Solved

Detecting Citrix

Posted on 2004-10-26
1,423 Views
Last Modified: 2013-11-21
I wanted to know how you can detect Citrix and its Session ID?
0
Question by:Armon14
    5 Comments
     
    LVL 2

    Expert Comment

    by:ThePerfectK
    I'm not sure exactly what you are trying to "Detect", nor what the "Session ID" is to which you are referring.  To find if Citrix is installed, you can look either in the All Programs menu found in the Start menu within windows, or you could look in the Program Files folder.  Look for Citrix and ICA Client folders.

    If you are trying to determine if Citrix is currently running, there should be a System Tray icon in the lower right corner of your screen which will look like a small cityscape/skyscraper.  You can double click on that icon, and it should display any active Citrix connections, and give you most of the details about them including to which server you are connected, and the username with which you logged in.

    Please let me know if that gives you any clues, or provide more specific details so I can better assist you.  Thanks...
    0
     
    LVL 6

    Accepted Solution

    by:
    Hey ThePerfectK ;)

    Read this information, I hope this answer all your queries.

    "LSVIEW.EXE" can be run on Terminal Server to check the Discovery Process

    * Verify the terminal server can access the license server.

    Make sure there is no firewall software on the terminal server or license server
    that would block necessary ports. Same for a hardware firewall between them. TS
    licensing works over RPC, which means port 135 and a dynamically assigned port
    above 1024 must be open.

    Make sure DNS is properly configured on the client,terminal server, and license
    server. Verify you can ping in between them all by IP address, FQDN, and NetBIOS
    name. Also try "ping -l 1472 -f <IP address>" to determine if the MTU is too small
    on the network, in which case you can change it on the router, or configure the
    machines to use a smaller MTU in the registry. Setting the MaxMTU to 576 and or
    setting EnablePMTUDiscovery to 0 may allow them towork.

    Windows NT 4.0
    ==============

    HKLM\System\CurrentControlSet\Services\<Adapter
    Name>\Parameters\Tcpip
    Value Type:      REG_DWORD
    Value Name:      MTU
    Value: Valid Range: 68 - <the MTU of the underlying
    network>

    In Windows 2000 and later this value is under the following key:
    ==================================================

    HKLM\System\CurrentControlSet\Services
    Tcpip\Parameters\Interfaces\<ID for
    Adapter>
    Value Type:      REG_DWORD
    Value Name:      MTU
    Value: Valid Range: 68 - <the MTU of the underlying
    network>


    * Verify CALs are available.

    The license server must be activated and have CALs available. For Windows Server
    2003 terminal servers, the license mode on the terminal server, must match the type
    of CALs that are available on the license server. For example if Per User CALs have
    been installed on the license server, the terminal server must be set to Per User
    license mode.

    * Delete the "MSLicensing" registry key and verify that the users have at least
    Read access on the HKLM\Software\Microsoft key.


    * Verify Authenticated Users have "Access this computer from the network" and
    "Bypass Traverse Checking"

    By default, the only group policy object that has the "Access this computer from
    the network" right defined is the Default Domain Controllers policy. All other
    machines (member servers, clients, machines in a workgroup) have that right defined

    in their local security policy.

    * Check RestrictAnonymous.

    If RestrictAnonymous is 2 on the license server, it won't be able to issue
    licenses. Values of 0 or 1 work fine.

    NOTE: The exception to this is when a 2003 TS is using a 2003 TSL, then
    RestrictAnonymous=2 will work fine and does not need to be changed. In all other
    scenarios (2000 TS/2000 TSL,2000 TS/2003 TSL) RA=2 is bad.

    * Verify network adapter bindings.

    Network adapters must have File and Printer Sharing bound to them. If there are
    multiple adapters on the license server, the adapter that is on the same network as
    the terminal server should be first in the binding order.

    10. Verify the RDP-tcp connection is enabled and that "Maximum Connection Count" on
    the Network Adapter tab of RDP-Tcp properties is set to Unlimited.

    Verify that Everyone has Full Control on the RDP-Tcp properties, Security tab
    (Everyone Full Control isn't required, just so the users trying to connect have
    permissions to it).

    In Terminal Services Configuration click Connections,right-click RDP-Tcp, select
    All Tasks. If Enable Connection is an option, the connection is currently disabled.
    There will also be a red X over the icon for the specified connection when
    disabled.

    If RDP-tcp encryption level is set to High, and clients are failing to connect, try
    setting the encryption level to low, or keeping it on high but using the latest RDP
    client on the client machines.

    * Verify if the license server is Enterprise or Domain.


    Role can be verified:
    =====================
    HKLM\System\CurrentControlSet\Services\TermServLicensing\Parameters,

    if
    Role=0 it is a domain/workgroup license server, if
    Role=1, it is an Enterprise license server.


    * Delete the certificate registry values on the client and terminal server.


    * Event 201/221 and the license logging service.

    The license logging service is separate from TS licensing, however it can affect
    terminal server connections. If Windows licensing on the terminal server is
    configured for Per Server, and has run out of Windows licenses (regardless of TS
    licenses) connections will be denied. Disabling the license logging service is the
    quickest way to test for this, and it is actually recommended to keep license
    logging disabled. It is disabled by default on Windows Server 2003.

    * Disable the License Server Security Group policy under Computer

    Configuration\Administrative Templates\Windows components\Terminal
    Services\Licensing.

    Note: This policy setting is only available on 2003. When enabled, a Terminal
    Services Computers local group is created,and TS licenses will only be granted to
    computer accounts that are a member of that group.

    * If the error is "You do not have access to logon to this session" and they are
    using the Internet Connector License (2000) or External Connector License (2003)
    then only TSInternetUser credentials will work.

    * Issues with thin clients.

    Try resetting the thin client to factory defaults and/or updating its firmware.
    Thin clients can be reset to factory defaults by unplugging the unit from the wall
    for about five minutes (bleeding down the capacitors is the only way to cold start
    the thing, per Compaq) and the holding down the "G" key while plugging in and restarting the unit.

    Good Luck !!

    Ritesh
    Dell support professional
    0
     
    LVL 6

    Expert Comment

    by:engineer_dell
    Hey The perfectK

    Here is the list of commands, to qery session id and much more,
    QUERY replaces QUSER, QPROCESS, QOBJECT, QAPPSERV, QWINSTA from Citrix Winframe.

    The query utilities are used to display current information about the system such as the current allocation of resources and system status. The query command can invoke any one of the query utilities. The command line format is:
    query [appservers | object | process | session | user] [/?]
    /? (help)
                             
    Displays the syntax for the command and information about the command's options.

    Syntax
    Query Appservers:


    Displays the available application servers on the network.

    Query appservers [servername] [/domain:domainname] [/address] [/continue] [/?]
    Parameters
    servername
    Identifies an application server.

    /domain:domainname
    Displays application server information for the specified domainname. Defaults to the current domain.

    /address
    Displays the network and node addresses for each server.

    /continue
    Pauses after each screen of information until a key is pressed.

    /? (help)
    Displays the syntax for the command and information about the command's options.

    Query Appservers -- Additional Notes
    Query Appservers searches the network for all attached application servers and returns the following information:

    The servername. The network and node address (if the /address option is used).

    The following is an example for query appservers:
       C:\>query appserversAPPLICATION SERVERfast_eddieengineeringaccess_1
       *brand_x
                             
    The asterisk (*) indicates the current servername. APPLICATION SERVER identifies the servername.
    Query Appservers -- Examples
    To display information about all application servers found on the network, type:
    query appservers

    To display information about the fasteddie application server, type:
    query appservers fasteddie

    To display information about all application servers in domain SYSTEM, type:
    query appservers /domain:system

    To display the network and node address for the NABBY application server, type:
    query appservers NABBY /address

    Syntax
    Query Object:
    Displays information about the system's Object Manager Namespace.

    query object [Objectname] [/device] [/?]
    Parameters
    Objectname
    Identifies the object type to query.

    /device
    Displays devices in the \DosDevices namespace in a modified format.

    /? (help)
    Displays the syntax for the command and information about the command's options.

    Query Object -- Examples
    To display information about the objects that are in the \Driver namespace, type:
    query object \Driver

    To display information about the objects that are in the \DosDevices namespace in a modified format, type:
    query object /device

    Syntax
    Query Process:
    Displays information about processes.

    query process [processID] [/server:servername] [/system] [/?]
    query process[username] [/server:servername] [/system] [/?]
    query process[sessionname] [/server:servername] [/system] [/?]
    query process[/ID:sessionID] [/server:servername] [/system] [/?]
    query process[programname] [/server:servername] [/system] [/?]
    query process[*] [/system] [/server:servername] [/?]

    Parameters
    processID
    Identifies a process.

    username
    Identifies the name of the user whose processes you want to display.

    sessionname
    Identifies the name of the session. The name was created by the system administrator when the session was configured.

    /ID:sessionID
    Identifies the session whose processes you want to display.

    programname
    Identifies the name of the program whose processes you want to display. The .exe extension is required.

    /server:servername
    The Terminal Server to be queried. Otherwise, the current Terminal Server is used.

    /system
    Displays process information for system processes.

    /? (help)
    Displays the syntax for the command and information about the command's options.

    Security Restrictions
    Query process is used to query only those processes belonging to the current user, unless the current user has sufficient security classification to query processes belonging to other users. Administrators have full access to all query process functions.
    Query Process -- Additional Notes
    If no process or session is specified, query process queries all processes belonging to the current user. If a session is specified, it must identify an active session. You can use wildcards to identify the process. If a single wildcard is present (*), all processes in the system are identified.

    Query process returns the following information:
      The user that owns the process.
      The session that owns the process.
      The ID of the session.
      The process name.
      The process state.
      The ID of the process.
                             
    The following is an example for query process:
       C:>query process
       USERNAME SESSION ID STATE PID
       >edj rdp-tcp#002 0 wait 353 progman.exe
       >edj rdp-tcp#002 0 wait 49 cmd.exe
       >edj rdp-tcp#002 0 wait 139 query.exe
       >edj rdp-tcp#002 0 run 375 qprocess.exe
                             
    The > character identifies the current user. Session identifies the session where the user is logged on the system. ID specifies the ID of the session.

    State indicates the state of the process. PID identifies the processID of the program that follows.
    Query Process -- Examples
    To display information about process 8, type:
    query process 8

    To display information about all processes for user EDDIEJ, type:
    query process EDDIEJ

    To display information about all processes in session rdp-tcp#002, type:
    query process rdp-tcp#002

    To display information about all processes in session 4, type:
    query process /id:4

    To display information about the process Netclient.exe, type:
    query process Netclient.exe

    To display information about all processes in the system, type:
    query process *

    To displays information about all processes on the system, including system processes, type:
    query process * /system

    Syntax
    Query Session:
    Displays information about sessions.

    Query session [sessionname] [/server:servername] [/mode] [/flow] [/connect] [/?]
    Query session[username] [/server:servername] [/mode] [/flow] [/connect] [/?]
    Query session[sessionID] [/server:servername] [/mode] [/flow] [/connect] [/?]
    Parameters
    sessionname
    Identifies the name of the session. The name was created by the system administrator when the session was configured.

    username
    Identifies the user of the session.

    sessionID
    Specifies the ID of the session.

    /server:servername
    The Terminal Server to be queried. Otherwise, the current Terminal Server is used.

    /mode (session mode)
    Displays the current line settings.

    /flow (flow control)
    Displays the current flow control settings.

    /connect (connect settings)
    Displays the current connect settings.

    /? (help)
    Displays the syntax for the command and information about the command's options.

    Security Restrictions
    A user can always query the session where the user is currently logged on. The user must have Query Information access permission to query other sessions.
    Query Session -- Additional Notes
    If no session is specified, query session displays all active sessions in the system. Otherwise, the session must identify an active session.

    The following is an example for query session:
       C:>query session
       SESSION USERNAME ID STATE TYPE DEVICE
       >console administrator 0 active
       rdp-tcp#003 eddiej 1 active
       rdp-tcp 2 listen
       rdp-tcp 3 listen
       rdp-tcp 4 idle 5 idle
                             
    The > character identifies the current session. Session specifies the session name. Username identifies the name of the user connected at the session, if any. ID identifies the ID of the session connected to the system, if any. State provides information on the current state of the session and can be any of the following:
       Active. The session is connected and active.
       Conn. The session is connected. No user is logged on.
       ConnQ. The session is in the process of connecting. If this state
            continues, it indicates a problem with the connection.
       Shadow. The session is shadowing another session.
       Listen. The session is ready to accept a client connection.
       Disc. The session is disconnected.
       Idle. The session is initialized.
       Down. The session is down, indicating the session failed to initialize correctly.
       Init. The session is initializing.
                             
    Type indicates the session type. Device is the device name assigned to the session (not present for the console or network-connected sessions). The comment following the session information is from the profile.

    A session initially configured as disabled does not show up in the query session list until it is enabled.
    Query Session -- Examples
    To display information about all active sessions on server ACCTG, type:
    query session /server:ACCTG

    To display information about session MODEM02, if it is active, type:
    query session MODEM02

    Syntax
    Query User:
    Displays information about users who are logged on the system.

    query user [username] [/server:servername] [/?]
    query user[sessionname] [/server:servername] [/?]
    query user[sessionID] [/server:servername] [/?]
    Parameters
    username
    Identifies the user.

    sessionname
    Identifies the name of the session. The name was created by the system administrator when the session was configured.

    sessionID
    Specifies the ID of the session.

    /server:servername
    The Terminal Server to be queried. Otherwise, the current Terminal Server is used.

    /? (help)
    Displays the syntax for the command and information about the command's options.

    Security Restrictions
    A user must have Query Information access permission to query other users.

    Cheers !!
    Ritesh
    0
     
    LVL 2

    Expert Comment

    by:ThePerfectK
    Thanks Ritesh.  The question wasn't mine, however that is all the useful information in the world for Metaframe...   does that answer your question Armon14?
    0
     
    LVL 6

    Expert Comment

    by:engineer_dell
    Hey ThePerfectK !!
    I am sorry..but my answer was for Armon14. And I believe that it should answer his query.

    regards,
    Ritesh.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How does your email signature look on mobiles?

    Do your employees reply to their emails on mobile devices? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

    Suggested Solutions

    Title # Comments Views Activity
    GPO setting to enable IE security 9 28
    Exchange 2007 SP upgrade 9 69
    cryptolocker in a desktop 3 54
    SBS 2011 Rollup 18 47
    Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
    I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
    Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This video discusses moving either the default database or any database to a new volume.

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now