• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 874
  • Last Modified:

Moving Citrix XenApp server out of SBS Active Directory OU causes problems

We have a Citrix XenApp 5 Server running on Server 2008 in a Small Business Server 2008 domain. When I initially configured the server and installed XenApp, I did not realize that the server had been placed in the SBSComputers OU in Active Directory. Now that it is fully in production I want to move it into it's own OU so I can tweak the GP's. However, every time I move the XenApp server out of the OU and do a gpupdate, it causes multiple different issues dealing with connectivity to applications and authentication/logging in. If I move the server back into the SBSComputers OU and perform a gpupdate, all is well again.

I am certain it is GP related, but SBS 2008 has so many GP's applied to it I can't find the one that is causing issues. I have tried enabling loopback processing but this doesn't fix it.

Any ideas?

Thanks,

Derek
0
coeurdcom
Asked:
coeurdcom
  • 5
  • 3
1 Solution
 
nappy_dCommented:
Well, definitely the server should be in its own OU.

What issues occur when you remove the server to its own OU?

Try this:
- move the server back to its own OU
- apply to the OU your Citrix box is in all the GPOs from its original OU
- one at a time remote a linked GPO and observe what happens.
0
 
coeurdcomAuthor Commented:
I think this is my next step, it's just difficult because it's all in production and it is very disruptive to the end users.

What is odd is that I when I do a gpresult, it appears all of the previous GP's are being applied, as well as the new one (which is simply disabling the screensaver). Even using the Merge setting on the loopback policy it still drops connections, etc. I will see if I can get the errors posted that I am getting.

Thanks!

Derek
0
 
arunexpCommented:
if the errors are easily recreatable  u could put only one server to the new ou and work with it. or put any standby server in the farm disable the user logon to the standby server, move it to new ou and test.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
coeurdcomAuthor Commented:
We only have one server in the farm, it's a really small deployment. I will be working on this tomorrow during some scheduled downtime and will post some of the errors I encounter, and hopefully post what I do to get it fixed!
0
 
coeurdcomAuthor Commented:
OK, so I moved all of the GP's that the server was saying it was applying based on the gpresult output into the OU I created for the XenApp server. I moved the XenApp server to this OU, and then connected to it via remote desktop. I opened a command prompt, ran gpupdate /force, and was immediately kicked out. I am unable to connect via RDP, and also can log into the XenApp web interface but cannot open a published application. It gives me the error:

"Cannot connect to the Citrix XenApp server. SSL Error 29: The proxy denied access to <alphanumeric string> port 1494"

So, I am thinking that a firewall GP got activated and kicked me out. Still working on removing the GP's that seem relevant to see if this fixes it.
0
 
nappy_dCommented:
Yeah looks that way..

I would suggest that you remove the SBS firewall GPO and try again.

I hope you're not doing this remotely.
0
 
coeurdcomAuthor Commented:
OK, I basically fixed it by removing all of the policies from the top of the domain and the XenApp server domain that had firewall policies defined. Even though I had the actual firewall service disabled on the server, it still somehow was blocking traffic. I had to remove the policy and re-enable the firewall then just turn it "Off" using server manager for all zones. This seems to have fixed it.

Thanks all for your input and help.
0
 
coeurdcomAuthor Commented:
Thanks!
0
 
nappy_dCommented:
Something else you can do is to block policy inheritance on the OU with your Citrix server.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now