Problem

When you try to log in to a native Citrix Storefront session, you get the error message "Login Failed!" because your Active Directory password expired. 
You are unable to change your password, because the local login does not provide an option for that.

Before you follow these instructions, check that the ports are open, maybe you can fix the problem by that: 

  • Login to Client -> Port: 88
  • Change password -> Port: 464

Here you find an overview of ports of the domain controller: Required Ports to Communicate with Domain Controller

Solution

Enable Active Directory/Kerberos authentication for the Storefront session. The next time you try to log in to IGEL OS, you will be prompted to change your expired password.

Changing an Expired Active Directory Password

When using sessions with passthrough authentication, it is essential that you lock your device's screen when leaving it unattended.

Enabling Active Directory/Kerberos Authentication for Storefront Sessions

  1. In IGEL setup, go to Security > Login > Active Directory/Kerberos.
  2. Enable Login to Active Directory domain.
  3. Go to Security > Active Directory/Kerberos.
  4. Activate Enable.
  5. Fill in the Default domain (fully qualified domain name).
  6. Go to Sessions > Citrix > Citrix Storefront > Login.
  7. Enable Use passthrough authentication.

  8. Click Apply or Ok.

Please note that the client must now be locked locally and no longer in the session to prevent another person from entering the session via the passthrough without specifying the password.

Enabling Screenlock

  1. In the IGEL setup go to User Interface > Screenlock / Screensaver.
  2. Enable Use hotkey.
  3. Under Modifiers select Win.
  4. Under Hotkey enter "L".
  5. Got to User Interface > Screenlock / Screensaver > Options.
  6. Enable User password.

So the "Win + L" hotkey locks the IGEL client instead of the session desktop.

The AD password must be entered to activate the IGEL clients.