Skip past navigation linksSecure Global Desktop 4.31 Administration Guide > Applications, documents and hosts > Users are having problems accessing client drives

Users are having problems accessing client drives

Select the section that best matches the user's symptoms:

Note also the client limitations and limitations on shared users.

On Microsoft Windows application servers, you can also run the drive mapping application in "diagnostic mode" to help troubleshoot drive mapping problems.

No client drives are mapped within the user's session or there are fewer drives than expected

Checklist More information
Is the user logged in to Secure Global Desktop using a suitable client?

The Java™ technology client (classic webtop) only supports client drive mapping on Microsoft Windows client platforms.

Is the Sun Secure Global Desktop Enhancement Module installed on the application server?

To access client drives from applications displayed through Secure Global Desktop, the Sun Secure Global Desktop Enhancement Module must be installed on the application server.

The Secure Global Desktop Release Notes has details of the supported platforms for the Sun Secure Global Desktop Enhancement Module.
Is client drive mapping enabled?

In Array Manager, open Array properties. To enable client drive mapping services, make sure that Let Users Access Client Drives is checked.

Remember, client drive mapping services only become available when you restart all Secure Global Desktop servers in the array. To manually start CDM services without restarting the array, run the tarantella start cdm command on all members of the array.
Have the user's client drives been configured correctly? For users on Microsoft Windows client devices, the Client Drive Mapping attribute on person, organizational unit and organization objects determines which client drives each user may access. The user may be configured to have no access to any client drives. Remember to check the ancestor OUs in the organizational hierarchy: client drive mapping settings are inherited, so you can give access to many users with one configuration change.

For users on UNIX, Linux or Mac OS X client devices, check that the user's $HOME/.tarantella/native-cdm-config file is present and has valid entries.
Are client drive mapping services running? Run the following command on the host where Secure Global Desktop is installed:
ps -ef | grep ttacdmd.

If client drive mapping services are running, there should be at least two processes with the name "ttacdmd".

If there are no any drive mapping processes, run the following command:
grep cdm /opt/tarantella/var/log/*.

Check the output for any messages.

On UNIX, Linux and Mac OS X application servers, use the following command to check that client drive mapping processes are running:
ps -ef | grep ttatdm
If they are not, run the following command:
/opt/tta_tem/bin/tem startcdm
If starting client drive mapping processes produces errors such as "Failed to mount /smb" check that the NFS server is running and that the directory being used for client drive mapping is exported correctly. Check whether another service is using port 4242. If it is, edit the /opt/tta_tem/etc/client.prf file and change the port number in the line [nfsserver/mount/port={(4242)}] and restart the client drive mapping processes.
Do the version numbers for the Sun Secure Global Desktop Enhancement Module and the Secure Global Desktop server match? Run the following command on the host where Secure Global Desktop is installed:
tarantella version
Make a note of the version number.

On a Windows application server, browse to the C:\Program Files\Tarantella\Enhancement Module directory. Right-mouse click on the ttatdm.exe file and select Properties. On the Version tab, click File Version.

On a UNIX/Linux application server, run the following command:
/opt/tta_tem/bin/tem version
Are other services using ports 139/tcp and 137/udp?

Secure Global Desktop client drive mapping services must bind to port 139/tcp, which is used for Server Message Block (SMB) services. This port may already be in use, for example by a product such as Samba. Port 137/udp is also used if you enable the Use WINS for better performance option on Array properties.

To find out whether any other process is using port 139 (137), stop the Secure Global Desktop server and then run the following commands on the host on which Secure Global Desktop is installed:
netstat -an | grep 139
grep 139 /etc/xinetd.conf.

To ensure that client drive mapping services are available, stop any other products that bind to port 139/tcp (and 137/udp, if required), and restart the Secure Global Desktop server.

Follow these instructions for using client drive mapping and another SMB service on the same host.
Does logging reveal any errors? Enable drive mapping logging by adding the following filters on the Array Properties panel of Array Manager: 
Skip past command syntax or program codecdm/*/*:cdm%%PID%%.log
cdm/*/*:cdm%%PID%%.jsl
server/deviceservice/*:cdm%%PID%%.log
server/deviceservice/*:cdm%%PID%%.jsl
Check the log files for any errors.

On Windows application servers, check the Windows Event Viewer for any drive mapping errors. See also running client drive mapping in "diagnostic mode" for logging options.

On UNIX/Linux application servers, check for any drive mapping errors in the clerr.log and the clPID.log files in the /opt/tta_tem/var/log directory.
Does the error log on a Microsoft Windows application server show an Add device failed with ERROR_INVALID_PASSWORD error message?

If no client drives are mapped in the Microsoft Windows application session and you see error such as Add device failed with ERROR_INVALID_PASSWORD in the client drive mapping log output, this can be caused by either SMB packet signing or the LAN Manager authentication level.

This applies to Microsoft Windows Server 2003 and Microsoft Windows 2000 Server.

SMB packet signing

Microsoft Windows application servers can be configured so that the Server Message Block (SMB) communications between a client and Microsoft Windows server are digitally signed for security.

Secure Global Desktop does not support SMB packet signing. The solution is to disable SMB packet signing.

See this Microsoft TechNet article for information on disabling SMB packet signing.

LAN Manager authentication level

The LAN Manager authentication level controls the authentication protocols used for communications between a client and Microsoft Windows server. If the authentication level is set too high, client drive mapping fails.

The solution is to edit the Security options\Network security: LAN Manager authentication level policy and select Send LM & NTLM - Use NTLMv2 session security if negotiated.

See Microsoft KB article 823659 for details.
Have all the client drives been found? For Windows clients, the Sun Secure Global Desktop Client displays information about the drives it has found. Right-mouse click on the System Tray icon and select Connection info.

You can also debug the classic webtop (Java technology client) as follows:

  1. Ensure the Java Console is enabled in the web browser.
  2. Add the following parameter to the client drive mapping applet in the file opt.html:
    <param name="DebugMask" value="255">.
  3. Log in to Secure Global Desktop.
  4. Check the Java Console for information on why drives have not been mapped.

Note Opt.html is in the directory for the theme you are using in /opt/tarantella/var/docroot/resources.
Is the drive mapping connection between the application server and the Secure Global Desktop server working? To check whether the drive mapping connection between the application server and the Secure Global Desktop server is working, enable drive mapping in "diagnostic mode" on the application server. When the drive mapping window displays, select Information from the Debug menu. Check the output for information on why the drive connections are failing.

Common reasons why drive connections fail include:

  • the application server can't resolve the netbios name of the Secure Global Desktop server. The solution is to configure a WINS server on the application server that points to a WINS server that can resolve the netbios name of the Secure Global Desktop server. Alternatively, edit the lmhosts file to include the netbios name and address of the Secure Global Desktop server.
  • the ttacdmd program isn't running because another SMB server is running.

Windows client drives are mapped using unexpected drive letters

If a drive letter is already in use on the Microsoft Windows application server (for example, drive A is reserved for the application server's floppy drive), the drive can't be remapped automatically. The client drive mapping service uses a Fallback Drive to ensure the client drive can be accessed using a different drive letter.

To help ensure that the configured drive letter is available, we recommend that you hide or remap application server drives to use different drive letters.

More client drives are mapped than expected

For users on Microsoft Windows client devices, client drives are inherited within the organizational hierarchy, so you can give access to many users with one configuration change. Check the Client DriveMapping attribute on the organizational unit object the user's person object belongs to. If necessary, check all ancestors of the person object, including the top-level organization object. You can override a setting that's specified in a parent OU or organization object, by configuring the person object's Client Drive Mapping attribute: the first matching drive specification is used.

For users on UNIX, Linux or Mac OS X client devices, check that the user's $HOME/.tarantella/native-cdm-config file is present and has valid entries.

The Recycle Bin doesn't work as expected

On Microsoft Windows client devices, client drives accessed through Secure Global Desktop are treated by the application server as network drives. This means that Recycle Bin features are not available for client drives.

Laptop/notebook users experience a delay in seeing mapped drives

Laptop/notebook users who have external floppy drives can experience a delay if the floppy drive is not attached when they access client drives. The delay happens because the client times out before it realizes the floppy drive is not available.

The solution is either:

Mapped drives have unusual names

On Windows client devices, sometimes drives appear with unusual names. This is caused by the drive mapping application timing out.

The solution is to increase the default timeout values in the Windows registry for the client drive mapping application (ttatdm.exe) on the application server. To do this:

  1. In the Windows Registry Editor (regedit), edit the
    HKEY_LOCAL_MACHINE\Software\Tarantella, Inc.\Enhancement Module for Windows key.
  2. Double-click Initial Timeout. The Edit DWord Value window displays.
  3. In the Base part of the screen, click Decimal.
  4. In the Value data field increase the value. (The value is in milliseconds and the default is 10000.)
  5. Click OK.
  6. Double-click Subsequent Timeout. The Edit DWord Value window displays.
  7. In the Base part of the screen, click Decimal.
  8. In the Value data field increase the value to something like 8000. (The value is in milliseconds and the default is 1000.)
  9. Click OK.
  10. Close the Registry Editor.
  11. For the changes to take effect, the user needs to log out of Windows and then log in again.

On UNIX, Linux and Mac OS X client devices, the names of mapped drives are configured in the user's the $HOME/.tarantella/native-cdm-config file. Check that it has valid entries.

Client limitations

Not all functionality is available for users of Netscape browsers when using the classic webtop:

Shared users

On Unix or Linux application servers, access to client file systems is given to users based on their UNIX user ID and standard NFS file system privileges. If a shared account is used to access applications, client drive mapping will not be available to the shared users. This is because Secure Global Desktop has no way to distinguish between these users as they all have the same user ID.

Running client drive mapping in "diagnostic mode"

On Microsoft Windows application servers, you can run the drive mapping application in "diagnostic mode" to obtain information for troubleshooting drive mapping problems. To enable "diagnostic mode":

  1. Log on to the application server as an Administrator.
  2. Double-click the drive mapping program file (C:\Program Files\Tarantella\Enhancement Module\ttatdm.exe).
  3. When the drive mapping window displays, select the level of information you want by choosing an option from the Debug menu.

The Debug menu has the following options:

The drive mapping window only shows drive mapping information from when the window is displayed. It does not show historical information. If you change the level of information displayed in the drive mapping window, the user needs to log out of Windows and log in again to generate the new information.

The Edit menu allows you to select, copy and clear information from the drive mapping window.

Related topics

Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.