Voilà here’s the update I promised.
Citrix XenDesktop 7.6, Citrix Receiver 4.x, Storefront 2.6, Windows 7×64 client, Dell Wyse Client
The Receiver is installed on the client with this parameters:
\CitrixReceiver4.3\CitrixReceiver.exe ADDLOCAL=ReceiverInside,ICA_Client,PN_Agent,Flash,USB,DesktopViewer,Vd3d,AM,SELFSERVICE /SELFSERVICEMODE=False UseCategoryAsStartMenuPath=”True” /STORE0=”PNAgent;https://XXXXXXX/Citrix/XD02/PNAgent/config.xml;on;Store0″
The Password Change is possible and working on the Storefront Website.
If the change is initiated from a Wyse ThinClient or Receiver Client, meaning coming from PNAgent the change fails.
In the TCPView there’s an open connection from the client to the storefront server is visible (marked blue line).
The password change fails subsequently.
There’s one Kerberos error being logged.
The issue is recorded at Citrix and escalated to their level 2 engineers.
I’ll record more detailed information as I get news from the Citrix engineers.
The reason for the misbehavior was a failure in propagation of the setting trusted domains from storefront server storefront1 to storefront2.
On the second storefront server the setting trusted domains was configured to domain.local. On storefront1 the setting was set to any domain. During the troubleshooting process the second storefront Citrix server’s services have been disabled in order to force the first storefront to be the active one.
As soon as we have re-enabled the Citrix services on the second storefront, performed a reboot and propagated all the settings from the first storefront server. The issue’s been resolved.