Citrix Cloud + FAS : Prompted for User Credentials during VDA Launch

book

Article ID: CTX331255

calendar_today

Updated On:

Description

Symptoms : During VDA Launch we get a User Name and Password Field
- Manually entering domain credentials launches VDA

Events on FAS server :

Expectation : VDA should auto launch

Resolution

1. Check the output of following commands on FAS server :

Add-PSSnapin Citrix.Authentication.FederatedAuthenticationService.V1

$CitrixFasAddress=(Get-fasServer)[0].Address

Get-FasUserCertificate -UserPrincipalName "user@domain.com"

If there is no output showing the certificate details, do the following:

Confirm the user permissions as per Citrix recommendations.

Citrix recommends the following permissions on certificate templates:

For security reasons, remove Domain Computers from the Citrix_RegistrationAuthority_ManualAuthorization, Citrix_RegistrationAuthority, and Citrix_SmartLogon templates.
Add FAS servers explicitly (or an AD security group that contains only FAS servers) and give Read and Enroll permissions on each certificate template used by FAS Servers.
Add Read permission to Authenticated Users.
Optionally, Add Read and Write permission to Enterprise Admins.

2. Add "ReadTokenGroupsGlobalAndUniversal" permission on Citrix StoreFront Servers, FAS server and VDA servers

Problem Cause

Issue with AD sync.
You need to add the Citrix StoreFront Servers, FAS server and VDA servers to the Windows Authorization Access Group of the user's Domain.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"