Hi People, Had a slightly unusual problem this morning that I thought would be worth telling about. Scenario: Windows Server 2003 SP1 Citrix Presentation Server 4 (R01 plus hotfixes to 064) My customer tried to remove a server from a published app and got an mesage asking if he wanted to remove the domain users assigned to the app. Luckily he said no. When we looked at the published application properties, the thing that was immediately obvious was that the domains normally listed in the "users" property were missing. If we tried to add any more users, even as Domain\username, the domain lookup failed. I tried running the CMC on other servers, and even moving the data collector and the error still persisted. The weird thing was that other published applications showed the full domain list, and allowed you to add and remove domain users in the same CMC session. While the Citrix knowledgebase covered a couple of scenarios where the domain list could fail, in those cases the missing doman lists were universal. . Since the published app in question was the "main" published app, a published desktop servicing several hundred users, we were kind of nervous about leaving things in a obviously unhappy state. Since the problem seemed to be confined to the one published application, it seemed reasonable to assume that we were loking at some sort of datastore issue. But running dscheck etc didn't produce any errors. The other published apps were okay so we decided to duplicate the "broken" published app and then delete the original and rename the new published app to the original name. To my horror the new one had the same problem as soon as I assigned all the servers to the app, no domains. So I decided to use an exisiting published application that worked, but as soon as I assigned additional servers to it, the domain list disappeared. It wasn't until I removed the servers one by one, and the domain lists came back, that the penny dropped. Removed the same server from the "broken" published app and the domains reappeared. To cut a long story short, the offending server had lost it's secure channel credentials to the domain. You could still log on etc, but when I ran a netdom query (Windows 2000 resource kit) against the server the problem was exposed. "Netdom reset servername /d:domainname" fixed the secure channel issues and restarting the IMA service then fixed the server preventing the domain lists from appearing in apps assigned to that server in the CMC. A fun morning. regards, Rick Ulrich Mack Volante Systems ##################################################################################### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this e-mail has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this e-mail is prohibited. If you have received it in error please notify the sender immediately by reply e-mail and destroy all copies of this e-mail and any attachments. All liability for direct and indirect loss arising from this e-mail and any attachments is hereby disclaimed to the extent permitted by law. #####################################################################################