Thursday, December 4, 2008

[THIN] Re: Shadow taskbar encryption errors

That has been set to 128 bit also.  (2nd, see updates in original)
 
We checked our templates and from what I can tell they are from w2k3.  Not sure which one it was but if it was system.adm (think that was it) it was dated 2007-02-17.
 
So we tried checking these settings from a vista box with the latest GPMC on it.  There were way more choices for other things but this area still looked the same.  We set it with this anyways and same problem.
 
I do have another related question also.
 
We have tried disabling any GP/Citrix Policy... That we can find but still can't get the TSCC ICA-TCP Encryiption level to UN-grey so we can try to change it there.  I have looked at a few servers and they all are the same way.  Is this normal?
 

Regards,
Doug Stratton, Shared Service BC
Service Desk Email: 77000@gov.bc.ca
Service Desk Tel: (250)387-7000

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Joe Shonk
Sent: December 4, 2008 6:16 AM
To: thin@freelists.org
Subject: [THIN] Re: Shadow taskbar encryption errors

Check the encryption level set at the published application level.

 

Joe

 

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Stratton, Doug ISMC:EX
Sent: Wednesday, December 03, 2008 3:59 PM
To: thin@freelists.org
Subject: [THIN] Shadow taskbar encryption errors

 

I am having a problem with using Shadow Taskbar on a test CPS 4.5 farm  (w2k) we have.

We have a group policy Set client connection encryption level set to Client compatible.

This results in getting an error "you do not have the proper encryption level to access this session".  Also get another popup same time, " To log on to this computer, you must have terminal server User access Permissions……

So I have been working on this and this is all the stuff I have tried (what works what does not)

1st - Turned off all encryption stuff and it worked
        - registry hklm\system\currentcontrolset\control\terminal server\Winstations\ica-tcp\MinEncryptionLevel 1
        - Published  application no level specified as requirement
        - Citrix ICA encryption Policy,  disabled
        -  gp removed setting for encryption Computer\Windows components\Terminal Server\Encryption and Security\Set client connection Encryption level

       
2nd - Turned on Citrix Published Desktop encryption 128bit min required - WORKED with shadow bar
2.2 - Set Wiindows gp (Set Client Connection encryption level to Client compatible) - FAILED (just encryption note)
        REBOOTED - failed
        Turn off Policy and Gpupdate /force works again
3rd - Enabled Citrix encryption policy - FAILED
        Get encryption error AND Not in TS group so no access.???
        Turn off policy works again
4th - Set registry hklm\system\currentcontrolset\control\terminal server\Winstations\ica-tcp\MinEncryptionLevel 28 - WORKED (no gp or citrix policy)

5th - Turned on Citrix Encryption policy now - WORKS, guess needs above
6th - turned gp encryption back on to client compatible - FAILED
        Set to high - FAILED  

7th - tried setting with latest GPMC on vista box - FAILED (it did set the RDP connections but the Citrix connection still said None and is greyed out and shadow still not working.)

So at this point I can't get the Windows GP setting to work.  We currently have it in production and I know Security is going to baulk at wanting to remove it when we upgrade.

Any suggestions?  And thanks again

Regards,
Doug Stratton, Shared Service BC
Service Desk Email: 77000@gov.bc.ca
Service Desk Tel: (250)387-7000

 

No comments: