Link to home
Start Free TrialLog in
Avatar of Andrew N. Kowtalo
Andrew N. Kowtalo

asked on

Unable to connect to Citrix

Hello Gents.  I have an issue with a Citrix user attempting to login to an application called Time Clock.   When he attempts to login, he gets the following message The task you are trying to do can't be completed because Remote Desktop Services is currently busy. Please try again in a few minutes. Other users should still be able to log on.  He is currently running Windows 7 Pro on his machine and the servers he is authenticating to is 2008 R2.  I did some searching and found old outdated disconnected articles.   Can someone tell me how to get this fixed?  He needs to do his time card and is unable to.   He has tried on various internet connections as well as on and off his vpn tunnel.   Hes rebooted his machine several times and I have restarted all 3 of the companies xenapp servers in hopes it would fix it with no success.  

He needs to get his timecard submitted asap.
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

Remove the profile created on the server and try again, also clear out his hive from the registry.

Regards
Alex
Avatar of Andrew N. Kowtalo
Andrew N. Kowtalo

ASKER

Alex where do I do  this?  Just for troubleshooting purposes I just restarted the entire Citrix server since its early and no one is logged in.  Do you think that may have cleared it up?
ASKER CERTIFIED SOLUTION
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok I will hope the reboot fixes it if not I will try your suggestion.
Darn rebooting it didnt work.. Same thing.  I am clearing profiles in the citrix server.
There is 1 citrix server and 3 xenapp servers where should I clear the profile out of?
If you are not using roaming profiles, on each server go to Control Panel / System / System Properties / Advanced / User Profiles and delete the user profile from this menu. It's the best way to do it. It will remove the profile on the disk and in the registry.

Screenshot:

User generated image
I can get into the citrix session which is the xenapp server with my login.   I cant find the 2 users who are stuck.   Their profiles do not exist.
Does the user have a roaming profile?

Go to active directory and check terminal services profile, if there is a location there, go there and rename the profile.

DO NOT DELETE IT!

Regards
Alex
Alex let me go and check.
Alex the RDSUP blank.  There is no profile path.
OK,

So when the user tries to connect, what citrix box are they connecting to? Have you gone into connection manager on the desktop to check?

Thanks
Alex
Theres a few.  They have a Sage box, Timeclock, a citrix desktop.   All 3 connect to the XENAPP2 servers.   My login allows me to access the desktop.  I am currently letting the user run sage from my login since she has serious reports that need to get done.   I am just trying to find out where her login is hung.  All the applications run off that server it seems even though there are 3 xenapp servers.
What if I build her a new AD profile copy her original login and have her use that to login to the citrix environment?
So the new AD profile threw another new error.   Cannot reach server.   Check your network connection or contact your help desk to assistance. They are currently running on 7.0 I am being told by Citrix this is outdated and they need to get up to 7.15.  Which I am not even sure this will correct the problem.   Thoughts?  Perhaps I should let her use the accounts that work until they get off Citrix all together?
Can post a screen capture of the error messages?
It seems that a configuration file or registry is missing for the application.
It doesn't know what server to contact.
Do you know how the applicatin is configured? Is it a user configuration or a system configuration?
Olivier that is a really good question unfortunately I do not.  Currently the only reason they are using Citrix is to access Sage and a Time clock application.   The actual citrix server and citrix web along with the xenapp servers are running on 2003 and 2008 R2.   They are only using 7.0 so they are out of support scope.   I did look in the AD account however could not find anything under RDSUP tab and it was blank so to try and figure that part out I would have no clue where to look.   It just seems weird 2 accounts can connect 2 can not.  I know they currently have 60 licenses and are only utilizing 5.   Their XENAPP 1 server which runs Citrix Studio is  the host.  Looked at some of the application errors in event viewer and here is what I see.

The connection between the Citrix Broker Service and the database has been lost.
 
Error details:
Exception 'Connection Timeout Expired.  The timeout period elapsed while attempting to consume the pre-login handshake acknowledgement.  This could be because the pre-login handshake failed or the server was unable to respond back in time.  The duration spent while attempting to connect to this server was - [Pre-Login] initialization=21310; handshake=5; ' of type 'System.Data.SqlClient.SqlException'.
 
Ensure that the database is correctly configured and accessible.

The Citrix Broker Service cannot contact the license server '10.1.1.24'.
 
Please ensure that the license server is functioning correctly and that the details identifying the license server are correct in the XenDesktop configuration.

The Citrix Broker Service failed to read some configuration settings from the database. Check that the database is configured correctly.
 
Error details:
Exception 'Cannot connect to database server' of type 'Citrix.Fma.Sdk.Dal.DALConnectionFailedException'.

The Citrix Broker Service experienced an internal error while enforcing a power policy. The service failed in its interaction with the XenDesktop database and was unable to determine the policy actions needed.
 
There might be a configuration problem in the XenDesktop database. Check that the database schema is correct.
 
Error details:
Exception 'Database not found or not accessible' of type 'Citrix.Fma.Sdk.Dal.DALDatabaseNotFoundException'.

Could not communicate with privileged service. Error was System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.pipe://localhost/Citrix/PrivilegedAdminService that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.IO.PipeException: The pipe endpoint 'net.pipe://localhost/Citrix/PrivilegedAdminService' could not be found on your local machine.
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings)
   at System.ServiceModel.Channels.NamedPipeConnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via)
   at System.ServiceModel.Channels.ConnectionPoolHelper.TakeConnection(TimeSpan timeout)
   at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
   at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Citrix.PrivilegedService.Contract.IPrivilegedAdminService.GetStatus()
   at Citrix.PrivilegedService.ClientProxy.PrivilegedAdminServiceClientProxyWrapper.GetStatus()
   at Citrix.Storefront.PrivilegedServiceProxy.GetStatus().


Could not communicate with privileged service. Error was System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.pipe://localhost/Citrix/PrivilegedAdminService that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.IO.PipeException: The pipe endpoint 'net.pipe://localhost/Citrix/PrivilegedAdminService' could not be found on your local machine.
   --- End of inner exception stack trace ---

Server stack trace:
   at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings)
   at System.ServiceModel.Channels.NamedPipeConnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via)
   at System.ServiceModel.Channels.ConnectionPoolHelper.TakeConnection(TimeSpan timeout)
   at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
   at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Citrix.PrivilegedService.Contract.IPrivilegedAdminService.GetStatus()
   at Citrix.PrivilegedService.ClientProxy.PrivilegedAdminServiceClientProxyWrapper.GetStatus()
   at Citrix.Storefront.PrivilegedServiceProxy.GetStatus().

.NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "MiguiControls, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

I will post logs next from XENAPP2 which is where  they are authenticating to.
Here are some logs from the XENAPP2 server they use that they are unable to login to.

Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-72051607-705191716-48716514-5845.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {c4233687-a8b0-4bfe-9fd1-1cbb7933ecbb}


The Citrix Desktop Service failed to obtain a list of delivery controllers with which to register.
 
Please ensure that the Active Directory configuration for the farm is correct, that this machine is in the appropriate Active Directory domain and that one or more delivery controllers have been fully initialized.
 
Refer to Citrix Knowledge Base article CTX117248 for further information.
 
Error details:
Exception 'The request channel timed out while waiting for a reply after 00:00:02. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout.' of type 'System.TimeoutException'

The Citrix Desktop Service failed to obtain a list of delivery controllers with which to register.
 
Please ensure that the Active Directory configuration for the farm is correct, that this machine is in the appropriate Active Directory domain and that one or more delivery controllers have been fully initialized.
 
Refer to Citrix Knowledge Base article CTX117248 for further information.
 
Error details:
Exception 'The request channel timed out while waiting for a reply after 00:00:02. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout.' of type 'System.TimeoutException'

(User Profile Service)
Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.

Faulting application name: A4WCONTAINERXP.EXE, version: 6.2.0.0, time stamp: 0x52b2a0bb
Faulting module name: msxml6.dll, version: 6.30.7601.24498, time stamp: 0x5d2997b5
Exception code: 0xc0000005
Fault offset: 0x00001fc8
Faulting process id: 0x2e7c
Faulting application start time: 0x01d57d319d92ebf9
Faulting application path: C:\Program Files (x86)\Sage\Sage Accpac\runtime\A4WCONTAINERXP.EXE
Faulting module path: C:\Windows\System32\msxml6.dll
Report Id: 0a479ce2-e925-11e9-b97a-005056b34498

Faulting application name: A4WCONTAINERXP.EXE, version: 6.2.0.0, time stamp: 0x52b2a0bb
Faulting module name: msxml6.dll, version: 6.30.7601.24498, time stamp: 0x5d2997b5
Exception code: 0xc0000005
Fault offset: 0x00001fc8
Faulting process id: 0x2e7c
Faulting application start time: 0x01d57d319d92ebf9
Faulting application path: C:\Program Files (x86)\Sage\Sage Accpac\runtime\A4WCONTAINERXP.EXE
Faulting module path: C:\Windows\System32\msxml6.dll
Report Id: 0a479ce2-e925-11e9-b97a-005056b34498

File access may be denied. User '(username)' experienced a long delay while file 'C:\Users\UN\ntuser.ini' was fetched from the user store.  Cause: The user tried to access the file but Profile management detected such a significant delay in this operation that access may be denied. The user received an error message. This may be due to antivirus software preventing access to the file in the user store.  Action: Consult the Profile management documentation for troubleshooting and configuration advice on enterprise antivirus products.

File access may be denied. User 'UN' experienced a long delay while file 'C:\Users\UN\ntuser.ini' was fetched from the user store.  Cause: The user tried to access the file but Profile management detected such a significant delay in this operation that access may be denied. The user received an error message. This may be due to antivirus software preventing access to the file in the user store.  Action: Consult the Profile management documentation for troubleshooting and configuration advice on enterprise antivirus products.

File access may be denied. User 'UN' experienced a long delay while file 'C:\Users\UN\ntuser.ini' was fetched from the user store.  Cause: The user tried to access the file but Profile management detected such a significant delay in this operation that access may be denied. The user received an error message. This may be due to antivirus software preventing access to the file in the user store.  Action: Consult the Profile management documentation for troubleshooting and configuration advice on enterprise antivirus products.

^^^ I think these may be the cause but not sure.
Here is the log files from the server in csv
application-log.csv
Andrew, these logs are showing highly critical dysfonctionment of the Citrix farm.

Are you able to open Citrix Studio and perform any task?
Like viewing the properties or creating a Delivery Group?
Olivier I haven't tried.  I can see the license information within the Studio and such it lets me navigate.  I havent tried to create anything.  Keep in mind this infrastructure is ancient.  I am just trying to bandaid paperclip and rubberband it to keep it somewhat alive.
Do you know if they have deployed Citrix Director by any chance?
It will show you the current state of the servers and farm components.

I understand that you publish applications, but no desktops?
Sometimes it's easier to troubleshoot the desktop environment.
You could edit the Delivery Group, and add a desktop, and restrict the desktop use for this specific user (and your user also). If the user accepts to give you his/her password then try logging to the publish desktop.
See if the environment is working fine, File Explorer, basic apps. And the clock/sage application.
There is a citrix desktop that you can login from the boxes.  When she tries to login she is getting the same RDS is busy error but my login and another login works to that same Citrix Desktop box.
On the server, in the Task Manager (show processes for all users) / Users tab, is she already logged in on that server before trying to login to the Desktop?
No it only shows my login.  She did have a profile under the advanced profiles tab which I deleted.
Have you rebooted the server recently? Any recent Windows update?
If not it could be interesting to reboot and check the Windows Update status.

I wonder if the RDS licence server is still valid. Also, it can be a GPO creating the issue.
If you create a new test user in AD, in the same OU as the user having the issue, and login to the Citrix desktop, is it working?
I can assure the server has been restarted several times.  I am unsure where to check the RDS license server.   2 users are able to get in 2 arent my assumption is RDS is somewhat working.   What GPO do you think would cause 2 users to work and 2 not to?    I did mimic the users account in the same OU and the new error I listed popped up.
If there is a problem with the RDS licence server then you can only have 2 users at the same time on the Windows server.
Can you connect more than 2 users at the same time on the server?

If you added a test account in the same OU and get the error, what happens if you move the user object to another OU?
I havent tried to move the users AD profile to a different OU as of yet.  I can try and locate the OU my account is listed in and move it there and see what happens.   Do you think this will fix it?
Yes it's important to test in a different OU. The problem could be coming from a bad GPO.
(I'm assuming that the Loopback Policy hasn't been setup in the server OU)
Also, try to login more than 2 users at the same time. If you can't login three or four users and get the error, it's probably an RDS Licence server problem.
I dont know all the users that use citrix there are only a couple so there may not be more than 4 lol.    I will move her test account I setup to a different OU and see what happens.
I moved her account to the administrators OU which is full rights and still showing the RDS server as busy.
It's important to know if there is a RDS licence issue.
I like testing with a real logon test instead of just checking the RDS licence server.
I suggest you to create 4 test account, UserA, UserB, UserC, USerD, and log them on the same server.
Or you could check if the licence server has been configured on the RDS server.
Go to Start -> All Programs -> Remote Desktop Services -> Remote Desktop Session Host Configuration menu option. Within this tool, double click on the Remote Desktop licensing mode entry located in the Edit settings box listed under Licensing and check the RDS licence server in the list.

Another thing, the profile could be corrupted in the registry.
Open the Registry Editor, regedit, and navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Open in new window

For each key (with the SID value), look for the value "ProfileImagePath" and check if one correspond to the user account name.
If yes, then delete the SID key or, safer, rename it to .OLD.

And make sure to delete the profile on the local disk in C:\users.
(or rename it to .old)