Citrix headaches

One of our clients is beginning to utilize the Citrix XenApp Fundamentals installation we put in a year ago, and we ran into an interesting error when attempting to setup a new user with access. As a bit of background, the client is using Citrix XenApp Fundamentals 3.0 with Windows Server 2008 SP 32-bit. and the user we granted Citrix access to has been an Active Directory user for over three years. There were only two users utilizing the Citrix connection and it had been working flawlessly.

We setup the new user with Citrix access and had them attempt to connect. Once the user selected an application, we ran into an interesting issue. Instead of receiving the streamed application like normal, the Explorer interface ended up popping up with the following error message:

“You have started Windows Explorer in your ICA Seamless session. This will obscure your local Explorer desktop.
to re-enable this ICA Seamless connection, please logoff and restart the Seamless remote application.”

We knew off the bat that the existing users were having no issues, so that meant it was either the user’s computer, the user’s profile, the user account, or an issue with adding new accounts to Citrix. We opted to eliminate the Citrix issue first and granted another AD user permission on the Citrix server and logged in without an issue. Next, we tried logging into Citrix using that new AD account from the affected user’s computer, again no issue. Lastly, we tried logging in with that user’s account from another computer and we received the same error. We now knew the problem was related to the user’s Active Directory account.

After a bit of Googling, we came across some KB articles from Citrix. Unfortunately, we couldn’t find an article that fit our issues. The Citrix community forums were a bit more helpful and we tried a few fixes suggested by community users such as the following:

  • Delete the profile for the affected user account.
  • Delete the registry key for the affected user from HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList
  • Restart the server
  • After removing the profile and the profile registry key, restart the computer, and copy the Default user profile from a working Windows Server 2008 install

None of the above fixes seemed to do the trick. After some more searching I ran across a blog post from James Scanlon. His fix applied to XenApp 5 running on a Server 2008 SP2 install, but we figured it was worth a try at this point. The fix involves clearing an attribute for the affected Active Directory account. We hopped on the domain controller, opened ADSI edit (ADSIEDIT.MSC), expanded domain and organizational unit nodes, and right-clicked on the user and choose to edit the properties. The culprit in this scenario was the userParameter attribute, which from what I understand is used to set user specific settings for terminal services. This value was either corrupt or previously set to a value that was no longer valid. After clearing the value we had the user try logging again, and lo and behold, the application was now streaming correctly.

It must not be a common occurrence, because I wasn’t able to find many references to it on a web. So either my Google skills were suffering due to lack of caffeine, or it’s not a common error. Whatever the case, the problem is solved and all is right in the world!