An error occurred while making the requested connection
Posted on 2013-12-20 10:41 bw_0927 阅读(1774) 评论(0) 收藏 举报http://support.citrix.com/article/CTX130480
Symptoms
An application is launched on a XenApp Kerberos-based farm environment, the following error message is displayed on the browser and the application fails to launch.
“An error occurred while making the requested connection.”
On the Web Interface Server, following error log message is written to Application Event log:
Log Name: Application
Source: Citrix Web Interface
Date: <Date>
Event ID: 30102
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: wi54.amc.ctx
Description:
Site path: C:\inetpub\wwwroot\Citrix\Krb2.
The Citrix servers reported an unspecified error from the XML Service at address http://xa5.amc.ctx/scripts/CtxIntegrated/wpnbr.dll[com.citrix.xml.NFuseProtocol.RequestTicket].
Refer to Logged Messages and Event IDs on Citrix web page for specific information about this message.
Cause
The issue is experienced when the XML broker is trying to request a logon ticket on farm member server where app is been resolved to launch. When the request to generate logon ticket fails, the XML broker returns an unspecified error in the ResponseTicket section.
The cause for this unspecified error is caused by an Anonymous Logon and NTLM authentication attempt made to the XenApp server hosting the application, instead of Kerberos.
On XenApp server hosting the application, following log entry is written in the Security Event Log:
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: xa5-2.amc.ctx
Description:
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: ANONYMOUS LOGON
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x9c788
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: XA5
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
When building a XenApp Kerberos-based authentication environment with Web Interface, the XML brokers must have XML shared with IIS in order to handle the Kerberos ticketing properly. By default, when XenApp is installed with XML shared with IIS, the Identity account for XML service application pools are set to Network Service.
The Network Service account has minimum privileges on the local computer; hence, it cannot be used for Kerberos ticketing in this scenario. Refer to the Service User Accounts web page of Microsoft MSDN library for more information.
Resolution 1
Complete the following procedure to resolve this issue:
- Access the XenApp server that is being used as the XML broker on the XenApp Web site.
- Change the identity account to LocalSystem from Advanced Settings for both XML service application pools, that is CtxAdminPool and CtxScriptsPool.
- Run the IISRESET command on the XML broker on which the change was made.
- Try launching the application to verify whether resolution works.
- The Security Event log on the XenApp server, hosting the application, shows the following entry if app launches successfully :
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: <Date>
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: xa5-2.amc.ctx
Description:
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: AMC\administrator
Account Name: Administrator
Account Domain: AMC
Logon ID: 0x95a965
Logon GUID: {16434083-ffe5-cf7d-fb76-504b8bd5b7b1}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Kerberos
Authentication Package: Kerberos
Transited Services:
WI54$@AMC.CTX
HTTP/xa5.amc.ctx@AMC.CTX
Package Name (NTLM only): -
Key Length: 0
Resolution 2
For XenApp 6.5 deployments, ensure to install on all XenApp servers in the farm Limited Release Hot Fix XA650W2K8R2X64015. Alternatively, install Hotfix Rollup Pack 1 for XenApp 6.5 which includes XA650W2K8R2X64015.
浙公网安备 33010602011771号