Web Interface and StoreFront password change problem
In Citrix Web interface and StoreFront web portals users can normally change their expired passwords if feature is enabled. WI and SF can be also configured to allow users to change their password at anytime they want. There is a short steps how to enable it on both WI and SF.
1. Open Citrix Web Interface Management console.
2. Select XenApp Web Site.
3. Select Authentication Methods and Properties.
4. Choose Password Settings and Allow users to change passwords At any time.
5. Optionally you can also set Remind users before their passwords expire setting.
1. Open Citrix StoreFront console.
2. Select Authentication and choose Authentication Method.
4. Choose Manage Password Options and Allow users to change passwords At any time.
5. If you want also to set Remind users before their passwords expire setting. Then edit the file in: C:\intetpub\wwwroot\Citrix\Authentication\web.config
Search line: ” <…> showPasswordExpiryWarning=”Custom” <…> ” and change setting to the “Custom”
However recently I came across situation that password reminder worked but users got an error message when tried to change their expired passwords. Self-password reset didn’t worked either and you can see following errors on the Citrix Delivery Services event logs.
Event Properties – Event ID:1 Citrix Receiver for Web
Reason to this could be that Web Interface or StoreFront servers are on the different network subnets e.g. DMZ and proper firewall rules are not in place. Changing password from the WI and SF requires:
Kerberos Change/Set password ports TCP/UDP 464
To be open in both ways between WI/SF servers and the Domain Controllers. After we had impelemented proper firewall rules to allow that, password change worked properly for the users.