Disabling passthrough authentication on Citrix PNagent


Occasionally as an administrator, you want to be able to log onto via our Citrix PNAgent with different credentials for testing. Depending on your farm setup, pass-through authentication is most likely enabled, and hence your client will be the same. To disable this on your workstation.

1. Open the registry and browse to: HKLM\System\CurrentControlSet\Control\NetworkProvider\HwOrder
2. Open ProviderOrder string, delete the entry PnSson
3. Now browse to HKLM\System\CurrentControlSet\Control\NetworkProvider\Order and delete the entry PnSson
4. Reboot

Advertisements
Disabling passthrough authentication on Citrix PNagent

Hotfix to fix Web Interface logon problem after applying Rollup pack 06 for PS4 on Win2K3


For a Citrix PS4 on Windows 2003, if you apply rollup pack 06, users are no longer able to log onto WI and possible PNA site. There is a private fix you need to download and apply to the server.

http://support.citrix.com/article/CTX120046

You will need to log onto MyCitrix.com and download

Hotfix to fix Web Interface logon problem after applying Rollup pack 06 for PS4 on Win2K3

Common Citrix Commands to help you with your job… or interviews.


  • chfarm – used to join the Citrix server to another farm
  • ctxxmls – to change the xml service port number
  • dsmaint – configure Citrix IMA datastore
  • query user – retrieves current user connections
  • qfarm /load – displays load on server
  • qfarm /app – display published applications currently being run
  • qfarm /online – displays online servers
  • qfarm /offline – displays server that are offline or hung, IMA service not running.
Common Citrix Commands to help you with your job… or interviews.

Fixing DCOM Error’s in events log


Problem: Sometimes on a server, you will get a lot of these DCOM errors. This is a permissions issue.

Solution: Note the CLSID, in this example, the CLSID is {49BD2028-1523-11D1-AD79-00C04FD8FDFF}.

  • Open Component Services, go to Computers -> My Computers -> DCOM Config
  • Ensure the right side is viewed in detail mode
  • Scroll down to locate the Application ID matching the CLSID noted above.
  • Right-click on he Application and select properties.
  • Go to the Security Tab, ad in the Lauch and Activation Permissions, select Edit
  • You will notice a few accounts with SIDS
  • Delete these rouge SID’s and add the account that should have access to the application, in this case, it is Ctx_SmaUser, and allow all options.
  • Now refresh the event log and you will notice the error is no longer recorded.
Fixing DCOM Error’s in events log

Dump a list of all AD groups in a Domain, and their users


Copy the script between the red line.

=============================================================

‘VBScript to output to text file the members of all groups

On Error Resume Next

Set objArgs=wscript.Arguments

If objArgs(0)<>”-dn” Then

wscript.echo “Dumping group membership using full DN…”

Else

wscript.echo “Dumping group membership using only first CN part…”

End If

‘Stuff for creating output text file

Const OutputFile = “.\groupdump.txt”

Set Fso = CreateObject(“Scripting.FileSystemObject”)

Set Wshshell = Wscript.CreateObject(“Wscript.Shell”)

Set Output = Fso.OpentextFile(OutputFile, 2, True)

Set ADSIRootDSE = GetObject(“LDAP://RootDSE”)

ADSINamingNC = ADSIRootDSE.Get(“rootDomainNamingContext”)

Set ADSIConnection = CreateObject(“ADODB.Connection”)

ADSIConnection.Provider = “ADsDSOObject”

ADSIConnection.Open “ADs Provider”

ADSIQueryText = “<LDAP://” & ADSINamingNC & “>;(&(objectCategory=group));name,distinguishedName;subtree”

Set ADSICommand = CreateObject(“ADODB.Command”)

Set ADSICommand.ActiveConnection = ADSIConnection

ADSICommand.CommandText = ADSIQueryText

ADSICommand.Properties(“Page Size”) = 100

ADSICommand.Properties(“Timeout”) = 60

ADSICommand.Properties(“searchscope”) = 2

ADSICommand.Properties(“Cache Results”) = False

Set ADSIResult = ADSICommand.Execute

Do While not ADSIResult.EOF

Output.WriteLine

Output.WriteLine

Output.WriteLine “Group: ” & ADSIResult.Fields(“name”).Value

Output.WriteLine “===============================================================”

Set GetDN = GetObject(“LDAP://” & ADSIResult.Fields(“distinguishedName”).Value)

strAllValues = GetDN.GetEx(“member”)

iGroupCount = 0

For each strValue in strAllValues

If Len(strValue) = 0 Then

Output.WriteLine “There are no members in this group.”

Else

iGroupCount = iGroupCount + 1

If objArgs(0)<>”-dn” Then

Output.WriteLine strValue

Else

Call Stripper(strValue)

Output.WriteLine tmp

End If

End If

Next

Output.WriteLine “Total members in group: ” & iGroupCount

Set strAllValues = Nothing

ADSIResult.MoveNext

Loop

Output.Close

wscript.echo “Operation has finished.”

Wscript.quit

Function Stripper(StripperString)

pos = InStr(1, StripperString, “cn=”, vbTextCompare)

If pos <> 0 Then

tmp = Mid(StripperString, pos + 3)

pos = InStr(tmp, “,”)

If pos <> 0 Then tmp = Mid(tmp, 1, pos – 1)

End If

End Function

=============================================================

Dump a list of all AD groups in a Domain, and their users