[THIN] Re: Domain list missing from published app in CMC
- From: "Rick Mack" <Rick.Mack@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 26 Jul 2006 20:29:48 +1000
Hi People,
Had a slightly unusual problem this morning that I thought would be worth
telling about.
Scenario:
Windows Server 2003 SP1
Citrix Presentation Server 4 (R01 plus hotfixes to 064)
My customer tried to remove a server from a published app and got an mesage
asking if he wanted to remove the domain users assigned to the app. Luckily he
said no.
When we looked at the published application properties, the thing that was
immediately obvious was that the domains normally listed in the "users"
property were missing. If we tried to add any more users, even as
Domain\username, the domain lookup failed. I tried running the CMC on other
servers, and even moving the data collector and the error still persisted.
The weird thing was that other published applications showed the full domain
list, and allowed you to add and remove domain users in the same CMC session.
While the Citrix knowledgebase covered a couple of scenarios where the domain
list could fail, in those cases the missing doman lists were universal. .
Since the published app in question was the "main" published app, a published
desktop servicing several hundred users, we were kind of nervous about leaving
things in a obviously unhappy state.
Since the problem seemed to be confined to the one published application, it
seemed reasonable to assume that we were loking at some sort of datastore
issue. But running dscheck etc didn't produce any errors.
The other published apps were okay so we decided to duplicate the "broken"
published app and then delete the original and rename the new published app to
the original name. To my horror the new one had the same problem as soon as I
assigned all the servers to the app, no domains. So I decided to use an
exisiting published application that worked, but as soon as I assigned
additional servers to it, the domain list disappeared. It wasn't until I
removed the servers one by one, and the domain lists came back, that the penny
dropped. Removed the same server from the "broken" published app and the
domains reappeared.
To cut a long story short, the offending server had lost it's secure channel
credentials to the domain. You could still log on etc, but when I ran a netdom
query (Windows 2000 resource kit) against the server the problem was exposed.
"Netdom reset servername /d:domainname" fixed the secure channel issues and
restarting the IMA service then fixed the server preventing the domain lists
from appearing in apps assigned to that server in the CMC.
A fun morning.
regards,
Rick
Ulrich Mack
Volante Systems
#####################################################################################
This e-mail, including all attachments, may be confidential or privileged.
Confidentiality or privilege is not waived or lost because this e-mail has been
sent to you in error. If you are not the intended recipient any use,
disclosure or copying of this e-mail is prohibited. If you have received it in
error please notify the sender immediately by reply e-mail and destroy all
copies of this e-mail and any attachments. All liability for direct and
indirect loss arising from this e-mail and any attachments is hereby disclaimed
to the extent permitted by law.
#####################################################################################
Other related posts:
