11 Posts
0
3681
User accounts locked after just one bad password attempt
Hi all, anyone seen anything like this? We're using Wyse 3040s on ThinOS 9.1.3129 and have had this issue since we started with 9.1.1131. Our terminals are configured with WMS to point to a Citrix storefront. Our default domain policy has AD accounts configured to lock after 3 bad password attempts.
The scenario:
-a user enters an incorrect password on their thin client just once.
-Security logs on the domain controllers show three "kerberos pre-authentication failed" events (event ID 4771) originating from the Citrix Storefront server followed by "a user account is locked out" event (event ID 4740) all within the space of one second.
-Citrix Delivery Services logs on that storefront server show "an authentication attempt was made for user: that resulted in: Failed (Windows Error Code: 1326" three times in the space of one second, this suggested it is receiving these attempts from the thin client one after the other very rapidly and more quickly than a user could ever type them.
-the user cannot attempt to enter their password again, their AD account is locked and has to be unlocked by our helpdesk.
-Testing the same citrix storefront via a web browser shows normal behaviour, again suggesting the thin client is the problem
Hoping someone can shed some light on this because our users are getting quite annoyed!
Thanks
jeremyhanson
11 Posts
0
June 8th, 2022 10:00
Hi everyone - we upgraded to the new ThinOS 2205 (9.3.1129) and the problem is definitely fixed for us now.
jeremyhanson
11 Posts
0
December 7th, 2021 09:00
Update - it is still happening after upgrading to 9.1.4234 and CWA 21.9. I have grabbed the com.thinos.sysmgr.log and it seems like the terminal is only sending one logon attempt but I can't be sure, sample below:
2021-12-07T16:37:17.394Z:[INFO] wms: receives message: REQ_AD_LOGIN
2021-12-07T16:37:17.454Z:[INFO] [vdimgr] login => { type: Citrix, url: https://SERVERNAME/Citrix/StoreFront_Win10_Test }
2021-12-07T16:37:17.461Z:[INFO] [vdimgr] tryTask: Process signing on broker: type = Citrix url = https://SERVERNAME/Citrix/StoreFront_Win10_Test
2021-12-07T16:37:17.464Z:[INFO] [vdimgr] tryTask update credentials.
2021-12-07T16:37:17.491Z:[INFO] brk__0 request [PENDING] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/Home/Configuration
2021-12-07T16:37:17.492Z:[INFO] [HTTPS:] Listening to the 'selectclientcert' event.
2021-12-07T16:37:17.516Z:[INFO] brk__0 request [OK] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/Home/Configuration , Status: 200
2021-12-07T16:37:17.580Z:[INFO] brk__0 request [PENDING] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/Resources/List
2021-12-07T16:37:17.581Z:[INFO] [HTTPS:] Listening to the 'selectclientcert' event.
2021-12-07T16:37:17.608Z:[INFO] brk__0 request [OK] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/Resources/List , Status: 200
2021-12-07T16:37:17.630Z:[INFO] brk__0 request [PENDING] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/Authentication/GetAuthMethods
2021-12-07T16:37:17.631Z:[INFO] [HTTPS:] Listening to the 'selectclientcert' event.
2021-12-07T16:37:17.649Z:[INFO] brk__0 request [OK] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/Authentication/GetAuthMethods , Status: 200
2021-12-07T16:37:17.667Z:[INFO] brk__0 request [PENDING] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/ExplicitAuth/Login
2021-12-07T16:37:17.668Z:[INFO] [HTTPS:] Listening to the 'selectclientcert' event.
2021-12-07T16:37:17.686Z:[INFO] brk__0 request [OK] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/ExplicitAuth/Login , Status: 200
2021-12-07T16:37:17.727Z:[INFO] brk__0 request [PENDING] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/ExplicitAuth/LoginAttempt
2021-12-07T16:37:17.728Z:[INFO] [HTTPS:] Listening to the 'selectclientcert' event.
2021-12-07T16:37:17.794Z:[INFO] brk__0 request [OK] => https://SERVERNAME/Citrix/StoreFront_Win10_TestWeb/ExplicitAuth/LoginAttempt , Status: 200
2021-12-07T16:37:17.813Z:[INFO] [Citrix storefrontbrk-0] get password notify remaining => undefined
2021-12-07T16:37:18.292Z:[INFO] brk__0 request [PENDING] => https://SERVERNAME/Citrix/StoreFront_Win10_TestAuth/ExplicitForms
2021-12-07T16:37:18.292Z:[INFO] [HTTPS:] Listening to the 'selectclientcert' event.
2021-12-07T16:37:18.340Z:[INFO] brk__0 request [OK] => https://SERVERNAME/Citrix/StoreFront_Win10_TestAuth/ExplicitForms , Status: 200
2021-12-07T16:37:18.369Z:[INFO] [Storefront] explicitFormsLogin login type USRENTER, hint: https://SERVERNAME/Citrix/StoreFront_Win10_TestAuth/auth/v1/token
2021-12-07T16:37:18.398Z:[INFO] [winmgr] createWindow Login
2021-12-07T16:37:18.414Z:[INFO] [winmgr] win.js create() => login.html
2021-12-07T16:37:18.457Z:[INFO] wms: receives message: REQ_VDI_ERR
HenrikFHANSEN
5 Posts
0
January 21st, 2022 04:00
We have the exact same problem on different version of ThinOS 9.1
On other thin client products like IGEL we don’t see this problem
BR
Henrik F Hansen
Denmark
jeremyhanson
11 Posts
0
January 31st, 2022 08:00
Good to know we're not the only ones - I have tried to raise it with Dell technical support but we have only "basic" support which is hardware only, we need to upgrade to "pro" support for software issues. The company is getting a quote for this and if we buy it I'll log a case and report back here.
HenrikFHANSEN
5 Posts
0
February 2nd, 2022 08:00
Hi
I got a new Citrix_Workspace_App_21.12.0.18_2 today and it seems to reduce the attempt to "2" when you type a wrong password.
Not good enough, but better.
BR
Henrik
JulianSTR
1 Message
0
February 18th, 2022 04:00
Hi Guys,
Today I experienced the same issue after updating to the latest WVD/AVD-RDP package. The issue is within the WVD/AVD package version 1.5.1325. After downgrading to the 1.3.1229 version, this issue seems to be resolved. I'm currently running the newest ThinOS 9.1.5067.
As my company does have PRO support, I'll raise a question with the support department and will give you guys an update here when I have one.
Best regards,
Julian
jeremyhanson
11 Posts
0
February 24th, 2022 02:00
Thanks for the replies guys
We have also had it go down to generating 2 attempts in the past, but seems to have gone back up to 3.
Interesting that this happened in the AVD package but then resolved - we are using Citrix.
We have a purchase order raised for pro support on ten devices, should hopefully be able to log a ticket for this soon and will report back here.
RIZ AG
3 Posts
0
March 8th, 2022 13:00
Hi there
We are seeing the same issue where the account will be locked after one or two retries (account locked per policy after 5 tries). Did you get a solution for your issue?
jeremyhanson
11 Posts
0
April 12th, 2022 08:00
We have finally got Pro Support for a handful of devices and I have logged a ticket with Dell for this issue. I will report back with any findings.
Thanks
HenrikFHANSEN
5 Posts
0
April 12th, 2022 09:00
Hi
The solution is ready from support.
We got a special build for testing and now we see only one bad attempt.
No news about the release time yet
BR
Henrik Froulund Hansen
Denmark
jeremyhanson
11 Posts
0
May 3rd, 2022 04:00
Hi all. We finally got Pro support in place and logged a ticket - we were quickly told this was a known issue and would be fixed in a release available at the end of May.
I did ask about early access to the build but was told no! I guess @HenrikFHANSEN was the first to demonstrate it to them and they have worked the solution up from that. Looking forward to this new release...
HenrikFHANSEN
5 Posts
0
May 3rd, 2022 05:00
Hi
I have tested the build and it works just fine.
I'm still waiting for the final answer about when this will be public and if this solution will included in the next public build.
BR
Henrik
MaenXe
12 Posts
0
May 26th, 2022 21:00
I had this problem before, but I don't think I've seen it since upgrading to 5067 and 6108. Can anyone else confirm that this was fixed?
HenrikFHANSEN
5 Posts
0
May 30th, 2022 08:00
Hi
After the ThinOS_2205_9.3.1129.pkg-V9.3.1129 - Dell ThinOS 2205 (9.3.1129) the problem is solved
BR
Henrik