While using FAS application launch fails with error "Cannot start app <Application Name>"

While using FAS application launch fails with error "Cannot start app <Application Name>"

book

Article ID: CTX461323

calendar_today

Updated On:

Description

Application launch fails with error "Cannot start app ", Event ID 1 and 28 are logged on Storefront servers.
 

Event ID:      1
Description:
The Federated Authentication Server at: <FAS Server FQDN> returned a server error: 1 for method AssertIdentity
System.ServiceModel.FaultException`1[[Citrix.Authentication.UserCredentialServices.FederatedAuthenticationServerFault, Citrix.Authentication.UserCredentialServices, Version=7.20.0.1, Culture=neutral, PublicKeyToken=a80ce61cfbf8b47a]], System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Access Denied (FAS server 'FAS Server FQDN' correlation: f8a6a44c-ca62-449d-ae54-012e81661e4b)

 

Event ID:      28
Description:
Failed to launch the resource '<Application\Desktop Name>' using the Citrix XML Service at address '??'. An unknown error occurred interacting with the Federated Authentication Service. See the inner exception for more details.
Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider.Diagnostics.FasException, Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider, Version=3.23.0.0, Culture=neutral, PublicKeyToken=null
An unknown error occurred interacting with the Federated Authentication Service. See the inner exception for more details.
   at Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider.FasLogonDataProvider.GetVdaLogonData(IClaimsPrincipal claimsPrincipal, HttpContextBase httpContext)
   at com.citrix.wing.core.mpssourceimpl.MPSFarmFacade.GetVdaLogonData(Context context)
   at com.citrix.wing.core.mpssourceimpl.MPSFarmFacade.GetAddress(Context ctxt, String appName, String deviceId, String clientName, Boolean alternate, MPSAddressingType requestedAddressType, String friendlyName, String hostId, String hostIdType, String sessionId, NameValuePair[] cookies, ClientType clientType, String retryKey, LaunchOverride launchOverride, Nullable`1 isPrelaunch, Nullable`1 disableAutoLogoff, Nullable`1 tenantId, String anonymousUserId, List`1 zoneIds)
   at com.citrix.wing.core.mpssourceimpl.MPSLaunchImpl.GetAddress(Context env, String appName, String deviceId, String clientName, Boolean alternate, MPSAddressingType requestedAddressType, String friendlyName, String hostId, String hostIdType, String sessionId, NameValuePair[] cookies, ClientType clientType, String retryKey, LaunchOverride launchOverride, Nullable`1 isPrelaunch, Nullable`1 disableAutoLogoff, Nullable`1 tenantId, String anonymousUserId, List`1 zoneIds)
   at com.citrix.wing.core.mpssourceimpl.MPSLaunchImpl.LaunchRemoted(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.mpssourceimpl.MPSLaunchImpl.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.applyaccessprefs.AAPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.clientproxyprovider.CPPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.connectionroutingprovider.CRPLaunch.LaunchInternal(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams, Boolean useAlternateAddress)
   at com.citrix.wing.core.connectionroutingprovider.CRPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at com.citrix.wing.core.bandwidthcontrolprovider.BCPLaunch.Launch(Dictionary`2 parameters, Context env, AppLaunchParams appLaunchParams)
   at Citrix.DeliveryServices.ResourcesCommon.Wing.WingAdaptors.OverrideIcaFileLaunch.Launch(Dictionary`2 launchParams, Context env, AppLaunchParams appLaunchParams)
   at Citrix.DeliveryServices.ResourcesCommon.Wing.WingAdaptors.LaunchUtilities.IcaLaunch(IRequestWrapper request, Resource resource, LaunchSettings launchSettings, String retryKey, ICasTicketService casTicketService)

System.ServiceModel.FaultException`1[[Citrix.Authentication.UserCredentialServices.FederatedAuthenticationServerFault, Citrix.Authentication.UserCredentialServices, Version=7.20.0.1, Culture=neutral, PublicKeyToken=a80ce61cfbf8b47a]], System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Access Denied (FAS server '<FAS server FQDN>' correlation: f8a6a44c-ca62-449d-ae54-012e81661e4b)

Resolution

  1. On the FAS server Open Citrix Federated Authentication Service console
  2. Go to Rules tab, select the appropriate policy and click on pencil icon edit
  3. On the left menu select Access control, click on the link Manage StoreFront access permissions.
  4. In the Permission for StoreFront Servers page, add your StoreFront servers and give them the permission Assert Identity. Click OK.

Problem Cause

Storefront servers are not authorized to use the  FAS. The default permission (“Assert Identity” allowed) denies everything. Therefore you must explicitly allow your StoreFront servers.
Powered by Wolken Software