Solved

Moving Citrix XenApp server out of SBS Active Directory OU causes problems

Posted on 2011-03-09
9
854 Views
Last Modified: 2012-05-11
We have a Citrix XenApp 5 Server running on Server 2008 in a Small Business Server 2008 domain. When I initially configured the server and installed XenApp, I did not realize that the server had been placed in the SBSComputers OU in Active Directory. Now that it is fully in production I want to move it into it's own OU so I can tweak the GP's. However, every time I move the XenApp server out of the OU and do a gpupdate, it causes multiple different issues dealing with connectivity to applications and authentication/logging in. If I move the server back into the SBSComputers OU and perform a gpupdate, all is well again.

I am certain it is GP related, but SBS 2008 has so many GP's applied to it I can't find the one that is causing issues. I have tried enabling loopback processing but this doesn't fix it.

Any ideas?

Thanks,

Derek
0
Comment
Question by:coeurdcom
  • 5
  • 3
9 Comments
 
LVL 32

Accepted Solution

by:
nappy_d earned 500 total points
Comment Utility
Well, definitely the server should be in its own OU.

What issues occur when you remove the server to its own OU?

Try this:
- move the server back to its own OU
- apply to the OU your Citrix box is in all the GPOs from its original OU
- one at a time remote a linked GPO and observe what happens.
0
 

Author Comment

by:coeurdcom
Comment Utility
I think this is my next step, it's just difficult because it's all in production and it is very disruptive to the end users.

What is odd is that I when I do a gpresult, it appears all of the previous GP's are being applied, as well as the new one (which is simply disabling the screensaver). Even using the Merge setting on the loopback policy it still drops connections, etc. I will see if I can get the errors posted that I am getting.

Thanks!

Derek
0
 
LVL 6

Expert Comment

by:arunexp
Comment Utility
if the errors are easily recreatable  u could put only one server to the new ou and work with it. or put any standby server in the farm disable the user logon to the standby server, move it to new ou and test.
0
 

Author Comment

by:coeurdcom
Comment Utility
We only have one server in the farm, it's a really small deployment. I will be working on this tomorrow during some scheduled downtime and will post some of the errors I encounter, and hopefully post what I do to get it fixed!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:coeurdcom
Comment Utility
OK, so I moved all of the GP's that the server was saying it was applying based on the gpresult output into the OU I created for the XenApp server. I moved the XenApp server to this OU, and then connected to it via remote desktop. I opened a command prompt, ran gpupdate /force, and was immediately kicked out. I am unable to connect via RDP, and also can log into the XenApp web interface but cannot open a published application. It gives me the error:

"Cannot connect to the Citrix XenApp server. SSL Error 29: The proxy denied access to <alphanumeric string> port 1494"

So, I am thinking that a firewall GP got activated and kicked me out. Still working on removing the GP's that seem relevant to see if this fixes it.
0
 
LVL 32

Expert Comment

by:nappy_d
Comment Utility
Yeah looks that way..

I would suggest that you remove the SBS firewall GPO and try again.

I hope you're not doing this remotely.
0
 

Author Comment

by:coeurdcom
Comment Utility
OK, I basically fixed it by removing all of the policies from the top of the domain and the XenApp server domain that had firewall policies defined. Even though I had the actual firewall service disabled on the server, it still somehow was blocking traffic. I had to remove the policy and re-enable the firewall then just turn it "Off" using server manager for all zones. This seems to have fixed it.

Thanks all for your input and help.
0
 

Author Closing Comment

by:coeurdcom
Comment Utility
Thanks!
0
 
LVL 32

Expert Comment

by:nappy_d
Comment Utility
Something else you can do is to block policy inheritance on the OU with your Citrix server.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Several part series to implement Internet Explorer 11 Enterprise Mode
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now