How to disable ‘Delete account’ option within Secure Hub

-Configure ADS for the domain.

-Change “displayReenrollLink” to “false” for disabling the “Delete Account” option within Secure Hub. This can be done by the cloud team by modifying the Auto Discovery Services records.

-Customer need to share the Domain and the FQDN to the Citrix Support and request to disable the “Delete Account” option.

User-added image

> To confirm that if the “displayReenrollLink” is disabled from our cloud team, go to this link: https://discovery.cem.cloud.us/ads/root/domain/{domain} (modify your domain)

– Check for “displayReenrollLink”, it should be set to false. By default this value is true.

Related:

  • No Related Posts

Unable to manage PVS farm 'Server connection timeout’ error.

From PVS AOT tracing we see that PVS server is unable to fetch the group membership from all domains as PVS is unable to lookup few domains.

295,8,2020/05/21 04:57:22:99267,8056,4360,1,PVS_Dll_ADSupport_AO,,0,,3,Warning,”Could not find domain DOMAIN1.COM, Exception = System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

at System.DirectoryServices.DirectoryEntry.Exists(String path)

at ADSupport.PublicFunctions.FindUnreachableDomains(List`1& unreachabledDomainList)[StartupADThread.cs(558): FindUnreachableDomains]”,””

296,10,2020/05/21 04:57:22:99526,8056,4360,1,PVS_Dll_ADSupport_AO,,0,,3,Warning,”Could not find domain DOMAIN2.COM, Exception = System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

at System.DirectoryServices.DirectoryEntry.Exists(String path)

at ADSupport.PublicFunctions.FindUnreachableDomains(List`1& unreachabledDomainList)[StartupADThread.cs(558): FindUnreachableDomains]”,””

297,6,2020/05/21 04:57:49:30918,3900,4360,1,PVS_Dll_ADSupport_AO,,0,,3,Information,”Error looking up GUID in DOMAIN3.COM domain. Restarting background AD thread.[ADSupport.cs(2908): SearchForADCanonicalFromGuid]”,””

298,10,2020/05/21 04:57:49:31826,3900,4360,1,PVS_Dll_ADSupport_AO,,0,,3,Information,”Error looking up GUID in DOMAIN4.COM domain. Restarting background AD thread.[ADSupport.cs(2908): SearchForADCanonicalFromGuid]”,””

299,1,2020/05/21 04:57:54:69212,7220,3760,1,PVS_Dll_EnterpriseAccess_AO,,0,,1,Error,”CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.”,””

300,0,2020/05/21 04:57:54:69303,8548,3760,1,PVS_Dll_EnterpriseAccess_AO,,0,,1,Error,”TimeoutException: This request operation sent to net.tcp://localhost:54322/pvs/mapi/commandset did not receive a reply within the configured timeout (00:02:00).The time allotted to this operation may have been a portion of a longer timeout.This may be because the service is still processing the operation or because the service was unable to send a reply message.Please consider increasing the operation timeout (by casting the channel/proxy to IContextChannel and setting the OperationTimeout property) and ensure that the service is able to connect to the client.”,””

301,0,2020/05/21 04:57:54:69309,8548,3760,1,PVS_Dll_EnterpriseAccess_AO,,0,,1,Error,”TimeoutExceptionHandler[ErrorHandlers.cs(121): dumpToLog]”,””

Related:

Error – “An Unexpected MAPI Error Occurred. Index Was Out of Range. Must Be Non-Negative and Less Than the Size of the Collection.”

For some AD environments containing configurations with complex nested groups and domains with many trust associations, the default method might be unable to find the user’s expected administrative memberships.

To resolve such scenarios, use one of the registry setting to change the search approach.

Related:

Citrix Files UMT Multiple Trusted Domains

Trusted domains can’t see the full properties of users in the other domains part of the trust relationship.

UMT can not import those users as some properties are missing.

In order to be able to provision the users and manage rules for them, UMT needs to be installed on the different domains (one UMT per domain in the forest).

When installing UMT, be sure to uncheck the following option: “Automatically disable users not part of domain rules

This can be found in UMT by clicking on the gear icon in the top right corner.

Related:

  • No Related Posts

Running Add-PvsDeviceToDomain commandlet from PowerShell without any parameter causes unexpected behavior.

This problem has already been identified by Citrix and is currently working towards fixing the same in the future releases.

The only work around available for now is to use a Parameter along with the PowerShell Commandlet – “Add-PvsDevicesToDomain”, which are as below:

-Guid or DeviceId [<Guid[]>]

GUID of the Device to Add to the Domain.

-Name or DeviceName [<String[]>]

Name of the Device to Add to the Domain.

-DeviceMac [<PvsPhysicalAddress[]>]

MAC of the Device to Add to the Domain.

-CollectionId [<Guid[]>]

GUID of the Collection to Add all Devices to the Domain.

-SiteViewId [<Guid[]>]

GUID of the Site View to Add all Devices to the Domain.

-FarmViewId [<Guid[]>]

GUID of the Farm View to Add all Devices to the Domain.

-FarmViewName [<String[]>]

Name of the Farm View to Add all Devices to the Domain.

-CollectionName [<String[]>]

Name of the Collection to Add all Devices to the Domain.

-SiteViewName [<String[]>]

Name of the Site View to Add all Devices to the Domain.

-Domain [<String[]>]

Domain to add the Device(s) to. If not included, the first Domain Controller found on the Server is used.

-OrganizationUnit [<String[]>]

Organizational Unit to add the Device(s) to. This parameter is optional. If it is not specified, the device is

added to the built in Computers container. Child OU’s should be delimited with forward slashes, e.g.

“ParentOU/ChildOU”. Special characters in an OU name, such as ‘”‘, ‘#’, ‘+’, ‘,’, ‘;’, ‘>’, ‘=’, must be

escaped with a backslash. For example, an OU called “commaIn,TheMiddle” must be specified as

“commaIn,TheMiddle”. The old syntax of delimiting child OU’s with a comma is still supported, but deprecated.

Note that in this case, the child OU comes first, e.g. “ChildOU,ParentOU”.

-SiteId [<Guid[]>]

GUID of the Site.

-SiteName [<String[]>]

Name of the Site.

-Confirm [<SwitchParameter>]

The impact of this operation is “low”. If -Confirm is specified, the operation will be confirmed.

$ConfirmPreference can be set to “low” to have confirmation without the Confirm parameter.

-Object [<PvsObject[]>]

Object: will use the DeviceId, CollectionId, SiteViewId or FarmViewId.

Related: