Falko Haufe
-
Posts
5 -
Joined
-
Last visited
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Falko Haufe
-
-
This is directly related to #2 and #3, in my testenvironment i receive the same error (just reproduced) if the DDC(s) dont have the right to authenticate on the VDA(s).
Check again https://support.citrix.com/article/CTX134971 - the picture above the last picture show you the setting. Create group on domain a for the ddc and use this group on the vdas from domain b in security settings. Additionally create a group on domain b for all vdas and use this group on domain a security settings for the ddcs om domain a.
Dont forget to reboot after the changes.
-
#2 and #3
How to (for the ddc and vda, e.g. allow the vda on the ddc and vice versa): https://technet.microsoft.com/de-de/library/cc816733(v=ws.10).aspx
Please check on the ddc and vda the eventlog for error regarding authentication when you restart the brokerservice.
Oh and there is another thing i forgot:
When external trusts are in place, you will also need to make the following changes on the VDA:
- Locate the file <ProgramFiles>\Citrix\Virtual Desktop Agent\brokeragent.exe.config
- Make a backup copy of the file
- Open the file in a text editing program such as Notepad
- Locate the text allowNtlm="false" and change the text to allowNtlm="true"
- Save the file
Reboot DDC/VDA.
- 1
-
#0
https://support.citrix.com/article/CTX134971
Is the registrykey "SupportMultipleForest" set on the VDA?
#1
Is the registrykey "ListofSIDs" on the VDA set? This key should include the SID(s) of the DDC(s), space separated.
#2
Does the VDA have the right to authenticate on the DDC(s)?
#3
Does the DDC(s) have the right to authenticate on the VDA?
Can't register vda machine in trusted domain
in XenDesktop 7.x
Posted
1 question:
Why isnt there a domainname visible for these accounts?
http://support.citrix.com/simg/?eid=ka260000000Xn16&feoid=00N60000002SkzT&refid=0EM60000000PnEy
As far as i know, the domain name should be visible, specially since they come from another domain in the point of view of the vda/ddc. Maybe you added the wrong accounts or mixed something?