Password reset of AD User on IGEL OS


Hi all, I ́ve a question regarding password reset of AD User:

Once the customer resets a User AD Password to the setting: User must change password on next logon, the user gets the following error message on the IGEL UDC, if he tries to login to igel workspace app to connect to citrix storefront: Logon to Windows to change your expired password.

Thanks and regards,


Hi, which Firmware are you using? It might be a good idea to let the user login first into the Domain and THEN use the passthrough Authentification for Citrix. These combination works fluently: kb.igel.com/igelos-11.03.500/en/login-failed-because-of-the-expired-ad-password-27246583.html


Hi, thanks for the KB link. I ́ll check this tomorrow morning with the customer. He is using firmware version 11.03.110 and on some udc endpoints 11.03.500. But the user is not able to logon first on another Windows PC, because every Office User has only a UDC endpoint. Passthrough authentication is already enabled in the Citrix settings.


Perfect. I was more thinking about let the user login on the UDC (so Igel OS not Windows) into the domain (not joining). That works to 90% like a charm.


The WSA in IGEL OS picks up if a password needs to get changed and supports changing it as you see on the video. There is no special config on the IGEL side, it’s about how you configure the Storefront (and Netscaler if used)

This also works fluently 🙂


On my lab too 😉 @member but from time to time, outside of my poney green field lab: no 🙂


hrrm… you just need to configure Storefront to allow password change, and then of course all other backend services. Which should be configured if you want to allow password change in this scenario


Both solutions are working fine, but one small thing with the Self-Service Configuration:

Password Reset works perfect. When I configure full screen mode of self-service and I reboot the UDC, the self service logon secreen appears, but the customer needs to click on the logon button in the middle, before he can type username and pw in the next upcomming popup. Is it possible to get directly the window where the user can type his username and pw without clicking first on the logon button? And once the user is logged in, the published desktop (only one) isn ́t starting automatically.


For your scenario, i would recommend using Citrix Storefront Session, instead of Citrix SelfService

Continue reading and comment on the thread ‘Password reset of AD User on IGEL OS’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base



Ask a question or comment on the above messasge thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!


Popular Message Threads


Categories & Tags: