• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 575
  • Last Modified:

Regain admin access to a XenApp 6 farm after domain rename

Hello Citrix Experts
I had had a Citrix XenApp 6 HRP2 farm with farm Administrators set as DOMAIN\Domain Admins in the XenApp Delivery Console.
After DOMAIN was renamed to CONTOSO, I logged on as CONTOSO\Administrator and now XenApp Discovery is failing with a message "Errors occurred when using SERVERNAME in the discovery process." Nothing visible under "XenApp" node in DSC, even though the farm itself is functional. But it is not manageable.
I have tried using SERVERNAME\Administrator to same result.

Where do I go from there, barring a reinstall?
Is there a way to regain administrative access?
0
CubeOver
Asked:
CubeOver
  • 3
1 Solution
 
Sekar ChinnakannuSenior EngineerCommented:
will you able to login to server? will you able to login with old domain name? if not try to enable trust and enable the trust between two domain. After enabling same try to add new domain admin to console then change the farm membership http://support.citrix.com/article/CTX102371
0
 
CubeOverAuthor Commented:
Yes I can logon as CONTOSO user or admin. Old DOMAIN does not exist anymore since it was a rename.
0
 
CubeOverAuthor Commented:
OK here's how I fixed the issue.

Since it was a domain rename, SIDs stayed the same, so my admin rights still were there through "Domain Admins" group membership, even though the domain name was wrong.

IMA stores SIDs inside ACLs in the data store.
All hosts cached the database for times when IMA is not available.
IMA was in fact available, just could not provide updates because it had trouble logging into the data store after the domain rename.
There was no error dialogs raised, just NETWORK SERVIVE logon errors in the Application log of the data store server, and a phrase about missing trusts between domains DOMAIN and CONTOSO.

I have run
DSMAINT CONFIG /USER:CONTOSO\name /PWD:password /DSN:"C:\Program Files (x86)\Citrix\Independent Management Architecture\mf20.dsn"
to restore IMA access to SQL data store.

Restarted IMA and I could logon as CONTOSO\user.

Discovery worked due to same Domain Admins group SID, and I saw CONTOSO\Domain Admins there in Administrators! This looked like a folder icon and not the real object.
It must be backwards-resolving the name!

I immediately added Local Administrators into XenApp Administrators, will never make the same mistake again.

Backed up using DSMAINT BACKUP C:\temp\

Logged off and logged back as SERVERNAME\Administrator to check if newly added permissions worked - they did.

Then I deleted all old DOMAIN\* groups and only left Local Administrators - this will not need to be updated ever, all SERVERNAME Administrators will be able to manage the farm which is OK for me.

Now off to update all users in application permissions... recreated LHC and all good.
0
 
CubeOverAuthor Commented:
I did not receive useful advice, and I resolved the issue myself.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now