Scenario:
- The Citrix Virtual desktop is accessed via the Pulse Connect Secure device.
- An LDAP authentication server is used.
- When the user clicks the Citrix Virtual Desktop bookmark, the window launches and disappears after a few seconds.
- The User Access log indicates that the ICA connection was successful; but the session is closed after a short period of time:
info - YYYY/MM/DD HH:MM:SS - IVE - Successfully opened ICA connection to 10.X.Y.10:2598 (connection broker "10.X.Y.1:80", pool "Citrix_Pool").
info - YYYY/MM/DD HH:MM:SS - IVE - Connected to 10.X.Y.10 port 2598
info - YYYY/MM/DD HH:MM:SS - IVE - Closed connection to 10.X.Y.10 port 2598 after 5 seconds, with 21442 bytes read (in 38 chunks) and 2755 bytes written (in 37 chunks)
info - YYYY/MM/DD HH:MM:SS - IVE - Closed ICA connection to 10.X.Y.10:2598 (connection broker "172.16.3.96:80", pool "Citrix_Pool"
).
Reason:When the AD server is configured as an LDAP server, the
<USER> variable (located in the
Resource > Profile > Bookmark section) is mapped to
<username> . For example, if the AD server is configured as LDAP in Pulse Connect Secure, then the
<USER> parameter contains only the
username; the domain name is not included. When the Pulse Connect Secure posts the credentials to login to the virtual desktop, the user name is sent; but not the domain name. So, the session fails and it is disconnected.
There are two places where the User/Password variables are configured:
- Resource tab > Credentials section.
- Bookmarks tab > Authentication > Single Sign on section
Refer to the following image:
