Hi Mack,
Processes that have lost the session will not change identity, i.e. process
started by user John will be running under John's identity, not SYSTEM.
This behavior can be reproduced by running application with a different
identity versus identity that owns the session. This actually presents a
problem when session is reset by outside user (admin) -- impersonated
processes are often not killed! That presents a possibility for a Trojan app
that is not associated with active sessions and thus not easily visible with
existing admin tools (Task Manager will clearly show the process and the
owner name -- TSADMIN and MFADMIN will sometimes (not always) show identity
as "Unknown").
However, as you point out, original session name and ID will remain. There
was an article at TechNet regarding the issue (have no idea where it was).
PS Everyone that would like to ?try this at home", i.e. generate Error 1726
while resetting a session, welcome to try impersonation via
"impersonator.exe" from http://www.ishadow.com (the tool is free).
ALEX
From: "Mack, Rick" <RMack@xxxxxxxxxxxxxx> Reply-To: thin@xxxxxxxxxxxxx To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx> Subject: [THIN] Re: User session hangs Date: Mon, 30 Jun 2003 19:32:16 +1000
Hi Michael,
Have a look for instances of csrss.exe and winlogon.exe, or indeed any other
applications that are associated with a session ID when not many users are
logged on. What will happen if the O.S. can't kill a user's processes after
a logoff or session reset is that the processes with become associated with
SYSTEM rather than a user. However the originating session ID will still be
there.
It might give you a clue as to what's failing.
An example that we've seen is where a user tries to print a huge powerpoint 2000 presentation. Powerpoint will go to 100% of a cpu, the session will lock up and the user finally gives up and disconnects. Powerpoint at that point won't let itself be killed so it gets associated with System and just stayus there, wasting CPU cycles.
regards,
Rick
Ulrich Mack rmack@xxxxxxxxxxxxxx Volante Systems 18 Heussler Terrace, Milton 4064 Queensland Australia tel +61 7 32467704
-----Original Message----- From: Michael Hagberg [mailto:michael.hagberg@xxxxxx] Sent: Monday, 30 June 2003 7:00 PM To: 'Thin (E-mail)' Subject: [THIN] User session hangs
Server: W2K SP3 with MF XP FR2/SP2
Citrix Hotfixes : XE102W022, 029, 066 Server Hotfixes : Q322845, 322913, 323172, 324096, 324380, 326830, 326886, 327269, 328020, 329115, 329834, 328310, 328981, 329170, 331953, 810833, 329553, 811493, 814033, 815021
DataStore : SQL DataStore OS : WK2 DataStore SP : SP3
When a user logs on to one of the Citrix servers it hangs after awhile. When
the user terminates the session on his local machine and tries to log on
again it stops at the windows logon page.
When looking in the CMC on the server we don't see any users at all but we
see there processes for a short while but they also disapear after about 2
minutes. The only thing that helps is to reboot the server. This problem
firts occured after installing the following Citrix hotfixes which later was
removed, XE102W013, 059 and 057.
Any suggestions?
Thanks a million Michael
--------------------------------------------------------------------------------------------------------------------
The information contained in this e-mail is confidential and may be subject
to legal professional privilege. It is intended solely for the addressee.
If you receive this e-mail by mistake please promptly inform us by reply
e-mail and then delete the e-mail and destroy any printed copy. You must
not disclose or use in any way the information in the e-mail. There is no
warranty that this email or any attachment or message is error or virus free. It may be a private
communication, and if so, does not represent the views of Volante group Limited.