December, 2013 | Adam Ringenberg

I was doing some maintenance on some Citrix Provisioning Services servers. These guys are VMs running on VMWare. After a reboot, I got this error when trying to RDP back in to one of the servers

The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.

In the Windows System Event Log, we see this error:

Log Name: System
Source: Microsoft-Windows-Security-Kerberos
Date: 12/10/2013 10:14:28 AM
Event ID: 4
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ClientName.DomainName
Description:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server servername$. The target name used was TERMSRV/SERVERNAME. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DomainName) is different from the client domain (DomainName), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

Initially I ran ipconfig /flushdns on the client because that’s kind of what the RDP error told me to do. When that didn’t fix it, a coworker mentioned that he had seen it before.

When this VM came back up, the time was all jacked up in vCenter. It was reporting a time in GMT when the server was actually in EST. That, apparently, was enough to set off alarm bells and RDP thought the server was being impersonated!

We fixed the time in vCenter and rebooted the VM. Success!

We had a problem on Citrix XenApp Shared Desktops where certain .NET apps were crashing. In our case, it was an in-house app, a vendor app, and a Microsoft Office app.

In the Windows Application Event Log, we were getting several errors:

Log Name: Application
Source: .NET Runtime
Date: 12/5/2013 6:56:31 AM
Event ID: 1023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
.NET Runtime version 2.0.50727.5420 – Fatal Execution Engine Error (000007FEF081AF0E) (80131506)

Log Name: Application
Source: Application Error
Date: 12/5/2013 6:56:32 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
Faulting application name: ApplicationName, version: 1.0.0.0, time stamp: 0x524c8c08
Faulting module name: mscorwks.dll, version: 2.0.50727.5420, time stamp: 0x4ca2b7e1
Exception code: 0xc0000005
Fault offset: 0x00000000001d1908
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13

Log Name: Application
Source: RISH
Date: 12/5/2013 6:56:32 AM
Event ID: 1307
Task Category: (2)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
Failed to get format message from C:\Windows\System32\wer.dll with Message ID 3e8.

What we determined was that the Citrix Virtual Memory Optimization service was messing with .NET DLLs, so we disabled it. As long as that service isn’t running, we don’t get those errors anymore.

Please note that there may be a scheduled task called “Memory Optimization Schedule” that will need to be disabled as well. This scheduled task re-enables and starts the service at reboot and 3AM.