Reset Search
 

 

Article

KB17987 - Unable to access the Citrix desktop (VDI) via a Pulse Connect Secure device

« Go Back

Information

 
Last Modified Date8/2/2015 8:37 PM
Synopsis

Unable to access the Virtual Desktop Infrastructure (VDI), which is hosted on Citrix XenDesktop, via the Pulse Connect Secure device. The desktop window launches but disappears shortly thereafter.

Problem or Goal
Scenario:
 
  • The Citrix Virtual desktop is accessed via the Pulse Connect Secure device.   
  • An LDAP authentication server is used.  
  • When the user clicks the Citrix Virtual Desktop bookmark, the window launches and disappears after a few seconds.  
  • The User Access log indicates that the ICA connection was successful; but the session is closed after a short period of time:
    info - YYYY/MM/DD HH:MM:SS - IVE - Successfully opened ICA connection to 10.X.Y.10:2598 (connection broker "10.X.Y.1:80", pool "Citrix_Pool").
    info - YYYY/MM/DD HH:MM:SS - IVE - Connected to 10.X.Y.10 port 2598
    info - YYYY/MM/DD HH:MM:SS - IVE - Closed connection to 10.X.Y.10 port 2598 after 5 seconds, with 21442 bytes read (in 38 chunks) and 2755 bytes written (in 37 chunks)
    info - YYYY/MM/DD HH:MM:SS - IVE - Closed ICA connection to 10.X.Y.10:2598 (connection broker "172.16.3.96:80", pool "Citrix_Pool"
    ).

Reason:

When the AD server is configured as an LDAP server, the <USER> variable (located in the Resource > Profile > Bookmark section) is mapped to <username> . For example, if the AD server is configured as LDAP in Pulse Connect Secure, then the <USER> parameter contains only the username; the domain name is not included. When the Pulse Connect Secure posts the credentials to login to the virtual desktop, the user name is sent; but not the domain name. So, the session fails and it is disconnected.

There are two places where the User/Password variables are configured:
 
  • Resource tab > Credentials section.  
  • Bookmarks tab > Authentication > Single Sign on section

Refer to the following image:

Cause
Solution
Steps to resolve this issue:
 
  • Configure the authentication server as an Active Directory. By doing so, the <USER> variable will provide the domain and user name during login.
    Or  
  • Add the domain name to the authentication User variable (Domain\<USER>).


Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255