Missing Information Panes in Citrix Director Activity Manager For Users with High Active Directory Group Membership

book

Article ID: CTX230653

calendar_today

Updated On:

Description

For users with high (94+)  AD group membership, some panes in the Activity Manager for Citrix Director may display the folllowing error (or similar) instead of the desired information:

"Cannot retrieve the data. Unexpected server error. View Director server event logs for further information (Refer Citrix KB article CTX130320)."

Environment

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Resolution

Create the following reg keys on each DDC in the environment, following which each DDC must be rebooted.

If the below does not work, increase the first value to 65535 as suggested, and reboot each DDC again.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name: MaxTokenSize
Type: REG_DWORD
Data: 48000 
(in the event of failure to resolve, increase to 65535)
 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
Name: MaxFieldLength
Type: REG_DWORD
Data: 65534
 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
Name: MaxRequestBytes
Type: REG_DWORD
Data: 16777216
 
The registry keys above are listed elsewhere, but have slightly higher values in this article. There is no known ill-effect of these higher values.

Problem Cause

Microsoft known issue: https://support.microsoft.com/en-us/help/327825/problems-with-kerberos-authentication-when-a-user-belongs-to-many-grou
Powered by Wolken Software