Showing posts with label SECPOL. Show all posts
Showing posts with label SECPOL. Show all posts

Monday 27 April 2015

Unable to Change Citrix XenApp Farm

This issue occurred to me a few years back, when we started enrolling Windows Server 2008. When I tried to change my Citrix XenApp server to another farm, CHFARM.exe crashed and I could not do it. Because I was using GUi rather than command line during that time, so I could capture below detail.


I did not have any issues in changing farm for XenApp in Server 2003, and my home lab (with Windows Server 2008) also gave a positive result. As I only can see this error on Server 2008 (security permission on my home lab was more relaxed - UAC disabled) and but not on Server 2003 (and my home lab), thus to me it was safe to narrow down the root cause to security permission on Server 2008 (to be exact : User Acess Control) that cause the problem.

Issues :
CHFARM crashed in the middle of changing Citrix XenApp farm (on Windows Server 2008).
Troubleshooting 
  1.  RDP to the server, launch RUN, type secpol.msc, and press OK.


  2. (First hint) At this window, click at I want to complete this action.


  3.  Press Control+Alt+End at your keyboard to proceed.


  4. Click at Continue.


  5. Local Security Policy window appeared. Browse to Security Settings > Local Policies > Security Options


  6.  Look for this option, you will find it Enabled
    Option : User Account Control: Run all administrators in Admin Approval Mode

Resolution :
**Depending on you organization security policies, you may want to consult with your Security team first before performing these steps.

  1.  Right click at the option, and click on Properties


  2.  From Enabled, change it too Disabled. Press Apply and OK. Reboot the server before proceed to change the XenApp farm. You may want to re-enable it once done.


  3.  This explains in detail on the options. Note that Microsoft already stated that changing this setting requires a system reboot.
 p/s : You may find the option set to Not Configured. Try to check GPO applied to the server.
Share:
           , , , , , ,       No comments    

Thursday 10 July 2014

Task Scheduler Error - An Error has occurred for task . The following error was reported: A specific logon session does not exist. It may already have been terminated.

A few days ago I created a script to do some little, tiny checking on my servers. My plan was to create a Task Scheduler so that script can be executed periodically. But (yeah, there is always a but), I encountered an error. If we look carefully at the error, it did not mentioned about Securty or policy setting, but I know it must related to UAC.

Issues :

 Receive error when configuring Task Scheduler :


An Error has occurred for task <Task Name>. The following error was reported: A specific logon session does not exist. It may already have been terminated.
Troubleshooting 
  1.  Go to Start > Administrative Tools > Click at Task Scheduler

  2.  Browse to Task Scheduler (local) > Task Scheduler Library

  3.  Right click at the specific Task Scheduler > choose Properties

  4.  At General tab, the radio box " Run whether user is logged on or not " is enabled. Which means, the setting is okay.

  5.  Further checking, go to Start > Run, type secpol.msc and press Enter.

  6.  Browse to Security Settings > Local Policies > Security Options

  7.  Check on this setting, it is Enabled.




Resolution :
  1.  Right click at the above mentioned setting, and choose Properties

  2.  Click at Disabled, press Apply and OK.


  3.  Perform gpupdate /force to refresh policy update.
Share:
           , , , , , ,       No comments