Skip past navigation linksSecure Global Desktop 4.40 Administration Guide > Applications, Documents, and Application Servers > Users Have Problems Accessing Client Drives

Users Have Problems Accessing Client Drives

Select the section that best matches the user's symptoms:

Note also the limitations on shared users.

On Microsoft Windows application servers, you can also run the drive mapping application in "diagnostic mode" to help troubleshoot drive mapping problems.

No Client Drives Are Mapped Within the User's Session or There Are Fewer Drives Than Expected

Checklist More information
Is the Sun Secure Global Desktop Enhancement Module installed on the application server?

To access client drives from applications displayed through SGD, the Sun Secure Global Desktop Enhancement Module must be installed on the application server.

The Secure Global Desktop Release Notes has details of the supported platforms for the Sun Secure Global Desktop Enhancement Module.
Is client drive mapping enabled?

In the SGD Administration Console, on the Global Settings » Client Device tab, check the Client Drive Mapping check box is selected.

Remember, client drive mapping services only become available when you restart all SGD servers in the array. To manually start CDM services without restarting the array, run the tarantella start cdm command on all members of the array.
Have the user's client drives been configured correctly? For users with Microsoft Windows client devices, the Client Drive Mapping attribute on the Client Device tab for organization, organizational unit, and user profile objects determines which client drives each user can access. The user might be configured to have no access to any client drives. Remember to check the ancestor OUs in the organizational hierarchy. Client drive mapping settings are inherited, so you can give access to many users with one configuration change.

For users with UNIX, Linux, or Mac OS X platform client devices, check that the user's $HOME/.tarantella/native-cdm-config file is present and has valid entries.
Are client drive mapping processes running? On the host where SGD is installed, use the following command: 
Skip past command syntax or program codeps -ef | grep ttacdmd

If client drive mapping processes are running, there are at least two processes with the name "ttacdmd".

If there are no any drive mapping processes, use the following command:

Skip past command syntax or program codegrep cdm /opt/tarantella/var/log/*

Check the output for any messages.

On UNIX and Linux platform application servers, use the following command to check that client drive mapping processes are running:

Skip past command syntax or program code/opt/tta-tem/bin/tem status

If client drive mapping processes are not running, use the following command:

Skip past command syntax or program code/opt/tta_tem/bin/tem startcdm

If starting client drive mapping processes produces errors such as "Failed to mount /smb" check that the NFS server is running and that the directory being used for client drive mapping is exported correctly. Check whether another service is using port 4242. If it is, edit the /opt/tta_tem/etc/client.prf file and change the port number in the line [nfsserver/mount/port={(4242)}] and restart the client drive mapping processes.

On Microsoft Windows application servers, use Task Manager to check that there is a ttatdm.exe process for the user.
Are you using a proxy server? Proxy servers drop a connection after a short period of time if there is no activity on the connection.

SGD sends keepalive packets to keep the connection open between the client device and the SGD server and by default this is every 100 seconds. This connection is used for client drive mapping. Try increasing the frequency of the keepalive packets.

  1. In SGD Administration Console, click the Global Settings » Communication tab.
  2. In the AIP Keepalive Frequency field, type a value in seconds, for example 60.
  3. Click Save.

Alternatively, use the following command:

Skip past command syntax or program code$ tarantella config edit --sessions-aipkeepalive secs
Do the version numbers for the Sun Secure Global Desktop Enhancement Module and the SGD server match? Run the following command on the host where SGD is installed: 
Skip past command syntax or program codetarantella version

Make a note of the version number.

On Microsoft Windows application servers, browse to the C:\Program Files\Tarantella\Enhancement Module directory. Right-mouse click on the ttatdm.exe file and select Properties. On the Version tab, click File Version.

On UNIX or Linux platform application servers, run the following command:
/opt/tta_tem/bin/tem version
Are other services using TCP ports 139 and 137?

SGD client drive mapping services must bind to TCP port 139, which is used for Server Message Block (SMB) services. This port might already be in use, for example by a product such as Samba. UDP Port 13 is also used if the Windows Internet Naming Service (WINS) check box is selected on the Global Settings » Client Device tab in the SGD Administration Console.

To find out whether any other process is using port 139 (and 137), stop the SGD server and then run the following commands on the host on which SGD is installed:

Skip past command syntax or program codenetstat -an | grep 139
grep 139 /etc/xinetd.conf

To ensure that client drive mapping services are available, stop any other products that bind to TCP port 139 (137, if required), and restart the SGD server.

Follow these instructions for using client drive mapping and another SMB service on the same host.
Does logging reveal any errors? Enable drive mapping logging by adding the following filters in the Log Filters field on the Monitoring tab of the SGD Administration Console: 
Skip past command syntax or program codecdm/*/*:cdm%%PID%%.log
cdm/*/*:cdm%%PID%%.jsl
server/deviceservice/*:cdm%%PID%%.log
server/deviceservice/*:cdm%%PID%%.jsl

Check the log files for any errors.

On Microsoft Windows application servers, check the Windows Event Viewer for any drive mapping errors. See also running client drive mapping in "diagnostic mode" for logging options.

On UNIX or Linux platform application servers, check for any drive mapping errors in the clerr.log and the clPID.log files in the /opt/tta_tem/var/log directory.
Does the error log on a Microsoft Windows application server show an Add device failed with ERROR_INVALID_PASSWORD error message?

If no client drives are mapped in the Microsoft Windows application session and you see error such as Add device failed with ERROR_INVALID_PASSWORD in the client drive mapping log output, this can be caused by either SMB packet signing or the LAN Manager authentication level.

This applies to Microsoft Windows Server 2003 and Microsoft Windows 2000 Server.

SMB packet signing

Microsoft Windows application servers can be configured so that the Server Message Block (SMB) communications between a client and Microsoft Windows server are digitally signed for security.

SGD does not support SMB packet signing. The solution is to disable SMB packet signing.

See this Microsoft TechNet article for information on disabling SMB packet signing.

LAN Manager authentication level

The LAN Manager authentication level controls the authentication protocols used for communications between a client and Microsoft Windows server. If the authentication level is set too high, client drive mapping fails.

The solution is to edit the Security options\Network security: LAN Manager authentication level policy and select Send LM & NTLM - Use NTLMv2 session security if negotiated.

See Microsoft KB article 823659 for details.
Have all the client drives been found? For Windows clients, the Sun Secure Global Desktop Client displays information about the drives it has found. Right-mouse click on the System Tray icon and select Connection info.
Is the drive mapping connection between the application server and the SGD server working? To check whether the drive mapping connection between the application server and the SGD server is working, enable drive mapping in "diagnostic mode" on the application server. When the drive mapping window displays, select Information from the Debug menu. Check the output for information on why the drive connections are failing.

Common reasons why drive connections fail include the following:

  • The application server cannot resolve the netbios name of the SGD server. The solution is to configure a WINS server on the application server that points to a WINS server that can resolve the netbios name of the SGD server. Alternatively, edit the lmhosts file to include the netbios name and address of the SGD server.
  • The ttacdmd program is not running because another SMB server is running.

Windows Client Drives Are Mapped Using Unexpected Drive Letters

If a drive letter is already in use on the Microsoft Windows application server (for example, drive A is reserved for the application server's floppy drive), the drive cannot be remapped automatically. The client drive mapping service uses a Fallback Drive to ensure the client drive can be accessed using a different drive letter.

To help ensure that the configured drive letter is available, it is best to hide or remap application server drives to use different drive letters.

More Client Drives Are Mapped Than Expected

For users with Microsoft Windows client devices, client drives are inherited within the organizational hierarchy, so you can give access to many users with one configuration change. Check the Client Drive Mapping attribute on the organizational unit object the user's user profile belongs to. If necessary, check all ancestors of the user profile, including the top-level organization object. You can override a setting that is specified in a parent OU or organization object, by configuring the user profile's Client Drive Mapping attribute. The first matching drive specification is used.

For users with UNIX, Linux, or Mac OS X platform client devices, check that the user's $HOME/.tarantella/native-cdm-config file is present and has valid entries.

The Recycle Bin Does Not Work As Expected

On Microsoft Windows client devices, client drives accessed through SGD are treated by the application server as network drives. This means that Recycle Bin features are not available for client drives.

Laptop or Notebook Users Experience a Delay in Seeing Mapped Drives

Laptop or notebook users who have external floppy drives can experience a delay if the floppy drive is not attached when they access client drives. The delay happens because the client times out before it realizes the floppy drive is not available.

The solution is either to do either of the following:

Mapped Drives Have Unusual Names

On Microsoft Windows client devices, sometimes drives appear with unusual names. This is caused by the drive mapping application timing out.

The solution is to increase the default timeout values in the Microsoft Windows registry for the client drive mapping application (ttatdm.exe) on the application server. To do this:

  1. In the Windows Registry Editor (regedit), edit the
    HKEY_LOCAL_MACHINE\Software\Tarantella, Inc.\Enhancement Module for Windows key.
  2. Double-click Initial Timeout. The Edit DWord Value window displays.
  3. In the Base part of the screen, click Decimal.
  4. In the Value data field increase the value. (The value is in milliseconds and the default is 10000.)
  5. Click OK.
  6. Double-click Subsequent Timeout. The Edit DWord Value window displays.
  7. In the Base part of the screen, click Decimal.
  8. In the Value data field increase the value to something like 8000. (The value is in milliseconds and the default is 1000.)
  9. Click OK.
  10. Close the Registry Editor.
  11. For the changes to take effect, the user needs to log out of Windows and then log in again.

On UNIX, Linux, and Mac OS X platform client devices, the names of mapped drives are configured in the user's the $HOME/.tarantella/native-cdm-config file. Check that it has valid entries.

Shared Users

On Unix or Linux platform application servers, access to client file systems is given to users based on their UNIX user ID and standard NFS file system privileges. If a shared account is used to access applications, client drive mapping not available. This is because SGD has no way to distinguish between these users as they all have the same user ID.

Running Client Drive Mapping in Diagnostic Mode

On Microsoft Windows application servers, you can run the drive mapping application in diagnostic mode to obtain information for troubleshooting drive mapping problems. To enable diagnostic mode:

  1. Log on to the application server as an Administrator.
  2. Double-click the drive mapping program file (C:\Program Files\Tarantella\Enhancement Module\ttatdm.exe).
  3. When the drive mapping window displays, select the level of information you want by choosing an option from the Debug menu.

The Debug menu has the following options:

The drive mapping window only shows drive mapping information from when the window is displayed. It does not show historical information. If you change the level of information displayed in the drive mapping window, the user needs to log out of Windows and log in again to generate the new information.

The Edit menu allows you to select, copy and clear information from the drive mapping window.

Related Topics

Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.