Wednesday, December 3, 2008

[THIN] Shadow taskbar encryption errors

I am having a problem with using Shadow Taskbar on a test CPS 4.5 farm  (w2ke) we have.

We have a group policy Set client connection encryption level set to Client compatible.

This results in getting an error "you do not have the proper encryption level to access this session".  Also get another popup same time, " To log on to this computer, you must have terminal server User access Permissions……

So I have been working on this and this is all the stuff I have tried (what works what does not)

1st - Turned off all encryption stuff and it worked
        - registry hklm\system\currentcontrolset\control\terminal server\Winstations\ica-tcp\MinEncryptionLevel 1
        - Published  application no level specified as requirement
        - Citrix ICA encryption Policy,  disabled
        -  gp removed setting for encryption Computer\Windows components\Terminal Server\Encryption and Security\Set client connection Encryption level

       
2nd - Turned on Citrix application encryption 128bit min required - WORKED with shadow bar
2.2 - Set Wiindows gp (Set Client Connection encryption level to Client compatible) - FAILED (just encryption note)
        REBOOTED - failed
        Turn off Policy and Gpupdate /force works again
3rd - Enabled Citrix encryption policy - FAILED
        Get encryption error AND Not in TS group so no access.???
        Turn off policy works again
4th - Set registry hklm\system\currentcontrolset\control\terminal server\Winstations\ica-tcp\MinEncryptionLevel 28 - WORKED (no gp or citrix policy)

5th - Turned on Citrix Encryption policy now - WORKS, guess needs above
6th - turned gp encryption back on to client compatible - FAILED
        Set to high - FAILED

So at this point I can't get the Windows GP setting to work.  We currently have it in production and I know Security is going to baulk at wanting to remove it when we upgrade.

Any suggestions?  And thanks again

Regards,
Doug Stratton, Shared Service BC
Service Desk Email: 77000@gov.bc.ca
Service Desk Tel: (250)387-7000


No comments: