Govardhan Gunnala

XenApp Plug-in for Windows (32/64 Bit)

Featured Articles

• Citrix ICA Virtual Channels Backgrounder
• Citrix Quick Launch
• How to Deploy and Configure HDX MediaStream for Flash

Change Language: English Deutsch Español Français 日本語 한국어 繁體中文 简体中文 Русский

Change Language: English Deutsch Español Français 日本語 한국어 繁體中文 简体中文 Русский

Change Language: English Deutsch Español Français 日本語 한국어 繁體中文 简体中文 Русский

Change Language: English Deutsch Español Français 日本語 한국어 繁體中文 简体中文 Русский

Loading tabs…

• Updates
• Technotes
• Documentation
• Tools
• Learning
• Videos

UpdatesEN

* Limited release hotfixes, build announcements, and other privileged articles are not visible unless you sign in.

Public Hotfixes
View all (1 more)
RSS

• 12.3 Online Plug-In – Issues Fixed in This Release

  CTX133066 , created Apr 18, 2012

• Citrix Online Plug-in 12.1.44 for Windows with Internet Explorer 9 Support

  CTX126653 , created Mar 10, 2012

• Citrix Streaming Profiler 6.0.2 for Windows – English

  CTX127850 , created Mar 10, 2012

• Citrix Offline Plug-in 6.0.2 for Windows – English

  CTX127136 , created Dec 28, 2010

UpdatesEN

Technotes

Technotes for XenApp Plug-in for Windows (32/64 Bit)
View all
RSS

• Administration Console
  

• Agent Settings
  

• Application Enumeration
  

• Application Launch
  

• Application Streaming
  

• Authentication
  

• Browser
  

• CPU Management
  

• Certificates
  

• Client Printing
  

• Customization
  

• Data Store / Local Host Cache
  

• Display
  

• Firewall / Proxy
  

• Fixed Issues
  

• General
  

• General Configuration / Integration
  

• ICA / Gateway / Advanced Gateway Client
  

• ICA Connectivity
  

• IMA General
  

• Installation
  

• Installation Manager – Package Deployment
  

• Installation Manager – Packager
  

• Licensing
  

• Load Manager
  

• Logon / Logoff
  

• Management Console
  

• MetaFrame Server Integration
  

• Performance
  

• Printing
  

• Program Neighborhood Agent
  

• Program Neighborhood Agent Console
  

• SSL
  

• SSL Relay
  

• STA
  

• Seamless Sessions
  

• Smart Cards
  

• TWAIN
  

• Third Party Applications
  

• Web Server Configuration
  

• Workspace Control
  

• XML Service
  

Documentation

Go to Citrix eDocs for the latest product documentation.

Documentation for XenApp Plug-in for Windows (32/64 Bit)
View all (15 more)
RSS

• Readme for Citrix XenApp Plugin for Hosted Apps 11.0 and Streamed Apps 1.2 for Windows

  CTX116416, created Aug 14, 2008, times read: 159,479

• XenApp Plugin for Hosted Apps 11.x for Windows Administrator’s Guide

  CTX116424, created Sep 2, 2008, times read: 110,058

• Clients for Windows Administrator’s Guide – 10.x EN

  CTX112190, created Feb 23, 2007, times read: 329,677

• Readme for the Clients 10.x for Windows

  CTX112172, created Mar 16, 2007, times read: 243,897

• Citrix Presentation Server Client 10.0 Fixed Issues EN

  CTX111188, created Feb 23, 2007, times read: 45,011

• Citrix Application Streaming Guide – EN

  CTX112526, created Feb 22, 2007, times read: 114,621

• Client for 32-bit Windows Administrator’s Guide – Version 9.0

  CTX106223, created Apr 26, 2005, times read: 337,044

• Readme for MetaFrame Presentation Server Clients for 32-bit Windows, Version 9.x EN

  CTX105677, created Apr 26, 2005, times read: 116,900

Tools

Tools for XenApp Plug-in for Windows (32/64 Bit)
View all (0 more)
RSS

• Citrix Printing Tool

  CTX122962, last modified Mar 10, 2012 , downloads: 9,495

• Citrix Quick Launch

  CTX122536, last modified Mar 10, 2012 , downloads: 52,581

• SsOnExpert – Single Sign-On XenApp Plug-in Troubleshooting Tool

  CTX124918, last modified Mar 10, 2012 , downloads: 2,199

• Citrix USB Keydrive Toolkit

  CTX112013, last modified Nov 23, 2011 , downloads: 6,600

• Secure Access Client Installation Detection and Removal Tool

  CTX108092, last modified Nov 4, 2011 , downloads: 6,272

• Reader Utility for Program Neighborhood Agent Settings

  CTX118255, last modified Nov 4, 2011 , downloads: 1,941

• Citrix ICA Client Memory Footprint Toolkit

  CTX112014, last modified Nov 9, 2007 , downloads: 1,960

Learning

Citrix Education Courses >>

Escalation Case Studies
View all (7 more)
RSS

• Case Study: Using the Citrix Program Neighborhood Client as a Troubleshooting Utility

  CTX107623, last modified Mar 10, 2012

• Case Study – Ssonsvr Process not Running Intermittently

  CTX124186, last modified Mar 10, 2012

• Case Study: CDE Desktop Shows Illegible Fonts at High Resolution

  CTX106909, last modified Mar 10, 2012

• Certain Users Could Not Print Using the "Print Function" From a Custom Application That Generated Reports Using Adobe Acrobat

  CTX112856, last modified Mar 10, 2012

Presentations
View all (0 more)
RSS

• Presentation Server 4 Print Architecture

  CTX107926, last modified Mar 10, 2012

• Citrix Enterprise Critical Components Case Studies

  CTX105224, last modified Mar 10, 2012

• Preferred Plus/ASC – Access Client Package

  CTX107384, last modified Mar 10, 2012

• Network Troubleshooting

  CTX103701, last modified Mar 10, 2012

Whitepapers
View all (10 more)
RSS

• ICA File Signing

  CTX127730, last modified Mar 10, 2012

• Optimizing Citrix Technology for Operation over Wireless Wide Area Networks

  CTX101602, last modified Mar 10, 2012

• Troubleshooting Guide For Citrix HDX Components

  CTX127188, last modified Mar 10, 2012

• The evolution of the ICA Win32 clients

  CTX103289, last modified Nov 8, 2011

Alliance Partner Whitepapers
View all (0 more)
RSS

• Client/server latency optimizations

  CTX103444, last modified Nov 23, 2011

Consulting Whitepapers
View all (0 more)
RSS

• Customization of the Citrix ICA Web Client

  CTX18185, last modified Nov 4, 2011

• Printing Architecture Solution

  CTX18234, last modified Nov 4, 2011

How 2 Video

How-To Videos
View all (0 more)
RSS

• How to Configure Email Alerting for XenApp Fundamentals

  CTX129633, last modified Mar 10, 2012

Source: Citrix XenApp Plug-in for Windows (32/64 Bit) – Citrix Knowledge Center

Problem Definition

It is not possible to launch applications from Web Interface or from the online plugin.

The following error occurs.
"Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. The Citrix XenApp server you have selected is not accepting connections."

In the farm there are provisioned and non-provisioned servers. Only sessions that launch on the provisioned server are affected.

Troubleshooting Methodology

It was noticed that sessions launched using an ICA client directly on the provisioned servers themselves did not show the problem. However, any session launched from a remote PC did not launch.

It seemed like a networking issue; however, the server was pingable from the remote locations and ports were opened. Indeed sessions launched using the quicklaunch tool from the remote PCs were launched successfully.

Then we checked the ICA file that was generated in Web Interface when launching an application from the remote machine. See below for how to do this.

The file showed the following.

[TSTNA45A User Desktop]
Address=10.0.0.2:1494

The Web interface was showing s the wrong IP address. The address shown was on the internal Provisioning Services network instead of on the production network network where the users reside.

It was then revealed that the provisioned servers were multihomed. The XenApp servers were incorrectly creating ICA files with the internal network address.

Resolution

The solution was to edit the ICA listener so that it listened only on the production NIC. We changed the Network adapter setting from All Network Adapters to the external NIC only.

Now the ICA files generated had external addresses and all users could launch applications.

More Information

CTX122536 – Citrix Quick Launch
CTX124414 – How to Obtain an ICA File Through Citrix Web Interface 5.2

This document applies to:

• XenApp 6.0 for Windows Server 2008 R2

Source: CTX128254 – Case Study: Error: Unable to launch your application. – Citrix Knowledge Center

Symptoms

The following error message appears:

“The server certificate received is not trusted (SSL Error 61).”

This error message suggests that the client device does not have the required root certificate to establish trust with the certificate authority who issued the Secure Gateway server certificate. However, you determine the required root certificate is present and downgrading to an earlier version of the ICA Client resolves the issue.

Cause

SSL Error 61 can occur when the server certificate is not compliant with the instructions in RFC 3280 regarding the Enhanced Key Usage field. According to section 4.2.1.13 of the RFC (Extended Key Usage), if the Extended Key Usage field exists in a certificate, the certificate must be used only for one or more purposes enumerated as values in that field. The relevant portion of RFC 3280 states:

“If the extension is present, the certificate MUST only be used for one of the purposes indicated. If multiple purposes are indicated, the application need not recognize all purposes indicated, as long as the intended purpose is present.”

Citrix Secure Gateway acts as an SSL server, so Server Authentication (1.3.6.1.5.5.7.3.1) must be listed among the designated key uses if any are present. If the Extended Key Usage field is not present in the certificate, the certificate may be considered valid.

Some certificate authorities erroneously issue certificates that contain only the following key usage extensions that indicate support for server-gated cryptography (SGC):

Unknown Key Usage (2.16.840.1.113730.4.1)

Unknown Key Usage (1.3.6.1.4.1.311.10.3.3)

These extensions are intended as a signal to Netscape and Internet Explorer Web browsers that they should negotiate 128-bit encryption regardless of the normal capabilities of the client. They have no effect on the ICA Client. When these two values are the only items listed in the Enhanced Key Usage field, the certificate is in violation of RFC 3280 and should be rejected by SSL clients seeking server authentication.

Note: Not all SGC-compliant certificates are missing the Server Authentication value and not all invalid certificates are SGC compliant.

The failure on the part of earlier ICA Clients to reject a certificate of this nature is a security vulnerability that was corrected in Version 7.0 or newer of the ICA Client.

Resolution

If you are an End User and have a System Administrator or Help Desk, you should refer this problem to them directly.

Download or obtain the SSL root certificate .crt/.cer file issued by your SSL certificate provider. Double-click on it, and choose "Install Certificate"’

This process pairs your client machines with the server machine, and is necessary if you do not use a certificate verified by a commercial SSL certificate provider. Most commercial providers arrange to have their certificates pre-installed on machines through an agreement with the operating system creator. (Microsoft, Apple, etc.)

The system administrator may also need to contact the certificate authority who sold the faulty certificate and inform them that your certificate is in violation of RFC 3280. Ask them to issue a new certificate that contains the following key usage value in addition to any other required values:

Server Authentication (1.3.6.1.5.5.7.3.1)

After you receive an updated certificate with the correct usage fields listed, replace the certificate on your Secure Gateway server using the MMC Certificates snap-in.

More Information

Error Message: This Security Certificate Was Issued by a Company that You Have Not Chosen to Trust – http://support.microsoft.com/kb/297681/en-us

This document applies to:

• Secure Gateway 1.x
• Secure Gateway 3.0
• Secure Gateway 3.1
• Secure Gateway 3.2
• Secure Gateway 3.3
• Secure Gateway for MetaFrame 2.0
• XenApp Plug-in for Windows (32/64 Bit)

Source: CTX101990 – The server certificate received is not trusted (SSL Error 61) – Citrix Knowledge Center

Summary

This article contains information about some of the Secure Socket Layer (SSL) related error messages that an Independent Computing Architecture (ICA) client might return when attempting to connect to a MetaFrame server or published application using SSL. Additionally, the article contains the respective resolution for the error messages.

Refer to CTX113309 – Citrix Client SSL Error Codes for the various SSL error codes.

Various SSL Related Error Messages and the Resolution for the Same

The following is the list of some of the SSL-related error messages that an ICA client might return when attempting to connect to a MetaFrame server or published application using SSL:

• Error Message: Troubleshooting SSL Error 4 with Secure Gateway
  Resolution: Refer to CTX105390 – Troubleshooting SSL Error 4 with Secure Gateway
• Error Message: SSL security context is invalid or expired (SSL 15).
  Resolution: Upgrade the Win32 ICA client to version 6.30.1050 or later.
• Error Message: Cannot connect to the Citrix MetaFrame server. There is no route from the Citrix SSL Relay to the specified subnet address (SSL error 37).
  Resolution: Refer to CTX103203 – Error: Cannot connect to the Citrix MetaFrame server. There is no route from the Citrix SSL Relay to the specified subnet address (SSL error 37).
• Error Message: SSL Error 37: The proxy could not connect to ;10; (STA server);(sid) port 1494”
  Cause: This problems seems to occur only when the XenApp server and ICA Client are using different DNS servers
  Resolution: Enabling XML Service DNS address resolution allows a XenApp server to return the Fully Qualified Domain Name (FQDN) to ICA Clients using the Citrix XML Service
• Error Message: The Citrix SSL Relay sent a close alert (SSL Error 43)” or SSL Error 4.
  Resolution: Refer to the following Knowledge Center articles:
  CTX101685 – �The Citrix SSL Relay sent a close alert (SSL Error 43)� or SSL Error 4
  CTX116743 – Error: Cannot connect to the Citrix Presentation Server. SSL Error 43
• Error Message: The Remote SSL peer sent a bad certificate alert. (SSL Error 49).
  Resolution: Upgrade the Macintosh ICA client to version 6. 20.142.
• Error Message: The remote SSL peer sent an unrecognized alert (SSL Error 55)….Error : 132
  Reason: The SSL Error 55 is caused by an invalid certificate or a missing root certificate.
  Resolution: Install an appropriate certificate.
• Error Message: Security alert: The name on the security certificate does not match the name of the server (SSL error 59).
  Reason: The ICA Client is attempting to connect to the server using its NetBIOS name, IP address, or a fully-qualified domain name (FQDN) that does not match the subject of the server’s certificate. To connect successfully, the ICA Client must connect using the DNS name of the server exactly as it appears on the server certificate.
  Resolution: In the NFuse scenarios, you must set AddressResolutionType=dns or dns-port in nfuse.conf and enable DNS name resolution on the farm properties panel in the Citrix Management Console. Refer to the following documents for more information about DNS name resolution:
  Page 65 of the Administrator’s Guide for MetaFrame XP with Feature Release 1.
• CTX113264 – SSL Error 59: The Security Certificate and the SSL Connection Does Not Match When Reconnecting Applications Through Advanced Access Control
• CTX113568 – Error: SSL error 59 … When Connecting to Web Interface and Secure Gateway Through Presentation Server Client 10.0
• CTX114315 – Case Study: When Accessing a Secure Gateway Site Using the MAC Intel Client, Users Receive an SSL 59 Error Message
• Error Message: Any of the following error messages:
• The server certificate received is not trusted (SSL error 61).
• Cannot connect to the Citrix (XenApp or Presentation) Server.
• SSL Error 61: You have not chosen to trust “Common”, the issuer of the server’s security certificate.
• The following are the probable reasons for these error messages:
• The required Certificate Authority (CA) Root certificate is not installed on the client device.
• If the server certificate was issued by an intermediate certification authority, the Win32 ICA Client version 6.20.985 does not connect using SSL. This is a client-side issue that affects the 32-bit ICA Client Version 6.20.985 connecting through the Citrix SSL Relay Service or Citrix Secure Gateway.
• The validity of the server certificate presented also relies on the client date and time. The SSL error 61 has is also displayed if the client time is outside the validity period (date time stamp) of the server certificate.
• Administrator might have configure Citrix Secure Gateway to have the client log in to the Web Interface site, which then redirects the client to the Citrix Secure Gateway appliance after the application has started. The Secure Gateway appliance proxies the connection. If DNS is not correct, the client machine might be directed or resolved to a site that it actually does not trust. When directly accessing the Citrix Secure Gateway Server from the client machine, the client displays the following security alert:

If you display the certificate, it indicates that it was not from the Citrix Secure gateway site.

Resolutions: The following are the probable resolutions for these error messages:

• Refer to CTX101990 – The server certificate received is not trusted (SSL Error 61)
• If you are using a well-known public certification authority, such as VeriSign, Baltimore, Thawte, or RSA, then the required root certificate already exists on the client devices running a recent copy of Windows. However, if you either are using your own certificate server to generate server certificates or a trial certificate from a CA, you need to install the CA Root certificate on all client devices for them to connect. For more information about CA Root certificates and the necessity of the same, refer to the white paper CTX16830 – Using the Citrix SSL Relay.
• If the issue related to the client-side affecting the 32-bit ICA Client Version 6.20.985 connecting through the Citrix SSL Relay Service or Citrix Secure Gateway is resolved in versions 6.20.986 and later of the Win32 ICA Client. You can download the latest version of the Win32 ICA client from the Citrix Web site.
• If the issue related to the client date and time being invalid, then adjust the client time to reflect the current and date.
• For the DNS resolution issue, ensure that the DNS is properly configured between the client computer and the FQDN of the Citrix Secure Gateway Server.

• Error Message: The connection was rejected. The SSL certificate is no longer valid. Please contact your Citrix Administrator (SSL error 70).
  Reason: The server certificate installed on the MetaFrame server is not yet valid or has expired. A common problem observed when using Microsoft Certificate Services to generate digital certificates in-house is that the period of validity might not begin until the day after the certificate is generated.
  Resolution: The SSL server certificates typically have a fixed set of valid dates. The system clock of the client devices as well as the server must be set to a time that falls within that range for an SSL connection to succeed. To determine the validity date of your server certificate, double-click the certificate file and notice the Valid from and Valid to fields.
• Error Message: On the Macintosh computer, one or more of the root certificates in the keystore are not valid (SSL error 73).
  Reason: The Macintosh root certificate might to be in a CER format.
  Resolution: The Macintosh certificates need to be in a DER format with the .crt extension. If the root certificate is copied properly to the keystore/cacerts folder and the user still gets this error when trying to connect, then refer to CTX104638 – Error: One or more of the certificates in the keystore directory are not trusted (SSL Error 73) to resolve the issue.
• Error Message: SSL Error 82: The Security certificate (TheNameOfYourCertificateAuthority) is not suitable for use in SSL connections. Reason: Unsuitable Netscape Usage Extension field.
  Resolution: Refer to CTX113002 – SSL Error 82: The Security certificate (TheNameOfYourCertificateAuthority) is not suitable for use in SSL connections. Reason: Unsuitable Netscape Usage Extension field.
• Error Message: Cannot connect to the Citrix (XenApp or Presentation) Server. There in no Citrix SSL server configured on the specified address.
  Resolution: Refer to CTX115468 – Error: Cannot connect to the Citrix Presentation Server. There is no Citrix SSL server configured on the specified address..
• Error Message: Cannot connect to the Citrix (XenApp or Presentation) Server.
  The Citrix SSL Server you have selected is not accepting connections.
  Reason: The Citrix server default port number might have been changed from 1494 to another port number.
  Resolutions: The following are the probable solutions for this issue:
• Ensure that the ipv4-port address resolution is configured on the NFuse server.
• Refer to CTX104490 – Secure Gateway Does Not Support the Session Reliability Feature in Relay Mode
• Check and ensure that the wfclient.ini file has the appropriate ProxyType=Auto setting.
• Ensure that the STA UID listed in the Access Management Console and Secure Gateway Configuration Wizard is valid. An in-place upgrade of Presentation Server 4.0 to Presentation Server 4.5 or XenApp 5.0 modifies the UID value in the CTXSTA.config file. Reconfigure a valid STA using the Secure Gateway Configuration Wizard and the Access Management Console.
  Note: For Presentation Server 4.0 and later, append the :<port number> entry for the XML Service port, which must match the STA port.
• Use other standard troubleshooting methods, such as telnet, to ensure that the port 1494 is open between the Secure Gateway or Access Gateway and the XenApp or Presentation servers.
• Apply the Hotfix SGE300W008 – For Citrix Secure Gateway 3.0 Hotfix.

More Information

Refer to CTX108361 – The Access Suite Console for Advanced Access Control Shows Different STAs Using the Same STA ID for more information.

This document applies to:

• Access Gateway 4.2
• Access Gateway 4.5 Standard Edition
• Access Gateway 4.6 Standard Edition
• Secure Gateway 1.x
• Secure Gateway 3.0
• Secure Gateway 3.1
• Secure Gateway for MetaFrame 2.0
• XenApp Plug-in for Windows (32/64 Bit)

Source: CTX711855 – Common SSL Error Messages, and Respective Cause and Resolution – Citrix Knowledge Center

To install the profiler

For best results, use the Windows uninstall program to remove any previous version of the Citrix Streaming Profiler.

Important: Before you install the profiler, refer to the system requirements for application streaming for the supported platforms and system prerequisites.

1. On the workstation you want to use to profile applications:

· Insert the installation media, and in the autorun window, choose Browse Media to locate the Application Streaming Profiler folder and run CitrixStreamingProfiler.exe.

· Navigate to the Citrix Web site for Downloads and locate the most current version of the profiler and offline plug-in for application streaming.

2. Choose a language for the installer interface and complete the installation wizard.

3. After installation, restart the workstation.

Source: To install the profiler – Citrix eDocs

This error usually happens if the server is unable to contact the RDS Licensing server that it’s configured to contact.  Most probably cause would be that your system might have lost the domain trust or part of a different domain while this error happens.

I encountered this scenario when I rejoined my App RDS/terminal server to the domain as it lost it’s domain trust but haven’t rebooted the after rejoining the domain. 

Log Name:      System
Source:        Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date:          3/21/2012 3:11:55 PM
Event ID:      1061
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      TestSRV002
Description:
Remote Desktop Session Host server was unable to retrieve users Licensing information from AD. Error 0x8007054b

 

C:\>err 0x8007054b
# as an HRESULT: Severity: FAILURE (1), Facility: 0×7, Code 0x54b
# for hex 0x54b / decimal 1355 :
  ERROR_NO_SUCH_DOMAIN                                          winerror.h
# The specified domain either does not exist or could not be
# contacted.
# 1 matches found for "0x8007054b"

C:\>

For more possible scenarios of this issue occurrence refer to

Event ID 1061 — Terminal Services Client Access License (TS CAL) Availability

Error:

—————————
Remote Desktop Connection
—————————
An authentication error has occurred.
The Local Security Authority cannot be contacted

Remote computer: <IP-Address/Hostname>
—————————
OK  
—————————

When attempting to establish a remote desktop connection using RD client (mstsc….

When attempting to establish a remote desktop connection using RD client (mstsc.exe) to a Remote Desktop server which is running Windows Server 2008 R2, you may encounter any of these messages:
The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.
Or
An authentication error has occurred.
The Local Security Authority cannot be contacted

Back to the top

CAUSE

Generally this error message points to network congestions prohibiting a secure…

Generally this error message points to network congestions prohibiting a secure connection to the RD server. However, this error message may also appear if RD Server is configured for secure connections using TLS and TLS is not supported at the client (source machine) attempting the RDP connection.

Back to the top

RESOLUTION

Remote Desktop in Windows Server 2008 R2 offers three types of secure connection…

Remote Desktop in Windows Server 2008 R2 offers three types of secure connections:
Negotiate: This security method uses TLS 1.0 to authenticate the server if TLS is supported. If TLS is not supported, the server is not authenticated.
RDP Security Layer: This security method uses Remote Desktop Protocol encryption to help secure communications between the client computer and the server. If you select this setting, the server is not authenticated.
SSL: This security method requires TLS 1.0 to authenticate the server. If TLS is not supported, you cannot establish a connection to the server. This method is only available if you select a valid certificate.
To resolve the issue, change the remote desktop security on the RD server to RDP Security Layer to allow a secure connection using Remote Desktop Protocol encryption. Below are the steps:
1. Navigate to Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
2. With RD Session Host Configuration selected view under Connections.
3. Right click RDP Listener with connection type Microsoft RDP 6.1 and choose Properties.
4. In general tab of properties dialog box under Security, select RDP Security Layer as the Security Layer.
5. Click OK.
Note: This setting does not need a restart of the Server or Remote Desktop Service.

Back to the top

MORE INFORMATION

You may also see Event ID 56 with source TermDD in the system event logs on the…

You may also see Event ID 56 with source TermDD in the system event logs on the RD server for every unsuccessful RDP attempt.

Back to the top

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use (http://go.microsoft.com/fwlink/?LinkId=151500) for other considerations.

Back to the top

APPLIES TO

• Windows Server 2008 R2 Enterprise
• Windows Server 2008 R2 Enterprise without Hyper-V
• Windows Server 2008 R2 Standard
• Windows Server 2008 R2 Standard without Hyper-V

Source: RDP connection to Remote Desktop server running Windows Server 2008 R2 may fail with message ‘The Local Security Authority cannot be contacted’.

Error:

An Error occurred while making the requested connection.

Troubleshooting:

1. Check eventvwr of Citrix web interface for the farm where the application is installed.
2. You might see errors like below:

Log Name:      Application
Source:        Citrix Web Interface
Date:          3/15/2012 9:13:51 AM
Event ID:      30107
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      TESTSRV1.TESTLAN.LAN
Description:
Site path: C:\inetpub\wwwroot\Citrix\XenApp.

The Citrix servers reported that they are too busy to provide access to the selected resource. This message was reported from the XML Service at address http://TESTSRV1:80 [com.citrix.xml.NFuseProtocol.RequestAddress].  [Unique Log ID: 999bcc67]

3. Check the load on the reported server using “qfarm /load” command
4. If you don’t see the server listed there then the Citrix XenApp on that server isn’t communicating it’s load to the farm DS.
5. You need to have the reported server rebooted to get this resolved.
6. In case, you have “Citrix Health Monitoring and Recovery” service running it’s possible that it can remove the app server from the load balance table that causes not to assign any sessions to this APP server again.

Log Name:      Application
Source:        CitrixHealthMon
Date:          3/15/2012 9:27:31 AM
Event ID:      2005
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      TESTAPPSRV1.TESTLAN.LAN

Description:
Test threshold reached for the test XML Service test. The action to Remove server from load balance table will now be performed. The test is assumed to be in a failed state, and no more failure messages will be returned. An information message will be sent when the test is passed.
Debug Information:
Test failure 1. Error code: 25
** The previous test result was repeated 3 more time(s). **
Test failure 5. Error code: 25

 

7. In that case, disable the “Citrix Health Monitoring and Recovery” service and have the server rebooted again to let it participate in the Citrix load and get sessions created.

Fix:  Restart the IMA service if no go, Rebooted the reported server.

Consider the following scenario:

• You have a computer that is running Windows Server 2008 R2 or Windows 7.
• An application or service uses Winsock API or Winsock Kernel API to make network connections on the computer.

In this scenario, the application or service randomly stops responding.
For example, consider the following scenario:

• You install the Remote Desktop Services role on a computer that is running Windows Server 2008 R2.
• You run Citrix XenApp 6 on the computer. The application uses Winsock Kernel API to make network connections.

In this scenario, the XenAPP randomly stops responding when this issue occurs. Additionally, you experience the following symptoms:

• Users cannot make new remote desktop connections to the computer.
• The following event is added to the system event log:

  Source: Service Control Manager
  Date: <date & time>
  Event ID: 7011
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: <computer name>
  Description:
  A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

Back to the top

CAUSE

This issue occurs because of a race condition in the TCP/IP driver (tcpip.sys)….

This issue occurs because of a race condition in the TCP/IP driver (tcpip.sys).

Back to the top

RESOLUTION

Hotfix information A supported hotfix is available from Microsoft. However, this…

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website:

http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)

Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must be running one of the following operating systems:

• Windows Server 2008 R2
• Windows Server 2008 R2 Service Pack 1 (SP1)
• Windows 7
• Windows 7 Service Pack 1 (SP1)

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

Windows 7 and Windows Server 2008 R2 file information notes

Important Windows 7 hotfixes and Windows Server 2008 R2 hotfixes are included in the same packages. However, hotfixes on the Hotfix Request page are listed under both operating systems. To request the hotfix package that applies to one or both operating systems, select the hotfix that is listed under "Windows 7/Windows Server 2008 R2" on the page. Always refer to the "Applies To" section in articles to determine the actual operating system that each hotfix applies to.

• The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

  Collapse this tableExpand this table

  Version
  Product
  Milestone
  Service branch

  6.1.760 0. 20xxx
  Windows Server 2008 R2 and Windows 7
  RTM
  LDR

  6.0.760 1. 21xxx
  Windows Server 2008 R2 and Windows 7
  SP1
  LDR

• The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows 7 and for Windows Server 2008 R2" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are very important for maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that ar…

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Back to the top

MORE INFORMATION

For more information about Winsock Kernel, visit the following Microsoft Develop…

For more information about Winsock Kernel, visit the following Microsoft Developer Network (MSDN) website:

General information about Winsock Kernel (http://msdn.microsoft.com/en-us/library/ff571084(v=VS.85).aspx)

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 (http://support.microsoft.com/kb/824684/ ) Description of the standard terminology that is used to describe Microsoft software updates

APPLIES TO

• Windows Server 2008 R2 Enterprise
• Windows Server 2008 R2 Datacenter
• Windows Server 2008 R2 for Itanium-Based Systems
• Windows Server 2008 R2 Foundation
• Windows Server 2008 R2 Standard
• Windows Web Server 2008 R2
• Windows 7 Enterprise
• Windows 7 Home Basic
• Windows 7 Home Premium
• Windows 7 Professional
• Windows 7 Starter
• Windows 7 Ultimate

Source: An application or service that uses Winsock API or Winsock Kernel API may randomly stop responding in Windows Server 2008 R2 or in Windows 7

When you use a Citrix XenApp application on a Windows Server 2008-based computer, you notice that the logoff screen is displayed when you close the application.

Back to the top

CAUSE

Because of the architectural changes to WinLogon and the LogonUI in Windows Serv…

Because of the architectural changes to WinLogon and the LogonUI in Windows Server 2008, the "DisableStatusMessage" registry setting is no longer available. When you run Citrix XenApp applications on earlier versions of Windows Server, you can disable the logoff screen by setting the "DisableStatusMessage" registry setting in the following registry key to a value of 1:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

Back to the top

WORKAROUND

To prevent Citrix Seamless applications from displaying the logoff screen when y…

To prevent Citrix Seamless applications from displaying the logoff screen when you close the application, implement a logoff script by using a Group Policy setting that runs a batch file with the following command:

tsdiscon %SESSIONNAME%

After you do this, the terminal server will disconnect the session at the time of logoff and prevent the logoff screen from being displayed. However, the terminal server will continue to process the logoff action in the background.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Back to the top

APPLIES TO

• Windows Server 2008 Datacenter without Hyper-V
• Windows Server 2008 Enterprise without Hyper-V
• Windows Server 2008 for Itanium-Based Systems
• Windows Server 2008 Standard without Hyper-V
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard

Source: The logoff screen is displayed when you close a Citrix XenApp application on a Windows Server 2008-based computer