[THIN] Re: User logon issues since applying SP4 and Security Update
- From: "Jeanne Shotton" <jeanne@xxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 7 Aug 2003 17:09:29 -0500
Lots of issues in the Citrix Enterprise after SP4 - here are some of the MS
fixes you're looking for...
Q824309 for slow logins in Citrix
Q327462 lost profiles in Citrix
These are the issues documented to date:
1. IPSEC policies may stop functioning/ get removed.
2. Slow logons from Citrix ICA sessions
3. Slow Logons from RDP sessions
4. Applications will not or are slow to close on logout. a. (possible apply
a script)
5. If installed after the Novell Client, you may need a local administrator
account to log in and re-add the machine to the domain.
6. usrlogon.cmd may stop running
7. Mail relay settings may change, if your server is sending mail this
setting may have to be reset in the MMC
8. Web Interface (NFuse) 1.6 (and other versions) sites may have read
permissions set. Users need script execute permissions.
9. Apparently there is an issue related to Microsoft Windows 2000 Service
Pack 4 and the Citrix ctxnotif.dll. During the logoff process, the
ctxnotif.dll deletes the printers. The process hangs (which is probably
responsible for the longer logoff times) and only has time to delete the
second printer if at all before the winlogon closes all running processes
and logs you off. The script at http://www.tokeshi.com/raturl/autoendtasks
may help logoff issues/ speed.
10. Associated with #9 above- Printers not deleting on logoff.
11. Reported issues with the ability to access / authenticate when using
samba as a domain controller. Samba 2.2.8a release contains a security fixes
and new features/ settings that supports a new setting: profile acls (S)
which is a workaround for issue with WinXP Service Pack 1 and roaming user
profiles. Windows 2000 Service Pack 4 appears to exhibit the same behavior.
12. Error when attempting to shadow from Management Console for MetaFrame
XP.
13. Cannot reset sessions from Management Console for MetaFrame XP, display
as down state but return to active upon refresh.
14. Changing print drivers and/ or re-installing Feature Release 3 seem to
possibly fix issues.
15. Microsoft is in process of replacing the Winsrv.dll. You may be able to
get a copy if you contact Microsoft support and open a case. The hopefully
soon to be released q article is: http://support.microsoft.com/?id=824309
16. Indexing Service, turn off the indexing service before installing.
17. temporary install files may not be completely removed.
18. 3rd party SCSI card drivers (Dell) may be overwritten.
19. Errors on open of SQL 2000 Enterprise Manager
20. Slow reboots
21. asp_wp.exe used in asp.net failed to execute.
22. Update JVM to version 3810 BEFORE Service Pack 4.
23. Novell client 4.83SP1 stops logging into the tree. User must log into
windows then log into the tree. (rat note: reinstall the Novell client may
correct this)
24. May cause RightFax Enterprise Fax Manager to fail.
25. may not be compatible with Microsoft urlscan.
26. Cannot connet via socks-proxy to Microsoft Proxy server
27. Cannot connect to SQL
28. cannot shutdown
29. May increase processor utilization of OWA processes.
30. Can conflict with Virus scan
31. Can conflict with System works
32. Can remove net meeting settings
33. Exchage 2000 system attendant error / won't start.
34. May conflict with TN3270 emulation
Update: 03 Jul 11
User Policies Are Not Applied When You Log On to a Computer That Is Running
Windows 2000 SP4
http://www.tokeshi.com/raturl/Q823862
http://support.microsoft.com/default.aspx?scid=kb;en-us;823862
If you are using cross forest logon script, this functionality must be
enabled in a service pack 4 environment.
1. IPSEC policies may stop functioning/ get removed.
2. Slow logons from Citrix ICA sessions
http://tokeshi.com/raturl/ctxlogonfr3sp4 The the Citrix Forums indicate that
the slow logons are associated with the printer issues. Either running the
published application without the printers, setting the app to start before
printers are mapped or deleting client printers can correct this behavior.
Posts also indicate that installation of Citrix MetaFrame XP FR3/
SP3 after Windows 2000 SP4 will correct the print/ logon issue.
3. Slow Logons from RDP sessions
4. Applications will not or are slow to close on logout.
a. (possible apply a script)
5. If installed after the Novell Client, you may need a local administrator
account to log in and re-add the machine to the domain.
6. usrlogon.cmd may stop running
7. Mail relay settings may change, if your server is sending mail this
setting may have to be reset in the MMC
8. Web Interface (NFuse) 1.6 (and other versions) sites may have read
permissions set. Users need script execute permissions.
9. Apparently there is an issue related to Microsoft Windows 2000 Service
Pack 4 and the Citrix ctxnotif.dll. During the logoff process, the
ctxnotif.dll deletes the printers. The process hangs (which is probably
responsible for the longer logoff times) and only has time to delete the
second printer if at all before the winlogon closes all running processes
and logs you off. The script at http://www.tokeshi.com/raturl/autoendtasks
may help logoff issues/ speed.
Heap Manager Change in Service Pack 4 and Windows 2000 Q article: 195008
http://www.tokeshi.com/raturl/Q195008
http://support.microsoft.com/default.aspx?scid=kb;[LN];195008
Application Access Violation or Hang After Applying SP4 Q article: 195009
http://www.tokeshi.com/raturl/Q195009
http://support.microsoft.com/default.aspx?scid=kb;[LN];195009
Updated USB 2.0 Drivers Are Available in Windows 2000 Service Pack 4 (SP4) Q
article: 819332 http://www.tokeshi.com/raturl/Q819332
http://support.microsoft.com/default.aspx?scid=kb;[LN];819332
HTTP Indexing Service Object Is Not Listed in the Performance Monitor
Counters Q article: 821892 http://www.tokeshi.com/raturl/Q821892
http://support.microsoft.com/default.aspx?scid=kb;[LN];821892
AWE Hardware Compatibility Test Is Unsuccessful After You Install Windows
2000 SP4 Q article: 822140 http://www.tokeshi.com/raturl/Q822140
http://support.microsoft.com/default.aspx?scid=kb;[LN];822140
"Certificate Services Did Not Start" Message Appears in the Event Log Even
Though the Certificate Services Component Starts Successfully Q article:
822626 http://www.tokeshi.com/raturl/Q822626
http://support.microsoft.com/default.aspx?scid=kb;[LN];822626
Several Remote Access Service Error Events Appear After You Upgrade to
Windows 2000 Service Pack 4 Q article: 823405
http://www.tokeshi.com/raturl/Q823405
http://support.microsoft.com/default.aspx?scid=kb;[LN];823405
Scheduled Tasks No Longer Run When You Remove Windows 2000 Service Pack 4 Q
article: 823441 http://www.tokeshi.com/raturl/Q823441
http://support.microsoft.com/default.aspx?scid=kb;[LN];823441
Release Notes for Windows 2000 Service Pack 4 Q article: 813432
http://www.tokeshi.com/raturl/Q813432
http://support.microsoft.com/default.aspx?scid=kb;[LN];813432
INFO: Windows Media Tools 4.1 Not Available in Windows 2000 Service Pack 4
and Later Versions Q article: 819758 http://www.tokeshi.com/raturl/Q819758
http://support.microsoft.com/default.aspx?scid=kb;[LN];819758
XADM: The Key Management Service Does Not Start After You Install Windows
2000 Service Pack 4 Q article: 818952 http://www.tokeshi.com/raturl/Q818952
http://support.microsoft.com/default.aspx?scid=kb;[LN];818952
Frequently Asked Questions About the Microsoft VM and Windows 2000 Service
Pack 4 Q article: 820101 http://www.tokeshi.com/raturl/Q820101
http://support.microsoft.com/default.aspx?scid=kb;[LN];820101
Recommended Space Requirements for Windows 2000 Service Pack 4 Installation
Q article: 821258 http://www.tokeshi.com/raturl/Q821258
http://support.microsoft.com/default.aspx?scid=kb;[LN];821258
Overview of the "Impersonate a Client After Authentication" and the "Create
Global Objects" Security Settings (821546.KB.EN-US.2.2) Q article: 821456
http://www.tokeshi.com/raturl/Q821546
http://support.microsoft.com/default.aspx?scid=kb;[LN];821546
Cannot Install Windows 2000 Service Pack 4 on a Computer Where the
Hummingbird NFS Maestro Client Program Is Installed Q article: 822217
http://www.tokeshi.com/raturl/Q822217
http://support.microsoft.com/default.aspx?scid=kb;[LN];822217
Some Windows 2000 Hotfixes May Cause a Conflict with Service Pack 4 for
Windows 2000 Q article: 822384 http://www.tokeshi.com/raturl/Q822384
http://support.microsoft.com/default.aspx?scid=kb;[LN];822384
Internet Explorer Times Out While It Loads Web Pages If Norton Internet
Security 2001 or Norton Personal Firewall 2001 Is Installed Q article:
823087 http://www.tokeshi.com/raturl/Q823087
http://support.microsoft.com/default.aspx?scid=kb;[LN];823087
Errors Occur When You Use a .NET Framework 1.0-Based Program on a Windows
2000 Service Pack 4-Based Terminal Server Q article: 823485
http://www.tokeshi.com/raturl/Q823485
http://support.microsoft.com/default.aspx?scid=kb;[LN];823485
Solution: update to .NET Framework 1.1
Terminal Server and Connected Terminal Services Clients Pause When a
Terminal Services Client Logs On or Logs Off Q article: 324446
http://www.tokeshi.com/raturl/Q324446
http://support.microsoft.com/default.aspx?kbid=324446
Problems When More Than One User Accesses the Same File Through Terminal
Services http://www.tokeshi.com/raturl/Q818528 Q article: 818528
http://support.microsoft.com/default.aspx?kbid=818528 Solution: after using
the Micrsoft Hotfix to replace the mrxsmb.sys and the rdbss.sys modify this
registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxSmb\Parameters
REG_DWORD: MultiUserEnabled Value 1
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of LDeFoor
Sent: Thursday, August 07, 2003 11:18 AM
To: Thin
Subject: [THIN] User logon issues since applying SP4 and Security Update
I am having some very strange issues since I applied SP4 and the "Security"
update from MS.
First, the configuration:
1 - Windows 2000 Server (for data and such)
2 - Windows 2000 Servers Terminal Server with Citrix load balanced
1 - Farm with PN published for full desktop
A user goes to login and after a VERY long waiting period - about 3 minutes
of
Applying Personal Settings... Receives the error message:
Windows did not load your roaming profile and is attempting to log on with
your
local profile. Changes to the profile will not be copied to the server when
you
log off. Windows did not load your profile because a server copy of the
profile
already exists that does not have the correct security. Either the current
user
or the Administrator's group must be the owner of the folder. Contact your
network administrator. (with an OK button). Click OK and then this message
comes up.
Windows can not find the local profile and is logging you on with a
temporary
profile. Changes you make to this profile will be lost when you log off.
(With
an OK button).
Click OK, then there is a VERY long wait - sometimes up to 7 minutes of
APPLYING
PERSONAL SETTINGS, then one of two things happen. The screen goes totally
BLUE
for about 5 more minutes then logs in, OR it logs in.
This doesn't happen to All users, ONLY some.
Then what is even stranger - for those users it does happen to, depends on
what
machine they are on as to what exactly happens. I have a user that CAN ONLY
log
on to my second server. When he does, he only gets the FIRST error message,
not
the second. BUT, goes to try to log onto to the first server and gets both
and
doesn't let him in. It gives him the second message but with an added
ACCESS
DENIED in the window.
User gets in and works totally fine the rest of the day, but then goes to
log
off and the Saving Settings appears for a LONG time and/or the screen goes
to
total BLUE for a long time?
Nothing has changed on the servers except the SP4 and Security Update.
********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you
know, in most cases, CPU Utilization IS NOT the single biggest constraint to
scaling up?! Get this free white paper to understand the real constraints &
how to overcome them. SAVE MONEY by scaling-up rather than buying more
servers.
http://www.rtosoft.com/Enter.asp?ID=147
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you know,
in most cases, CPU Utilization IS NOT the single biggest constraint to scaling
up?! Get this free white paper to understand the real constraints & how to
overcome them. SAVE MONEY by scaling-up rather than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=147
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
