Several Citrix Health Monitor Error Messages Appear in the System Event Log

Several Citrix Health Monitor Error Messages Appear in the System Event Log

book

Article ID: CTX115682

calendar_today

Updated On:

Description

The System Event Log on a server running Citrix Presentation Server 4.5 contains multiple error messages, which are similar to the following:
There is no apparent lack of functionality on the servers because of these error messages.

 “Event Type:  Error
Event Source:     CitrixHealthMon
Event Category:     None
Event ID:     4004

Description:

The file C:\Program Files\Citrix\HealthMon\Tests\Citrix\RequestTicket.exe does not have the correct permissions. In SDDL, the expected ACL was O:BAD:AI(A;ID;0x1200a9;;;LS)(A;ID;FA;;;BA). The actual ACL was O:S-1-5-21-99699002-1089198381-3837564743-500D:AI(A;ID;FA;;;BA)(A;ID;0x1200a9;;;LS)(A;ID;FR;;;NS). For reference, the files placed in the test folder should have inheritable permissions turned on which will result in the file have full control access for the Administrators group, Read and Execute access for the Local Service user account, and the owner will be the Administrators group.”

Or

“Description:

The file C:\Program Files\Citrix\HealthMon\Tests\Citrix\CheckTermSrv.exe does not have the correct permissions. In SDDL, the expected ACL was O:BAD:AI(A;ID;0x1200a9;;;LS)(A;ID;FA;;;BA). The actual ACL was O:S-1-5-21-99699002-1089198381-3837564743-500D:AI(A;ID;FA;;;BA)(A;ID;0x1200a9;;;LS)(A;ID;FR;;;NS). For reference, the files placed in the test folder should have inheritable permissions turned on which will result in the file have full control access for the Administrators group, Read and Execute access for the Local Service user account, and the owner will be the Administrators group.”

Or

“Description:

The file C:\Program Files\Citrix\HealthMon\Tests\Citrix\LogonMonitor.dll does not have the correct permissions. In SDDL, the expected ACL was O:BAD:AI(A;ID;0x1200a9;;;LS)(A;ID;FA;;;BA). The actual ACL was O:S-1-5-21-99699002-1089198381-3837564743-500D:AI(A;ID;FA;;;BA)(A;ID;0x1200a9;;;LS)(A;ID;FR;;;NS). For reference, the files placed in the test folder should have inheritable permissions turned on which will result in the file have full control access for the Administrators group, Read and Execute access for the Local Service user account, and the owner will be the Administrators group.”

Or

“Description:

The file C:\Program Files\Citrix\HealthMon\Tests\Citrix\IMATest.exe does not have the correct permissions. In SDDL, the expected ACL was O:BAD:AI(A;ID;0x1200a9;;;LS)(A;ID;FA;;;BA). The actual ACL was O:S-1-5-21-99699002-1089198381-3837564743-500D:AI(A;ID;FA;;;BA)(A;ID;0x1200a9;;;LS)(A;ID;FR;;;NS). For reference, the files placed in the test folder should have inheritable permissions turned on which will result in the file have full control access for the Administrators group, Read and Execute access for the Local Service user account, and the owner will be the Administrators group."

 

Resolution

To ensure that the error messages do not appear, complete the following procedure:

  1. Ensure that the owner of the Tests\Citrix folder is set to the local administrator group.

  2. Navigate to the C:\Program Files (x86)\Citrix\HealthMon\Tests folder from the command prompt.

  3. Run the following commands from the command prompt:

    • icacls citrix /remove "NT AUTHORITY\LOCAL SERVICE"

    • icacls citrix /remove "BUILTIN\Administrators"

    • cacls citrix /G "NT AUTHORITY\LOCAL SERVICE":R

    • cacls citrix /E /G "BUILTIN\Administrators":F

  1. Restart the Citrix Health Monitoring and Recovery and check the event log. 

    Notes
  • Ensure that you do not modify the permissions setting for this folder or for the files in the folder. If you modify the permission settings, you must rerun the preceding commands.
  • If running these commands as a member of the Administrators group, you cannot run the final two commands. Take ownership of the folder in order to complete the tasks.

Problem Cause

These error messages appear because of the change in the ownership of the Citrix Health Monitor Test application files.
 By default, the following Citrix Health Monitor Test files are located in the \Program Files\Citrix\HealthMon\Tests\Citrix folder:

  • RequestTicket.exe

  • CheckTermSrv.exe

  • LogonMonitor.dll

  • IMATest.exe

By default, the ownership of these files is set to the local Administrators security group. If the ownership changes because of a Group Policy, security customization, or lockdown scripts, these messages are posted to the System Event Log of that server.

Citrix requires the permissions be set in a particular order. The permissions set within the Graphical User Interface reorders the permissions.

Issue/Introduction

This article contains several Citrix Health Monitor Error Messages that appear in the System Event Log.
Powered by Wolken Software