Hello, our IGEL UD2 LX clients running the latest 10.05.500.01 firmware are unable to change expired user passwords using Citrix Workspace app. What’s strange about this is once authenticated (and before launching a desktop/app) the “Change password on next logon” box can be checked and the user can change their password via Workspace. Are we missing something with our domain configuration, a certificate, or a setting within the IGEL Profile? I have a case open on this that hasn’t been getting any traction and we’ve already tried optional builds 520 and 590 provided by support. Any help would be appreciated!
Hello, I tried to reproduce it in my lab (OS 10.05.500 and OS 11.01.100, AD Win 2016, Workspace 1808), and it worked indeed like a charm with “User must change password at next logon”. But you mean that, if the password really expires (I assume not the user account itself), then the user cannot change it anymore from the workspace app, right?
What happens, when you open the Storefront URL from a fat client and logon with an expired password user, does it work there?
I am treating “User must change password on next logon” and true expired passwords as one in the same. Most of my testing has been the former, though. Fat client is not even necessary. When I launch a Firefox session to Storefront it is 100% capable of allowing the user to change an expired password and (after login) users can click their name in the top right and change password there as well. It’s exclusively an issue with the Workspace App.
I did just check and our Active Directory still primarily lives on 2008 server. Now I’m suspecting that may have something to do with it.
Ok… Interesting… Sometimes time concordance can be an issue when speaking about Password set issues?!
One more thing what happens when you use the Citrix Authentification mechanism instead, does it work there? kb.igel.com/igelos/en/active-directory-kerberos-2720551.html
I will try this tomorrow and let you know.
I’m having some trouble getting Kerberos working. I cannot successfully authenticate with any account yet. I am sorry for the delay in response.
Ok, thank you! Just before pointing you into a support ticket: Time concordance is given? DNS is configured via DHCP or Profile? Did you configured a few domain controllers here: kb.igel.com/igelos/en/domains-realms-2720981.html ? Did you checked that the AD DC are reachable from the endpoint side (Ping, Port 464 TCP/UDC)?
Not sure what happened there my message was deleted.
I successfully configured Kerberos/Active Directory and can change expired passwords on that prompt. I see the same issue in Workspace even after leaving the domain settings and/or explicitly stating our FQDN in the Citrix Workspace configuration.
I think I’ve got DNS configured correctly via profile and our DHCP server is the same one being used company-wide. As far as pinging the AD DC I can successfully ping but is there a linux command to ping over a certain port? I do have a case opened 2019031310001568
Hi! Thank you for the feedback, I will have a look into the ticket. Would you mind to share the results as soon as you get one?
This is all I have so far. I don’t know what to do beyond this. Was there a special ping command you wanted me to try?
Probeport youraddc 464 but since you got it working with the local logon / Kerberos, it couldn‘t be an issue I believe…
Okay I ran that command and I get “Connection successful”
Update: This continued to be an issue even on OS 11. We are able to work around it by using Authentication type: “Citrix authentication mechanism (instead of IGEL), Smartcard disabled” setting. This method allows users to change expired/reset passwords and functions almost the same way as the standard Citrix Workspace logon. Kerberos also worked but did not suit our needs.
Continue reading and comment on the thread ‘Unable to change expired user passwords using Citrix Workspace app on IGEL OS’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.
Submit a question, or Join Today!
Popular Message Threads
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- How to Install IGEL OS via a Bootable USB Drive
- How to change the default IGEL UMS admin password?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?
- Citrix connection via Netscaler Error: “AM_ERROR_AUTH_NETWORK_ERROR” on IGEL OS
- IGEL UMS Universal Update Error: “could not resolve host name”
- Error connecting to Citrix StoreFront “Error adding store: Http error”