Troubleshooting: Common Errors for Chromebook Devices Secured by XenMobile

How do I capture the Secure Hub logs?

To capture the Secure Hub logs you will need to open the extensions dev-tools window:

Go to the extensions page: chrome://extensions

Find the checkbox at the top right of the page labeled “Developer mode” and check it.

On the same page, find the Secure Hub extension.

It should now show a link labeled “background page“, clicking on the link will open a popup dev-tools window.

Sample page below

User-added image

Go the tab labeled “Console

All the logs for the extension are captured here.

Sample page below

User-added image

How can I save the logs?

You can either do “Select all” and copy the logs or right click on the window and click “Save as…” to save the logs to a file.

How are network errors logged?

Any network errors are displayed in Red.

Some of the network level errors from other windows (like “Enrollment” window) may not get logged in the background page. To capture the errors, you’ll have to open the dev-tools for that active window instead and look at its console.

Ex: During enrollment if you see “Network error occurred” in the enrollment window, press (Ctrl+Shift+I) to open the dev-tools for the active window. It can also be opened by right clicking anywhere on the window and then clicking on inspect. In the pop-up dev-tools window, click on the “Console” tab to see more logs.

The actual requests and responses exchanged with the server can be monitored on the Network tab of the dev-tools window.

What are some common errors that might be encountered?

Feature Errors:

403: Feature is not available – Error displayed when the chrome feature is not enable on XenMobile Service

Network errors:

Error Cause Resolution / Workaround
net::ERR_NAME_NOT_RESOLVED DNS resolution issue Verify DNS configuration.
net::ERR_INSECURE_RESPONSE This means the Server certificate is invalid. Usually seen with a XenMobile server that does not have a publicly trusted certificate. To workaround this issue, open the https url in the browser, and manually accept the server’s self signed certificate. (i.e. When you see the warning “Your connection is not private”, click on “ADVANCED” and then click on “Proceed to ..(unsafe)”. You should now be able to go back to the extension and continue enrollment.
net::ERR_FAILED This is usually seen in response to a device checkin request. It usually happens in re-enrollments scenarios where the log out and log in operation was not performed Logging out and logging back in, should fix the issue. After re-login, any open dev-tools windows may have to be closed and re-opened to see the logs again.
net::SSL_CLIENT_AUTH_CERT_NEEDED During device check-in a client cert was not sent. This usually points to a missing or incorrect “auto certificate selection” policy on G-Suite. This can be verified by going to chrome://policy on the Chromebook and search for a policy called “AutoSelectCertficateForUrls” and look at its value.