When a user with the name Xiao in their username logs onto our SSL SA device, they can log on successfully and get the correct roles, but when clicking any Terminal Server Session link, the browser stops at the following screen:
Launching Terminal Services Session. This may take several minutes.
Nothing happens from there. The realm is authenticating using AD, and the user has the same permissions as all other users who can successfully launch their TS sessions. I have tried deleting and recreating the account, giving the user full admin rights, trying from multiple computers with different OS's, but the same thing happens. I tried creating 2 more accounts, called xiao.remote and just xiao, and the same thing happens for them. If I copy the account and call it something other than xiao, it works.
Hmm - I hate to say this, but if it were me I would probably run two packet captures from the SA box. The first on a good user, the second on Xaio and look at the authentication step. See what looks different - what is not getting passed or returned.
Hopefully somebody smarter than I has a better suggestion.
Upon further investigation, I've discovered that the SA box does not like user names starting with the letter X. I created several accounts called Xray, Xylophone etc, and all of them had this same problem. However, as soon as I change the user name (eg change Xray to Rxay), the issue did not occur.
I'm going to raise an issue with Juniper to see if this is a known problem.
For what it is worth - I tried this out this morning. I setup a local and a domain user called XRay - logged in with both ID's and launched a standard IVE Terminal Services session with no problems.
Running 6.3R1-1, build 13563
It might have been an issue that was fixed in a newer version, as we are running 6.0R3.1 (build 12507).
In any case, Juniper are now testing the issue in their labs.