Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Regain admin access to a XenApp 6 farm after domain rename

Posted on 2014-03-27
Medium Priority
Last Modified: 2014-04-04
Hello Citrix Experts
I had had a Citrix XenApp 6 HRP2 farm with farm Administrators set as DOMAIN\Domain Admins in the XenApp Delivery Console.
After DOMAIN was renamed to CONTOSO, I logged on as CONTOSO\Administrator and now XenApp Discovery is failing with a message "Errors occurred when using SERVERNAME in the discovery process." Nothing visible under "XenApp" node in DSC, even though the farm itself is functional. But it is not manageable.
I have tried using SERVERNAME\Administrator to same result.

Where do I go from there, barring a reinstall?
Is there a way to regain administrative access?
Question by:CubeOver
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 25

Expert Comment

by:Sekar Chinnakannu
ID: 39960828
will you able to login to server? will you able to login with old domain name? if not try to enable trust and enable the trust between two domain. After enabling same try to add new domain admin to console then change the farm membership http://support.citrix.com/article/CTX102371

Author Comment

ID: 39961008
Yes I can logon as CONTOSO user or admin. Old DOMAIN does not exist anymore since it was a rename.

Accepted Solution

CubeOver earned 0 total points
ID: 39965796
OK here's how I fixed the issue.

Since it was a domain rename, SIDs stayed the same, so my admin rights still were there through "Domain Admins" group membership, even though the domain name was wrong.

IMA stores SIDs inside ACLs in the data store.
All hosts cached the database for times when IMA is not available.
IMA was in fact available, just could not provide updates because it had trouble logging into the data store after the domain rename.
There was no error dialogs raised, just NETWORK SERVIVE logon errors in the Application log of the data store server, and a phrase about missing trusts between domains DOMAIN and CONTOSO.

I have run
DSMAINT CONFIG /USER:CONTOSO\name /PWD:password /DSN:"C:\Program Files (x86)\Citrix\Independent Management Architecture\mf20.dsn"
to restore IMA access to SQL data store.

Restarted IMA and I could logon as CONTOSO\user.

Discovery worked due to same Domain Admins group SID, and I saw CONTOSO\Domain Admins there in Administrators! This looked like a folder icon and not the real object.
It must be backwards-resolving the name!

I immediately added Local Administrators into XenApp Administrators, will never make the same mistake again.

Backed up using DSMAINT BACKUP C:\temp\

Logged off and logged back as SERVERNAME\Administrator to check if newly added permissions worked - they did.

Then I deleted all old DOMAIN\* groups and only left Local Administrators - this will not need to be updated ever, all SERVERNAME Administrators will be able to manage the farm which is OK for me.

Now off to update all users in application permissions... recreated LHC and all good.

Author Closing Comment

ID: 39977625
I did not receive useful advice, and I resolved the issue myself.

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question