Citrix Error

dan_richards

dan_richards

Reputable Poster
Hello,

Has anyone ever seen this error before? Better yet, know the fix????

A non-Domain Admin user logs into OneWorld through Citrix, and gets an error prior to the actual login box for JDE. The error is a REGEDIT error that states "Failed to update the system registry, please try again with regedit." If you click on "OK" everything appears fine and the user can log in.

Thanks!!!!


Dan Richards
Xe, SP15 XU1, RS6000, Oracle 8.1.7, MetaFrame XPe on W2K
 
Are you using Win2K permissions or NT4 compatible on your terminal services settings? If you don't know how to check, in your control panel --> administrative tools --> terminal services configuration

Then click on server settings and the last entry in the list is "permissions compatibility" double click on this and make sure it is set to "permissions compatible with Terminal Server 4.0 users"

Oneworld was designed around the NT4 security model which gives change access to the users local group on the registry key "HKLM\Software\*" The Win2K permissions only give read access to this key which oneworld needs to access.

Making this change will require a reboot. If this does not work there is a free utility at www.synsinternals.com called regmon which shows you all access to registry keys and you can see from there which access to which key(s) is getting denied.

HTH,
Jeff

B73.3.2 SP 11.1_UPKG, NT SP6a, MS-SQL 7.0 SP2, WIN2K/Metaframe 1.8a SP2/FR1 & Fat

Jeff Hill
IS Division Manager
Yamazen Inc.
 
Hi there,

I was having the same problem and the suggested solution did get rid of the error message however when you change the security settings to NT 4 model it gives you a warning suggesting that the registry now is not as secure! I am wondering if this presents a problem ?
We don't have OneWorld installed yet but we're getting ready for it. I am experimenting with the Win2K terminal server(TS) and the issues surrounding it. Is there a suggested security model for the TS/OW setup (ref.doc.)?
Thanks in advance.
 
As a quick answer to your question, yes this can present a problem. By unlocking the registry you allow your users (even if the don't have admin privs) to be able to modify the registry, install software, etc. A very big problem and also the reason that MS finally decided to begin locking down their software. Believe me, the last thing you want is for your users to begin installing shockwave or napster on your terminal servers.

There is a really good mailing list at yahoo about Citrix which discusses security and setup. Also any other topic related to Citrix but the initial stuff seems to be what you are looking for. Go to http://www.thethin.net there you will find the link to sign up for the yahoo group. Also at this site are many white papers on best practices including security setup. You can search the archives for OneWorld specific information as this topic does come up from time to time.

The problem you are going to face is that JDE did not really design this application with security in mind and definitely not for a multiuser experience which is why you will not be able to have a good security setup with OneWorld until such a time as JDE changes their client software to match the new security models that MS has implemented and also allow for the differences in terminal services. You can get it pretty secure and be comfortable with that but the current versions of OneWorld will not allow you to be as secure as I would like.

Good luck,
Jeff

B73.3.2 SP 11.1_UPKG, NT SP6a, MS-SQL 7.0 SP2, WIN2K/Metaframe 1.8a SP2/FR1 & Fat

Jeff Hill
IS Division Manager
Yamazen Inc.
 
Was OneWorld installed onto the Citrix server in Install Mode? If
believe we received this error before and the issue had to deal with the
installation of Oneworld and that the machine needs to be in install
mode. To put the server into Install mode, you can either run setup
from Add/Remove programs or open a command window and type: chgusr
/install. When the installation is complete, type: chgusr /execute. to
change the mode back to execute so people can log in.

Hope this helps!

Russ Kissock
Medtronic Inc.
Lead Technical Support Analyst
JDE OneWorld CNC/Sys Admin
Work: (763) 514-1422
Pager: (612) 648-1271
 
I have seen this error whenever a user signs on to one world without being
added to the administrator group. There is a white paper that explains
going into the registry with regedit32 to give authority to user. I have
just added the user the admin group for the domain. See Attachment, the
last part of the attachment may provide some insight.
 
Dan,

Which SP of Metaframe do you have?

SP3 gave us a lot of troubles, we get back to Realease 2, one of those
troubles was an error like yours.

Byte

Rafael Rodríguez Velázquez
ERP Technology Specialist / System Managament
Grupo Lala
Tel: ( 52)5078 40 48

OneWorld XE SP15.1, HP9000 - HP UX 11, Oracle 8.1.7.1, Citrix Metaframe 1.8
 
Back
Top