subject:"RE\: Citrix web interface query"

Re: Citrix web interface query

2010-11-19 Thread Jeff Steward

Best Friday funny ever!

-Jeff Steward  *tips black cowboy hat*

On Fri, Nov 19, 2010 at 8:57 AM, James Rankin  wrote:

> That was a big fat lie the consultants told me. ADFS role is not even
> installed on any of the DCs. Honestly these guys are cowboys. I will see if
> i can get it installed on one of the DCs to test.
>
> Cheers,
>
>
> On 17 November 2010 17:20, Webster  wrote:
>
>> James,
>>
>>
>>
>> I would like to lab this to see if I can get this working and then write
>> an article about it.  Can you e-mail me off list with some specifics I can
>> use in my testing.  Your specifics will of course not be in the article.  I
>> need to finish an article on XenDesktop 5 first.  I am also working on an
>> article for using Web Interface to help migrate from older MF/PS/XA versions
>> to XA6.  But that was going to be for one forest, one tree, one domain.  I
>> need to know more of your setup so I can test and document a solution for
>> you and others.
>>
>>
>>
>> Thanks
>>
>>
>>
>>
>>
>> Webster
>>
>>
>>
>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Subject:* Citrix web interface query
>>
>>
>>
>> We have two old Windows 2003 domains with PS3 and PS4 farms respectively.
>> We are in the process of migrating the users to a Windows 2008 R2 domain
>> running Xen6. We need to keep some of the old applications from the old
>> domains available in the new infrastructure via the Program Neighborhood
>> Agent, so we have "multi-homed" our new web interface server with
>> connections to the old PS3 and PS4 farms. So far, so good.
>>
>> Problem comes when a user in the new domain logs onto the PNAgent. They
>> get an error of "the credentials supplied were invalid". When I remove the
>> entries for the legacy farms from the web interface, the user can log in
>> fine. So it appears when the PNAgent is submitting the user credentials to
>> the legacy domains for validation, they are being rejected somewhere.
>>
>> Is there anything special that needs to be done to allow the user to log
>> into the web interface in this configuration? There is obviously a trust in
>> place, so the user in the new domain should be validated by the old ones. I
>> *could* just publish up some .ica files for the new users, but that smells
>> like an administrative nightmare
>>
>> Any help is appreciated,
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-11-19 Thread Michael B. Smith

busted

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Friday, November 19, 2010 8:59 AM
To: NT System Admin Issues
Subject: Re: Citrix web interface query

Sorry allI meant to send that just to Webster :-(
On 19 November 2010 13:57, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
That was a big fat lie the consultants told me. ADFS role is not even installed 
on any of the DCs. Honestly these guys are cowboys. I will see if i can get it 
installed on one of the DCs to test.

Cheers,
On 17 November 2010 17:20, Webster 
mailto:carlwebs...@gmail.com>> wrote:
James,

I would like to lab this to see if I can get this working and then write an 
article about it.  Can you e-mail me off list with some specifics I can use in 
my testing.  Your specifics will of course not be in the article.  I need to 
finish an article on XenDesktop 5 first.  I am also working on an article for 
using Web Interface to help migrate from older MF/PS/XA versions to XA6.  But 
that was going to be for one forest, one tree, one domain.  I need to know more 
of your setup so I can test and document a solution for you and others.

Thanks


Webster

From: James Rankin [mailto:kz2...@googlemail.com<mailto:kz2...@googlemail.com>]
Subject: Citrix web interface query

We have two old Windows 2003 domains with PS3 and PS4 farms respectively. We 
are in the process of migrating the users to a Windows 2008 R2 domain running 
Xen6. We need to keep some of the old applications from the old domains 
available in the new infrastructure via the Program Neighborhood Agent, so we 
have "multi-homed" our new web interface server with connections to the old PS3 
and PS4 farms. So far, so good.

Problem comes when a user in the new domain logs onto the PNAgent. They get an 
error of "the credentials supplied were invalid". When I remove the entries for 
the legacy farms from the web interface, the user can log in fine. So it 
appears when the PNAgent is submitting the user credentials to the legacy 
domains for validation, they are being rejected somewhere.

Is there anything special that needs to be done to allow the user to log into 
the web interface in this configuration? There is obviously a trust in place, 
so the user in the new domain should be validated by the old ones. I *could* 
just publish up some .ica files for the new users, but that smells like an 
administrative nightmare

Any help is appreciated,


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

2010-11-19 Thread James Rankin

Sorry allI meant to send that just to Webster :-(

On 19 November 2010 13:57, James Rankin  wrote:

> That was a big fat lie the consultants told me. ADFS role is not even
> installed on any of the DCs. Honestly these guys are cowboys. I will see if
> i can get it installed on one of the DCs to test.
>
> Cheers,
>
> On 17 November 2010 17:20, Webster  wrote:
>
>> James,
>>
>>
>>
>> I would like to lab this to see if I can get this working and then write
>> an article about it.  Can you e-mail me off list with some specifics I can
>> use in my testing.  Your specifics will of course not be in the article.  I
>> need to finish an article on XenDesktop 5 first.  I am also working on an
>> article for using Web Interface to help migrate from older MF/PS/XA versions
>> to XA6.  But that was going to be for one forest, one tree, one domain.  I
>> need to know more of your setup so I can test and document a solution for
>> you and others.
>>
>>
>>
>> Thanks
>>
>>
>>
>>
>>
>> Webster
>>
>>
>>
>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Subject:* Citrix web interface query
>>
>>
>>
>> We have two old Windows 2003 domains with PS3 and PS4 farms respectively.
>> We are in the process of migrating the users to a Windows 2008 R2 domain
>> running Xen6. We need to keep some of the old applications from the old
>> domains available in the new infrastructure via the Program Neighborhood
>> Agent, so we have "multi-homed" our new web interface server with
>> connections to the old PS3 and PS4 farms. So far, so good.
>>
>> Problem comes when a user in the new domain logs onto the PNAgent. They
>> get an error of "the credentials supplied were invalid". When I remove the
>> entries for the legacy farms from the web interface, the user can log in
>> fine. So it appears when the PNAgent is submitting the user credentials to
>> the legacy domains for validation, they are being rejected somewhere.
>>
>> Is there anything special that needs to be done to allow the user to log
>> into the web interface in this configuration? There is obviously a trust in
>> place, so the user in the new domain should be validated by the old ones. I
>> *could* just publish up some .ica files for the new users, but that smells
>> like an administrative nightmare
>>
>> Any help is appreciated,
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

2010-11-19 Thread James Rankin

That was a big fat lie the consultants told me. ADFS role is not even
installed on any of the DCs. Honestly these guys are cowboys. I will see if
i can get it installed on one of the DCs to test.

Cheers,

On 17 November 2010 17:20, Webster  wrote:

> James,
>
>
>
> I would like to lab this to see if I can get this working and then write an
> article about it.  Can you e-mail me off list with some specifics I can use
> in my testing.  Your specifics will of course not be in the article.  I need
> to finish an article on XenDesktop 5 first.  I am also working on an article
> for using Web Interface to help migrate from older MF/PS/XA versions to
> XA6.  But that was going to be for one forest, one tree, one domain.  I need
> to know more of your setup so I can test and document a solution for you and
> others.
>
>
>
> Thanks
>
>
>
>
>
> Webster
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Subject:* Citrix web interface query
>
>
>
> We have two old Windows 2003 domains with PS3 and PS4 farms respectively.
> We are in the process of migrating the users to a Windows 2008 R2 domain
> running Xen6. We need to keep some of the old applications from the old
> domains available in the new infrastructure via the Program Neighborhood
> Agent, so we have "multi-homed" our new web interface server with
> connections to the old PS3 and PS4 farms. So far, so good.
>
> Problem comes when a user in the new domain logs onto the PNAgent. They get
> an error of "the credentials supplied were invalid". When I remove the
> entries for the legacy farms from the web interface, the user can log in
> fine. So it appears when the PNAgent is submitting the user credentials to
> the legacy domains for validation, they are being rejected somewhere.
>
> Is there anything special that needs to be done to allow the user to log
> into the web interface in this configuration? There is obviously a trust in
> place, so the user in the new domain should be validated by the old ones. I
> *could* just publish up some .ica files for the new users, but that smells
> like an administrative nightmare
>
> Any help is appreciated,
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-11-17 Thread Webster

James,

 

I would like to lab this to see if I can get this working and then write an
article about it.  Can you e-mail me off list with some specifics I can use
in my testing.  Your specifics will of course not be in the article.  I need
to finish an article on XenDesktop 5 first.  I am also working on an article
for using Web Interface to help migrate from older MF/PS/XA versions to XA6.
But that was going to be for one forest, one tree, one domain.  I need to
know more of your setup so I can test and document a solution for you and
others.

 

Thanks

 

 

Webster

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Citrix web interface query

 

We have two old Windows 2003 domains with PS3 and PS4 farms respectively. We
are in the process of migrating the users to a Windows 2008 R2 domain
running Xen6. We need to keep some of the old applications from the old
domains available in the new infrastructure via the Program Neighborhood
Agent, so we have "multi-homed" our new web interface server with
connections to the old PS3 and PS4 farms. So far, so good.

Problem comes when a user in the new domain logs onto the PNAgent. They get
an error of "the credentials supplied were invalid". When I remove the
entries for the legacy farms from the web interface, the user can log in
fine. So it appears when the PNAgent is submitting the user credentials to
the legacy domains for validation, they are being rejected somewhere.

Is there anything special that needs to be done to allow the user to log
into the web interface in this configuration? There is obviously a trust in
place, so the user in the new domain should be validated by the old ones. I
*could* just publish up some .ica files for the new users, but that smells
like an administrative nightmare

Any help is appreciated,





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-11-01 Thread Webster

Someone has asked essentially the same exact question on EE.  Gotta lab this
and write about it.  They can't get it to work either and I have never
worked with XenApp in multiple forests.

 

 

Webster

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Re: Citrix web interface query

 

Not guilty...haven't raised a question on EE for about five years now.

On 1 November 2010 14:12, Webster  wrote:

Did you ask this question on EE also?  Just curious because someone asked
basically the same question there.  Try to figure a way to write an article
on this.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

2010-11-01 Thread James Rankin

Not guilty...haven't raised a question on EE for about five years now.

On 1 November 2010 14:12, Webster  wrote:

> Did you ask this question on EE also?  Just curious because someone asked
> basically the same question there.  Try to figure a way to write an article
> on this.
>
>
>
>
>
> Webster
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Subject:* Re: Citrix web interface query
>
>
>
> Indeed they are
>
> On 1 November 2010 14:08, Webster  wrote:
>
> Are your two domains in different forests?
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-11-01 Thread Webster

Did you ask this question on EE also?  Just curious because someone asked
basically the same question there.  Try to figure a way to write an article
on this.

 

 

Webster

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Re: Citrix web interface query

 

Indeed they are

On 1 November 2010 14:08, Webster  wrote:

Are your two domains in different forests?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

2010-11-01 Thread James Rankin

Indeed they are

On 1 November 2010 14:08, Webster  wrote:

> Are your two domains in different forests?
>
>
>
>
>
> Webster
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Subject:* Re: Citrix web interface query
>
>
>
> Yes, all clear - I'm pretty sure I checked it, there were no specific
> domains specified, but I'll give it another check
>
> Cheers,
>
> On 30 October 2010 00:06, Webster  wrote:
>
> In Web Interface Management Console:
>
>
>
> Click your site
>
> Click Authentication Methods
>
> Click on your selected method
>
> Click Properties
>
> Click General | Domain Restriction
>
>
>
> Do you have “Restrict to the following domains” selected?  If so, what
> domain(s) is/are there?
>
>
>
> For mine I have websterslab.com.  If I login as websterslab\cwebster, the
> online plugin will not pass-through the login credentials because they do
> not match what you specified.
>
>
>
> Same problem if you specify “websterslab” and the user logs in with
> websterslab.com\cwebster or, if you allow, cwebs...@websterslab.com, the
> pass-through will not pass-through because the domains do not match.
>
>
>
> Am I clear in what I am trying to explain what may be causing your issue?
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-11-01 Thread Webster

Are your two domains in different forests?

 

 

Webster

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Re: Citrix web interface query

 

Yes, all clear - I'm pretty sure I checked it, there were no specific
domains specified, but I'll give it another check

Cheers,

On 30 October 2010 00:06, Webster  wrote:

In Web Interface Management Console:

 

Click your site

Click Authentication Methods

Click on your selected method

Click Properties

Click General | Domain Restriction

 

Do you have "Restrict to the following domains" selected?  If so, what
domain(s) is/are there?

 

For mine I have websterslab.com.  If I login as websterslab\cwebster, the
online plugin will not pass-through the login credentials because they do
not match what you specified.

 

Same problem if you specify "websterslab" and the user logs in with
websterslab.com\cwebster or, if you allow, cwebs...@websterslab.com, the
pass-through will not pass-through because the domains do not match.

 

Am I clear in what I am trying to explain what may be causing your issue?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

2010-11-01 Thread James Rankin

Yes, all clear - I'm pretty sure I checked it, there were no specific
domains specified, but I'll give it another check

Cheers,

On 30 October 2010 00:06, Webster  wrote:

> In Web Interface Management Console:
>
>
>
> Click your site
>
> Click Authentication Methods
>
> Click on your selected method
>
> Click Properties
>
> Click General | Domain Restriction
>
>
>
> Do you have “Restrict to the following domains” selected?  If so, what
> domain(s) is/are there?
>
>
>
> For mine I have websterslab.com.  If I login as websterslab\cwebster, the
> online plugin will not pass-through the login credentials because they do
> not match what you specified.
>
>
>
> Same problem if you specify “websterslab” and the user logs in with
> websterslab.com\cwebster or, if you allow, cwebs...@websterslab.com, the
> pass-through will not pass-through because the domains do not match.
>
>
>
> Am I clear in what I am trying to explain what may be causing your issue?
>
>
>
> Thanks
>
>
>
>
>
> Carl Webster
>
> Citrix Technology Professional
>
> http://dabcc.com/Webster
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Subject:* Re: Citrix web interface query
>
>
>
> It is just using pass-through for their currently logged-on credentials,
> they don't specify it. I'm starting to consider other alternatives now, such
> as trying to migrate these app servers to a legacy farm in the new domain
>
> On 29 October 2010 14:05, Webster  wrote:
>
> Do you specify a domain in the sites or do the users enter the domain when
> they login?
>
>
>
> There is also an issue that if you specify a login domain as
> websterslab.com in the site settings but the user logs in websterslab\user
> the PNAgent (AKA online plugin) will NOT authenticate because websterslab !=
> websterslab.com.
>
>
>
>
>
> Webster
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Subject:* Re: Citrix web interface query
>
>
>
> Yes, got all the appropriate entries in there. The logon works fine if I
> specify credentials from the old domains. It's just when I supply a username
> and password from the new domain - it barfs out the "invalid credentials"
> error.
>
>
>
> I can access file shares and such like in the old domains under a new
> domain userid, so I'm a bit confused as to why the PNAgent logon won't go.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-10-29 Thread Webster

In Web Interface Management Console:

 

Click your site

Click Authentication Methods

Click on your selected method

Click Properties

Click General | Domain Restriction

 

Do you have "Restrict to the following domains" selected?  If so, what
domain(s) is/are there?

 

For mine I have websterslab.com.  If I login as websterslab\cwebster, the
online plugin will not pass-through the login credentials because they do
not match what you specified.

 

Same problem if you specify "websterslab" and the user logs in with
websterslab.com\cwebster or, if you allow, cwebs...@websterslab.com, the
pass-through will not pass-through because the domains do not match.

 

Am I clear in what I am trying to explain what may be causing your issue?

 

Thanks

 

 

Carl Webster

Citrix Technology Professional

http://dabcc.com/Webster

 

 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Re: Citrix web interface query

 

It is just using pass-through for their currently logged-on credentials,
they don't specify it. I'm starting to consider other alternatives now, such
as trying to migrate these app servers to a legacy farm in the new domain

On 29 October 2010 14:05, Webster  wrote:

Do you specify a domain in the sites or do the users enter the domain when
they login?

 

There is also an issue that if you specify a login domain as websterslab.com
<http://websterslab.com/>  in the site settings but the user logs in
websterslab\user the PNAgent (AKA online plugin) will NOT authenticate
because websterslab != websterslab.com <http://websterslab.com/> .

 

 

Webster

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Re: Citrix web interface query

 

Yes, got all the appropriate entries in there. The logon works fine if I
specify credentials from the old domains. It's just when I supply a username
and password from the new domain - it barfs out the "invalid credentials"
error. 



I can access file shares and such like in the old domains under a new domain
userid, so I'm a bit confused as to why the PNAgent logon won't go.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

2010-10-29 Thread James Rankin

It is just using pass-through for their currently logged-on credentials,
they don't specify it. I'm starting to consider other alternatives now, such
as trying to migrate these app servers to a legacy farm in the new domain

On 29 October 2010 14:05, Webster  wrote:

>  Do you specify a domain in the sites or do the users enter the domain
> when they login?
>
>
>
> There is also an issue that if you specify a login domain as
> websterslab.com in the site settings but the user logs in websterslab\user
> the PNAgent (AKA online plugin) will NOT authenticate because websterslab !=
> websterslab.com.
>
>
>
>
>
> Webster
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Subject:* Re: Citrix web interface query
>
>
>
> Yes, got all the appropriate entries in there. The logon works fine if I
> specify credentials from the old domains. It's just when I supply a username
> and password from the new domain - it barfs out the "invalid credentials"
> error.
>
>
> I can access file shares and such like in the old domains under a new
> domain userid, so I'm a bit confused as to why the PNAgent logon won't go.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-10-29 Thread Webster

Did you get this resolved yet?

 

 

Webster

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Re: Citrix web interface query

 

Yes, got all the appropriate entries in there. The logon works fine if I
specify credentials from the old domains. It's just when I supply a username
and password from the new domain - it barfs out the "invalid credentials"
error.

I can access file shares and such like in the old domains under a new domain
userid, so I'm a bit confused as to why the PNAgent logon won't go.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-10-29 Thread Webster

Do you specify a domain in the sites or do the users enter the domain when
they login?

 

There is also an issue that if you specify a login domain as websterslab.com
in the site settings but the user logs in websterslab\user the PNAgent (AKA
online plugin) will NOT authenticate because websterslab != websterslab.com.

 

 

Webster

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Re: Citrix web interface query

 

Yes, got all the appropriate entries in there. The logon works fine if I
specify credentials from the old domains. It's just when I supply a username
and password from the new domain - it barfs out the "invalid credentials"
error.

I can access file shares and such like in the old domains under a new domain
userid, so I'm a bit confused as to why the PNAgent logon won't go.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

2010-10-29 Thread James Rankin

Yes, got all the appropriate entries in there. The logon works fine if I
specify credentials from the old domains. It's just when I supply a username
and password from the new domain - it barfs out the "invalid credentials"
error.

I can access file shares and such like in the old domains under a new domain
userid, so I'm a bit confused as to why the PNAgent logon won't go.

On 29 October 2010 12:13, Webster  wrote:

> Did you add the Zone Data Collector from each farm to each WI site and
> XenApp Services Site and to CSG/CAG/NS?
>
>
>
>
>
> Thanks
>
>
>
>
>
> Carl Webster
>
> Citrix Technology Professional
>
> http://dabcc.com/Webster
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Subject:* Re: Citrix web interface query
>
>
>
> Yes, we are using apps from all three farms, it is the latest WI, 5.3
>
> I think my use of the term "multi-home" may have been a little misleading -
> I just meant that it was connected up to all three disparate farms from the
> same web interface - I haven't had to do anything with the networking.
> Ooops
>
> It's almost as if the trusts aren't working between the domains - I can
> only log on successfully as a new domain user when the passwords and
> usernames match up. if a user changes his password in the new domain, there
> won't be any synchronisation done to the old, so that will bring the problem
> up again.
>
> On 29 October 2010 12:02, Webster  wrote:
>
> Are you publishing apps from PS3, PS4 and XA6?  What Web Interface version
> are you using?  Version 5.3 is the only version that can talk to XA6 and
> anything on 2008 R2.
>
>
>
> I have never had to multi-home a WI server.  WI can easily serve apps from
> multiple PS/XA version with no problems.  I am writing an article on how to
> do this but it may be a few weeks before it is published.
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Subject:* Citrix web interface query
>
> We have two old Windows 2003 domains with PS3 and PS4 farms respectively.
> We are in the process of migrating the users to a Windows 2008 R2 domain
> running Xen6. We need to keep some of the old applications from the old
> domains available in the new infrastructure via the Program Neighborhood
> Agent, so we have "multi-homed" our new web interface server with
> connections to the old PS3 and PS4 farms. So far, so good.
>
> Problem comes when a user in the new domain logs onto the PNAgent. They get
> an error of "the credentials supplied were invalid". When I remove the
> entries for the legacy farms from the web interface, the user can log in
> fine. So it appears when the PNAgent is submitting the user credentials to
> the legacy domains for validation, they are being rejected somewhere.
>
> Is there anything special that needs to be done to allow the user to log
> into the web interface in this configuration? There is obviously a trust in
> place, so the user in the new domain should be validated by the old ones. I
> *could* just publish up some .ica files for the new users, but that smells
> like an administrative nightmare
>
> Any help is appreciated,
>
> ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-10-29 Thread Webster

Did you add the Zone Data Collector from each farm to each WI site and
XenApp Services Site and to CSG/CAG/NS?

 

 

Thanks

 

 

Carl Webster

Citrix Technology Professional

http://dabcc.com/Webster

 

 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Re: Citrix web interface query

 

Yes, we are using apps from all three farms, it is the latest WI, 5.3

I think my use of the term "multi-home" may have been a little misleading -
I just meant that it was connected up to all three disparate farms from the
same web interface - I haven't had to do anything with the networking.
Ooops

It's almost as if the trusts aren't working between the domains - I can only
log on successfully as a new domain user when the passwords and usernames
match up. if a user changes his password in the new domain, there won't be
any synchronisation done to the old, so that will bring the problem up
again. 

On 29 October 2010 12:02, Webster  wrote:

Are you publishing apps from PS3, PS4 and XA6?  What Web Interface version
are you using?  Version 5.3 is the only version that can talk to XA6 and
anything on 2008 R2.

 

I have never had to multi-home a WI server.  WI can easily serve apps from
multiple PS/XA version with no problems.  I am writing an article on how to
do this but it may be a few weeks before it is published.

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Citrix web interface query

We have two old Windows 2003 domains with PS3 and PS4 farms respectively. We
are in the process of migrating the users to a Windows 2008 R2 domain
running Xen6. We need to keep some of the old applications from the old
domains available in the new infrastructure via the Program Neighborhood
Agent, so we have "multi-homed" our new web interface server with
connections to the old PS3 and PS4 farms. So far, so good.

Problem comes when a user in the new domain logs onto the PNAgent. They get
an error of "the credentials supplied were invalid". When I remove the
entries for the legacy farms from the web interface, the user can log in
fine. So it appears when the PNAgent is submitting the user credentials to
the legacy domains for validation, they are being rejected somewhere.

Is there anything special that needs to be done to allow the user to log
into the web interface in this configuration? There is obviously a trust in
place, so the user in the new domain should be validated by the old ones. I
*could* just publish up some .ica files for the new users, but that smells
like an administrative nightmare

Any help is appreciated,

~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

2010-10-29 Thread James Rankin

Yes, we are using apps from all three farms, it is the latest WI, 5.3

I think my use of the term "multi-home" may have been a little misleading -
I just meant that it was connected up to all three disparate farms from the
same web interface - I haven't had to do anything with the networking.
Ooops

It's almost as if the trusts aren't working between the domains - I can only
log on successfully as a new domain user when the passwords and usernames
match up. if a user changes his password in the new domain, there won't be
any synchronisation done to the old, so that will bring the problem up
again.

On 29 October 2010 12:02, Webster  wrote:

> Are you publishing apps from PS3, PS4 and XA6?  What Web Interface version
> are you using?  Version 5.3 is the only version that can talk to XA6 and
> anything on 2008 R2.
>
>
>
> I have never had to multi-home a WI server.  WI can easily serve apps from
> multiple PS/XA version with no problems.  I am writing an article on how to
> do this but it may be a few weeks before it is published.
>
>
>
> Thanks
>
>
>
>
>
> Carl Webster
>
> Citrix Technology Professional
>
> http://dabcc.com/Webster
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Subject:* Citrix web interface query
>
>
>
> We have two old Windows 2003 domains with PS3 and PS4 farms respectively.
> We are in the process of migrating the users to a Windows 2008 R2 domain
> running Xen6. We need to keep some of the old applications from the old
> domains available in the new infrastructure via the Program Neighborhood
> Agent, so we have "multi-homed" our new web interface server with
> connections to the old PS3 and PS4 farms. So far, so good.
>
> Problem comes when a user in the new domain logs onto the PNAgent. They get
> an error of "the credentials supplied were invalid". When I remove the
> entries for the legacy farms from the web interface, the user can log in
> fine. So it appears when the PNAgent is submitting the user credentials to
> the legacy domains for validation, they are being rejected somewhere.
>
> Is there anything special that needs to be done to allow the user to log
> into the web interface in this configuration? There is obviously a trust in
> place, so the user in the new domain should be validated by the old ones. I
> *could* just publish up some .ica files for the new users, but that smells
> like an administrative nightmare
>
> Any help is appreciated,
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Citrix web interface query

2010-10-29 Thread Webster

Are you publishing apps from PS3, PS4 and XA6?  What Web Interface version
are you using?  Version 5.3 is the only version that can talk to XA6 and
anything on 2008 R2.

 

I have never had to multi-home a WI server.  WI can easily serve apps from
multiple PS/XA version with no problems.  I am writing an article on how to
do this but it may be a few weeks before it is published.

 

Thanks

 

 

Carl Webster

Citrix Technology Professional

http://dabcc.com/Webster

 

 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Subject: Citrix web interface query

 

We have two old Windows 2003 domains with PS3 and PS4 farms respectively. We
are in the process of migrating the users to a Windows 2008 R2 domain
running Xen6. We need to keep some of the old applications from the old
domains available in the new infrastructure via the Program Neighborhood
Agent, so we have "multi-homed" our new web interface server with
connections to the old PS3 and PS4 farms. So far, so good.

Problem comes when a user in the new domain logs onto the PNAgent. They get
an error of "the credentials supplied were invalid". When I remove the
entries for the legacy farms from the web interface, the user can log in
fine. So it appears when the PNAgent is submitting the user credentials to
the legacy domains for validation, they are being rejected somewhere.

Is there anything special that needs to be done to allow the user to log
into the web interface in this configuration? There is obviously a trust in
place, so the user in the new domain should be validated by the old ones. I
*could* just publish up some .ica files for the new users, but that smells
like an administrative nightmare

Any help is appreciated,




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

2010-10-29 Thread James Rankin

An update on thisthe web interface logon works fine if the username and
password from the new domain match that in the legacy domain. Which will
mean that it will fail again as soon as user's change their password in the
new domain...

On 29 October 2010 11:18, James Rankin  wrote:

> We have two old Windows 2003 domains with PS3 and PS4 farms respectively.
> We are in the process of migrating the users to a Windows 2008 R2 domain
> running Xen6. We need to keep some of the old applications from the old
> domains available in the new infrastructure via the Program Neighborhood
> Agent, so we have "multi-homed" our new web interface server with
> connections to the old PS3 and PS4 farms. So far, so good.
>
> Problem comes when a user in the new domain logs onto the PNAgent. They get
> an error of "the credentials supplied were invalid". When I remove the
> entries for the legacy farms from the web interface, the user can log in
> fine. So it appears when the PNAgent is submitting the user credentials to
> the legacy domains for validation, they are being rejected somewhere.
>
> Is there anything special that needs to be done to allow the user to log
> into the web interface in this configuration? There is obviously a trust in
> place, so the user in the new domain should be validated by the old ones. I
> *could* just publish up some .ica files for the new users, but that smells
> like an administrative nightmare
>
> Any help is appreciated,
>
>
> TIA,
>
>
>
> JRR
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Citrix web interface query

RE: Citrix web interface query

Re: Citrix web interface query

Re: Citrix web interface query

RE: Citrix web interface query

RE: Citrix web interface query

Re: Citrix web interface query

RE: Citrix web interface query

Re: Citrix web interface query

RE: Citrix web interface query

Re: Citrix web interface query

RE: Citrix web interface query

Re: Citrix web interface query

RE: Citrix web interface query

RE: Citrix web interface query

Re: Citrix web interface query

RE: Citrix web interface query

Re: Citrix web interface query

RE: Citrix web interface query

Re: Citrix web interface query

20 matches

Site Navigation

Mail list logo

Footer information