In the old days of XenApp, the XenApp servers were TS\RDS servers as well – this has not changed. What has changed is the mechanism for controlling connections to sessions on the server – they are now brokered by the Delivery Controller. Previously, if you wanted to allow users to connect you needed to grant the ‘Citrix Users’ group (or Domain Users if everyone used Citrix) the ‘Allow logon locally’ and ‘Allow logon via terminal services’ rights.
You will find that things have changed in XenApp 7.x and this one simple change is not well documented. In addition to the above rights, you now need to add users to the ‘Direct Access Users’ – a new local group on the XenApp servers. The description explains:
Members in this group are granted the right to logon remotely directly without a brokered connection
When a user attempts to connect via RDP to a XenApp 7.x VDA server, the connection will appear to succeed – then after about 5 seconds, the blue background ‘Welcome’ screen will simply disappear. There will be NOTHING in the event logs, no error pop-up window…nothing.
You may also be tempted to enable the HDX policy for allowing users to launch desktop sessions – but the problem is with plain RDP…looks like the VDA is controlling all remote connections.
Dear Citrix: Please give us some error message stating that the connection is denied.