Solved

Moving Citrix XenApp server out of SBS Active Directory OU causes problems

Posted on 2011-03-09
9
864 Views
Last Modified: 2012-05-11
We have a Citrix XenApp 5 Server running on Server 2008 in a Small Business Server 2008 domain. When I initially configured the server and installed XenApp, I did not realize that the server had been placed in the SBSComputers OU in Active Directory. Now that it is fully in production I want to move it into it's own OU so I can tweak the GP's. However, every time I move the XenApp server out of the OU and do a gpupdate, it causes multiple different issues dealing with connectivity to applications and authentication/logging in. If I move the server back into the SBSComputers OU and perform a gpupdate, all is well again.

I am certain it is GP related, but SBS 2008 has so many GP's applied to it I can't find the one that is causing issues. I have tried enabling loopback processing but this doesn't fix it.

Any ideas?

Thanks,

Derek
0
Comment
Question by:coeurdcom
  • 5
  • 3
9 Comments
 
LVL 32

Accepted Solution

by:
nappy_d earned 500 total points
ID: 35093988
Well, definitely the server should be in its own OU.

What issues occur when you remove the server to its own OU?

Try this:
- move the server back to its own OU
- apply to the OU your Citrix box is in all the GPOs from its original OU
- one at a time remote a linked GPO and observe what happens.
0
 

Author Comment

by:coeurdcom
ID: 35096496
I think this is my next step, it's just difficult because it's all in production and it is very disruptive to the end users.

What is odd is that I when I do a gpresult, it appears all of the previous GP's are being applied, as well as the new one (which is simply disabling the screensaver). Even using the Merge setting on the loopback policy it still drops connections, etc. I will see if I can get the errors posted that I am getting.

Thanks!

Derek
0
 
LVL 6

Expert Comment

by:arunexp
ID: 35101885
if the errors are easily recreatable  u could put only one server to the new ou and work with it. or put any standby server in the farm disable the user logon to the standby server, move it to new ou and test.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:coeurdcom
ID: 35101899
We only have one server in the farm, it's a really small deployment. I will be working on this tomorrow during some scheduled downtime and will post some of the errors I encounter, and hopefully post what I do to get it fixed!
0
 

Author Comment

by:coeurdcom
ID: 35113859
OK, so I moved all of the GP's that the server was saying it was applying based on the gpresult output into the OU I created for the XenApp server. I moved the XenApp server to this OU, and then connected to it via remote desktop. I opened a command prompt, ran gpupdate /force, and was immediately kicked out. I am unable to connect via RDP, and also can log into the XenApp web interface but cannot open a published application. It gives me the error:

"Cannot connect to the Citrix XenApp server. SSL Error 29: The proxy denied access to <alphanumeric string> port 1494"

So, I am thinking that a firewall GP got activated and kicked me out. Still working on removing the GP's that seem relevant to see if this fixes it.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 35113862
Yeah looks that way..

I would suggest that you remove the SBS firewall GPO and try again.

I hope you're not doing this remotely.
0
 

Author Comment

by:coeurdcom
ID: 35113913
OK, I basically fixed it by removing all of the policies from the top of the domain and the XenApp server domain that had firewall policies defined. Even though I had the actual firewall service disabled on the server, it still somehow was blocking traffic. I had to remove the policy and re-enable the firewall then just turn it "Off" using server manager for all zones. This seems to have fixed it.

Thanks all for your input and help.
0
 

Author Closing Comment

by:coeurdcom
ID: 35113915
Thanks!
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 35114001
Something else you can do is to block policy inheritance on the OU with your Citrix server.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question