That was a big fat lie the consultants told me. ADFS role is not even installed on any of the DCs. Honestly these guys are cowboys. I will see if i can get it installed on one of the DCs to test.
Cheers, On 17 November 2010 17:20, Webster <carlwebs...@gmail.com> wrote: > James, > > > > I would like to lab this to see if I can get this working and then write an > article about it. Can you e-mail me off list with some specifics I can use > in my testing. Your specifics will of course not be in the article. I need > to finish an article on XenDesktop 5 first. I am also working on an article > for using Web Interface to help migrate from older MF/PS/XA versions to > XA6. But that was going to be for one forest, one tree, one domain. I need > to know more of your setup so I can test and document a solution for you and > others. > > > > Thanks > > > > > > Webster > > > > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Subject:* Citrix web interface query > > > > We have two old Windows 2003 domains with PS3 and PS4 farms respectively. > We are in the process of migrating the users to a Windows 2008 R2 domain > running Xen6. We need to keep some of the old applications from the old > domains available in the new infrastructure via the Program Neighborhood > Agent, so we have "multi-homed" our new web interface server with > connections to the old PS3 and PS4 farms. So far, so good. > > Problem comes when a user in the new domain logs onto the PNAgent. They get > an error of "the credentials supplied were invalid". When I remove the > entries for the legacy farms from the web interface, the user can log in > fine. So it appears when the PNAgent is submitting the user credentials to > the legacy domains for validation, they are being rejected somewhere. > > Is there anything special that needs to be done to allow the user to log > into the web interface in this configuration? There is obviously a trust in > place, so the user in the new domain should be validated by the old ones. I > *could* just publish up some .ica files for the new users, but that smells > like an administrative nightmare.... > > Any help is appreciated, > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
