The Trust Relationship Between This Workstation and The Primary Domain Failed

This is one of the common issue happen to PVS environment, IF the environment is not properly configured. The trust relationship will failed, if the password expiration days is  set below than computer account password updates. For example, if you set the password to be expired in 5 days, and computer account password updates set for 7 days, the password will then expired 2 days before renewal. Therefore, either disable password expiration, or properly set these 2 options according to Corporate Security policy.

Issues :

PVS : The Trust Relationship Between This Workstation and The Primary Domain Failed

Troubleshooting 

1.  Accessed to the VDA, could not authenticate using domain ID. 
2. Convert the VDA to Private mode / Create new version under Maintenance mode, unjoined and rejoined to domain. Put the VDA to Standard Mode / promote to Production, issue persisted.

Resolution :

1.  Shut down the target device.
   
   
   
   
2.  Right click at it, go to Active Directory > and choose Reset Machine Account Password...
   
   
   
   
3.  Correctly choose Domain as well as the Organization Unit, and press Reset Account
   
   
   
   
4. Resetting target device
   
   
   
   
    
5.  Target Device successfully reset
   
   
   
   
6.  Bring up the target device and try again.
   

Read More

How To : StoreFront Factory Reset / Rejoin Citrix StoreFront to Server Group

In some situations, you may need to unjoin a StoreFront server from an existing server group, and join the server to a different server group. However, after you remove it, there is no option to add it back. You will see this screen at your StoreFront server.

So, what it The easiest way? Reinstall StoreFront!. 

However, there is another cool way to do this, especially if you want to show off in front of your customers (no, I have never done this), or if you want to flaunt your expertise in front of your juniors (never done this as well).

Description :
StoreFront Factory Reset / Rejoin Citrix StoreFront to Server Group


How To Do :

1.  Close all opened / active Storefront consoles. You will get error if there is active session. Launch PowerShell as Administrator.
   
   
   
   
   
2.  Type asnp Citrix*
   
   
   
   
   
3.  Browse to %Program Files%\Citrix\Receiver StoreFront\Scripts
   
   
   
   
4.  Run ImportModules.ps1
   
   
   
   
5.   Modules imported
   
   
   
   
6. Run this command : Clear-DSConfiguration
   
   
   
   
7. Command completed.
   
   
   
   
8.  Close PowerShell, and launch StoreFront. You will get the option to join to existing server group back.
   

Reference :

• http://support.citrix.com/article/CTX200239

Read More

Disabling drive mapping on Server 2008

In previous post, I mentioned on how to disable drive mapping on Server 2003 via GPO. In this post, I will show on how to disable drive mapping on server 2008.

Description :
Disabling drive mapping on Server 2008


How To Do :

1.  Access to GPMC, edit the intended GPO. Browse to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection
   
2. Click at ' Do not allow drive redirection '. That is our target setting
   
3. Right click at it, and press Edit
   
4.  Choose Enabled, press Apply and OK.
   
5.  You can double confirm the setting by checking at ICA-TCP and RDP-TCP Properties. They are now checked, and grayed out.
   
   
   
   
6. And this is the explanation by Microsoft on the GPO setting.
   

Read More

Unable to Join Computer To Domain : The domain controller does not meet the version requirement for this operation

Few weeks ago, I had to un-join and rejoin one of my VM to our domain. Unjoin from the domain, checked. Rejoin to the domain, failed?? I know some of you may feel like "heh? is it that hard?" So no, it is not hard at all, but this was my first time I got below error (no screenshot, I forgot to capture one!)

Issues :

ERROR : The domain controller does not meet the version requirement for this operation.

But before the error prompted, I needed to key in my Domain Admin credential, which (1) I am pretty sure it was correct, and (2) it means my VM was connected to the network, and able to talk to Domain Controller.

Troubleshooting :

 I tried to join to domain using command line as below :

Read More

How To Change NetBIOS Name of A Computer

So yes... After 4 months without new contents, so I started with this. It looks easier to do (well, it is), but before you do that, you may want to read this to understand the difference between hostname and netBIOS, then starts to explore on when to use them, their limitations etc etc. I won't discuss here (or maybe not today). So let's back to the topic.

 Description :
Changing NetBIOS Name of A Computer.

ComputerName :

NetBIOS :

How To Do :

1.  Go to Start > Run, and type REGEDIT
2.  Browse to Computer > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > ComputerName > ComputerName
   
   
   
3. At the right side, double click at ComputerName string, and put correct Value data. Press OK.
   
4.  Then you will get this
   
5. Reboot your computer / VM.
6. Once it is up, double check your netBIOS name. New name shall be reflected
   

Read More

Disable Local Drive Mapping On Windows Server 2003

This post will show on how to disable local drive mapping via GPO for Windows Server 2003 environment. Considering GPO will take precedence over Citrix policy, this setting will work on both RDP and ICA sessions.

Description :
Disable local drive mapping via GPO (the same setting can be applied to local policy too)

How To Do :

1. Open your Group Policy Object, and browse to this setting ( Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Client/Server data redirection 
   
   
   
   
2.  Let's focus on Do not allow drive redirection. Right click at it, and click at Properties
   
   
   
   
3.  Choose Enabled, press Apply and OK.
   
   
   
   
   
   
4.  This will be the outcome.
   
   
   
   
5. This is the explanation on this setting by Microsoft.  
   
   
   
   
6. Drive mapping is now disabled, and users are not able to change it.
   
   

Read More

Unable to Change Citrix XenApp Farm

This issue occurred to me a few years back, when we started enrolling Windows Server 2008. When I tried to change my Citrix XenApp server to another farm, CHFARM.exe crashed and I could not do it. Because I was using GUi rather than command line during that time, so I could capture below detail.

I did not have any issues in changing farm for XenApp in Server 2003, and my home lab (with Windows Server 2008) also gave a positive result. As I only can see this error on Server 2008 (security permission on my home lab was more relaxed - UAC disabled) and but not on Server 2003 (and my home lab), thus to me it was safe to narrow down the root cause to security permission on Server 2008 (to be exact : User Acess Control) that cause the problem.

Issues :

CHFARM crashed in the middle of changing Citrix XenApp farm (on Windows Server 2008).

Troubleshooting 

1.  RDP to the server, launch RUN, type secpol.msc, and press OK.
   
   
   
   
2. (First hint) At this window, click at I want to complete this action.
   
   
   
   
3.  Press Control+Alt+End at your keyboard to proceed.
   
   
   
   
4. Click at Continue.
   
   
   
   
5. Local Security Policy window appeared. Browse to Security Settings > Local Policies > Security Options
   
   
   
   
6.  Look for this option, you will find it Enabled
   Option : User Account Control: Run all administrators in Admin Approval Mode
   
   
   
   

Resolution :


**Depending on you organization security policies, you may want to consult with your Security team first before performing these steps.

1.  Right click at the option, and click on Properties
   
   
   
   
2.  From Enabled, change it too Disabled. Press Apply and OK. Reboot the server before proceed to change the XenApp farm. You may want to re-enable it once done.
   
   
   
   
3.  This explains in detail on the options. Note that Microsoft already stated that changing this setting requires a system reboot.
   

 p/s : You may find the option set to Not Configured. Try to check GPO applied to the server.

Read More