I am having a problem with using Shadow Taskbar on a test CPS 4.5 farm (w2ke) we have.
We have a group policy Set client connection encryption level set to Client compatible.
This results in getting an error "you do not have the proper encryption level to access this session". Also get another popup same time, " To log on to this computer, you must have terminal server User access Permissions……
So I have been working on this and this is all the stuff I have tried (what works what does not)
1st - Turned off all encryption stuff and it worked
- registry hklm\system\currentcontrolset\control\terminal server\Winstations\ica-tcp\MinEncryptionLevel 1
- Published application no level specified as requirement
- Citrix ICA encryption Policy, disabled
- gp removed setting for encryption Computer\Windows components\Terminal Server\Encryption and Security\Set client connection Encryption level
2nd - Turned on Citrix application encryption 128bit min required - WORKED with shadow bar
2.2 - Set Wiindows gp (Set Client Connection encryption level to Client compatible) - FAILED (just encryption note)
REBOOTED - failed
Turn off Policy and Gpupdate /force works again
3rd - Enabled Citrix encryption policy - FAILED
Get encryption error AND Not in TS group so no access.???
Turn off policy works again
4th - Set registry hklm\system\currentcontrolset\control\terminal server\Winstations\ica-tcp\MinEncryptionLevel 28 - WORKED (no gp or citrix policy)
5th - Turned on Citrix Encryption policy now - WORKS, guess needs above
6th - turned gp encryption back on to client compatible - FAILED
Set to high - FAILED
So at this point I can't get the Windows GP setting to work. We currently have it in production and I know Security is going to baulk at wanting to remove it when we upgrade.
Any suggestions? And thanks again
Regards,
Doug Stratton, Shared Service BC
Service Desk Email: 77000@gov.bc.ca
Service Desk Tel: (250)387-7000
No comments:
Post a Comment