Friday, April 28, 2017

Unable to search for users outside of the domain the Citrix XenDesktop 7.11 Citrix Director server is joined to

Problem

You’ve noticed that your Citrix XenDesktop 7.11 environment with Citrix Director installed:

image

image

… is unable to look up users from another domain that there is a forest trust configured to:

image

imageimage

Navigating into the Sessions tab displays these foreign domain accounts:

image

… and navigating into the Filters menu displays these accounts:

image

Clicking on the listed accounts from the foreign domain opens the properties of the account:

image

However, you receive the following messages:

Cannot retrieve machines.

No details are available.

image

Clicking on the user icon on the top left corner displays the following message:

User details cannot be retrieved from Active Directory.

Cannot find the user. View Director server event logs for further information (Refer Citrix KB article CTX130320).

image

Solution

A default install of Citrix Directory requires additional configuration to allow it to look up accounts in other domains that have forest trusts configured and the following demonstrates the process.

Begin by launching the Internet Information Services (IIS) Manager on the Citrix Director server then navigate to: Sites > Default Web Site > Director and open up the Application Settings configuration:

image

Select the Connector.ActiveDirectory.Domains line item and then click Edit:

image

In the Value field:

image

Append the additional domain that there is a forest trust configured and contains accounts you would like Citrix Director to lookup:

image

Note the additional domain at the end of the string (user);(server),:

image

A restart of IIS is not required so proceed to log back into the Citrix Director console:

image

You should now notice that the problematic accounts from the foreign domain will now display information:

image

image

image

Searching for these accounts will now work as expected:

image

1 comment:

Anonymous said...

Worked for me!