[THIN] Weird Authentication Issue

  • From: "Linn A. Boyd" <linn@xxxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Fri, 7 Mar 2003 16:55:47 -0600


Windows 2000 Server farm (24 Servers), connected to a Windows 2000 AD
infrastructure. These are Terminal Services applications servers, and
this is a network authentication issue, we believe. We are a sub domain
of a larger forest (much larger).

Software Installed:

Windows 2000 SP3 all SP's Hotfixes as of 3/7/03 other than IE6.0,
DirectX, and Media Player
Citrix MetaFrame XP 1.0 FR2 all SP's Hotfixes as of 3/7/03
Office 2000 SR2
IE5.5 fully updated
One access application (very rare use)
Two custom applications (these have been operating sucessifuly not
updated for over two years)
One Terminal Emulator Application


Occasionally a server will stop authenticating any type of
username/password request within the farm. Then all of the citrix
connections are being directed to it, thus taking down the farm because
the server does not report a load change back to the citrix farm. This
was not seen before the domain was migrated from a Windows NT 4.0 domain
structure to an Active Directory Structure. Nothing was changed other
than to go to Active Directory.

Diagnosis so far:

1. This is not completely a citrix problem as you can't even
authenticate to do a runas on the machine.
2. The server will accept a password, and grey the
username/password/domain box, but leave that box up indefinitely, after
the server hangs it doesn't matter if you try this from the console, a
RDP session or an ICA session.
3. Twice we have been logged onto a machine and view what is happening
with it.
   a. You can not FTP to anything to download a file
   b. You can not do a runas command to run another process.
   c. When trying to run netdiag.exe everything is normal and passed
until the "Gathering NetBT configuration information." section starts
and then netdiag.exe hangs until a Ctrl-C is applied.

Other interesting facts:

1. This seems to happen only at a high load level and during the day.
2. You can not log into a local administrator account once a machine
stops authenticating.
3. It doesn't seem to be a Citrix issue as everything is stopping to
authenticate including the console.
4. You can look at all of the Event View logs other than the application
5. There are no strange failures within the log files.
6. It requires a hard power cycle to restore the server.
7. All of these servers are identical as far as OS, APPS etc. we image
these servers, and we have tried to go to an image that did not have
these issues when they are joined to AD we receive them. They are
syspreped and the sids changed correctly for this.
8. We segregated some servers out to just serve published applications
and have not seen any lockups on these servers.=20

Does anyone have any ideas? Has anyone seen this behavior before?

This Week's Sponsor - ThinPrint
Simply the best print solution for Citrix
Metaframe and Microsoft Terminal Services!

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:

Other related posts: