Hacking Citrix Licensing Server password files

Hacking Citrix Licensing Server password files is fairly trivial…

Hacking Citrix Licensing Server password files

Open up C:Program Files (x86)CitrixLicensingLSconfserver.xml in your editor of choice and you’ll see several entries such as

<user firstName=”-N/A-” id=”DOMAINUser” lastName=”-N/A-” password=”(ENC-01)longencryptedstring” passwordExpired=”false” privileges=”admin” type=”domain-admin”/>

It’s pretty easy to just to add in new accounts here or change the password field of an existing account.
Delete everything in the password field between the “” and replace it with a palintext password. (you’ll be promted to change it, just keep it simple)
Change passwordExpired= to “true”
Restart the licensing service.
Log in with your account and password you created. It should ask you to change it. This new password gets encrypted and stored in place of the old plaintext one you put in.
Done!

Don’t add extra line breaks in this file or it won’t work.

Some older versions of licensing server used to leave the plaintext passwords in there, yet another reason to upgrade to 11.11.1

Published by

Mike

Mike Streetz is a Citrix Consultant who works with everyone from small businesses to large enterprises to help their users get work done via Citrix Virtual Apps and Desktops. He has been working in the Citrix space for over 15 years. Mike knows that your users don’t want long logon times, don’t want long waits for files and don’t enjoy when “Citrix is slow”. His job is to help you get the most out of your Citrix environment. Mike has worked with clients to optimize user experience by using tools such as FSLogix alongside Citrix ADC with Global Server Load Balancing to point users to the fastest site to serve their needs. Mike is a Citrix Technology Advocate, CUGC Leader of the Los Angeles chapter, Citrix Certified Professional in Citrix Cloud, Virtual Apps and Desktops and Citrix ADC and holds the Azure Administrator Associate certification. He has previously spoken at the Ruxcon security conference in Australia.