Wednesday, January 11, 2012

Launching a virtual desktop via Citrix Web Interface 5.4 using Citrix pass-through authentication throws the error: “An error occurred while making the requested connection.” With event ID 2100 logged on the DDC and event ID 30105 logged on the Web Interface server

Problem

You have just configured pass-through authentication for your Citrix Web Interface 5.4 servers with the instructions demonstrated in the following video:

How To: Configure Pass-Through Authentication with Web Interface 5.2
http://www.citrix.com/tv/#videos/1405

… but noticed that when you try to launch a virtual desktop via the Web Interface, you receive the following error:

An error occurred while making the requested connection.

image

Reverting back to Prompt for authentication launches the desktop properly.  Reviewing the application event logs for the DDC shows the warning with event ID 2100 from the source Citrix Broker Service logged:

The Citrix Broker Service failed to validate a user's credentials on an XML service.

Verify the trust relationships between your domains.

Error details:

User: ''

Error: 'AccessDenied'

Message: 'ID only credentials received but TrustRequestsSentToTheXmlServicePort=false'

Stack Trace: ''

image

Reviewing the application event logs for the Web Interface shows the warning with event ID 30105 from the source Citrix Web Interface logged:

Site path: C:\inetpub\wwwroot\Citrix\DesktopWeb.

The Citrix servers do not trust the server. This message was reported from the XML Service at address http://ddc01.domain.com/scripts/wpnbr.dll [com.citrix.xml.NFuseProtocol.RequestAddress].  [Unique Log ID: 488a8296]

For specific information about this message, see the Web Interface documentation at http://support.citrix.com/proddocs/topic/web-interface-impington/wi-log-messages-event-ids-hardwick.html.

image

Solution

The solution to this problem in my situation was actually quite simple.  As per the following Citrix article:

http://support.citrix.com/proddocs/topic/access-gateway-50/ag-50-integrate-wi-client-xd5-xml-trust-tsk.html

… all I needed to do was set the variable TrustRequestsSentToTheXmlServicePort from False to True.

Log onto your DDC and launch Citrix Desktop Studio:

image

Select the Desktop Studio node from the left window and select the Powershell tab in the right window:

image

At the bottom right hand corner of the Powershell window, click on the Launch Powershell button:

image

Once the Powershell window opens, type the following cmdlet:

Get-BrokerSite

… and look for the value (True or False) for the variable TrustRequestsSentToTheXmlServicePort.  The output would look similar to the following:

PS C:\Windows\system32> Get-BrokerSite

AppLicenseEdition                        : ENT
ApplicationIconUid                       : 2
ApplicationLicenseGraceSessionsRemaining : 10
ApplicationLicenseModel                  :
ApplicationLicensedSessionsActive        : 0
BaseOU                                   :
BrokerServiceGroupUid                    : 6a1c9ad6-3601-4ca2-97dc-220ede30bea5
ColorDepth                               : TwentyFourBit
ConfigurationServiceGroupUid             : f46f0aab-df58-45ae-9a73-84434cd5e0bf
DesktopGroupIconUid                      : 1
DesktopLicenseEdition                    : EXP
DesktopLicenseGraceSessionsRemaining     : 10
DesktopLicenseModel                      : UserDevice
DesktopLicensedSessionsActive            : 0
DnsResolutionEnabled                     : False
LicenseServerName                        : webinterface01
LicenseServerPort                        : 27000
LicensingGraceHoursLeft                  : 207
LicensingGracePeriodActive               : True
LicensingOutOfBoxGracePeriodActive       : False
Name                                     : Contoso
SecureIcaRequired                        : False
TrustRequestsSentToTheXmlServicePort     : False

image

As shown in the output and screenshot above, the value for the variable is set to false so proceed by setting it to True with the following cmdlet:

Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true

Once the command executes execute the command:

Get-BrokerSite

… again and ensure that the variable TrustRequestsSentToTheXmlServicePort is now set to True:

image

Once this variable was set to True, the warning and error on the DDC and Web Interface server went away and the virtual desktop window now launches.

5 comments:

Шеповалов Аким said...

Thank you, man!

Narayanan Sridhar said...

Hi, Tried the suggested solution but still no luck. User needs to click the VDI icon multiple times to launch the VDI.

Anonymous said...

Worked perfectly! XenApp 7.6 / /IE 11.

Error was:
Cannot start app "appname". Please contact your Help Desk.

Along with the Event ID 2100

Pagadala Adityakumar said...

Worked perfectly for XenApp 7.6 Error

Cannot start app "appname".

Application Event id Citrix Broker Service 2100.

Thank you so much.

Regards

Aditya

Anonymous said...

Hi Terence,

Thanks very much for this tip - it worked perfectly.

Kind Regards,
Mark