Friday, January 20, 2012

Logging onto from a Citrix Web Interface server throws the error: Please verify your user name and password and try logging on again. If you cannot log on, contact your help desk.” with event IDs 2307 logged on your XenApp server

Problem

You’re attempting to log into your Citrix environment via the Web Interface server’s website but after entering your credentials, you receive the following error message:

Please verify your user name and password and try logging on again. If you cannot log on, contact your help desk.

image

You log onto your XenApp 6.5 server, open up the application event logs and see the following event ID logged:

Source: IIS-W3SVC-WP
Event ID: 2307
Level: Error
User: N/A
OpCode: Info
Task Category: None
Keywords: Classic
Computer: Your XenApp Server Name

The worker process for application pool 'CtxScriptsPool' encountered an error 'Cannot read configuration file due to insufficient permissions

' trying to read configuration data from file '\\?\C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config', line number '0'. The data field contains the error code.

image

The event logs approximately 5 of these errors every time you attempt to log on through the Web Interface:

image

Solution

Prior to finally fixing this issue, I tried uninstalling XenApp 6.5 from one of the 2 XenApp servers, reinstalled XenApp 6.5 then rejoined it to the farm which did not fix the problem.  I then tried to do the same but this time uninstall the IIS role from the server but that didn’t fix the problem either.  Seeing how I was running out of options, I reviewed the error message once more:

The worker process for application pool 'CtxScriptsPool' encountered an error 'Cannot read configuration file due to insufficient permissions

' trying to read configuration data from file '\\?\C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config', line number '0'. The data field contains the error code.

… and figured I’d try taking a look in the directory to see if anything catches my eye and the following is what I saw:

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG

image

What I noticed was that the machine.config file had a little lock beside it so I proceeded to open up the file and check the security permissions:

image

image

This was when I noticed that the IIS_IUSRS account for the local machine was missing as compared to the other files.  Since I don’t know what the security permissions are for all of the files in the folder and whether some have unique settings, I went ahead and logged into another environment with the same XenApp 6.5 server in their infrastructure and notice that the IIS_IUSRS should have Read & execute and Read permissions to that file.  I proceeded to add that permission back in, restarted the services and I was then able to log in through the Citrix Web Interface. 

image

So what caused this?  In my situation, it was an AS400 application that was installed onto the XenApp server.  The installation must have made changes to the .NET Framework folder and therefore broke the XenApp server since it used the files in there as well.

Hope this helps anyone out there who many come across something similar.

2 comments:

Heiry Zulkifli said...

Terence,

this also might help :)

http://support.citrix.com/article/CTX123418

Heiry Zulkifli said...

Terence,


this also might help :)

http://support.citrix.com/article/CTX123418