Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Nested ICA session problem

Status
Not open for further replies.
boein

boein

Technical User
Jul 17, 2003
84
BE
Does anybody know if you can start an ica-connection from another ica session?
We have published a metaframe XP server desktop, within
this desktop-session we try to launch another ica session to another MF server. Using an administrator account we are able to launch and connect this ica-session, but any domain-users can not (although no error message).
Both servers (windows 2003) are in the same w2k-domain and the same citrix FARM. If a domain-user is launching
the ica-session directly to the second server, he can reach it successfull.

Anybody having the same problem or a solution.

Thanks

Wim
 
Sort by date Sort by votes
No reason why not - in fact if you publish the shadow bar to enable people to shadow other users, effectively that's what's happening. Ok, maybe not exactly, but pretty darn close. And anyhow you've proven it works from an admin account.

Anyhow, you could try running an rdp session from within an ica session to make sure that works, but my guess would be that perhaps the ICA software on the MF server is having issues - maybe want to check the settings. Maybe the users are connecting on as a single account? Or maybe the server is locked down such that the ICA client can't modify the registry/create the required ini files in the user's hidden application data directory? Check out faq48-3661 for info on where this stuff is located.

Probably the easiest way though is to simply logon locally (ie not using Citrix) to the Citrix server console as a normal user account and try from there - maybe you might see some error messages.

Just some thoughts....

Cheers
 
Upvote 0 Downvote
On the citrix server, where the sessions are started from , make sure the domain users have write access to:
HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing\Store

Free citrixprinting support
 
Upvote 0 Downvote
I'm pretty sure it's a security issue, admin can make connection, users cannot. Question is what file or registry key is written to when you make this connection from one citrix server to another.
I tried the write permissions on the "Store"-key but no luck. Logon locally is also no solution because our users can only access the application via a desktop program "powerfuse" which is in fact the explorer shell the end-user uses. So in fact this is the only published application in our farm. Our Trash Applications (as we call them ;-) are installed on a separate server and this trash-application must be launched from the other servers, that's why I need this nested ica connections.

Maybe you have other solutions?

 
Upvote 0 Downvote
Ah - no I wasn't suggesting that the users logon to the server as a solution. I was suggesting that you get a normal user id and and then you try walking over to the actual citrix server and and logon to the server and then run the application from there and see what happens! That way you're not running a nested ICA session and can prove that's not the issue.

You may also want to try running regmon ( whilst the app is starting up (as admin) & hunt through the results to see what's happening. Assuming that the correct info is in HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ and the users have read/write access to C:\Documents and Settings\username\Local Settings\Application Data\ and those settings are correct then it should work. Assuming they're all OK then it sounds like "powerfuse" wants/expects something or is doing/trying to do things with permissions as it's starting - with a bit of luck it may also dump some info into the server's Application log.....

Oh, assuming that this is the same software, has info on permissions - if it is, then make sure that all your users have the permissions shown for "Everyone" in the example.

Cheers
 
Upvote 0 Downvote
Does citrix modifies files in "C:\Documents and Settings\username\Local Settings\Application Data\" when starting an ica session? If so which files are changed? Same question for the registry keys. Meanwhile I tried some other nested-ica constructions, and for one construction it almost worked!!!
-ica session on trash server with domain user account starting antoher ica session on the same trash server with another domain user (not the same) seem to work. When I did use the same domain user I get a profile error, but I suppose the reason is that a user cannot log in on the same server with the same account, is it possible to override this? Maybe it does help? Profile sharing violation or something like that :)
-Strange thing is that when I try to connect from a server with user A and connect to antoher with user B the citrix session is again invisible although no error warnings this time.
The powerfuse directory security was OK because I also used this document when setting up my servers. Although I think powerfuse is not the problem, even without powerfuse the nested ica-problem exists.

 
Upvote 0 Downvote
1. I don't believe it modifies any of them unless they need to be changed. Even so, the user needs read/write access to this directory. Same with the registry keys - although generally read access to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ should be enough.

2. You should be able to log on multiple times on a server, unless this has been disabled via the CMC on a farm or server or application (also check policy) basis. What is the profile error you see, if any? Maybe it's a corrupt profile stored on the Citrix server - simple fix if it is (just delete the profiles)?

Cheers
 
Upvote 0 Downvote
We found the solution. Probably our problems were related to the fact that we installed our server with full security instead of relaxed security, and that we cloned this server which made the MSLICENSING-key corrupt.
When you install citrix on Windows 2003 server and use cloning, pay attention to the mslicensing-key.
This is what we did:
Use regedit,
in HKLM\Software\microsoft\mslicensing\hardwareID delete the ClientHWID
in HKLM\Software\microsoft\mslicensing\store delete all the MSLICENSE000 keys
HKLM\Software\microsoft\mslicensing change permissions for local users to full-control

for the full story also try
Thanks,

Wim
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sebastian42
  • Locked
  • Question
Possibly a timing problem
Replies
0
Views
651
Sebastian42
Sebastian42
badger007
  • Locked
  • Question
simh vax openvms editor problem
Replies
1
Views
390
badger007
badger007
kenowens
  • Locked
  • Question
client application ramdomly creates duplicate sessions
Replies
1
Views
320
blister911
blister911
sodax
  • Locked
  • Question
Redirect PORT COM on ICA CLIENTS
Replies
2
Views
278
sodax
sodax
sodax
  • Locked
  • Question
SPOOLSV need to be killed in order to have printers and Session in windows 2003
Replies
0
Views
202
sodax
sodax

Part and Inventory Search

Sponsor

Back
Top