Cannot see any sessions in my shadow taskbar

Hi there!

I have a user that must be allowed to shadow other user sessions.
I have created a policy for him but when i open the shadow taskbar, only 3 of ca. 15 sessions are shown.
I know that there are over 15 sessions logged in.
If i log in as administrator i see all sessions, but I don`t want to give him any administrator rights.
I`m running PS 4.5 on a W2K3 server.

Hope someone have a solution =)
Who is Participating?
Ron9909Connect With a Mentor Commented:
Quote: "No, I removed the group and applied the policy specificly to 2 users that I knew was logged in."

If you apply a policy to users that are already logged in, it wont take effect, as they would have to log in again.  However, from what you've described, it seems like the shadow policy feature is the source of your problem.

Let me explain - there are a lot of reasons why you can have problems with shadowing, e.g. if the display properties are not matched (sessions being shadowed have greater res or colour depth), with permissions on the ICA listener, or even with DCOM permissions, but I think the problem here is policy related.  

When you configure a shadow policy, all users that you want to be able to shadow must be added to the policy i.e. whatever users are configured under the 'apply this policy to' setting can only be shadowed by users added to that policy.  

I've noticed on other occasions, that this seems to affect even full Citrix admins (but not had a satisfactory explanation yet as to why).  The way to test if this is your problem here is firstly, disable the policy and test using new sessions, and secondly, re-enable the policy then add your citrix administrators to the policy.  Can you try this and let me know what happens?
The user can only shadow sessions to which the policy applies - have you checked to see that all the other users belong to a filter that means the policy applies to them?  You can check by using the 'Search' option which is a bit like AD Resultant Set of Policy.
SOK_NorwayAuthor Commented:
Thanks. Yeah, I have applied the policy to a big group of users. And I know everyone on the server is a member of this group.

I followed this description:

Login to PSC (Presentation Server Console) --> Policies --> Create Policy --> Create a Policy e,g shadow --> Right click on new created Policy --> go to Propertes --> User Workspaces --> Shadowing -1.   Under 'Configuration' enable it
2.   Under 'Permission' tab --> select 'Enable' --> then 'Configure' to select the users (Shadow administrator).

Now click ok and save Policy --> Again Right click on it and select 'Apply this Policy to' --> select 'Users' --> select the Users/Group to whom you want to shadow (Shadow User).
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

SOK_NorwayAuthor Commented:
I set the user to be an administrator in Citrix Access Management Console. The Shadow Taskbar still was showing about 3 of 15 sessions. But if I made him a Domain Admin in my AD, could he see all the 15 sessions.
Interesting problem.  I'd like to ask a fw more questions if thats ok -
Do the users all belong to the same domain or are there trusts in place?

Are the users 3 users always logged on to the same server (s)?  I'm wondering if there is something about the servers themselves e.g.  permissions on the ICA listener

The user account that needs to shadow - have you looked at its group membership to see if it happens to belong to the same groups being shadowed, (perhaps through group nesting)?  

If you add a user to the policy explicitly, can it be shadowed?

Does the shadowing user have the shadow policy applied to him if you run the resultant policy (Search) feature?
SOK_NorwayAuthor Commented:
Sure, no problem.
All users belong to the same domain.

We have 2 terminal servers which is based on load balanse. Therefor can the user be connected to either server. It looks like the 3 users I see are on one server and the others are on the other server. But it`s 2 more users on the same server that I can`t see.
And I found one more thing. Right now I have 10 users logged in. 6 users on the first server and 4 users on the other server. With administrator i can see all 6 on the first server and 2 users on the other server. With the other user I can`t see anyone on the first server but I can see the 2 users i could not see with administrator.

Yes, the user are member in the group that can be shadowed.

No, I removed the group and applied the policy specificly to 2 users that I knew was logged in.
I could not see them, but i could still see the 2 users that I always have seen. Is there any other places that permissions can be set? Because 2 users that I saw did not have the policy applied to them.

Yes, I gave the users permission under User Workspaces --> Shadowing --> Permission
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.