[THIN] Re: Shadow taskbar encryption errors
- From: "Stratton, Doug ISMC:EX" <Doug.M.Stratton@xxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 4 Dec 2008 08:43:07 -0800
That has been set to 128 bit also. (2nd, see updates in original)
We checked our templates and from what I can tell they are from w2k3.
Not sure which one it was but if it was system.adm (think that was it)
it was dated 2007-02-17.
So we tried checking these settings from a vista box with the latest
GPMC on it. There were way more choices for other things but this area
still looked the same. We set it with this anyways and same problem.
I do have another related question also.
We have tried disabling any GP/Citrix Policy... That we can find but
still can't get the TSCC ICA-TCP Encryiption level to UN-grey so we can
try to change it there. I have looked at a few servers and they all are
the same way. Is this normal?
Regards,
Doug Stratton, Shared Service BC
Service Desk Email: 77000@xxxxxxxxx
Service Desk Tel: (250)387-7000
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Joe Shonk
Sent: December 4, 2008 6:16 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Shadow taskbar encryption errors
Check the encryption level set at the published application level.
Joe
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Stratton, Doug ISMC:EX
Sent: Wednesday, December 03, 2008 3:59 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Shadow taskbar encryption errors
I am having a problem with using Shadow Taskbar on a test CPS 4.5 farm
(w2k3 ) we have.
We have a group policy Set client connection encryption level set to
Client compatible.
This results in getting an error "you do not have the proper encryption
level to access this session". Also get another popup same time, " To
log on to this computer, you must have terminal server User access
Permissions......
So I have been working on this and this is all the stuff I have tried
(what works what does not)
1st - Turned off all encryption stuff and it worked
- registry hklm\system\currentcontrolset\control\terminal
server\Winstations\ica-tcp\MinEncryptionLevel 1
- Published application no level specified as requirement
- Citrix ICA encryption Policy, disabled
- gp removed setting for encryption Computer\Windows
components\Terminal Server\Encryption and Security\Set client connection
Encryption level
2nd - Turned on Citrix Published Desktop encryption 128bit min required
- WORKED with shadow bar
2.2 - Set Wiindows gp (Set Client Connection encryption level to Client
compatible) - FAILED (just encryption note)
REBOOTED - failed
Turn off Policy and Gpupdate /force works again
3rd - Enabled Citrix encryption policy - FAILED
Get encryption error AND Not in TS group so no access.???
Turn off policy works again
4th - Set registry hklm\system\currentcontrolset\control\terminal
server\Winstations\ica-tcp\MinEncryptionLevel 28 - WORKED (no gp or
citrix policy)
5th - Turned on Citrix Encryption policy now - WORKS, guess needs above
6th - turned gp encryption back on to client compatible - FAILED
Set to high - FAILED
7th - tried setting with latest GPMC on vista box - FAILED (it did set
the RDP connections but the Citrix connection still said None and is
greyed out and shadow still not working.)
So at this point I can't get the Windows GP setting to work. We
currently have it in production and I know Security is going to baulk at
wanting to remove it when we upgrade.
Any suggestions? And thanks again
Regards,
Doug Stratton, Shared Service BC
Service Desk Email: 77000@xxxxxxxxx
Service Desk Tel: (250)387-7000
Other related posts:
