Lots of issues in the Citrix Enterprise after SP4 - here are some of the MS fixes you're looking for... Q824309 for slow logins in Citrix Q327462 lost profiles in Citrix These are the issues documented to date: 1. IPSEC policies may stop functioning/ get removed. 2. Slow logons from Citrix ICA sessions 3. Slow Logons from RDP sessions 4. Applications will not or are slow to close on logout. a. (possible apply a script) 5. If installed after the Novell Client, you may need a local administrator account to log in and re-add the machine to the domain. 6. usrlogon.cmd may stop running 7. Mail relay settings may change, if your server is sending mail this setting may have to be reset in the MMC 8. Web Interface (NFuse) 1.6 (and other versions) sites may have read permissions set. Users need script execute permissions. 9. Apparently there is an issue related to Microsoft Windows 2000 Service Pack 4 and the Citrix ctxnotif.dll. During the logoff process, the ctxnotif.dll deletes the printers. The process hangs (which is probably responsible for the longer logoff times) and only has time to delete the second printer if at all before the winlogon closes all running processes and logs you off. The script at http://www.tokeshi.com/raturl/autoendtasks may help logoff issues/ speed. 10. Associated with #9 above- Printers not deleting on logoff. 11. Reported issues with the ability to access / authenticate when using samba as a domain controller. Samba 2.2.8a release contains a security fixes and new features/ settings that supports a new setting: profile acls (S) which is a workaround for issue with WinXP Service Pack 1 and roaming user profiles. Windows 2000 Service Pack 4 appears to exhibit the same behavior. 12. Error when attempting to shadow from Management Console for MetaFrame XP. 13. Cannot reset sessions from Management Console for MetaFrame XP, display as down state but return to active upon refresh. 14. Changing print drivers and/ or re-installing Feature Release 3 seem to possibly fix issues. 15. Microsoft is in process of replacing the Winsrv.dll. You may be able to get a copy if you contact Microsoft support and open a case. The hopefully soon to be released q article is: http://support.microsoft.com/?id=824309 16. Indexing Service, turn off the indexing service before installing. 17. temporary install files may not be completely removed. 18. 3rd party SCSI card drivers (Dell) may be overwritten. 19. Errors on open of SQL 2000 Enterprise Manager 20. Slow reboots 21. asp_wp.exe used in asp.net failed to execute. 22. Update JVM to version 3810 BEFORE Service Pack 4. 23. Novell client 4.83SP1 stops logging into the tree. User must log into windows then log into the tree. (rat note: reinstall the Novell client may correct this) 24. May cause RightFax Enterprise Fax Manager to fail. 25. may not be compatible with Microsoft urlscan. 26. Cannot connet via socks-proxy to Microsoft Proxy server 27. Cannot connect to SQL 28. cannot shutdown 29. May increase processor utilization of OWA processes. 30. Can conflict with Virus scan 31. Can conflict with System works 32. Can remove net meeting settings 33. Exchage 2000 system attendant error / won't start. 34. May conflict with TN3270 emulation Update: 03 Jul 11 User Policies Are Not Applied When You Log On to a Computer That Is Running Windows 2000 SP4 http://www.tokeshi.com/raturl/Q823862 http://support.microsoft.com/default.aspx?scid=kb;en-us;823862 If you are using cross forest logon script, this functionality must be enabled in a service pack 4 environment. 1. IPSEC policies may stop functioning/ get removed. 2. Slow logons from Citrix ICA sessions http://tokeshi.com/raturl/ctxlogonfr3sp4 The the Citrix Forums indicate that the slow logons are associated with the printer issues. Either running the published application without the printers, setting the app to start before printers are mapped or deleting client printers can correct this behavior. Posts also indicate that installation of Citrix MetaFrame XP FR3/ SP3 after Windows 2000 SP4 will correct the print/ logon issue. 3. Slow Logons from RDP sessions 4. Applications will not or are slow to close on logout. a. (possible apply a script) 5. If installed after the Novell Client, you may need a local administrator account to log in and re-add the machine to the domain. 6. usrlogon.cmd may stop running 7. Mail relay settings may change, if your server is sending mail this setting may have to be reset in the MMC 8. Web Interface (NFuse) 1.6 (and other versions) sites may have read permissions set. Users need script execute permissions. 9. Apparently there is an issue related to Microsoft Windows 2000 Service Pack 4 and the Citrix ctxnotif.dll. During the logoff process, the ctxnotif.dll deletes the printers. The process hangs (which is probably responsible for the longer logoff times) and only has time to delete the second printer if at all before the winlogon closes all running processes and logs you off. The script at http://www.tokeshi.com/raturl/autoendtasks may help logoff issues/ speed. Heap Manager Change in Service Pack 4 and Windows 2000 Q article: 195008 http://www.tokeshi.com/raturl/Q195008 http://support.microsoft.com/default.aspx?scid=kb;[LN];195008 Application Access Violation or Hang After Applying SP4 Q article: 195009 http://www.tokeshi.com/raturl/Q195009 http://support.microsoft.com/default.aspx?scid=kb;[LN];195009 Updated USB 2.0 Drivers Are Available in Windows 2000 Service Pack 4 (SP4) Q article: 819332 http://www.tokeshi.com/raturl/Q819332 http://support.microsoft.com/default.aspx?scid=kb;[LN];819332 HTTP Indexing Service Object Is Not Listed in the Performance Monitor Counters Q article: 821892 http://www.tokeshi.com/raturl/Q821892 http://support.microsoft.com/default.aspx?scid=kb;[LN];821892 AWE Hardware Compatibility Test Is Unsuccessful After You Install Windows 2000 SP4 Q article: 822140 http://www.tokeshi.com/raturl/Q822140 http://support.microsoft.com/default.aspx?scid=kb;[LN];822140 "Certificate Services Did Not Start" Message Appears in the Event Log Even Though the Certificate Services Component Starts Successfully Q article: 822626 http://www.tokeshi.com/raturl/Q822626 http://support.microsoft.com/default.aspx?scid=kb;[LN];822626 Several Remote Access Service Error Events Appear After You Upgrade to Windows 2000 Service Pack 4 Q article: 823405 http://www.tokeshi.com/raturl/Q823405 http://support.microsoft.com/default.aspx?scid=kb;[LN];823405 Scheduled Tasks No Longer Run When You Remove Windows 2000 Service Pack 4 Q article: 823441 http://www.tokeshi.com/raturl/Q823441 http://support.microsoft.com/default.aspx?scid=kb;[LN];823441 Release Notes for Windows 2000 Service Pack 4 Q article: 813432 http://www.tokeshi.com/raturl/Q813432 http://support.microsoft.com/default.aspx?scid=kb;[LN];813432 INFO: Windows Media Tools 4.1 Not Available in Windows 2000 Service Pack 4 and Later Versions Q article: 819758 http://www.tokeshi.com/raturl/Q819758 http://support.microsoft.com/default.aspx?scid=kb;[LN];819758 XADM: The Key Management Service Does Not Start After You Install Windows 2000 Service Pack 4 Q article: 818952 http://www.tokeshi.com/raturl/Q818952 http://support.microsoft.com/default.aspx?scid=kb;[LN];818952 Frequently Asked Questions About the Microsoft VM and Windows 2000 Service Pack 4 Q article: 820101 http://www.tokeshi.com/raturl/Q820101 http://support.microsoft.com/default.aspx?scid=kb;[LN];820101 Recommended Space Requirements for Windows 2000 Service Pack 4 Installation Q article: 821258 http://www.tokeshi.com/raturl/Q821258 http://support.microsoft.com/default.aspx?scid=kb;[LN];821258 Overview of the "Impersonate a Client After Authentication" and the "Create Global Objects" Security Settings (821546.KB.EN-US.2.2) Q article: 821456 http://www.tokeshi.com/raturl/Q821546 http://support.microsoft.com/default.aspx?scid=kb;[LN];821546 Cannot Install Windows 2000 Service Pack 4 on a Computer Where the Hummingbird NFS Maestro Client Program Is Installed Q article: 822217 http://www.tokeshi.com/raturl/Q822217 http://support.microsoft.com/default.aspx?scid=kb;[LN];822217 Some Windows 2000 Hotfixes May Cause a Conflict with Service Pack 4 for Windows 2000 Q article: 822384 http://www.tokeshi.com/raturl/Q822384 http://support.microsoft.com/default.aspx?scid=kb;[LN];822384 Internet Explorer Times Out While It Loads Web Pages If Norton Internet Security 2001 or Norton Personal Firewall 2001 Is Installed Q article: 823087 http://www.tokeshi.com/raturl/Q823087 http://support.microsoft.com/default.aspx?scid=kb;[LN];823087 Errors Occur When You Use a .NET Framework 1.0-Based Program on a Windows 2000 Service Pack 4-Based Terminal Server Q article: 823485 http://www.tokeshi.com/raturl/Q823485 http://support.microsoft.com/default.aspx?scid=kb;[LN];823485 Solution: update to .NET Framework 1.1 Terminal Server and Connected Terminal Services Clients Pause When a Terminal Services Client Logs On or Logs Off Q article: 324446 http://www.tokeshi.com/raturl/Q324446 http://support.microsoft.com/default.aspx?kbid=324446 Problems When More Than One User Accesses the Same File Through Terminal Services http://www.tokeshi.com/raturl/Q818528 Q article: 818528 http://support.microsoft.com/default.aspx?kbid=818528 Solution: after using the Micrsoft Hotfix to replace the mrxsmb.sys and the rdbss.sys modify this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxSmb\Parameters REG_DWORD: MultiUserEnabled Value 1 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of LDeFoor Sent: Thursday, August 07, 2003 11:18 AM To: Thin Subject: [THIN] User logon issues since applying SP4 and Security Update I am having some very strange issues since I applied SP4 and the "Security" update from MS. First, the configuration: 1 - Windows 2000 Server (for data and such) 2 - Windows 2000 Servers Terminal Server with Citrix load balanced 1 - Farm with PN published for full desktop A user goes to login and after a VERY long waiting period - about 3 minutes of Applying Personal Settings... Receives the error message: Windows did not load your roaming profile and is attempting to log on with your local profile. Changes to the profile will not be copied to the server when you log off. Windows did not load your profile because a server copy of the profile already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator. (with an OK button). Click OK and then this message comes up. Windows can not find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. (With an OK button). Click OK, then there is a VERY long wait - sometimes up to 7 minutes of APPLYING PERSONAL SETTINGS, then one of two things happen. The screen goes totally BLUE for about 5 more minutes then logs in, OR it logs in. This doesn't happen to All users, ONLY some. Then what is even stranger - for those users it does happen to, depends on what machine they are on as to what exactly happens. I have a user that CAN ONLY log on to my second server. When he does, he only gets the FIRST error message, not the second. BUT, goes to try to log onto to the first server and gets both and doesn't let him in. It gives him the second message but with an added ACCESS DENIED in the window. User gets in and works totally fine the rest of the day, but then goes to log off and the Saving Settings appears for a LONG time and/or the screen goes to total BLUE for a long time? Nothing has changed on the servers except the SP4 and Security Update. ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm