Jump to content
  • 1

Full Admin but Permission Denied


Stephan Schnider

Question

Posted

Hi

 

I've got a an issue with permission for a particular user. The AD user was add and assigned in Studio as Full Admin.

 

But when login to the Studio on the DDC, he gets the following error:

1. Unable to find a Delivery Controller

2.

Error Id: XDDS:292F2E2C

Exception:
    Citrix.Console.Models.Exceptions.ScriptException You are not authorized to perform this operation.
       at Citrix.Console.PowerShellInteraction.CmdletExecutionMethods.CreateException[T](ICommonLog logger, ExecutionResults`1 results, ICmdletExecutionHost host)
       at Citrix.Console.PowerShellInteraction.CmdletExecutionMethods.Execute[T](ISdkCmdlet`1 sdkCmd, ICmdletExecutionHost host, Boolean allowFailover)
       at Citrix.Console.PowerShellSdk.HealthMonitor.Scripts.ValidateConfigurationServiceLocationScript.RunScript()
       at Citrix.Console.PowerShellInteraction.PowerShellScript`1.Run()
       at Citrix.Console.PowerShellSdk.PowerShellService.ValidateCentralConfigurationServiceLocation(String ccsLocation)
       at Citrix.Console.DeliveryCenter.UI.Dialogs.CcsValidator.ValidateCcs(String ccsLocation)
       at Citrix.Console.DeliveryCenter.UI.ViewModel.DesktopStudioViewModel.ConnectToSite(String ccsLocation, Boolean safeForDispatcher)
       at Citrix.Console.DeliveryCenter.UI.Mmc.StartupTabViewModel.<>c__DisplayClass2.<ConnectToSite>b__1()
       at Citrix.Console.CommonControls.ProgressDisplay.GenericProgressOperation.PerformOperationInternal()
       at Citrix.Console.CommonControls.ProgressDisplay.ProgressWindowOperation.PerformOperation()
       at Citrix.Console.CommonControls.ProgressDisplay.ProgressWindowViewModel.PerformAction(Action operationComplete)
   
    DesktopStudio_ErrorId : AuthorizationError
    Exception : Citrix.Fma.Sdk.ServiceCore.AuthorizationFailureException: Failed to authorize operation GetServiceStatus. Failed ISM for communication with Delegated Admin Service. ---> Citrix.Fma.Sdk.InterServiceManager.AllMatchingServiceInstancesFailedException: All the service instances that matched the requested client profile are in the failed state
       at Citrix.Fma.Sdk.InterServiceManager.InterServiceManager.FilterAndSort(ServiceFamily family)
       at Citrix.Fma.Sdk.InterServiceManager.InterServiceManager.GetPreferredServiceInstance(ServiceFamily serviceFamily)
       at Citrix.Fma.Sdk.InterServiceManager.WcfClientBase`1.SelectNewConnection()
       at Citrix.Fma.Sdk.InterServiceManager.WcfClientBase`1.MoveToNextConnection()
       at Citrix.Fma.Sdk.InterServiceManager.WcfClientBase`1.RegisteredCallAndRetry[TResult](Func`2 operation)
       at Citrix.Configuration.DelegatedAdminProvider.DemandPermission(String operation)
       --- End of inner exception stack trace ---
       at Citrix.Configuration.DelegatedAdminProvider.DemandPermission(String operation)
       at Citrix.Fma.Sdk.ServiceCore.LogicBase.DemandPermission(String operation, ServiceRegistrationStates localAdminStates)
       at Citrix.Fma.Sdk.ServiceCore.ServiceBase.<>c__DisplayClass10.<GetServiceStatus>b__f()
       at Citrix.Fma.Sdk.ServiceCore.ServiceBase.CheckedCall[T](String name, Func`1 operation, Func`2 defaultValue, Enum code)
    Reason : AuthorizationFailureException
    Message : Failed to authorize operation GetServiceStatus. Failed ISM for communication with Delegated Admin Service.
    Sdk Error Message : There was a problem communicating with the Citrix Delegated Administration Service.
    Sdk Error ID : Citrix.XDPowerShell.Status.AuthorizationError,Citrix.Configuration.Sdk.Cmdlets.Management.Commands.GetConfigServiceStatusCommand
    ErrorCategory : NotSpecified
    DesktopStudio_PowerShellHistory : ValidateConfigurationServiceLocationScript
    1/5/2015 8:52:27 AM
   
    Get-ConfigServiceStatus  -AdminAddress 'localhost'
    Get-ConfigServiceStatus : There was a problem communicating with the Citrix Delegated Administration Service.
     + CategoryInfo : PermissionDenied: (:) [Get-ConfigServiceStatus], UnauthorizedAccessException
     + FullyQualifiedErrorId : Citrix.XDPowerShell.Status.AuthorizationError,Citrix.Configuration.Sdk.Cmdlets.Management.Commands.GetConfigServiceStatusCommand
   
   

 

When he verify the permission with PowerShell ( Get-AdminEffectiveRight) he is full admins:

RoleId                        RoleName                      ScopeId                       ScopeName
------                        --------                      -------                       ---------
df20d111-4d0b-4502-ad12-5e... Full Administrator            00000000-0000-0000-0000-00... All

 

 

We tried to restart all related Services, but nothing helps. The issue is on both of the two DDC's.

 

What else could by test or try?

 

Regards,

Stephan

 

 

 

 

 

 

 

Recommended Posts

  • 0
Posted

Hi guys I have been working on a similar case for a week and have already added a new user manually, I have already removed the users from the DAS.Administrators table and reinserted the SIDs manually. Finally I removed the DDCS from the domain and reinserted them again, but I still continue with the problem. Anyone have any idea what it can be?

  • 0
Posted

I had this exact same issue a few weeks ago and I assume like others it was because you upgraded to a new version of xenserver. I've read that before you do an update, you need to disconnect the site from studio before you do an upgrade or it gets corrupted because a new class ID is created and it messes with the previous one.

 

In the end I had to re create my studio from scratch. Luckily if you have snapshots of all vms and policys, its only around an hour-2 to fully re configure. 

  • 0
Posted
On 10/13/2016 at 5:20 PM, Matt Harding1709156145 said:

I am getting error when adding another Delivery controller in to farm. I have DB Owner access to SQL 2012.

running XenApp 7.8 and have full admin access to it.

 

Error : You do not have necessary permissions on the remote site to perform this join operation.

 

 

rror Id: XDDS:E3C75A28
 
Exception:
    Citrix.Console.Models.Exceptions.PermissionDeniedException You do not have the necessary permissions on the remote site to perform this join operation.
       at Citrix.Console.DeliveryCenter.UI.Dialogs.JoinExistingSiteDialogViewModel.OkBackgroundOperation(IProgressReporter progressReporter)
       at Citrix.Console.Common.OperationTimer.TimeBlock(Action operation)
       at Citrix.Console.CommonControls.ProgressDisplay.GenericProgressOperationWithFeedBack.PerformOperationInternal()
       at Citrix.Console.CommonControls.ProgressDisplay.ProgressWindowOperation.PerformOperation()
       at Citrix.Console.CommonControls.ProgressDisplay.ProgressWindowViewModel.PerformAction(Action operationComplete)
    
    DesktopStudio_ErrorId : UnknownError
    ErrorCategory : PermissionDenied
    
Inner Exception:
    Citrix.Console.Models.Exceptions.PermissionDeniedException Incorrect user name or password. Please check your credentials and try again.
       at Citrix.Console.PowerShellInteraction.ThreadedDatabaseScript`1.RunScript()
       at Citrix.Console.PowerShellInteraction.PowerShellScript`1.Run()
       at Citrix.Console.PowerShellSdk.DatabaseService.Scripts.ValidateDatabaseCredentialsScript.ValidateConnection()
       at Citrix.Console.PowerShellSdk.DatabaseService.Scripts.ValidateDatabaseCredentialsScript.RunScript()
       at Citrix.Console.PowerShellInteraction.PowerShellScript`1.Run()
       at Citrix.Console.PowerShellSdk.SiteService.Scripts.JoinExistingSiteValidationScript.RunScript()
       at Citrix.Console.PowerShellInteraction.PowerShellScript`1.Run()
       at Citrix.Console.DeliveryCenter.UI.Dialogs.JoinExistingSiteDialogViewModel.OkBackgroundOperation(IProgressReporter progressReporter)
    
    DesktopStudio_ErrorId : UnknownError
    ErrorCategory : PermissionDenied
    DesktopStudio_PowerShellHistory : VerifyDatabaseServerExistsScript
    13/10/2016 12:42:55
    
    
    
Inner Exception:
    Citrix.Console.Common.Exceptions.LogOnFailedException Incorrect user name or password. Please check your credentials and try again.
       at Citrix.Console.Common.Services.CredentialsService.Citrix.Console.Common.Services.ICredentialsService.StartImpersonatingUser(UserCredentials credentials)
       at Citrix.Console.PowerShellInteraction.ThreadedDatabaseScript`1.RunScript()

Same issue with my new installation. 

  • 0
Posted
On 1/5/2015 at 4:30 AM, Carl Stalhood1709151912 said:

I've seen problems with large Kerberos tickets (lots of groups, especially nested groups). Is that the case here?

you are a rock star my friend

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...