Citrix Cloud Connector Troubleshooting Guide

The primary intent of this article is to provide troubleshooting steps for the most commonly seen issues with Citrix Cloud Connector installation and configuration. This guide contains various errors along with logs and steps to fix the issue.

Communication errors are the root cause for many problems involving Cloud Connectors. Run the Cloud Connector Connectivity Check Utility

tool before proceeding with the below troubleshooting steps.

1.Troubleshooting.

1.1.This version of the connector is no longer supported.

Screenshot User-added image
Note:- This error can come due to various possible causes, would suggest to check the Cloud Connector logs and refer below solutions accordingly.
Logs 1 Cloud Connector CWCConnector Logs:

—> (Inner Exception #0) System.Net.Http.HttpRequestException: An error occurred while sending the request. —> System.Net.WebException:The remote name could not be resolved: ‘agenthub.citrixworkspacesapi.net’
Possible Causes Note: The screenshot above is generic which may not be relative to just the cloud connector version however it could relate to other issues as well, such as

  • Check Internet Connectivity
  • Check DNS configuration
Solution
  • Ensure the server is connected to the Internet.
  • Ensure the DNS (agenthub.citrixworkspacesapi.net) is resolving correctly.
Logs 2 Cloud Connector CWCConnector Logs:

—> (Inner Exception #0) System.AggregateException: One or more errors occurred. —> System.Net.Http.HttpRequestException: An error occurred while sending the request. —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.1.20:80
Possible Cause Note: The screenshot above is generic which may not be relative to just the cloud connector version however it could relate to other issues as well, such as

  • Incorrect Proxy Configured
  • Check for the type of user account used to enable the web proxy
Solution

Logs 3
Cloud Connector CWCConnector Logs:

—> (Inner Exception #0) System.Net.Http.HttpRequestException: An error occurred while sending the request. —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.1.21:443
Possible Cause Note: The screenshot above is generic which may not be relative to just the cloud connector version however it could relate to other issues as well, such as

  • Incorrect entry under Hosts file.
Solution Ensure there is no incorrect IP address assigned to ‘agenthub.citrixworkspacesapi.net’ in the hosts file.

1.2.Microsoft .NET Framework required for Citrix Cloud Connector setup

Screenshot User-added image
Possible Cause Need .NET Framework version 4.5.1 or later.
Solution Click on Accept and Install to upgrade to recent version of .NET Framework.

1.3.A clean install of the new Citrix Cloud Connector is required.

Screenshot User-added image
Possible Cause There is an existing Cloud Connector setup already installed on the server.
Solution Uninstall the previous instance from Program & Features. Download the and install the connector as a clean setup.

1.4.IE Enhanced Security Configuration is blocking installation

Screenshot User-added image
Possible Cause IE Enhanced Security Configuration is enabled for Administrators and Users.
Solution Disable IE Enhanced Security Configuration (ESC) for Administrators and Users on the Windows machine under Server Manager.

Note: Once the installation has completed, enable this setting back for Administrators and Users.

1.5.Connection Failed when testing connection under XMS PKI entity.

Screenshot User-added image
Logs XenMobile Debug Logs :

2017-02-06T15:30:57.847+0000 | 200B97A4C77E1C34 | ERROR | http-nio-14443-exec-61 | com.sparus.nps.pki.connector.MsCertSrvConnector | TestConnection to pki url [ certnew.cer] failed with response Headers: {null=[HTTP/1.1 401 Unauthorized],


2017-02-06T15:30:57.847+0000 | 200B97A4C77E1C34 | ERROR | http-nio-14443-exec-61 | com.sparus.nps.pki.connector.MsCertSrvConnector | TestConnection to pki url [ certnew.cer] failed with response Headers: {null=[HTTP/1.1 401 Unauthorized], Server=[Microsoft-IIS/8.5, Microsoft-IIS/8.5], X-Cws-TransactionId=[dc1223fd-b80d-4ea1-84f7-227086cdd74e], Pragma=[no-cache], Date=[Mon, 06 Feb 2017 15:30:56 GMT], Arr-Disable-Session-Affinity=[True, True], Access-Control-Expose-Headers=[X-Cws-TransactionId], Cache-Control=[no-cache], X-AspNet-Version=[4.0.30319], Expires=[-1], Content-Length=[599], X-Powered-By=[ASP.NET, ASP.NET], Content-Type=[text/plain; charset=utf-8]}and Response Error: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Possible Cause Connectivity issue between Cloud connector to CA server.
Solution
  • To test the connectivity, access https://CAServerName/certsrv link in the browser on the Cloud Connector server.
  • Install the same user certificate, which was created using user template under CA for XenMobile (Certificate Based Authentication).

1.6.Unable to search for groups when managing user assignments

Screenshot User-added image
Logs

Reason behind occurrence:

Searching Sumo Login for the Customer Name + ADAgent resulted in a large number of ERROR events. All errors were originating from a single cloud connector machine.

The detailed error information showed that the Domain Authentication for the machine was failing due to the username and/or password being incorrect.

XenMobile Debug Logs :

TimeStamp=2017-02-09T19:45:22.3686060Z EdgeServerId=62cc9d0f-14ef-4646-a41a-7e104ea5c6e7 MachineName=<connector machine FQDN> MachineIP=<connector machine IP address> ResourceZone=Default CustomerId=<Customer ID> EventId=4 Level=Error EventName=ErrorInfo ProcessId=3944 ThreadId=956 ProviderId=bdaa8c62-2974-5487-8c89-70057b1d9384 TransactionId=83a5c8c5-3002-421f-8292-4cc697a59da4 RoleName=AdAgent Message=Agent: ID: TryHandle Exception caught: Citrix.CloudServices.ActiveDirectory.DomainAuthenticationException:

The user name or password is incorrect.

—> System.DirectoryServices.DirectoryServicesCOMException: The user name or password is incorrect.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

at System.DirectoryServices.DirectoryEntry.Bind()

at System.DirectoryServices.DirectoryEntry.get_NativeObject()

at Citrix.CloudServices.ActiveDirectory.ActiveDirectoryExtensions.ForceBind

(DirectoryEntry de)

— End of inner exception stack trace —

Possible Cause The problem was that one of the two connector machines had lost its trust relationship with Active Directory, causing the calls from the ADAgent to fail.
Solution Using an existing cloud connector machine:

  • Uninstall Cloud Connector from the machine experiencing the issue.
  • Remove the machine from the Domain
  • Restart the machine
  • Rejoin the machine to the Domain
  • Restart the machine
  • Install Cloud Connector

When bringing up a new cloud connector machine:

  • Make sure the machine is joined to the domain
  • Install Cloud Connector

1.7.Citrix Cloud Connector Connectivity check tool keep reporting that it is not able to connect to Messaging.

Possible Cause When SSL decryption is enabled on certain proxies (Ex: Barracuda, WebSense), the connector messaging service has trouble connecting to the platform.
Solution Ask the customer to temporarily disable the SSL decryption setting, and/or to create a rule to bypass the web traffic for

https://messaging-eastus-release<a/b>.citrixworkspacesapi.net/<CustomerName>/endpoints/connect

In addition, re-run the installer or standalone connectivity check tool to check if it can connect to messaging now.

Identity workspace is used for all communication between XenMobile Service and on premise cloud connector. Refer below link to further troubleshoot XenMobile Service. The specified link contains all the API’s used with the Identity workspace.

https://core.citrixworkspacesapi.net/Help

New Azure Active Directory Support for Citrix Cloud Administrators.

https://www.citrix.com/blogs/2017/01/09/new-azure-active-directory-support-for-citrix-cloud-administrators/

User-added image

Related:

  • No Related Posts

Leave a Reply