Environment
Novell Open Enterprise Server 11 SP2 (OES11SP2)
Novell Open Enterprise Server 11 SP1 (OES11SP1)
Citrix Director 7.1
Domain Services for Windows
DSFW
Citrix Director 7.1
Domain Services for Windows
DSFW
Situation
When Administrator logs in to Citrix Director which is joined to DSfW domain the following message is returned in the Citrix Director log file:
16:13:51.1736 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] SearchUsers called
16:13:51.1736 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] Exception caught:
System.InvalidOperationException: The value for the property Sort cannot be set.
at
System.DirectoryServices.DirectorySearcher.DoSetSearchPrefs(IDirectorySearch adsSearch, AdsSearchPreferenceInfo[] prefs)
at
System.DirectoryServices.DirectorySearcher.SetSearchPreferences(IDirectorySearch adsSearch, Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at Citrix.Dmc.Connector.DirectorySearcherProxy.FindAll()
at Citrix.Dmc.Connector.ADConnector.GetUsersMatchingFilter(String filter,
String name, Int32 limit, Collection`1 users)
at Citrix.Dmc.Connector.ADConnector.FindUsersByName(String name, Int32 limit)
at Citrix.Dmc.Connector.ADConnector.SearchUsers(String token, Int32 limit)
16:13:51.1736 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] DAO Search for users error:
Citrix.Dmc.Common.ConnectorException: The value for the property Sort cannot be
set. ---> System.InvalidOperationException: The value for the property Sort cannot be set.
at
System.DirectoryServices.DirectorySearcher.DoSetSearchPrefs(IDirectorySearch adsSearch, AdsSearchPreferenceInfo[] prefs)
at
System.DirectoryServices.DirectorySearcher.SetSearchPreferences(IDirectorySearch adsSearch, Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at Citrix.Dmc.Connector.DirectorySearcherProxy.FindAll()
at Citrix.Dmc.Connector.ADConnector.GetUsersMatchingFilter(String filter, String name, Int32 limit, Collection`1 users)
at Citrix.Dmc.Connector.ADConnector.FindUsersByName(String name, Int32 limit)
at Citrix.Dmc.Connector.ADConnector.SearchUsers(String token, Int32 limit)
at Citrix.Dmc.Common.ConnectorWrapper`1.Invoke[TReturn](Func`2 method)
--- End of inner exception stack trace ---
at Citrix.Dmc.Common.ConnectorWrapper`1.Invoke[TReturn](Func`2 method)
at Citrix.Dmc.WebService.ConsoleDao.SearchUsers(String token)
16:13:51.1746 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] Dao SearchUsers returning
16:13:51.1746 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] EXIT: SearchUsers service
returning
16:13:56.5515 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] ENTRY: SearchUsers service
called
16:13:56.5515 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] Dao SearchUsers called
16:13:56.5515 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] No value for setting 'Connector.ActiveDirectory.Identity'.Using default 'User'
The search for User fails. When Citrix Director is joined to AD domain the search goes through with the following logs:
16:13:50.9485 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] GetConnector called. connectionString = 'server1.dsfw.lan'
16:13:50.9555 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] InitialiseSearchers called. Domain name = server1.dsfw.lan, searchForest = True
16:13:50.9855 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] Adding domain searcher for server1.dsfw.lan
16:13:51.0565 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] InitialiseSearchers returning
16:13:51.0565 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] New connector created
16:13:51.0575 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] GetConnector returning ...
16:13:51.0575 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] SearchUsers called
16:13:51.0746 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] SearchUsers returning
16:13:51.0786 : [t:10, s:uigej0k3k1fqzhuctf0g3iri] Found user
S-1-5-21-2755624015-3541159979-1287447111-501
Resolution
Analyzing the packet traces and the ndstraces the Citrix tool requires the Server Side Sort control to be advertised from eDirectory/DSfW server.
Following is the OID for SSS controls,
1.2.840.113556.1.4.473LDAP_SERVER_SORT_OID
Server Side Sort is not fully supported with eDirectory and is there for not advertised. When Citirx Director 7.1 attempts to connect to the domain it first validates that the SSS control is advertised. Since eDirectory/DSfW does not advertise the SSS Control the Citrix Directory fails.
Previous versions of Citrix Director did not validate the SSS control and eDirectory/DSfW was able to perform the necessary SSS functionality.
TID 7001493 has more information on eDirector and it's Server Side Sort capabilities.
Cause
Citrix Director tool requires support for Server Side Sort control to be advertised to work with DSfW.
Status
Reported to EngineeringAdditional Information
For Citrix products currently supported with DSfW see Citrix.com