Jump to content
Updated Privacy Statement
  • 0

Broken Environment Since AD/Permission Changes.




I'm very stumped on this.... where to start? 

Our Server team made major changes (I am not privy to all of them.) What I do know is that admin privilege's were removed from every account except a very few. (This includes service accounts). This has caused a lot of issues, but I'm not sure what mine are. I've largely had most of my admin privilege's restored to my Citrix account.

So here is the scenario:

- The environment is 1912 CU1, MCS, using random desktop catalogs, and has been running completely fine until 'changes(?)' happened. Since then the environment runs fine as is. However nothing can be changed.

- No new Catalogs can be created. No existing catalogs can be altered. (IE: I don't even see the option to upgrade a machine catalog).

-In fact when loading Studio, every Catalog has a 'red bang' beside it. And at the bottom of every Catalog the following error is present:


"Machne Catalog cannot be loaded due to.... Unable to find machine account data with ID:XXX" (The error just sends you to the generic 'how to fix a borked catalog' article which isn't the problem here. (I fact you can't even create a catalog.))

Does this refer to an active directory object? Or hypervisor storage ID?


- If I click "Create Catalog" I get the following error:



Now does this refer to an AD workstation object? Or contact with storage? 

-Details of the above error:



The above error once again refers to an Active Directory Operation that fails in finding the "object on the server". (Also I cannot find any reference to the above error id.)

- Upon closing the above error, the "Machine Catalog Setup" wizard DOES attempt to run:

I will get to the following stage, where the wheels just keep turning, until I have to run Task Manager to end task MMC:


-Note above: The Wizard actually starts the process as normal even after the start up error I showed. I can set the MCS parameters as expected, and even when I select the "master image" it appears the Delivery Controller can reach out to the storage, and it does see all my VDI's and snapshots. It is AFTER I select the master image, that the Virtual Machines process starts, but never finishes as shown above.

- If I check Event Viewer, the only issue I see is that MMC.exe has hung.


Here is what I have tried:

- I have had admin rights returned to the user account running Studio (allegedly)

- I have verified that I can talk to our storage. In fact all catalogs report communication with  existing child VDI's (IE: registered, etc.)

- I have even re-created the storage connection through the wizard, with the appropriate VSphere Account to make sure I could truly talk to the storage.

- I verified the storage account has appropriate admin rights to VSphere.

- I verified with our Infrastructure team that no one has moved any of the VDI's around (which would have broken storage ID's which has happened in the past.)

- I have restarted Host service, and restarted both of our Controllers. 

Where I'm at:

- The server team says my Citrix AD account is fully restored to the way it was before the 'incident'. I sent them some standard Citrix documentation to be clear on what I need. However I'm still not sure...

The error seems permission related. I believe our Citrix Admin group has been altered to a degree that may be causing this. 

Another side note that may be nothing at all is that I used to be able to run AD users and Computers, and can't now. As well even Group Policy Console gives me an error. Could this be communication related?


Any help would be appreciated. Thank you.











Link to comment

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...