[THIN] Re: "You do not have access to logon to this session."
- From: "Tim Anderson" <tim@xxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Mon, 30 Aug 2004 10:59:47 -0500
stop IMA
dsmaint recreatelhc
dsmaint config /user:[userid_to_connect_to_sql] /pwd:[password_for_account]
/dsn:[path_to_mf20.dsn_with_WSD=_deleted]
start IMA
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Schneider, Chad M
Sent: Monday, August 30, 2004 10:32 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: "You do not have access to logon to this session."
If I delete the line and restart IMA, doesn't recreate the line with the new
name.
_____
From: Schneider, Chad M [mailto:CMSchneider@xxxxxxxxx]
Sent: Monday, August 30, 2004 10:17 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: "You do not have access to logon to this session."
WSID was the old.
Is it OK to change it and then restart the IMA?
_____
From: Tim Anderson [mailto:tim@xxxxxxxxxxxxxxxxx]
Sent: Monday, August 30, 2004 10:08 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: "You do not have access to logon to this session."
Then it does sound like an AD issue. Make sure your trust relationship is
good and that all your domain controllers have replicated successfully.
WSID=OldServerName refers to a line in the Data Source Name (DSN) used to
connect to the IMA datastore. Likely location is %systemdrive%\program
files\citrix\independent management architecture\mf20.dsn. Open it up in
notepad to check the value of WSID=.
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Schneider, Chad M
Sent: Monday, August 30, 2004 9:53 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: "You do not have access to logon to this session."
All that was done, was move servers from domain A to AD domain B and rename
servers to new naming scheme. This has worked on 12+ servers of a
different domain, moving into AD domain.
Not sure exactly where to look for the WSID=OldServerName entry. SQL
datastore. IMA service has been cycled, rebooted the servers several times
last week, as well as last night for weekly reboot.
All servers show new name in CMC. I then removed the old name entry from
the CMC, remove from farm.
Users have not bee converted.
None that I am aware of.
Users have not moved so this should not be an issue.
Also, not an issue.
_____
From: Tim Anderson [mailto:tim@xxxxxxxxxxxxxxxxx]
Sent: Monday, August 30, 2004 9:40 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: "You do not have access to logon to this session."
"Since they have been moved, and renamed"
Have you deleted the "WSID=OldServerName" line from the IMA datastore DSN
and cycled the IMA Service?
Do all of your servers reflect their new names in the CMC?
If you have converted the user accounts to AD check that they still have the
"Allow logon to terminal server" specified under Terminal Server Profile
properties in AD Users & Computers.
Are you experiencing any domain trust relationship problems stemming from
your AD conversion?
Do all of your users have SID history intact from the old domain to the new
domain?
Have you reassiged published app permissions after the domain conversion
pointing to the converted accounts?
Sounds like you have a lot going on in your environment now and the
information you have provided is pretty limited. These are the places I
would start looking based upon what you provided.
Cheers,
Tim Anderson
Senior Engineering Consultant
Server Centric Consulting LLC
11939 Manchester Rd. #110
St. Louis, MO 63131
(888) 747 - 4700
<http://www.servercentric.com/> www.servercentric.com
All electronic mail communications originating from or transmitted to Server
Centric Consulting are subject to monitoring. This message and the
information contained in it, which may consist of electronic data
attachments, are the confidential and proprietary communications of SCC and
are intended to be received only by the individual or individuals to whom
the message has been addressed. If the reader of this message is not the
intended recipient, please take notice that any use, copying, printing,
forwarding or distribution of this message, in any form, is strictly
prohibited. If you have received this message in error, please immediately
notify the SCC Privacy Officer at (888) 747-4700 and/or forward the message
to privacy@xxxxxxxxxxxxxxxxx and delete or destroy all copies of this
message.
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Schneider, Chad M
Sent: Monday, August 30, 2004 8:24 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] "You do not have access to logon to this session."
I have 3 servers, which have been in use, as is, for @ 3 years.
They were member servers of a domain, and recently moved to our AD domain,
as part of our ad conversion project. Since they have been moved, and
renamed, the published applications running on them, not all, but some, give
the error "You do not have access to logon to this session". When this
happens, it happens for everyone, users, admins., AD domain admins,
everyone. I have tried removing app. Rights, readding, limiting to a single
server, deleting the app. And creating a new of the same name. The last
item, seems to work, but only temporary.
I am pulling out my hair, of course, they only notice this at shift change,
which if middle of the night, so I have been woke up every night for the
past week.
Any help is appreciated.
Other related posts:
