Today we added our first Windows 2003 DC to Windows 2000 domain. After the AD replication completed successfully, users who used to login to the domain via citrix started receiving a message upon logging into the server:
So I went into AD, threw the citrix server in it's own OU. Created a new GPO. Under GPO setttings
Computer Configuration => Windows Settings => Security Settings =>Local Policies=>User Rights Assignment
Under User Rights Assignment Look for following setting:
If Using Win2k3 - Allow Login to Terminal Server
If Using Win2K - Log on Locally
Double click on above policy and assign the appropriate group permission
After you have assigned the permission, make sure that the group that you assigned the permission to has the rights to Read and Apply Group Policy for that GPO
If you do the first and not the second the problem will still exist.
Also make sure to refresh the Group policy by going to DOS Prompt and giving following commands
If Win2K : secedit /refreshpolicy machine_policy /force
If Win2k3: gpupdate /force
Reboot the Terminal or Citrix Server.
this resolved the problem for me.