Notes

I had a strange problem where one single user couldn't connect to a Citrix Desktop. The user was able to log in to the StoreFront but after clicking on the icon for starting the Desktop, nothing happened. Sometimes, there was a spinning wheel on the icon.
After lots of trial and error (like resetting the user's profile and rebooting the StoreFront servers), the problem could be resolved by rebooting the Delivery Controllers.
That was very strange, I never had faced this before.

Today I ran into a problem when connecting to an OpenVPN server running on an OPNsense firewall.

I received the following error message:

Decoding PKCS12 failed. Probably wrong password or unsupported/legacy encryption

I tried to reset the password, but that didn't have any effect.

After a short research, I found the following issue: OpenVPN-Gui 2.6 unable to decrypt .p12 file created in Client Export

So this seems to be a compatibility problem with the OpenSSL libraries of OpenVPN GUI 2.6 and OPNsense. After downgrading to OpenVPN GUI 2.5.7, the problem was gone for me. I hope they fix this soon.

I wanted to add a SMB share to a Windows Failover Cluster. When trying to create the share in MMC, I got a Access denied error message. When trying to do this in Windows Explorer, I got an even more strange error message:

Error creating share: [...] The resources must be online on the same node for this operation.

(In german: Beim Versuch, [...] freizugeben, ist ein Fehler aufgetreten. Für diesen Vorgang müssen sich die Ressourcen in demselben Knoten im Onlinemodus befinden.)

OK, so I decided to give PowerShell a try (using New-SmbShare) - with a similar result:

New-SmbShare : Access is denied. 
At line:1 char:1
+ New-SmbShare \\my-cluster\myshare -Path D:\MyPath- ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (MSFT_SMBShare:ROOT/Microsoft/Windows/SMB/MSFT_SMBShare) [New-SmbShare
   ], CimException
    + FullyQualifiedErrorId : Windows System Error 5,New-SmbShare

I found several articles and posts saying that you have to create the share using an elevated MMC or command line, but this didn't work for me.

After several try and error, I found out that I have to give the SYSTEM account write permissions to the folder.

This only affects Failover Clusters. On a single server the SYSTEM account does not need to have write permissions on the folder.

I love robocopy! I got a lot of "permission denied" errors when trying to copy some files with messed up permissions on another volume. Using robocopy's /b parameter, I was able to copy the files regardless of the permissions. Very nice!

Found a nice article about the architecture of Windows 3.x:

Inside Windows 3