ccsvchst fails to close properly on Citrix XenApp servers leaving an active session
Last Updated May 23, 2019
A session remains active after logging off when Symantec Endpoint Protection (SEP) is installed on a Citrix XenApp Server. A ccsvchst process running under the user's context will remain active, even when LaunchSMCgui registry value is set to 0. To active session ends when the ccsvchst process running under the user's account is manually closed.
XenApp 6.5 for Windows Server 2008 R2
XenApp 6.0 for Windows Server 2008 R2
XenApp 5.0 for Windows Server 2008
User sessions will be left in an active state if the ccsvchst process fails to close properly, even when the LaunchSMCgui registry value is set to 0. This is due to the Seamless Desktop Integration feature of Citrix, where resources running on a Terminal Server might be made to appear as if the resources are running on the client.
Follow the steps in these two Citrix knowledge base articles: