Hi,
We are having a weird issue. One of our user is entitled to a pool, he is able to login to the desktop using his view client but just once.
But once he disconnect, he is not able to reconnect. He then gets "The View Connection Server authentication failed. You are not entitles to use the system."
The only workaround I figured out, is to go to the sessions tab under the desktop pool and "Logoff" his session. Then he is able to connect again.
We have about 10-15 users using that pool, only that user is having issue.
I checked the View Client logs, connections server logs and AD logs, they report no errors or warning.
View client logs:
2013-04-03T13:27:23.213-04:00 INFO (102C-1FE0) <Main Thread> [wswc] Windows Client started
2013-04-03T13:27:25.694-04:00 ERROR (102C-1DD4) <MessageFrameWorkDispatch> [wswc_command] brokerLogon response xml ERROR: code=AUTHENTICATION_FAILED, errorMessage="Authentication failure", userMessage="You are not entitled to use the system."
2013-04-03T13:47:34.625-04:00 ERROR (102C-1DD4) <MessageFrameWorkDispatch> [wswc_command] brokerLogon response xml ERROR: code=AUTHENTICATION_FAILED, errorMessage="Authentication failure", userMessage="You are not entitled to use the system."
But on the connection server side they are no error, as it is not even trying to connect.
Any advice ?
Thank you
Alex
What first comes to mind is some kind of synchronisation problem.
Do you have more then one connection broker?
Any loadbalancer in front?
// Linjo
Yes we do have 3 connections server and a load balancer in front of them.
2 out 3 connections are used for "internal" pools and the 3rd is used for our "dmz" pool.
So our user is only using one of the 2 first connection servers.
Could you try to exclude one of the connection-brokers to see if the problem persists?
If it works fine with only one we know its a replication problem with the AD LDS.
// Linjo
We found the issue, the user was based in a remote side and the load balancer was pointing him to our remote site view infrastructure where that pool doesnt exist.
Since he had the HQ view infrastructure listed in his View Client, I suppose he was trying it after couple attempt and we got mislead by "Logging off" his seesion somewhat at the same time.
Thank you Linjo for your insight/time!
Great that you found the issue!
// Linjo