Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is this a TS or Citrix problem?

Status
Not open for further replies.

KungFuKris

Technical User
Sep 5, 2005
19
GB
I installed and configured Citrix Metaframe Presentation server on a 2003 server (initially using the 120 days grace on my TS licences). Have set it up to publish a desktop, all worked fine using grace period licence, as soon as I've installed my TS Licences, and come to setup permissions to use TS, it's all fallen apart!

Even if I forget about Citrix, and just try and create a TS session, I get the following two errors...

"The desktop you are trying to open is available only for Administrators. Yada yada yada check with your administrator"

and...

"To log on to this remote computer, you must have Terminal Server User Access Permissions on this computer. By default the RDU group has these...etc."

I have put my test user account into the RDU (Remote desktop Users) group to no avail, I've checked the Permissions tab in TS Config and all looks AOK. I've enabled the right to log on through TS in the Group policy editor (does this need to be done on the client too...?). My licenses are definitely there and are set to per user.

All works ok if I log in as Administrator, in Citrix too, but obviously I can't have remote users changing settings on the TS and Citrix server now can I?

Up against the clock on this one, have to get this done by Friday, and am close to giving up!

Please help!

Cheers,

Chris
 
Check your Terminal Server installation. It sounds like you have it set for Remote Administration mode instead of Application Server mode, which is why you have joy when logging in as admin.
 
Cheers!

Where do I check that? Can't see any settings in TS Config or TS Manager.

I have un-installed TS, and re-installed it, and have seen no options to choose either of the modes you mention...?

 
In Add/Remove programs - Windows components, I can see a component titled "Application Server" in the list.

I take it that's it?
 
Another thing that may well be relelvant, I am using an NT4 server as the DC.
 
I've run into a problem where on a Win2k3 server we could not add user groups because of the NT 4.0 domain.

Everytime we would add them to the Remote Desktop Users it would kick out without saving.
You mentioned that you were able to add them but just double-check that they are there.

We had to add them to the Remote Desktop Users group via the command prompt.

I would try this just for the heck of it and see what it does.

net localgroup "Remote Desktop Users" "YOUR USER GROUP" /ADD

Hope that helps.

 
KungFu, "Application Server" option is dead-on for what I'm talking about.
 
Tried that enigma99, and it says "The specified account name is already a member of the local group". Tried removing them, then re-adding them using CMD then trying to connect but get the same two errors.

lb63640, can you be a little more specific in your posts please, I don't really understand what you're trying to say in your last post, do you mean it looks like Application Server is installed on my server? Or that it should be clearly seen from TS Config?

I have AD set up on my new 2003 DC (which isn't live yet), gonna try and set my 2003 TS server up on a dummy network with that DC today, see if the problem is having an NT4 DC.

Any other ideas people?
 
Ok, so, I've tried it all again on a 2003 DC and get exactly the same errors!

 
kungfukris,
I think what lb63640 is talking about is remote administration vs application mode for terminal services.

If you just enable remote connection on the remote tab in Windows 2k3...it puts it in remote administration. If you install it from the control panel...it puts it into the application mode.

Here are some articles I found but I don't know if they will help you out.

 
Kungfu,

My point is that I think you installed Terminal Services in Remote Administration mode. Terminal Services must be in Application Server mode in order for your users to be able to successfully connect to your server and do their work. An important caveat here is that I am only familiar with W2K; the scenario may be different with 2003.

See this MS article:
Enabling Terminal Services in Application Server Mode
To enable Terminal Services in Application Server mode on the domain controller, the information technology (IT) administrator logs on to server as the administrator and performs the following procedures.

To enable Terminal Services: 1. Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
2. Click Add/Remove Windows Components to start the Windows Components Wizard. In the Components list, to add or remove a component, click to select a check box. A shaded box indicates that only part of the component will be installed. Select the Terminal Services check box, and then click Next.
3. In the Windows Components Wizard with Terminal Services selected, click Details to see what is included in the component. You will see the two following sub-components: • Client Creator Files - Enables the creation of installation floppy disks for Terminal Services Client computers.
• Enable Terminal Services - Enables the Terminal Services software on your computer.

4. Click Next to continue.
5. On the next screen, you are prompted to install Terminal Services to run in one of two modes: • Remote Administration - This mode permits two Terminal Services client connections to the server. This mode does not require licensing, but allows only members of the Administrators group to access the server. This is an excellent choice for non-Terminal Services servers, to enable remote control-type access to remote servers.
• Application Server - This mode permits more than two simultaneous connections by non-administrators, but requires the Terminal Services Licensing service to be installed on a domain controller (for which you can use any server in a workgroup environment). A Terminal Services Client Access License is also required for non-Windows 2000 Professional clients.

NOTE: Terminal Services Licensing is a required component that licenses clients on a Terminal server in Application Server mode. For computers that are in a Windows 2000 domain, Microsoft recommends that you do not enable Terminal Services Licensing on the same computer with Terminal Services.

6. In Terminal Services Setup, verify that Application Server mode is selected, and then click Next.

NOTE: In Terminal Services Setup, you may see programs listed that will not work properly when Terminal Services is enabled. You need to reinstall these programs for multisession access by using the Add/Remove Programs tool after you enable Terminal Services.
7. In the next screen, click the appropriate option to specify whether you want permissions to be compatible with Windows 2000 Users or with Terminal Server 4.0 Users. Use the Permissions compatible with Windows 2000 Users option for the most secure environment in which to run applications.
8. In Terminal Services Licensing Setup, specify whether you want the license server to serve your entire enterprise or your domain/workgroup, and then provide the directory location for the database. Wait for the installation to finish, and then click Finish. In the Add/Remove Programs window, click Close.
 
No, I think it must be different in 2003. I installed TS through Add/Remove Programs, Windows Components, and I didn't see any options for Application Server. Guys with more 2003 experience correct me if I am wrong...?

So, is it not relevant that I have "Application Server" Listed in the Add/Remove Programs, Windows components as being already installed?
 
kungukris,
Please look at my last post.
The install is differnet in Windows 2003.

To configure for REMOTE ADMINISTRATION do the following:
1. Right-click my computer and go to properties.
2. While in the properties screen click on the "Remote" tab.
3. At the bottom of the page where it says "Remote Desktop" you can choose that option.

To configure for APPLICAITON MODE do the following:
1. click on the Start button.
2. Go to Settings-Control-Panel.
3. Go to Add/Remove programs and choose the Add/Remove Windows componens.
4. Scroll down to the bottom and choose "Terminal Server".
5. Finish the wizard and that will put your terminal server in applicaiton mode.


 
I did install through Add/Remove Prgs, and it didn't prompt me to select any kind of mode.

 
FANTASTIC!!! Cheers TallOne! :D :D :D

finally, a relevant answer!

I must say though, the fix ("Resolution - To allow users to connect with an RDP connection, clear Only launch Published Applications under the Advanced Connection settings of the RDP-TCP listener.") could be expanded on slightly. I can't find that screen and the Citrix page doen't tell you where to look for it.

I have been in TS Config, and TS Manager, and can't see it. When I right click on the RDP-Tcp connection in TSconfig, I can't see any "Advanced Connection" listed on any of the pages. Same in TS Manager.

Any more help would be greatly appreciated!!!

Cheers,

Kris ;D
 
Sorted, found it now, in the Citrix Connection Config.

;D
 
Hey Kris,

Did you ever get the "The desktop you are trying to open is available only for Administrators. Yada yada yada check with your administrator" error to stop showing up? I tried everything in this thread and ryanropp's thread too. What was your solution finally?

Am I creating the users in the wrong place? I've created them locally on the citrix server (2003) and the domain controller as well (2000). Please help, this was suppose to be done a week ago and now I'm stuck. Thanks.

Alex
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top