citrix info: windows

Tuesday, 5 November 2013

The Terminal Server has exceeded the maximum number of allowed connections

Problem

If users simply close the remote desktop window; their sessions remain disconnected and if TS Session is not configured to end the disconnected session after a certain time limit, further user login to that terminal serer won't be possible due to the following error:

Resolution

Open Command Prompt and execute the following command:

query session server:<server name>(OR)
query session server:<IP address>

Replace the <server name> or <IP address> with the remote machine host name or IP address.

For example, query session server:TS-1[Note: Here TS-1 is the Terminal Server host name I am using.]
This will show the details of the connected or disconnected users. Note down the ID and corresponding username you want to reset.
To reset a particular ID execute the following command:

reset session <ID> /server:<server name>

For example, reset session 2 /server:TS-1
[Note: You can also use a nice GUI tool to query and reset the remote sessions. Please click HERE to download the tool named Remote TS Manager from JR Software]

Here I have resetted all the users sessions existing on the TS-1 server.
To check the session status execute the command mentioned in Step:1.

query session server:<server name>(OR)
query session server:<IP address>
Now if you try to RDP to that server, you will be able to do that.
Once you logged in to the server, go to Start --> Programs --> Administrative Tools --> Terminal Services Configuration.
Right click on RDP-Tcp --> Propreties.
Enable Override User Settings check box and enter the time in End a disconnected session. This will prevent to occur this type of problem going forward.

Alternative method to reset user session (GUI Based)

Login to any other server.
Go to Start --> Administrative Tools --> Terminal Services Manager
Click on Actions --> Connect to Computer...--> enter the server name where you want to connect --> click OK
Now you will get all sessions of that server. Right click on the desired user and choose Log Off.

Thursday, 31 October 2013

NTFS permissions for Citrix Roaming Profiles on share folder hosting profiles

Set these permissions on the root of a profile share to enable it for roaming profile storage. When Windows creates a new roaming profile it acts on behalf of the user, it “impersonates” that user. Therefore we must make sure that on the one hand each user may create new folders while on the other hand ensuring that each user may access only his own profile folder.
These permissions apply both to traditional Windows roaming profiles as well as to the user store where Citrix Profile Management keeps its profiles.

NTFS permissions:

Administrators: full control
SYSTEM: full control
Authenticated users: list folder/read data & create folders/append data, this folder only
Creator/Owner: full control, subfolders and files only

Share permissions:

Everyone: change
Administrators: full control

Enable these group policy settings for all computers where users log on with roaming profiles, namely physical and virtual client PCs and terminal servers.

Do not check for user ownership of Roaming Profile Folders
in Computer Configuration \ Administrative Templates \ System \ User Profiles
Disabling this check speeds up logons slightly and may greatly reduce profile problems.
Add the Administrators security group to roaming user profiles
in Computer Configuration \ Administrative Templates \ System \ User Profiles
When a new roaming profile directory is created, Windows disables permission inheritance and grants SYSTEM and the profile’s user account full control. That makes user profiles inaccessible to administrators which prevents them from performing maintenance. If this policy setting is enabled the group “Administrators” is given full control on new profile folders, tool.
Note that this applies to new profiles only. Profiles created before this policy settings was in place lack the entry for “Administrators”.