ThinList Blog: 2009-01-11

Saturday, January 17, 2009

[THIN] Re: Session Reliability

I agree with Rick- Session Reliability is recommended when you have a known situation of recurring short term disconnects. However it may not be a benefit to turn on “just because”. As Rick explains it does not really make sessions more reliable, it just presents a less frustrating appearance during the period of time the session is off line and is trying to re-connect.

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85266

(602) 432-8649

www.thinclient.net

steveg@thinclient.net

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Rick Mack
Sent: Friday, January 16, 2009 11:53 PM
To: thin@freelists.org
Subject: [THIN] Re: Session Reliability

Hi Angela,

The concept behind session reliability is to hide the disconnect/reconnect event from users. It doesn't actually improve things for your users, but instead of their sessions disconnecting and reconnecting, the session just appears to hang for a bit and then starts again. Session reliability is actually a really bad name for this enhancement because it doesn't do what it implies.

Session reliability is functionally a wrapper for standard ICA that encapsulates the ICA protocol and allows you to handle stuff like transparent session reconnection. However it uses a different port to ICA, TCP port 2598. The session reliability listener is the Citrix XTE service which then passes the ICA traffic on to the ICA listener.

So far so good, but there are 2 potential problems.

The first is that the XTE service hasn't been totally stable in the past with recurring instances of memory leaks and instability depending on hotfix levels. If the XTE service starts playing up, session reliability just became your worst enemy.

The second problem relates to the use of a different TCP port. It's fairly common these days to set network QOS to favour ICA traffic when you use Citrix. Everyone, especially your average comms person, knows that ICA is on TCP port 1494 and that is what is used to identify ICA packets for QOS prioritization.

When you switch on session reliability you are no longer using port 1494. So any QOS optimization you've got for ICA suddenly disappears, and in a worst case scenario, session performance can go out the door, you start seeing a lot more disconnections and session reliability becomes "session liability".

However if your users are suffering a reasonable number of disconnections and that is creating annoyance and political problems for you, then by all means investigate using session reliability. But make sure that if you are using QOS, that you co-ordinate with your comms people and ISP so that when you enable session reliability nothing will break. Make absolutely certain that they know ICA can use port 1494 AND port 2598.

And good luck :-)

regards,

Rick

--
Ulrich Mack
Quest Software
Provision Networks Division

On Sat, Jan 17, 2009 at 1:28 PM, Angela Smith <angela_smith9@hotmail.com> wrote:

Hi

Im looking at enabling session reliability on my CPS 4 farm. Are there any gotchas I need to be aware of or could this cause more issues? Im aware of the port changes but I wanted to know if most people are using this or whether session performance is slower due to the additional connection checks..

Thanks
Angela

Download free emoticons today! Holiday cheer from Messenger.

[THIN] Re: Temp folder

Hi Jason,

Absolutely. Although to be honest you'd also do well to get rid of the printer drivers completely and look at a decent UPD solution that covers network printers as well.

That'd get rid of your printing problems.

It's a pity that Citrix doesn't have a true UPD solution for their existing customers.

regards,

Rick

--
Ulrich Mack
Quest Software
Provision Networks Division

On Thu, Jan 15, 2009 at 1:18 AM, Jason Patten <jasoncitrix@gmail.com> wrote:

We have an issue with running out of Disk space on one of our servers.

After searching I discovered that the M:\Program Files\Citrix\System32\Citrix\Ima\Temp is taking up 6 Gigs of space on the drive with what looks like dozens of duplicate files.
From what I can tell thse are copies of the printer drivers for replication. Is it safe to clear this folder out?

[THIN] Re: Linux and Vmware how to ?

Hi,

The VDM client only has standard RDP as the display protocol, USB redirection (VMware not OEM), multimedia redirection (Wyse TCX OEM) and the connection server comms component.

I'm pretty sure that the VDM USB redirection is supported only on Win32 (200/XP/Vista).

TCX has been ported to Linux but I think only Wyse have TCX running on Linux at the moment, but it is supported by XPe/XP/Vista as well as Wyse ThinOS.

That leaves us with the RDP protocol and some comms/connection server agent stuff probably making up a Linux VDM client.

Igel have their own port of the VDM client to Linux. Unless they've managed to do TCX and the USB redirection port to Linux themselves you're left with a somewhat limited VDM client.

But then who needs more than basic RDP client functionality anyway? :-)

regards,

Rick

--
Ulrich Mack
Quest Software
Provision Networks Division

On Thu, Jan 15, 2009 at 1:53 PM, Puneet Goel <g.puneet@gmail.com> wrote:

As far as i know VDM client is not there for linux host machines. how
the linux machines are certified by vmware as VDM compatible ?

On Wed, Jan 14, 2009 at 11:41 PM, Steve Greenberg <steveg@thinclient.net> wrote:
>
> Exactly, you can access Windows virtual machines by installing rdesktop or
> ICA client on LINUX. VDM is the VMware product and that uses RDP (rdesktop)

[THIN] Re: Session Reliability

Hi Angela,

So far so good, but there are 2 potential problems.

And good luck :-)

regards,

Rick

--
Ulrich Mack
Quest Software
Provision Networks Division

On Sat, Jan 17, 2009 at 1:28 PM, Angela Smith <angela_smith9@hotmail.com> wrote:

Hi

Im looking at enabling session reliability on my CPS 4 farm. Are there any gotchas I need to be aware of or could this cause more issues? Im aware of the port changes but I wanted to know if most people are using this or whether session performance is slower due to the additional connection checks..

Thanks
Angela

Download free emoticons today! Holiday cheer from Messenger.

Friday, January 16, 2009

[THIN] Session Reliability

Download free emoticons today! Holiday cheer from Messenger.

[THIN] Re: unattended start up

The original message asked for a delayed restart, not shutdown. Can do that
too.

Joe

-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of George Wasgatt
Sent: Friday, January 16, 2009 11:50 AM
To: thin@freelists.org
Subject: [THIN] Re: unattended start up

-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of Joe Shonk
Sent: Friday, January 16, 2009 1:15 PM
To: thin@freelists.org
Subject: [THIN] Re: unattended start up

For what types of workload? There are some tools that are specific to
Proliants as they use iLO. You can also run Magic Packet from another
machine as a scheduled task to perform a wake-on-lan. For a scheduled,
delayed restart you can use the built in shutdown command and specify how
long to wait.

Joe

-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf
Of David
Sent: Friday, January 16, 2009 1:58 AM
To: thin@freelists.org
Subject: [THIN] unattended start up

Hi list,

does anyboy knows how to schedule an automatic start up in a proliant
servers or schedule a restart task with a delay interval?

thanks
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
Follow ThinList on Twitter
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
Thinlist MOBILE Feed
http://thinlist.net/mobile
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
Follow ThinList on Twitter
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
Thinlist MOBILE Feed
http://thinlist.net/mobile
************************************************

[THIN] Re: unattended start up

It all depends on what is required. It might be possible to script the stopping of certain services so the server appears to be down and then after the reboot it's running as normal. What is trying to be accomplished by delaying the reboot?

Regards,

Scott

"George Wasgatt" <gwasgatt@gmail.com>
Sent by: thin-bounce@freelists.org

01/16/2009 01:52 PM

Please respond to
thin@freelists.org

To	<thin@freelists.org>
cc
Subject	[THIN] Re: unattended start up

Doesn't the server actually stay up and do a countdown to a restart if you use the shutdown command with the delay option? Wouldn't this defeat the purpose of the server being actually down for a set period of time? -----Original Message----- From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Joe Shonk Sent: Friday, January 16, 2009 1:15 PM To: thin@freelists.org Subject: [THIN] Re: unattended start up For what types of workload? There are some tools that are specific to Proliants as they use iLO. You can also run Magic Packet from another machine as a scheduled task to perform a wake-on-lan. For a scheduled, delayed restart you can use the built in shutdown command and specify how long to wait. Joe -----Original Message----- From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of David Sent: Friday, January 16, 2009 1:58 AM To: thin@freelists.org Subject: [THIN] unattended start up Hi list, does anyboy knows how to schedule an automatic start up in a proliant servers or schedule a restart task with a delay interval? thanks ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://www.freelists.org/list/thin Follow ThinList on Twitter http://twitter.com/thinlist Thin List discussion is now available in blog format at: http://thinmaillist.blogspot.com Thinlist MOBILE Feed http://thinlist.net/mobile ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://www.freelists.org/list/thin Follow ThinList on Twitter http://twitter.com/thinlist Thin List discussion is now available in blog format at: http://thinmaillist.blogspot.com Thinlist MOBILE Feed http://thinlist.net/mobile ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://www.freelists.org/list/thin Follow ThinList on Twitter http://twitter.com/thinlist Thin List discussion is now available in blog format at: http://thinmaillist.blogspot.com Thinlist MOBILE Feed http://thinlist.net/mobile ************************************************

[THIN] Re: unattended start up

Joe

Hi list,

does anyboy knows how to schedule an automatic start up in a proliant
servers or schedule a restart task with a delay interval?

[THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Time to run a dsmaint config on these servers first.

Joe

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: Friday, January 16, 2009 8:12 AM
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

The plot thickens, we have another issue with our build whereby this doesn’t work!

When I run dsmaint recreate, I get the following error:

ODBC MICROSOFT ACCESS DRIVER LOGIN FAILED

NOT A VALID ACCOUNT NAME OR PASSWORD

Incidentally we are running PS4.5 PSE450W2K3R02 & PSE450R02W2K3037

Regards

Nik Hunt
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jim Kenzig http://thin.ms
Sent: 16 January 2009 14:34
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

You might try recreating the local host cache on the affected servers if you haven't already dsmaint /recreatelhc
Jim Kenzig
Blog: http://www.techblink.com

On Fri, Jan 16, 2009 at 3:52 AM, IT Support <it@polyco.co.uk> wrote:

One other thing I don't think I've mentioned is..

On affected servers, when you run QUERY FARM it comes back blank!

Again, this is resolved after you restart the IMA Service.

Regards

Nik
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: 16 January 2009 08:41

To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Hi Jim,

I did this as the domain administrator – ie opening up dcomcnfg and literally expanding each node until it errored.

The only error it came back with related to acrobat reader PDFShellInfo which was not recorded.

Needless to say this hasn't fixed my issue.

The strange thing is that these issues go away when I manually stop and start the Citrix IMA Service – until the next [daily] reboot.....

Regards

Nik
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jim Kenzig http://thin.ms
Sent: 15 January 2009 15:28
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Did you try opening dcomcnfg and click on and go through each of the components to see if any of them came up in error? It will usually fix ones it finds that are.
Jim Kenzig
Blog: http://www.techblink.com

On Thu, Jan 15, 2009 at 10:02 AM, IT Support <it@polyco.co.uk> wrote:

I implemented everything below and ran the script, but my original issue is still there every day until I restart the IMA Service.

Damn!

Regards

Nik
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: 14 January 2009 15:15

To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Thanks very much.

I've run the script + restarted the IMA service & the errors have gone. Hopefully they won't come back again....

Nik

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jeremy Saunders
Sent: 14 January 2009 14:28
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

No Probs….I think there are two different versions of dcomperm.exe around. You can download my scripts including the working dcomperm.exe from here:

http://www.jhouseconsulting.com/downloads/dcomperm.zip

The script should be well documented for you to follow J

Cheers,

Jeremy.

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: Wednesday, January 14, 2009 11:01 PM
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Thanks for this great response but I'm not following your statement about setting permissions on the CDF. Can you clarify further?

I've downloaded a version of dcomperm.exe but it is "unable to run on this system".

Cheers.

Nik

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jeremy Saunders
Sent: 13 January 2009 00:59
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

The errors you get will be related to the COM Plus components and DCOM permissions on the CDF service.

Firstly, ensure you have the COM Plus network access installed as per Citrix KB article CTX112853

Secondly, set the correct permissions on the Citrix Diagnostic Facility (CDF). I have a script that automates this as the server builds. It simply uses a utility called dcomperm.exe to give members of the "Distributed COM Users" the ability to local launch, local activate, remote launch and remote activate the DCOM objects.

Thirdly, add the Citrix/Server administrators groups to the local "Distributed COM Users" group.

Fourthly, if you are using Custom admins, ensure they have "view" permissions on objects such as "View My Knowledge Configuration", as this will also cause some AMC permission issues.

Once you've made these changes, the DCOM errors you are seeing will be a thing of the past.

Cheers,

Jeremy.

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: Monday, January 12, 2009 7:18 PM
To: 'thin@freelists.org'
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Further to this –

We are also getting the error below in the logs, and errors enumerating the Citrix Access Management Console.

This seems to happen on reboot, and persists until we manually restart the IMA Service on the affected servers.

Any ideas?

Event Type: Error

Event Source: DCOM

Event Category: None

Event ID: 10006

Date: 12/01/2009

Time: 10:02:00

User: N/A

Computer: CITRIX1

Description:

DCOM got error "General access denied error " from the computer CITRIX2 when attempting to activate the server:

{DB192ECC-CCBC-4A97-8121-B2FB89FE77C2}

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: 08 January 2009 08:34
To: 'thin@freelists.org'
Subject: [THIN] DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Hi All,

We're getting DCOM 10016 errors every time a citrix admin users the Citrix Access Management console on all our citrix servers as below:

Before I start hacking away at DCOM config permissions, does anyone know of a recommended citrix fix?

Cheers.

Event Type: Error

Event Source: DCOM

Event Category: None

Event ID: 10016

Date: 07/01/2009

Time: 12:20:09

User: DOMAIN\user.name

Computer: CITRIX1

Description:

The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID

{DB192ECC-CCBC-4A97-8121-B2FB89FE77C2}

to the user DOMAIN\user.name SID (S-1-5-21-1708537768-1844237615-1177238915-1249). This security permission can be modified using the Component Services administrative tool.

BM Polyco Ltd Disclaimer
This e-mail and the information it contains are confidential. If you have received this message in error please notify us immediately. You should not use or copy it for any purpose nor disclose its contents to any other party. The contents of this communication are advisory and are not binding on the Company unless supported by authorised documentation.
It has also passed through the MailControl Anti-Virus service powered by BlackSpider for total peace of mind.

Click here to report this email as spam.

Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you.

[THIN] Re: unattended start up

Joe

Hi list,

does anyboy knows how to schedule an automatic start up in a proliant
servers or schedule a restart task with a delay interval?

[THIN] Re: Certificates and profiles

If it's from another company, with either their self-signed cert (yes, even if they run their own CA), you'd have to be awfully trusting, to trust their root CA.

Neil

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jeremy Saunders
Sent: 16 January 2009 14:26
To: thin@freelists.org
Subject: [THIN] Re: Certificates and profiles

And maybe it won’t be trusted because you don’t have the root cert. Vista may contain something different to your Citrix (Windows 2003?) servers.

There are two MS tools I use for automating the certificate import so that users never need to deal with this stuff. Certmgr.exe and winhttpcertcfg.exe.

http://weblogs.asp.net/hernandl/archive/2005/02/09/WinHttpCertCfgTool.aspx

I hope that goes someway to helping.

Cheers,

Jeremy.

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Kevin Stewart
Sent: Friday, January 16, 2009 10:48 PM
To: thin@freelists.org
Subject: [THIN] Re: Certificates and profiles

Its likely that the certificate isn't "trusted" by the system. Open up the certificate details when you get the prompt, go to the last tab, I think its "Certification Path", and look at the trust chain. You'll see the certificate that's being presented and potentially another certificate above it that is the parent, or root of this one. One or both of those will probably have a red X next to them. If so download and install that/these certificates in the computers trusted or intermediate trust stores. The prompt essentially means "Hey, the server you're talking to is passing a server certificate that I don't trust. Are you sure you want to start a dialog?" If you install the certificates the computer will then implicitly trust the server. Additionally, I believe each user has their own certificate store, so you may need to install in the computer's store for them to be global. Otherwise I don't believe it has anything to do with roaming profiles and Vista probably remembers the user's first response to the prompt.

Give that a try.

Kevin

On Fri, Jan 16, 2009 at 7:44 AM, Hamilton, Ronnie <ronnie.hamilton@ltai.ie> wrote:

I think it's a cert that was set up for the applications by the company that wrote it…but its not a veri sign or anything like that.

I have users running Vista and they have a local profile and when they accept the cert they only do it once.

-----Original Message-----
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Braebaum, Neil
Sent: 16 January 2009 11:41
To: thin@freelists.org

Subject: RE: [THIN] Certificates and profiles

Why do they have to accept the cert?

Is there something wrong with it?

Neil

From: thin-bounce@freelists.org on behalf of Hamilton, Ronnie
Sent: Fri 1/16/2009 11:24 AM
To: thin@freelists.org
Subject: [THIN] Certificates and profiles

HI,

We have recently implemented a new web application which requires you to accept a certificate when you open the web page to access the site.

My question is when the user has accepted this and logs out and then back in they have to accept it again.

We currently use roaming profiles and I was under the impression that this setting should be held.

Thanks

Ronnie

Visit our website : www.ltai.ie

__________________________________________

Lufthansa Technik Airmotive Ireland Limited. Registered in Ireland. Reg. No. 45999. Registered Office: Naas Road, Rathcoole, Co.Dublin.

Lufthansa Technik Airmotive Ireland Leasing Limited. Registered in Ireland. Reg. No. 140891. Registered Office: Naas Road, Rathcoole, Co.Dublin.

__________________________________________

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please advise by return email and delete all copies of the message.

--
Kevin G. Stewart

Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you.

********************************************************************************

This email and its attachments are confidential to the intended recipient. If this has come to you in error, please notify the sender immediately and delete this email from your system. You must take no action based on this email, nor must you copy or disclose it or any part of its contents to any person or organisation. Please note that email communications may be monitored. The registered office of Shop Direct Limited is First Floor, Skyways House, Speke Road, Speke, Liverpool, L70 1AB, registered number 04730752.

Subsidiary companies of Shop Direct Limited include:

Shop Direct Group Financial Services Limited (SDGFS), Shop Direct Financial Services Limited (SDFS) and Shop Direct Finance Company Limited (SDFC). The registered office of SDGFS, SDFS and SDFC is Aintree Innovation Centre, Park Lane, Netherton, Bootle, L30 1SL, registered numbers 05200103 (SDGFS), 04730706 (SDFS) and 04660974 (SDFC). SDFS and SDFC are authorised and regulated by the Financial Services Authority in respect of arranging insurance products.

Shop Direct Contact Centres Limited (SDCC) and Shop Direct Home Shopping Limited (SDHS). The registered office of SDCC and SDHS is First Floor, Skyways House, Speke Road, Speke, Liverpool, L70 1AB, registered numbers 05330323 (SDCC), 04663281 (SDHS).

All companies registered in England.

********************************************************************************

[THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Assuming you ran this on the server as administrator then I would start looking at permissions on your database of course and add the account you are trying to use.

Jim Kenzig
Blog: http://www.techblink.com

On Fri, Jan 16, 2009 at 10:12 AM, IT Support <it@polyco.co.uk> wrote:

The plot thickens, we have another issue with our build whereby this doesn't work!

When I run dsmaint recreate, I get the following error:

ODBC MICROSOFT ACCESS DRIVER LOGIN FAILED

NOT A VALID ACCOUNT NAME OR PASSWORD

Incidentally we are running PS4.5 PSE450W2K3R02 & PSE450R02W2K3037

Regards

Nik Hunt
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jim Kenzig http://thin.ms
Sent: 16 January 2009 14:34

To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

You might try recreating the local host cache on the affected servers if you haven't already dsmaint /recreatelhc
Jim Kenzig
Blog: http://www.techblink.com

On Fri, Jan 16, 2009 at 3:52 AM, IT Support <it@polyco.co.uk> wrote:

One other thing I don't think I've mentioned is..

On affected servers, when you run QUERY FARM it comes back blank!

Again, this is resolved after you restart the IMA Service.

Regards

Nik
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: 16 January 2009 08:41

To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Hi Jim,

I did this as the domain administrator – ie opening up dcomcnfg and literally expanding each node until it errored.

The only error it came back with related to acrobat reader PDFShellInfo which was not recorded.

Needless to say this hasn't fixed my issue.

The strange thing is that these issues go away when I manually stop and start the Citrix IMA Service – until the next [daily] reboot.....

Regards

Nik
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jim Kenzig http://thin.ms
Sent: 15 January 2009 15:28
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Did you try opening dcomcnfg and click on and go through each of the components to see if any of them came up in error? It will usually fix ones it finds that are.
Jim Kenzig
Blog: http://www.techblink.com

On Thu, Jan 15, 2009 at 10:02 AM, IT Support <it@polyco.co.uk> wrote:

I implemented everything below and ran the script, but my original issue is still there every day until I restart the IMA Service.

Damn!

Regards

Nik
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: 14 January 2009 15:15

To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Thanks very much.

I've run the script + restarted the IMA service & the errors have gone. Hopefully they won't come back again....

N

Nik

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jeremy Saunders
Sent: 14 January 2009 14:28
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

No Probs….I think there are two different versions of dcomperm.exe around. You can download my scripts including the working dcomperm.exe from here:

http://www.jhouseconsulting.com/downloads/dcomperm.zip

The script should be well documented for you to follow J

Cheers,

Jeremy.

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: Wednesday, January 14, 2009 11:01 PM
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Thanks for this great response but I'm not following your statement about setting permissions on the CDF. Can you clarify further?

I've downloaded a version of dcomperm.exe but it is "unable to run on this system".

Cheers.

N.

Nik

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Jeremy Saunders
Sent: 13 January 2009 00:59
To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

The errors you get will be related to the COM Plus components and DCOM permissions on the CDF service.

Firstly, ensure you have the COM Plus network access installed as per Citrix KB article CTX112853

Secondly, set the correct permissions on the Citrix Diagnostic Facility (CDF). I have a script that automates this as the server builds. It simply uses a utility called dcomperm.exe to give members of the "Distributed COM Users" the ability to local launch, local activate, remote launch and remote activate the DCOM objects.

Thirdly, add the Citrix/Server administrators groups to the local "Distributed COM Users" group.

Fourthly, if you are using Custom admins, ensure they have "view" permissions on objects such as "View My Knowledge Configuration", as this will also cause some AMC permission issues.

Once you've made these changes, the DCOM errors you are seeing will be a thing of the past.

Cheers,

Jeremy.

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: Monday, January 12, 2009 7:18 PM
To: 'thin@freelists.org'
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Further to this –

We are also getting the error below in the logs, and errors enumerating the Citrix Access Management Console.

This seems to happen on reboot, and persists until we manually restart the IMA Service on the affected servers.

Any ideas?

N

Event Type:     Error

Event Source: DCOM

Event Category:          None

Event ID:        10006

Date:               12/01/2009

Time:               10:02:00

User:                N/A

Computer:       CITRIX1

Description:

DCOM got error "General access denied error " from the computer CITRIX2 when attempting to activate the server:

{DB192ECC-CCBC-4A97-8121-B2FB89FE77C2}

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: 08 January 2009 08:34
To: 'thin@freelists.org'
Subject: [THIN] DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Hi All,

We're getting DCOM 10016 errors every time a citrix admin users the Citrix Access Management console on all our citrix servers as below:

Before I start hacking away at DCOM config permissions, does anyone know of a recommended citrix fix?

Cheers.

N

Event Type:        Error

Event Source:    DCOM

Event Category:                None

Event ID:              10016

Date:                     07/01/2009

Time:                     12:20:09

User:                     DOMAIN\user.name

Computer:          CITRIX1

Description:

The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID

{DB192ECC-CCBC-4A97-8121-B2FB89FE77C2}

to the user DOMAIN\user.name SID (S-1-5-21-1708537768-1844237615-1177238915-1249). This security permission can be modified using the Component Services administrative tool.

BM Polyco Ltd Disclaimer
This e-mail and the information it contains are confidential. If you have received this message in error please notify us immediately. You should not use or copy it for any purpose nor disclose its contents to any other party. The contents of this communication are advisory and are not binding on the Company unless supported by authorised documentation.
It has also passed through the MailControl Anti-Virus service powered by BlackSpider for total peace of mind.

Click here to report this email as spam.

Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you.

Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you.

[THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

The plot thickens, we have another issue with our build whereby this doesn’t work!

When I run dsmaint recreate, I get the following error:

ODBC MICROSOFT ACCESS DRIVER LOGIN FAILED

NOT A VALID ACCOUNT NAME OR PASSWORD

Incidentally we are running PS4.5 PSE450W2K3R02 & PSE450R02W2K3037

Regards

Nik Hunt
IT Services Manager

You might try recreating the local host cache on the affected servers if you haven't already dsmaint /recreatelhc
Jim Kenzig
Blog: http://www.techblink.com

On Fri, Jan 16, 2009 at 3:52 AM, IT Support <it@polyco.co.uk> wrote:

One other thing I don't think I've mentioned is..

On affected servers, when you run QUERY FARM it comes back blank!

Again, this is resolved after you restart the IMA Service.

Regards

Nik
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: 16 January 2009 08:41

To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Hi Jim,

I did this as the domain administrator – ie opening up dcomcnfg and literally expanding each node until it errored.

The only error it came back with related to acrobat reader PDFShellInfo which was not recorded.

Needless to say this hasn't fixed my issue.

The strange thing is that these issues go away when I manually stop and start the Citrix IMA Service – until the next [daily] reboot.....

Regards

Nik
IT Services Manager

On Thu, Jan 15, 2009 at 10:02 AM, IT Support <it@polyco.co.uk> wrote:

I implemented everything below and ran the script, but my original issue is still there every day until I restart the IMA Service.

Damn!

Regards

Nik
IT Services Manager

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of IT Support
Sent: 14 January 2009 15:15

To: thin@freelists.org
Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

Thanks very much.

I've run the script + restarted the IMA service & the errors have gone. Hopefully they won't come back again....

Nik

No Probs….I think there are two different versions of dcomperm.exe around. You can download my scripts including the working dcomperm.exe from here:

http://www.jhouseconsulting.com/downloads/dcomperm.zip

The script should be well documented for you to follow J

Cheers,

Jeremy.

Thanks for this great response but I'm not following your statement about setting permissions on the CDF. Can you clarify further?

I've downloaded a version of dcomperm.exe but it is "unable to run on this system".

Cheers.

Nik

The errors you get will be related to the COM Plus components and DCOM permissions on the CDF service.

Firstly, ensure you have the COM Plus network access installed as per Citrix KB article CTX112853

Thirdly, add the Citrix/Server administrators groups to the local "Distributed COM Users" group.

Fourthly, if you are using Custom admins, ensure they have "view" permissions on objects such as "View My Knowledge Configuration", as this will also cause some AMC permission issues.

Once you've made these changes, the DCOM errors you are seeing will be a thing of the past.

Cheers,

Jeremy.

Further to this –

We are also getting the error below in the logs, and errors enumerating the Citrix Access Management Console.

This seems to happen on reboot, and persists until we manually restart the IMA Service on the affected servers.

Any ideas?

Event Type: Error

Event Source: DCOM

Event Category: None

Event ID: 10006

Date: 12/01/2009

Time: 10:02:00

User: N/A

Computer: CITRIX1

Description:

DCOM got error "General access denied error " from the computer CITRIX2 when attempting to activate the server:

{DB192ECC-CCBC-4A97-8121-B2FB89FE77C2}

Hi All,

We're getting DCOM 10016 errors every time a citrix admin users the Citrix Access Management console on all our citrix servers as below:

Before I start hacking away at DCOM config permissions, does anyone know of a recommended citrix fix?

Cheers.

Event Type: Error

Event Source: DCOM

Event Category: None

Event ID: 10016

Date: 07/01/2009

Time: 12:20:09

User: DOMAIN\user.name

Computer: CITRIX1

Description:

The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID

{DB192ECC-CCBC-4A97-8121-B2FB89FE77C2}

to the user DOMAIN\user.name SID (S-1-5-21-1708537768-1844237615-1177238915-1249). This security permission can be modified using the Component Services administrative tool.

Click here to report this email as spam.

ThinList Blog

Saturday, January 17, 2009

[THIN] Re: Session Reliability

[THIN] Re: Temp folder

[THIN] Re: Linux and Vmware how to ?

[THIN] Re: Session Reliability

Friday, January 16, 2009

[THIN] Session Reliability

[THIN] Re: unattended start up

[THIN] Re: unattended start up

[THIN] Re: unattended start up

[THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

[THIN] Re: unattended start up

[THIN] Re: Certificates and profiles

[THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

[THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application

About Me

Blog Archive