Jump to content
Welcome to our new Citrix community!
  • 0

Can't add user account to Delivery group


Julien Bebronne

Question

Hello,

 

Im in a process of migration users a from child domain(same forest  child.contoso.com) to the root domain (contoso.com)

After this migration i cannot add an account to a delivery group . Citrix studio says : "No items match the supplied pattern"

 

 

With powershell  :

if i use the pre windows 2000 format ( like studio does) it doesn't work

PS C:\> Set-BrokerAccessPolicyRule   -AddIncludedUsers ROOTCONTOSO\MigratedUser  -Name "dg01_Direct"
Set-BrokerAccessPolicyRule : No items match the supplied pattern
At line:1 char:1
+ Set-BrokerAccessPolicyRule   -AddIncludedUsers ROOTCONTOSO\MigratedUser  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-BrokerAccessPolicyRule], SdkOperationException
    + FullyQualifiedErrorId : Citrix.XDPowerShell.Broker.NoMatchingItems,Citrix.Broker.Admin.SDK.SetBrokerAccessPolicyRuleCommand

But if i  use the username with UPN it's works and the end user can start his desktop from storefront ( but the Citrix studio GUI  still show no users assignement)

 Set-BrokerAccessPolicyRule   -AddIncludedUsers migrated.user@email.com  -Name "dg01_Direct"

 

here the full error log from studio :

Error Id: XDDS:D7A93086

Exception :
    Citrix.Console.Models.Exceptions.InvalidDataException Aucun élément ne correspond au modèle fourni.
       à Citrix.Console.PowerShellInteraction.CmdletExecutionMethods.CreateException[T](ICommonLog logger, ExecutionResults`1 results, ICmdletExecutionHost host)
       à Citrix.Console.PowerShellInteraction.CmdletExecutionMethods.Execute[T](ISdkCmdlet`1 sdkCmd, ICmdletExecutionHost host, Boolean allowFailover)
       à Citrix.Console.PowerShellSdk.DesktopGroupService.Scripts.EditDesktopGroupScript.UpdateAccessPolicies(ICollection`1 rules)
       à Citrix.Console.PowerShellSdk.DesktopGroupService.Scripts.EditDesktopGroupScript.RunScript()
       à Citrix.Console.PowerShellInteraction.PowerShellScript`1.Run()
       à Citrix.Console.PowerShellSdk.DesktopGroupService.PSDesktopGroupService.EditDesktopGroup(DesktopGroupModel desktopGroupModelBeforeUpdate, DesktopGroupModel desktopGroupModelAfterUpdate, Boolean allowDesktopPolicyModification)
       à Citrix.Console.DesktopGroups.UI.Dialogs.DesktopPropertiesViewModel.Commit(IProgressReporter progressReporter)
       à Citrix.Console.CommonControls.Wizard.PageContainerViewModel.<CreateCommitProgressViewModelInternal>b__6(IProgressReporter progressReporter)
       à Citrix.Console.CommonControls.Wizard.CommitProgressViewModel.<>c__DisplayClass1.<SetCommitOperation>b__0(IProgressReporter progressReporter, Canceller canceller)
       à Citrix.Console.CommonControls.Wizard.CommitProgressViewModel.PerformOperationInternal()
    
    DesktopStudio_ErrorId : NoMatchingItems
    Sdk Error Message : No items match the supplied pattern
    Sdk Error ID : Citrix.XDPowerShell.Broker.NoMatchingItems,Citrix.Broker.Admin.SDK.SetBrokerAccessPolicyRuleCommand
    ErrorCategory : InvalidData
    DesktopStudio_PowerShellHistory : Modifier le groupe de mise à disposition 'dg01'
    01/02/2018 10:34:26
    
    Get-LogSite  -AdminAddress "MyDDC:80"
    Start-LogHighLevelOperation  -AdminAddress "MyDDC:80" -Source "Studio" -StartTime "01/02/2018 09:34:26" -Text "Modifier le groupe de mise à disposition `'dg01`'"
    Get-BrokerAccessPolicyRule  -AdminAddress "MyDDC:80" -DesktopGroupUid 82 -MaxRecordCount 2147483647
    Set-Variable  -Name "brokerUsers" -Value @("S-1-5-21-133931731-3519744216-4030625183-1299","S-1-5-21-477348326-2280002098-3892988929-24959","S-1-5-21-477348326-2280002098-3892988929-24913")
    Get-BrokerUser  -AdminAddress "MyDDC:80" -Filter {(SID -in $brokerUsers)} -MaxRecordCount 2147483647
    Remove-Variable  -Name "brokerUsers"
    Set-BrokerAccessPolicyRule  -AdminAddress "MyDDC:80" -IncludedSmartAccessFilterEnabled $True -IncludedUsers @("ROOTCONTOSO\MigratedUser") -LoggingId "8f3524cf-9c65-461f-9618-3cdca0b32616" -Name "dg01_Direct"
    Set-BrokerAccessPolicyRule : No items match the supplied pattern
    	+ CategoryInfo : InvalidArgument: (:) [Set-BrokerAccessPolicyRule], SdkOperationException
    	+ FullyQualifiedErrorId : Citrix.XDPowerShell.Broker.NoMatchingItems,Citrix.Broker.Admin.SDK.SetBrokerAccessPolicyRuleCommand
    Stop-LogHighLevelOperation  -AdminAddress "MyDDC:80" -EndTime "01/02/2018 09:34:26" -HighLevelOperationId "8f3524cf-9c65-461f-9618-3cdca0b32616" -IsSuccessful $False
    
    
Exception interne :
    Citrix.Broker.Admin.SDK.SdkOperationException No items match the supplied pattern
       à System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
    
    
Exception interne :
    System.InvalidOperationException No items match the supplied pattern
    
    
    

 

studio.JPG

Link to comment

15 answers to this question

Recommended Posts

  • 0
PS C:\> Get-BrokerAccessPolicyRule -Name "dg01_direct"


AllowRestart                     : True
AllowedConnections               : NotViaAG
AllowedProtocols                 : {HDX, RDP}
AllowedUsers                     : Filtered
Description                      : 
DesktopGroupName                 : dg01
DesktopGroupUid                  : 82
Enabled                          : True
ExcludedClientIPFilterEnabled    : False
ExcludedClientIPs                : {}
ExcludedClientNameFilterEnabled  : False
ExcludedClientNames              : {}
ExcludedSmartAccessFilterEnabled : False
ExcludedSmartAccessTags          : {}
ExcludedUserFilterEnabled        : False
ExcludedUsers                    : {}
HdxSslEnabled                    : False
IncludedClientIPFilterEnabled    : False
IncludedClientIPs                : {}
IncludedClientNameFilterEnabled  : False
IncludedClientNames              : {}
IncludedSmartAccessFilterEnabled : True
IncludedSmartAccessTags          : {}
IncludedUserFilterEnabled        : True
IncludedUsers                    : {}
MetadataMap                      : {}
Name                             : dg01_Direct
Uid                              : 161

This delivery group has been create to debug the issue ... 

Link to comment
  • 0

Hmmmmm Closely looking at your Set command image there seems to be a space between the words. Not sure if the input is being passed correctly. It has to be a single word and if it has spaces which I doubt then it should be enclosed in the quotes.

From the cmdlet help , there is this example
 

-------------------------- EXAMPLE 1 --------------------------

C:\PS> Set-BrokerAccessPolicyRule 'Temp Staff' -AddIncludedUsers office\contractors

Link to comment
  • 0

I have just notice  i have duplcitate entry  for the problematic user .

2 SID for 1 FullName and Name

 

PS C:\> get-brokeruser contoso\umig | Format-Table -wrap

FullName        Name                 SID                                            UPN                             
--------        ----                 ---                                            ---                             
user mig CONTOSO\umig S-1-5-21-133931731-3519744216-4030625183-18667 user mig@child.contoso.fr
user mig CONTOSO\umig S-1-5-21-477348326-2280002098-3892988929-24979 user.migA@contso.fr       

 

 

Link to comment
  • 0

Hello,

we have the same problem as descriped here. Have you any idea ?  Our migrated Active Directory Accout has a existing property in the SIDhistory filed becaus of the AD intraforest Migration. Please let us know if any new information about this issue exist. 

One note :  if i create a new DLGroup i can add my account only at the DL creation process, after that any other migrated account can't add to the new created DLGroup.

 

Kind regards

Steffen Brendler

Link to comment
  • 0
On ‎07‎/‎02‎/‎2018 at 9:53 PM, Julien Bebronne said:

I have just notice  i have duplcitate entry  for the problematic user .

2 SID for 1 FullName and Name

 

PS C:\> get-brokeruser contoso\umig | Format-Table -wrap

FullName        Name                 SID                                            UPN                             
--------        ----                 ---                                            ---                             
user mig CONTOSO\umig S-1-5-21-133931731-3519744216-4030625183-18667 user mig@child.contoso.fr
user mig CONTOSO\umig S-1-5-21-477348326-2280002098-3892988929-24979 user.migA@contso.fr       

 

 

 

Hi

 

I cannot add group user to all Delivery Group. I have checked at Get-BrokerUser "Domain\UserGroup" and found duplicate UserGroup as 2 SID. 

How can I delete? 

 

Link to comment
  • 0
2 hours ago, Marc Smid said:

After 7.15 CU4 i have the same issue with non-migrated and with migrated users. I just opened a case for it.

Hi

For my issue. I found problem about one User Group failed to Delivery Group. After I have deleted this User Group from User list of Delivery Group. I can use normally.

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...