Questions about SEE Administrator, Console and Configuration Manager

I need a solution

Hi, everyone.

I have some question that needs answering:

What permissions do an SEE Admininstrator needs from the AD to work on the SEE Management Console?

Another thing I would like to know if any changes on the Group Policy and AD Computers and Users will be reflected on the Active Directory? If yes, does this means the SEE Administrator will be able to feedle with the AD from the SEE Management Console?

Can we limit the access to the SEE Configuration Manager?

What are the best practises if there’s any?



Client push error.

I need a solution

Unable to client push SEP on other machines. it is possible when i take RDP of the machine and copy the setup and install the endpoint protection.

machine is already in domain. But not able to client push SEP. The error is like “Failed to download and/or install the remote Installation Service. A logon request contained an invalid type value.”

Error: -2   ApiError: 0  Message: Failed to download and/or install the remote Installation Service. A logon request contained an invalid logon type value.



  • No Related Posts

“Failure – Probe time out” When Configuring Citrix ADC LDAP Monitor for Service Group

It is a best practice to reduce the returned values to a small number. For Active Directory LDAP systems the filter can be set to cn=Builtin that returns minimal results.

To make this change using ADCGUI, go to Traffic Management > Load balancing > Monitors > edit the LDAP Monitor and add CN=Builtin as filter.

User-added image

To make this change using ADC CLI:

add lb monitor MonitorName -scriptName -dispatcherIP -dispatcherPort 3013 -password password -encrypted -encryptmethod ENCMTHD_3 -LRTM ENABLED -baseDN "DC=dom,DC=com" -bindDN "CN=UserName,OU=CustomOU,DC=com,DC=com" -filter CN=Builtin


Default Group / log from OU Syncronized – SEPM

I need a solution


You can help me with this two questions:

1_In the SEPM console, the computers in the Default Group can by move manually to another OU? the option “Sync Now” in the default group appears but its not possible to do, its correct? By default all the new computer store in this group? 

2_Its possible to know how are the OU syncronized from my Active directory an how is the OU created in SEPM console? there is any log file to check?


Miguel Angel



Citrix policy settings configured using Administrative Template Policy Settings deleted from Virtual Delivery Agent (VDA) after upgrade to latest version of VDA

Note: This issue is applicable to XenDesktop 7.15, 7.16 and 7.17.

When you upgrade a Virtual Delivery Agent (VDA 7.14) to the current release (For e.g. XD 7.17), any keys created under the registry branch HKLMSoftwarePoliciesCitrix for Citrix policy settings, which are applied using Administrative Template Policy Settings (ADMx) templates, are deleted from the VDA system.

These settings are not reapplied when the VDA is rebooted, or by subsequent GPO refreshes, after the upgrade. Other Citrix policy settings, configured via the Citrix Group Policy Management component at AD or DDC level, are still applied to the VDA.


Endpoint Encryption 11.1.3 (Build 672) on Windows Server 2016

I need a solution

Our issue is with the Computers in these Folders.

“Symantec Endpoint Encryption Users and ComputersSymantec Endpoint Encryption Managed ComputersDeleted Computers”
“Symantec Endpoint Encryption Users and ComputersActive Directory Computers”

We have Active Directory Synch enabled.

The machines in this Container are still visible in the console.

The machines in question were removed from AD or they had the client software re-imaged – so only in the Encryption Manager does this show two or three entries .

1 A fully working device in the normal AD Computers OU
2 Also non-working one or two in the Deleted Computers container or the “Symantec Endpoint Encryption Users and ComputersActive Directory Computers”