Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations MikeeOK on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

User Rights and Login Need help ASAP Please. Production Enviro 1

Status
Not open for further replies.
wlpsyp

wlpsyp

IS-IT--Management
Feb 5, 2003
195
US
Hello all, Spent this weekend upgrading server from NT 4 TSE with MF 1.8 to Win 2000 Server with MF 1.8. None AD enviroment, domain is NT, users computers are either W2K Pro or XP Pro. Everything works great for me as the Admin but users can not log on. Only publishing apps, no desktop.

Issue is... users can not log on after I refreshed the ICA client (newest version) They get a password/user name issue. If I place a user in the Administrators group on the server they login fine and have access to the published apps. However being placed in the Admin group is in no way a fix. I placed them in the power users group, can not connect. placed them in the users group, can not connect. What is the problem? What am I missing?

Log on iteractively is set on the MF server. I have done to tweaking of the server yet, it is just a fresh install of W2K Server and MF 1.8.

Again, everything runs fine from what I can see, just users can not login. MF has been activated.

Thanks for the help....

Dying here........

Bill

It's not a problem...It's just a Blood Pressure Monitor
 
Sort by date Sort by votes
Have you installed Terminal Services Licensing on a server on the network?

Win2k and XP pro do not require a purchased TS CAL for Windows 2000, however they must connect to an active TS licensing server in order for the "built-in" license to be activated.

Are you receiving an error when attempting to connect from the clients?
 
Upvote 0 Downvote
ahalecitrix, Thanks for the fast response.

Yes I have a licensing server (it is installed on the MF server) and is active. When I try to connect I can see that they are getting a built in license.

Only error I get is when I try to connect a user, it says invalid password or username. I know they are right as I am doing testing with them. The user will work only if I put them in the admin group of the MF server. As soon as I take them and put them in the Users group or Power users group, they stop functioning

It's not a problem...It's just a Blood Pressure Monitor
 
Upvote 0 Downvote
Bill,

Also check the Citrix Connection settings. You will need to give users permission to logon via ICA. Go to Citrix Connection Configuration and right click on ICA and click on permissions.

You can give users access from there. I usually created a domain group called "Citrix Authorized" and add users to that group and give them permission to connect from here. You can however give Domain Users access if you want and see if this resolves the problem.
 
Upvote 0 Downvote
Ahalecitrix,

I have done that over and over, I thought they may have been it also. I have in there...

Administrators-Full Control
Domain Users (Group)- cess and Guest Access
Everyone - User Access and Guest Access
System - Full control

This is driving me nuts, should be so simple

Bill

It's not a problem...It's just a Blood Pressure Monitor
 
Upvote 0 Downvote
Hmmm... that is frustrating. The only thing off the top of my head I can think of that often causes connectivty issues is the licensing packs.

Make sure you have installed the Connection Packs for MetaFrame.

Also check the product code by right clicking on the server in the CMC and going to "Set MetaFrame Product Code".

Oh but I just remembered you said you are using MF 1.8 for Win2k didn't you....

It's been a while since I've troubleshot connectivity to 1.8. I'm trying to think of what else to check.

Enable RDP. If user's can connect over RDP that will tell us whether or not the problem is with Citrix or with the server itself.
 
Upvote 0 Downvote
Have RDP enabled, stupid question, how do you make a client connect with it?

It's not a problem...It's just a Blood Pressure Monitor
 
Upvote 0 Downvote
Bill,

With Windows XP go to Start\Programs\Accessories\Communcations\Remote Desktop Connection.

For Windows 2000 Pro you will need to go M$'s website and download the RDP client and install it. After the install it will be located in the same place on the start menu as XP.

Here is the link:
 
Upvote 0 Downvote
Well, thats out as the domain is locked down and can not use Remote desktop etc.

I am getting closer, but dont know why in the hell this would make a difference. If I place a username in the Power Users Group of the Server under computer management it will allow you in. Why? They do not need those kind of rights do they? I know NT TSE, new to this W2K TS stuff

Bill

It's not a problem...It's just a Blood Pressure Monitor
 
Upvote 0 Downvote
When you say the Domain is locked down and you can't use RDP, do you mean with System Policy? Or is the MetaFrame server at a remote office and the ports to allow RDP are blocked? You should be able to connect via RDP from the same LAN as the server unless it is disabled or some other policy is overriding the setting and blocking the connection which could be the root of the problem.

Also, I'm sure you have probably already checked this, but I remember you mentioned they are using published applications. Check the permissions on each published app to ensure the users are in a group that has permission to access the app.
 
Upvote 0 Downvote
The ports are blocked for RDP but not for MF. The MF server is in my office, but no ports are open to it for RDP only for MF.

The published apps do have the proper rights to them.

I am at a lose here now

Bill

It's not a problem...It's just a Blood Pressure Monitor
 
Upvote 0 Downvote
Have you tried connecting via the RDP client locally from your computer? Are the users having connectivity problems all remote?

If possible, try troubleshooting the problem from a client machine on the local LAN. Try ICA and RDP (using a user account, not an admin) and see if the connection works for either. I suspect that the users will probably have a problem connecting even with RDP. But verifying that is not working as well will assure you, you aren't barking up the wrong tree. If RDP does work for a user that tells me it is for sure a configuratoin issue within MetaFrame itself. If RDP has the same problem, it's got to be a problem with Windows 2000 terminal services, either TS licensing, access permissions or something along those lines.

Is there a local policy on the MetaFrame servers? This can modify permissions that user's have to logon remotely, access the computer from the network and all that stuff.

What error message are the users receiving when they try to logon?
 
Upvote 0 Downvote
Ahalecitrix,

I dont know what the heck is going on or what happened, but I think I got it. Under the Users group the is a NT AUTHORITY\INTERACTIVE, I removed that, rebooted the computer and re-initiated that group and all seems to be fine now. Dont know why that would have caused any problems but it looks like it was the culprit. It all seems to be working and functioning correctly.

Time to read up on the Interactive and see what it's purpose in life it.

Thanks for the great advice, help and pointing me in the right direction.

Bill

It's not a problem...It's just a Blood Pressure Monitor
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MartijnNL
  • Locked
  • Question
DCL: Counting number of user processes for a period of time
Replies
1
Views
412
yamyam
yamyam
fbizzell
  • Locked
  • Question
thread75-1123232 I need a copy of 1
Replies
4
Views
401
goombawaho
goombawaho
sodax
  • Locked
  • Question
SPOOLSV need to be killed in order to have printers and Session in windows 2003
Replies
0
Views
209
sodax
sodax
tendim
  • Locked
  • Question
Discussion about greenfield deployment, any help appreciated!
Replies
0
Views
251
tendim
tendim
Breezeman
  • Locked
  • Question
Stop users from saving to their user directory on C: of application servers
Replies
3
Views
515
JayIT
JayIT

Part and Inventory Search

Sponsor

Back
Top