Citrix states in their article: CTX101864

Document ID: CTX101864, Created on: May 14, 2003, Updated: May 1, 2006

Products: Citrix MetaFrame XP 1.0 for Microsoft Windows 2000, Citrix MetaFrame XP 1.0 for Microsoft NT 4.0 Server Terminal Server Edition, Citrix MetaFrame XP 1.0 for Microsoft Windows 2003, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2000, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows 2003, Citrix Presentation Server 4.0 for Microsoft Windows 2000, Citrix Presentation Server 4.0 for Microsoft Windows 2003

Symptoms

“Could not enumerate the user accounts in this domain. There might be communication problems on the network. Error Code:80000001.”

Scenario 1:

This error occurred when attempting to add users, from a Windows 2000 Domain, to applications. Manually adding the users worked.

A ctxtrace revealed:

[IMA_AAMS, Error] AAMS:RouteToBestServer : Could not create temporary binding handle for routing.

[IMA_AAMS, Info] AAMS:RouteToBestServer: AAInstance is not trusted by the farm.

[IMA_AAMS, Error] AAMS:RouteToBestDriverAndServer1 : RouteToBestServer failed.

[IMA_AAMS, Info] AAMS:RouteToBestDriverAndServer1

Cause:

Improper DNS/DHCP Configuration.

Resolution:

Ensure the information, in the Advanced TCP/IP settings, for DNS, is correct. Static IP’s are a “Best Practice” recommendation for Servers.

Scenario 2:

This error occurred when attempting to add an Administrator account from the Novell tree.

A ctxtrace revealed:

[NDSDrvSS, Error] NDSDrvHelper::EnumerateTreeObjects() Begin.
[2108] [NDSDrvSS, Error] NDSDrvHelper::ImpersonateProxyUser()
[2108] [NDSDrvSS, Error] NDSDrvHelper::ImpersonateProxyUser - Logon User Failed - Value = 1385
[2108] [NDSDrvSS, Error] NDSDrvHelper::ConnectToNDS. ImpersonateProxyUser failed Value = 80000001
[2108] [NDSDrvSS, Error] NDSDrvHelper::EnumerateTreeObjects Failed . Value = 80000001
[2108] [NDSDrvSS, Error] NDSDrvHelper::DetachFromNDS.

Cause:

The trace indicates that the proxy user logon failed with the error code ERROR_LOGON_TYPE_NOT_GRANTED.

Resolution:

Ensure that the local user CitrixDSUser exists and has GPO rights to “log on locally” (for servers running Presentation Server 4.0 with Rollup 1, ensure the account has GPO rights to “access this computer from the network”). IMA accesses NDS in the security context of this user.

1. Using Computer Management, verify the account is present and enabled. The error is reproducable in-house by disabling the account.

2. Verify the effective local logon locally policy setting for this user.

3. Using Computer Management, change the CitrixDSUser’s password to say abc.

4. Verify that you can log on to the console of the server as CitrixDSUser.

5. Restart the IMA Service. This changes the user’s password to a random password.

Additional Information:

It is not required to add CitrixDSUser to the local Administrators group. Doing so might cause some security risks. If adding the user to this group allows the user to log on to the console, attempt to figure out why CitrixDSUser cannot log on to the console if it is not a member of the Administrators group.

Check name resolution. Verify that the MetaFrame XP servers can resolve the NDS SLP server.

Scenario 3:

This error occurred when attempting to enumerate user from an NT 4 domain.

A ctxtrace revealed:

[1744] [IMA_AAMS, Info] AAMS:RouteToBestDriverAndServer1

[1744] [IMA_AAMS, Info] AAMS:RouteToBestServer

[1744] [WinDrvSS, Error] IMA_UserMgmt_SAL::GetAAInstanceDetails

[1744] [IMA_AAMS, Info] AAMS:OnGetAAInstanceDetails

[1744] [WinDrvSS, Info] GetAAInstanceDetails -> Successful.

[1744] [WinDrvSS, Info] WinDrvHelper::EnumerateGroups() bDoNotUseADSI = . Value = 0

[1744] [WinDrvSS, Info] WinDrvHelper::EnumerateNTGroups() - Begin. Number of accounts requested Value = 900

[1744] [WinDrvSS, Info] WinDrvHelper::EnumerateNTGroups() - Following is the Domain Controller Name:

[1744] [WinDrvSS, Info] \\BDC-Computername

[1744] [WinDrvSS, Info] WinDrvHelper::EnumerateNTGroups() - NetQueryDisplayInformation() called with uIndex Value = 0

[1744] [WinDrvSS, Info] WinDrvHelper::EnumerateNTGroups() - NetQueryDisplayInformation() returned Value = 6ba

[1744] [WinDrvSS, Info] WinDrvHelper::EnumerateNTGroups() - NetQueryDisplayInformation() returned with uEntries Value = 0

[1744] [WinDrvSS, Info] WinDrvHelper::EnumerateNTGroups() - End Value = 80000001

Cause:

This error may be intermittent. In order to be able to enumerate user accounts, the IMA service must be able to successfully authenticate/connect to a domain controller. For the failing enumeration attempt, Citrix Technical support determined the server running the Citrix Management Console could not access the remote registry (via regedt32) on the back-up domain controller (BDC-Computername).

A successful enumeration attempt and a subsequent CTX Trace log pointed to a different domain controller. Citrix Technical support determined the server running the Citrix Management Console could access the remote registry (via regedt32) on this different domain controller.

Resolution:

Resolve the inability to connect to a domain controller (via regedt32) from the server running the Citrix Management Console.