[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2061
  • Last Modified:

Cannot see any sessions in my shadow taskbar

Hi there!

I have a user that must be allowed to shadow other user sessions.
I have created a policy for him but when i open the shadow taskbar, only 3 of ca. 15 sessions are shown.
I know that there are over 15 sessions logged in.
If i log in as administrator i see all sessions, but I don`t want to give him any administrator rights.
I`m running PS 4.5 on a W2K3 server.

Hope someone have a solution =)
0
SOK_Norway
Asked:
SOK_Norway
  • 3
  • 3
1 Solution
 
Ron9909Commented:
The user can only shadow sessions to which the policy applies - have you checked to see that all the other users belong to a filter that means the policy applies to them?  You can check by using the 'Search' option which is a bit like AD Resultant Set of Policy.
0
 
SOK_NorwayAuthor Commented:
Thanks. Yeah, I have applied the policy to a big group of users. And I know everyone on the server is a member of this group.

I followed this description:

Login to PSC (Presentation Server Console) --> Policies --> Create Policy --> Create a Policy e,g shadow --> Right click on new created Policy --> go to Propertes --> User Workspaces --> Shadowing -1.   Under 'Configuration' enable it
2.   Under 'Permission' tab --> select 'Enable' --> then 'Configure' to select the users (Shadow administrator).

Now click ok and save Policy --> Again Right click on it and select 'Apply this Policy to' --> select 'Users' --> select the Users/Group to whom you want to shadow (Shadow User).
0
 
SOK_NorwayAuthor Commented:
I set the user to be an administrator in Citrix Access Management Console. The Shadow Taskbar still was showing about 3 of 15 sessions. But if I made him a Domain Admin in my AD, could he see all the 15 sessions.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Ron9909Commented:
Interesting problem.  I'd like to ask a fw more questions if thats ok -
Do the users all belong to the same domain or are there trusts in place?

Are the users 3 users always logged on to the same server (s)?  I'm wondering if there is something about the servers themselves e.g.  permissions on the ICA listener

The user account that needs to shadow - have you looked at its group membership to see if it happens to belong to the same groups being shadowed, (perhaps through group nesting)?  

If you add a user to the policy explicitly, can it be shadowed?

Does the shadowing user have the shadow policy applied to him if you run the resultant policy (Search) feature?
0
 
SOK_NorwayAuthor Commented:
Sure, no problem.
All users belong to the same domain.

We have 2 terminal servers which is based on load balanse. Therefor can the user be connected to either server. It looks like the 3 users I see are on one server and the others are on the other server. But it`s 2 more users on the same server that I can`t see.
And I found one more thing. Right now I have 10 users logged in. 6 users on the first server and 4 users on the other server. With administrator i can see all 6 on the first server and 2 users on the other server. With the other user I can`t see anyone on the first server but I can see the 2 users i could not see with administrator.

Yes, the user are member in the group that can be shadowed.

No, I removed the group and applied the policy specificly to 2 users that I knew was logged in.
I could not see them, but i could still see the 2 users that I always have seen. Is there any other places that permissions can be set? Because 2 users that I saw did not have the policy applied to them.

Yes, I gave the users permission under User Workspaces --> Shadowing --> Permission
0
 
Ron9909Commented:
Quote: "No, I removed the group and applied the policy specificly to 2 users that I knew was logged in."

If you apply a policy to users that are already logged in, it wont take effect, as they would have to log in again.  However, from what you've described, it seems like the shadow policy feature is the source of your problem.

Let me explain - there are a lot of reasons why you can have problems with shadowing, e.g. if the display properties are not matched (sessions being shadowed have greater res or colour depth), with permissions on the ICA listener, or even with DCOM permissions, but I think the problem here is policy related.  

When you configure a shadow policy, all users that you want to be able to shadow must be added to the policy i.e. whatever users are configured under the 'apply this policy to' setting can only be shadowed by users added to that policy.  

I've noticed on other occasions, that this seems to affect even full Citrix admins (but not had a satisfactory explanation yet as to why).  The way to test if this is your problem here is firstly, disable the policy and test using new sessions, and secondly, re-enable the policy then add your citrix administrators to the policy.  Can you try this and let me know what happens?
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now