[THIN] Re: Weird Authentication Issue
- From: "Mack, Rick" <RMack@xxxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Sat, 8 Mar 2003 16:25:11 +1100
Hi Linn,
Is it the authentication that fails, or is the user session left in limbo
after they enter their username password?
We've occasionally had problems where the sequence of events is fairly
similar to what you describe. However additional things are that any network
i/o dependent apps hang, and domain logins hang while local user login still
work, sort of (use taskmgr to start explorer etc).
If you run qwinsta you see a bunch of downed winstations, but TS related
activity (reset session, logoff session etc) just hangs. If you run up
srvmgr on another server, attach to the back-end file/print server and then
find and disconnect all file sessions belonging to the affected metaframe
server, it may recover.
If that's thae case, Maxmpxct and maxworkitems should be increased on the
back-end file/print server, and depending on the antivirus package running
on the back-end server, the AV settings may need to be set to check inbound
only. If you're using a NAS or SAN solution, check it's tuning to improve
I/O throughput (eg cache cluster size on IBM SAN).
Regards,
Rick
Ulrich Mack
rmack@xxxxxxxxxxxxxx
Volante Systems
18 Heussler Terrace, Milton 4064
Queensland Australia
tel +61 7 32467704
-----Original Message-----
From: Linn A. Boyd [mailto:linn@xxxxxxxxxxxxxxxxx]
Sent: Saturday, 8 March 2003 8:56 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Weird Authentication Issue
Background:
Windows 2000 Server farm (24 Servers), connected to a Windows 2000 AD
infrastructure. These are Terminal Services applications servers, and this
is a network authentication issue, we believe. We are a sub domain of a
larger forest (much larger).
Software Installed:
Windows 2000 SP3 all SP's Hotfixes as of 3/7/03 other than IE6.0, DirectX,
and Media Player Citrix MetaFrame XP 1.0 FR2 all SP's Hotfixes as of 3/7/03
Office 2000 SR2 IE5.5 fully updated One access application (very rare use)
Two custom applications (these have been operating sucessifuly not updated
for over two years) One Terminal Emulator Application
Problem:
Occasionally a server will stop authenticating any type of username/password
request within the farm. Then all of the citrix connections are being
directed to it, thus taking down the farm because the server does not report
a load change back to the citrix farm. This was not seen before the domain
was migrated from a Windows NT 4.0 domain structure to an Active Directory
Structure. Nothing was changed other than to go to Active Directory.
Diagnosis so far:
1. This is not completely a citrix problem as you can't even authenticate to
do a runas on the machine. 2. The server will accept a password, and grey
the username/password/domain box, but leave that box up indefinitely, after
the server hangs it doesn't matter if you try this from the console, a RDP
session or an ICA session. 3. Twice we have been logged onto a machine and
view what is happening with it.
a. You can not FTP to anything to download a file
b. You can not do a runas command to run another process.
c. When trying to run netdiag.exe everything is normal and passed until
the "Gathering NetBT configuration information." section starts and then
netdiag.exe hangs until a Ctrl-C is applied.
Other interesting facts:
1. This seems to happen only at a high load level and during the day. 2. You
can not log into a local administrator account once a machine stops
authenticating. 3. It doesn't seem to be a Citrix issue as everything is
stopping to authenticate including the console. 4. You can look at all of
the Event View logs other than the application log. 5. There are no strange
failures within the log files. 6. It requires a hard power cycle to restore
the server. 7. All of these servers are identical as far as OS, APPS etc. we
image these servers, and we have tried to go to an image that did not have
these issues when they are joined to AD we receive them. They are syspreped
and the sids changed correctly for this. 8. We segregated some servers out
to just serve published applications and have not seen any lockups on these
servers.=20
Does anyone have any ideas? Has anyone seen this behavior before?
*********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for Citrix
Metaframe and Microsoft Terminal Services! http://www.thinprint.com
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
--------------------------------------------------------------------------------------------------------------------
The information contained in this e-mail is confidential and may be subject
to legal professional privilege. It is intended solely for the addressee.
If you receive this e-mail by mistake please promptly inform us by reply
e-mail and then delete the e-mail and destroy any printed copy. You must
not disclose or use in any way the information in the e-mail. There is no
warranty that this email or any attachment or message is error or virus free.
It may be a private
communication, and if so, does not represent the views of Volante group Limited.
*********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for Citrix
Metaframe and Microsoft Terminal Services!
http://www.thinprint.com
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
