 08:23:21 New session found ==> ID: 65540 | Username: N/A | State: Listen | Client IP: 255.255.184.22 | Workstation: ICA-HTML5.
13-8-2015 08:23:21 New session found ==> ID: 65541 | Username: N/A | State: Listen | Client IP: 255.255.184.22 | Workstation: ICA-SSL.
13-8-2015 08:23:21 New session found ==> ID: 65542 | Username: N/A | State: Listen | Client IP: 0.0.0.0 | Workstation: ICA-TCP.
13-8-2015 08:23:21 New session found ==> ID: 65543 | Username: N/A | State: Listen | Client IP: 0.0.0.0 | Workstation: RDP-Tcp.
13-8-2015 08:23:49 New session found ==> ID: 3 | Username: N/A | State: ConnectQuery | Client IP: 10.10.10.10 | Workstation: RDP-Tcp#32.
13-8-2015 08:23:51 Session 3 has gained username Domain1\John.Doe.
13-8-2015 08:23:51 Session 3 has had its Client IP changed from 10.10.10.10 to 255.255.100.100.
13-8-2015 08:23:51 Session 3 has had its Workstation changed from RDP-Tcp#32 to <NULL>.
13-8-2015 08:23:52 Session 3 has been terminated.
13-8-2015 09:08:53 New session found ==> ID: 3 | Username: N/A | State: ConnectQuery | Client IP: 10.10.10.10 | Workstation: RDP-Tcp#42.
13-8-2015 09:08:56 Session 3 has gained username Domain1\John.Doe.
13-8-2015 09:08:56 Session 3 has had its Client IP changed from 10.10.10.10 to 255.255.100.100.
13-8-2015 09:08:56 Session 3 has had its Workstation changed from RDP-Tcp#42 to <NULL>.
13-8-2015 09:08:56 Session 3 has been terminated.
 
 

Resolution

In Res Appguard configuration console, at least Winlogon,exe should be authorized to launch or access dwm.exe

User-added image

Problem Cause

Res Appguard is preventing Winlogon.exe from accessing dwm.exe.

Additional Information





 
Powered by Wolken Software