?
Solved

Citrix/TS roaming profiles query

Posted on 2008-11-14
10
Medium Priority
?
728 Views
Last Modified: 2013-11-21
Hi

Say I have a multi-domain forest, US and Canada. Each domain has their own Citrix farm and have set their GPO's to use Roaming Profiles for the OU that their Citrix servers are in.

Am I correct in thinking that if a user from the US travels to Canada and accesses a Citrix server in the Candadian farm, they won't see the profile they used when they were in the US? Because the GPO is set per domain, and when they use the Candadian GPO it would be pointing to a brand new location?

The only way for them to access their US profile is to cross the WAN and use the US Citrix farm?

Just want to clear it up!

0
Comment
Question by:bruce_77
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 8

Accepted Solution

by:
Herrmannator earned 1600 total points
ID: 22958799
Yes - as you described it, the Citrix servers are in different OUs, each OU with its own GPO defining where the roaming profiles are stored.  Therefore, whoever logs on those servers has to get their roaming profile from that location, and/or create a new one at that location.
If you think about it, it would be bad if the Canadian citrix servers allowed a profile to load from a US profile server, because it would then have to pull the profile across the WAN, and would take forever to log on (ie, it is important that the profile share be on the same LAN with high speed connectivity to the Citrix servers it serves).
So yes, the users visiting the other location would do best to use vpn connectivity or otherwise get back to their home citrix farm, where they will automatically load their normal roaming profile.
0
 
LVL 2

Author Comment

by:bruce_77
ID: 22959132
Thanks...so is there any way I can get a user to access their home profile if using a different farm?
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22960251
I am confused on this.  How are they accessing these farms?  When they visit Canada, are they plugging into the local network, and then hitting their US citrix servers (either directly or via VPN client if they are not already connected)?  Or are they sitting down at some Kiosk guest user PC already configured to hit the Canadian farm?
There are a couple things you could do:
1) Use Citrix Program Neighborhood client and just configure it to hit the US farm even from canada (and use VPN client if necessary).
2) Use Citrix Program Neighborhood Agent on the Canadian servers so people can access the US farm from the Canadian Farm. So when in Canada, they could sit at a Kiosk and log into Canadian farm, and then from there launch another Citrix session on the US farm.
3) If desired, I suppose you could just have them log into the Canadian farm to create a new profile, and then copy the needed portions of their US profile over top of their Canadian profile such as their favorites, desktop, etc.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 8

Expert Comment

by:Herrmannator
ID: 22960306
I guess you could also give them a simple batch file or even a shortcut to their US profile if you wanted to.  But normally people should not be storing important documents in their user profile anyway.  They should use their Home drive or other drives, and then they could just access those spots from Canada or fromthe Canadian Citrix servers.  Of course connectivity would be slow over the WAN though, so they may prefer connecting back to the US farm instead.
0
 
LVL 18

Assisted Solution

by:exx1976
exx1976 earned 400 total points
ID: 22961006
This is one of the problems of applying profile information via GPO to machine OUs in a large environment like you're describing.  I recognize this from your other question.


Just write 10 lines of VBS to go through your AD and set the roaming profile path on the users accounts directly, and then it won't matter if they login from CHINA.  As long as they can resolve the name of the fileserver and have network connectivity to it, then when they login, they'll automatically get the correct profile.

Alternatively - are they different FARMS, or are they different zones within the same farm?  If the latter is the case (don't know aything about your Citrix implementation) then you could simply use a zone preference/failover policy applied by user/group and force the US users into the US zone first..  

HTH,
exx
0
 
LVL 2

Author Comment

by:bruce_77
ID: 22961045
Just to clarify, users will be accessing Cirix via the web interface.

So, Todd from the US travels to Canada. If he connects to the web interface address of the US farm, he can access his profile fine, but it's slow due to the WAN. So he chooses to connect to the Candadian farm.

But, the GPO for the OU holding the Canadian Citrix servers points to a path on \\fileserver.Canada.company.com\\Todd, so basically creates a new profile for him.

Is there anyway he can access his existing his existing profile on \\fileserver.US.company.com\\Todd when logging onto the Canadian farm?

How about for Citrix OU's in both domains, there are two GPOs, one to point Canada\Users to \\fileserver.Canada.company.com and one to point US\Users to \\fileserver.US.company.com?
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22961176
hahahahaha

Sorry..  


Seriously now.  If you think it's slow for him to access the US farm from canada, just imagine how slow it's going to be to copy that profile information to the canadian servers from the US..  ICA Traffic doesn't use much bandwidth at all.  If he can't get a decent connection, then I'd look at your network, not your Citrix servers..
0
 
LVL 8

Expert Comment

by:Herrmannator
ID: 22961544
If the profile is stored on a distant server, then the best way for the user to access it will be via the home Citrix server on the same LAN as that profile.  When you are using Citrix all you are doing is remote contolling a session on another machine, so shouldn't be any slower from far away unless you just have bad connectivity in which case you are dropping connections.  But saying Citrix is slow is kind of like saying remote desktop is slow.  How can remote desktop be slow unless what you really mean is the connectivity is bad and causes poor overall performance.
I guess a Citrix server itself can be slow, if there are too many users, etc.  Or if the profiles are allowed to get big, logon/logoff can be extremely slow.  But just using ICA to connect back the home server and have that home server access the roaming profile (which is on the same LAN) should not cause extra slowness.
0
 
LVL 1

Expert Comment

by:WakaMang
ID: 22966547
Wiith the citrix webinterface installed you avoid this kind of problems.
0
 
LVL 6

Expert Comment

by:Khurram Ullah Khan
ID: 22968817
if you are using any profile replication solution or using any SAN based replication settings then it is good for you in this case your user profiles will replicate across continent and users can get their data fast from the nearest datacenter. also in case of any disaster you can redirect users to any other DC nearest to you
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question