Windows Live Alerts
EnglishDeutsch
|
Contact
|  
Welcome to ThomasKOetzing.de!
   
 
Start access
Article
Support Forum
SBC FAQ
xenApp (Presentation Server)
Remote Desktop Services
Terminal Services
Web Interface
Tips & Tools
Sponsors 
 
ControlUP 3.0 Smart-X

Windows An- und Abmeldeprobleme Print E-mail
Written by Thomas Koetzing on Thursday, 09 February 2006

(Last modified:Thursday, 14 May 2009 | Visit 160654 times)


This WebSite is dedicated to the presentation I hosted at the Citrix Support & Engineering Institute of Technology (CSEIT) in Orlando 2004 , 3rd. of October.


I have written a white paper on troubleshooting the logon- and logoff process that you can download here:

Image Optimizing_logon_and_logoff_v14.zip


Read also my article "Understanding the Citrix MetaFrame Logon and Logoff Process" and "Understanding and Troubleshooting Citrix's Seamless Windows Engine"


Here is also the place where you will find the most current version of the "seamless exception flags - EXTENDED"




Microsoft Terminal Licensing Service (TLS)


In any case you have to deploy the TLS when you start using Microsoft terminal services in application mode. It's of no interest what client OS you use to connect to the Server. Also remember, Citrix MetaFrame is just an add-on to terminal services so you need the TLS also with Citrix!


Image NOTE

  • Terminal Licensing Service MUST be deployed and activated!
  • Microsoft Clients do NOT have a "built-in” TS Client Access License, rather the TLS might issues machines with a free “built-in” license.
  • With Windows 2003 you need TLS on a Windows 2003 Server


Best Practice

  • Deploy and activate a Server that is running Terminal Licensing Services.
  • Establish a preferred Windows 2000 Terminal Services License Server 
    KB239107 or see KB279561 for Windows 2003
  • Make sure you have the latest HotFixes or service packs applied to ALL Server (Terminal Server, Terminal Licensing Service Server). Therefore see Windows 2000 Terminal Services Licensing Hotfix,  KB287687 and KB294655 
  • Make sure users have write access on the Workstation registry hive:
    HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing\Store


Known Support Forum issues

  • Windows XP Clients Cannot Connect to a Windows 2000 Terminal Services Server
    KB323597 
  • Connecting to a MetaFrame XP Server Shows a Popup Window Indicating initializing. The Window Then Disappears.
    CTX543560 
  • Network or dialup problems are preventing connection to MetaFrame server
    CTX101380 
  • "Network or Dialup Problems Are Preventing Communication with the Citrix Server" Error Message When You Connect to Citrix MetaFrame.
    KB329889


Image WebLinks



Loopback Processing of Group Policy


Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.


In a nutshell setup

  • Create a new OU only for the Citrix Servers and move all Server objects into the new OU
  • Add the Citrix Users to the OU Group Policy and deny the GPO for Administrator
  • Enable GPO Loopback Processing and set it to "Replace Mode"


Known Support Forum issues

  • User Policies Are Not Applied When You Log On to a Computer That Is Running Windows 2000 SP4
    KB823862 
  • Programs Can Revert to the Default Settings on Terminal Server
    KB297379


Image WebLinks

  • Loopback Processing of Group Policy
    KB231287 
  • Troubleshooting Group Policy Application Problems
    KB250842 
  • How to Apply Group Policy Objects to Terminal Services Servers
    KB260370 
  • How To Optimize Group Policy for Logon Performance in Windows 2000
    KB315418 
  • Group Policy is a key Active Directory technology that enables you to efficiently configure and manage computers and users.
    Technet Group Policy Page 
  • Core Group Policy Technical Reference
    Group Policy Tools and Settings 




Slow Logon / Logoff


The Logon- and Logoff time can be between a few seconds and up to more than 20 minutes. There can be various reasons for this and you have to start troubleshooting the issue. First things you should do:

  • Check the Profile size and the amount of small files like Cookies, Favorites, Temp. Internet Files.
  • Remove 3rd Party Printer Driver and minimize the use of client mappings. For a testrun disable ALL client mappings
  • Enable user environment debug logging and see in detail what happen during the logon/logoff.
    KB221833 



Known Support Forum issues

  • A "CheckXForestLogon: policy set to disable XForest check..."
    KB91289
  • You may experience a 20-second delay when you try to access a redirected folder by logging on to a Windows Server 2003 Service Pack 1-based computer
    KB899409
  • A Citrix session may respond very slowly when you log on to the session from a Windows XP-based computer
    KB839953
  • It takes longer than you expect to log off from a Terminal Services session in Windows 2000 or Windows 2003
    KB828326 
  • Very Long Logon Time When You Try to Connect to Citrix MetaFrame or Citrix 1.8
    KB824309 
  • TS on NT will take extremely long time to Autocreate printers with Citrix
    Novell TDI 10062237 
  • Terminal Server and connected Terminal Services clients pause when a Terminal Services client logs on or logs off
    KB324446 
  • You are unexpectedly logged off when you try to connect to a computer that is running Windows Server 2003 or Windows XP
    KB886212 
  • A remote desktop session may experience a long delay when you try to log off with the Advanced SMS Client installed.
    KB831962 
  • Unable to Connect with ICA After Installing Microsoft Rollup 1 for Windows 2000
    CTX107051
    As a workaround you can import the following regfile Sp4rufix.reg to disable the smartCard hook (if you don't need it). After the import you have to reboot the server.


Image WebLinks

  • Troubleshooting Slow Logons
    CTX101705 
  • Programs Start Slowly or Slow Logon if the Network Connection to Your Home Folder Is Slow
    KB306850 
  • The Logon Process Hangs At "Running logon scripts..."
    CTX107433


Utilities


The headless (no visible window) application leverages session sharing so that when users launch real applications they immediately appear to open and therefore the time to establish an ICA connection is eliminated.

Use this headless application to establish automatically a ICA connection with single-sign-on when a user logs into their Workstation or Web Interface. The App disconnects after 5 min. if there is no ICA traffic. The program is from Citrix iForum 2005 session 2108.

Image headless.zip




User Profile Hive Cleanup Service, UPHClean


UPHClean is a Microsoft service that once and for all gets rid of problems with user profile not unloading. Many system and service processes do work on behalf of users and when the work is done the system or service process is responsible for releasing handles it has to the user profile hive.  If this is not done by the service as the user logs off the profile cannot be unloaded.



Known Support Forum issues

  • Changes to your roaming user profile are not saved when you log off and then log on to a Windows Server 2003-based computer
    KB883521 
  • Vmware issue, Windows Guest Cannot Update HGFS.DAT
    FAQ1317 
  • Sun Java hsperfdata_ directory incl. files will sometimes not be deleted
    5073453


Image WebLinks

  • User Profile Hive Cleanup Service, A service to help with slow log off and unreconciled profile problems.
    Microsoft UPHClean Page
  • Download User Profile Hive Cleanup Service Now!
    UPHClean-Setup.msi 
  • Troubleshooting Userenv Event ID 1000 and Profile Issues in a Citrix Environment
    CTX105618


Delete Cached Copies of Roaming Profiles


Deleting the cached copies is simple to solve but overlooked many times. To make absolute sure the Profile will be deleted use also UPHClean and the Windows Resource Kit utility Delprof in a (reboot) script.



Image WebLinks

  • How to Automatically Delete Locally Cached Profiles
    KB173870 
  • Using Group Policy to Delete Cached Copies of Roaming Profiles
    KB274152 
  • How To Delete User Profiles by Using the User Profile Deletion Utility (Delprof.exe) in Windows 2000
    KB315411 
  • Delprof.exe is a command-line utility that you can use to delete user profiles on a local or remote computers running Windows 2000, Windows XP, and Windows Server 2003
    User Profile Deletion Utility (Delprof.exe) 
  • User profiles are not removed after you log off a terminal server that is running Windows Server 2003
    KB894791 
  • The Winlogon.exe system process quits without unloading the user profile when the screen saver starts on a Windows 2000 Terminal Server at the same time that you log off from a Terminal Services session
    KB893104 
  • Roaming profiles are not unloaded on a Windows Server 2003-based computer that is running Terminal Services
    KB840378



Publish Application remains active after logoff


Some published applications may not exit properly. This can happen for example when an application may have an open registry key or there could be a problem with a Citrix function such as Wfshell.
So it's mainly ONE application or process that stops the logoff from the Server and to troubleshoot this issue, the "bad" process has to be found. Before you do this, you should know that the min. processes that a session needs are winlogon.exe, csrss.exe and explorer.exe



Typically suspects are:
Proquota.exe, cwbprovd.exe, Ctfmon.exe, Sxplog32.exe, Wisptis.exe, Ntvdm.exe, Ssonsvr.exe, Ssoshell.exe, Ssobho.exe, Ssomho.exe and the Microsoft SMS Client.



How to find the "bad" process

  • Open the session properties of the remained session in the CMC
  • Terminate the still running processes step-by-step and wait for a graceful logoff
  • Notice the process that loggs the session off. Lets say it's "BadApp.exe"
  • Do you really need BadApp.exe? If not, then remove or uninstall the Application.
  • If you need the program, then add the following registry key
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI
    LogoffCheckSysModules REG_SZ = BadApp.exe

Image


Known Support Forum issues

  • Active Session Left After Logging Off the Session When Microsoft Office XP or Microsoft Office 2003 is Installed on Citrix Presentation Server
    CTX106747 
  • A Terminal Services session to a Windows 2000-based computer stops responding if a user logs off after the user quits a 16-bit Windows program (Ntvdm.exe)
    KB891577 
  • Active Session Left After Logging Off the Session When Microsoft Office XP or Microsoft Office 2003 is Installed on Citrix Presentation Server
    CTX106747 
  • Session Stays in Active State After User Logs Off
    CTX106951 
  • PS 4.0 issue, If the Language bar of IME 2002 or IME 2003 was running within an ICA session, the session remained active.
    CTX106910 - Hotfix PSE400W2K3005
  • Session Stays in Active State After User Logs Off
    CTX106951


Image WebLinks

  • Graceful Logoff from a Published Application Keeps Sessions in Active State
    CTX891671 
  • How to Troubleshoot Application Integration Issues
    CTX101709 
  • Terminal Server Application Integration Information
    KB186498



Troubleshooting logon- and logoff issues


The troubleshooting depends on the issue you have with the Logon or the Logoff process. Enabling the user environment debug logging gives you a really good few of what happen during the Logon/Logoff.
There are also some HotFixes from Microsoft, Citrix and Novell for this problem, so make sure you check them.

For permission issues use the Sysinternals utilities Filemon and Regmon and use the Process Explorer to see open handels and to find for infos about running processes



Image WebLinks

  • How to enable user environment debug logging in retail builds of Windows
    KB221833 
  • Troubleshooting Change and Configuration Management
    Windows 2000 Resource Kit 
  • Profiles Fail to Create
    CTX104188 
  • User Cannot Create a Terminal Server Roaming Profile Path If a User with the Same Name Has Logged On from Another Domain
    KB821929 
  • Terminal Server Profile Path Is Ignored If the User Who Is Logging On Does Not Have Query Information Permissions on the RDP-TCP Connection
    KB829109 
  • "%" character in Terminal Services profile path appears as a numeric string when you use the TSPROF command in Windows Server 2003
    KB833308


Troubleshooting utilities




Best Practice


Now here is my advice for a best practice setup to reduce problems with the logon- and logoff behaviour.

  • Enable Folder Redirection and redirect as many Profile folders as you can. Use AD GPO's but they are limited to only some folders. You can also use logon scripts for redirecting Profile folders. Remember that the file share for the redirected folders should be high available (cluster solution).
  • Use the free FlexProfileKit to further minimize the Profile size, to make it more robust (mandatory profile) and more flexible because you can decide what registry keys are saved and reapplied. The FlexProfileKit is also the best solution for a profile migration.
  • Remove 3rd. party printer drivers and use only drivers that comes with the original Windows CD. Use printer mappings that you can find at http://www.printingsupport.com
    If you install a 3rd. party printer driver, at least don't use a PCL6 driver.
  • Delete automatically cached copy's of the roaming profile from the Server.
  • Install Microsoft's UPHClean Service on every terminal services Server also on Windows 2003 Servers.
  • Check Citrix, Microsoft and Novell's Knowledge Base for HotFixes that are related to logon- or logoff issues.

Optional

  • Disable the client update database, if you don't use this feature.
  • Add the path to the server fonts folder into the servers path variable.
  • Use the windows resource kit utility delprof.exe in a server startup script.
  • If you don't use audio, delete ALL *.wav files from the servers


Image WebLinks

  • Use FlexProfileKit to have much less problems with Profiles.
    FPKv5.0.zip 
  • User Data and Settings Management, Folder Redirection
    Management Service 
  • Folder Redirection feature in Windows
    Q232692 
  • Registry Settings for Folder Redirection in Windows
    KB242557

 
find or follow me @