Problem: A test server was locking out any and every AD account that logged onto it when launching an ICA session only. Using RDP the account was fine.
Windows 2008 Server Enterprise SP2, XenAPP 5.0 FP3 + R01, running on Vmware VM Server
The server was rebuilt 3 times.
And then windows and citrix patched to the hilt (all current hotfixes for XenApp 5.0)
All anonymous user accoutns deleted
the Issues continued
Problem: Some one had changed the computer account in Active Directory to “Trust this computer for deletation to specified services only” and “Use Kerberos Only”
Changing the properties of the computer account in AD to “Do not trust this computer for delegation” – fixed the account lockouts for all xenapp / citrix users after reboot.