Disabling passthrough authentication on Citrix PNagent

Occasionally as an administrator, you want to be able to log onto via our Citrix PNAgent with different credentials for testing. Depending on your farm setup, pass-through authentication is most likely enabled, and hence your client will be the same. To disable this on your workstation.

1. Open the registry and browse to: HKLM\System\CurrentControlSet\Control\NetworkProvider\HwOrder
2. Open ProviderOrder string, delete the entry PnSson
3. Now browse to HKLM\System\CurrentControlSet\Control\NetworkProvider\Order and delete the entry PnSson
4. Reboot

Disabling passthrough authentication on Citrix PNagent

Hotfix to fix Web Interface logon problem after applying Rollup pack 06 for PS4 on Win2K3

For a Citrix PS4 on Windows 2003, if you apply rollup pack 06, users are no longer able to log onto WI and possible PNA site. There is a private fix you need to download and apply to the server.


You will need to log onto MyCitrix.com and download

Hotfix to fix Web Interface logon problem after applying Rollup pack 06 for PS4 on Win2K3

Common Citrix Commands to help you with your job… or interviews.

  • chfarm – used to join the Citrix server to another farm
  • ctxxmls – to change the xml service port number
  • dsmaint – configure Citrix IMA datastore
  • query user – retrieves current user connections
  • qfarm /load – displays load on server
  • qfarm /app – display published applications currently being run
  • qfarm /online – displays online servers
  • qfarm /offline – displays server that are offline or hung, IMA service not running.
Common Citrix Commands to help you with your job… or interviews.

Fixing DCOM Error’s in events log

Problem: Sometimes on a server, you will get a lot of these DCOM errors. This is a permissions issue.

Solution: Note the CLSID, in this example, the CLSID is {49BD2028-1523-11D1-AD79-00C04FD8FDFF}.

  • Open Component Services, go to Computers -> My Computers -> DCOM Config
  • Ensure the right side is viewed in detail mode
  • Scroll down to locate the Application ID matching the CLSID noted above.
  • Right-click on he Application and select properties.
  • Go to the Security Tab, ad in the Lauch and Activation Permissions, select Edit
  • You will notice a few accounts with SIDS
  • Delete these rouge SID’s and add the account that should have access to the application, in this case, it is Ctx_SmaUser, and allow all options.
  • Now refresh the event log and you will notice the error is no longer recorded.
Fixing DCOM Error’s in events log

Dump a list of all AD groups in a Domain, and their users

Copy the script between the red line.


‘VBScript to output to text file the members of all groups

On Error Resume Next

Set objArgs=wscript.Arguments

If objArgs(0)<>”-dn” Then

wscript.echo “Dumping group membership using full DN…”


wscript.echo “Dumping group membership using only first CN part…”

End If

‘Stuff for creating output text file

Const OutputFile = “.\groupdump.txt”

Set Fso = CreateObject(“Scripting.FileSystemObject”)

Set Wshshell = Wscript.CreateObject(“Wscript.Shell”)

Set Output = Fso.OpentextFile(OutputFile, 2, True)

Set ADSIRootDSE = GetObject(“LDAP://RootDSE”)

ADSINamingNC = ADSIRootDSE.Get(“rootDomainNamingContext”)

Set ADSIConnection = CreateObject(“ADODB.Connection”)

ADSIConnection.Provider = “ADsDSOObject”

ADSIConnection.Open “ADs Provider”

ADSIQueryText = “<LDAP://” & ADSINamingNC & “>;(&(objectCategory=group));name,distinguishedName;subtree”

Set ADSICommand = CreateObject(“ADODB.Command”)

Set ADSICommand.ActiveConnection = ADSIConnection

ADSICommand.CommandText = ADSIQueryText

ADSICommand.Properties(“Page Size”) = 100

ADSICommand.Properties(“Timeout”) = 60

ADSICommand.Properties(“searchscope”) = 2

ADSICommand.Properties(“Cache Results”) = False

Set ADSIResult = ADSICommand.Execute

Do While not ADSIResult.EOF



Output.WriteLine “Group: ” & ADSIResult.Fields(“name”).Value

Output.WriteLine “===============================================================”

Set GetDN = GetObject(“LDAP://” & ADSIResult.Fields(“distinguishedName”).Value)

strAllValues = GetDN.GetEx(“member”)

iGroupCount = 0

For each strValue in strAllValues

If Len(strValue) = 0 Then

Output.WriteLine “There are no members in this group.”


iGroupCount = iGroupCount + 1

If objArgs(0)<>”-dn” Then

Output.WriteLine strValue


Call Stripper(strValue)

Output.WriteLine tmp

End If

End If


Output.WriteLine “Total members in group: ” & iGroupCount

Set strAllValues = Nothing




wscript.echo “Operation has finished.”


Function Stripper(StripperString)

pos = InStr(1, StripperString, “cn=”, vbTextCompare)

If pos <> 0 Then

tmp = Mid(StripperString, pos + 3)

pos = InStr(tmp, “,”)

If pos <> 0 Then tmp = Mid(tmp, 1, pos – 1)

End If

End Function


Dump a list of all AD groups in a Domain, and their users