This issue is resolved. If you are still experiencing this issue, please open a case with Citrix Technical Support.
Cloud MCS administrators attempting to create or update a Machine Catalog might encounter this error in Studio:
Transaction ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Action Name: MC_AddMachineInitialzation
Exception:
DesktopStudio_ErrorId : ExceptionThrown
Exception : Citrix.Fma.Sdk.Identity.Cws.CwsIdentityException: Forbidden
at Citrix.Fma.Sdk.Identity.Cws.CwsHelper.<>c.<HandleAggregateException>b__57_0(Exception x)
at System.AggregateException.Handle(Func`2 predicate)
at Citrix.Fma.Sdk.Identity.Cws.CwsHelper.HandleAggregateException(AggregateException ae)
at Citrix.Fma.Sdk.Identity.Cws.CwsHelper.CallGetForestDomainContainers(String forest, String domain, Guid parentOu, String name, PatternMatchType patternMatchType, Nullable`1 recursive, Nullable`1 skip, Nullable`1 take, String adminUserName, SecureString adminPassword, String directoryServerHint, String transactionId)
at Citrix.Fma.Sdk.Identity.Cws.ObjectDetailsProvider.GetContainers(String forest, String domain, Guid parentContainerGuid, String name, ContainerType type, ContainerProperties propertiesToRetrieve, PatternMatchType patternMatchType, Boolean recursive, Int32 skip, Int32 limit, String adminUserName, SecureString adminPassword, String directoryServerHint, String loggingId)
at Citrix.Fma.Sdk.Identity.Cws.CwsIdentity.GetContainers(String forest, String domain, Guid parentContainerGuid, String namePattern, ContainerProperties propertiesToRetrieve, ContainerType type, SearchOptions searchOptions, String adminUserName, SecureString adminPassword, String directoryServerHint, String loggingId)
at Citrix.ADIdentity.Logic.ADIdentityLogic.ValidateOUPath(String organizationUnitPath, String domain, Nullable`1 tenantId)
at Citrix.ADIdentity.Logic.ADIdentityLogic.SetIdentityPool(IList`1 loggingDetails, String identityPoolName, Guid identityPoolUid, String namingScheme, Boolean setNamingScheme, ADIdentityNamingScheme namingSchemeType, Boolean setNamingSchemeType, Int32 startCount, Boolean setStartCount, String domain, Boolean setDomain, String ou, Boolean setOU, Nullable`1 zoneUid, Boolean setZoneUid, Boolean allowUnicode, Boolean passThru, IdentityPool& identityPoolObject)
at Citrix.ADIdentity.WcfService.<>c__DisplayClass47_0.<SetIdentityPool>b__0()
at Citrix.Fma.Sdk.ServiceCore.ServiceCore.CheckedCall[T](String name, Func`1 operation, Func`2 defaultValue, Enum code)
Reason : CwsIdentityException
Message : Forbidden
Error Source : CitrixADIdentityService
Sdk Error Message : An exception occurred. The associated message was Forbidden
Sdk Error ID : Citrix.XDPowerShell.Status.ExceptionThrown,Citrix.ADIdentity.Sdk.Commands.SetAcctIdentityPoolCommand
ErrorCategory : NotSpecified
DesktopStudio_PowerShellHistory : Adds 1 Machines to Machine Catalog ‘TEST_100’
3/18/2022 8:25:16 AM
Get-LogSite -AdminAddress “localhost:9097” -BearerToken ********
Start-LogHighLevelOperation -AdminAddress “localhost:9097” -BearerToken ******** -Source “Studio” -StartTime “3/18/2022 8:25:16 AM” -Text “Adds 1 Machines to Machine Catalog `’TEST_100`'”
Get-AcctIdentityPool -AdminAddress “localhost:9097” -BearerToken ******** -IdentityPoolName “TEST_100” -MaxRecordCount 1430581239
Set-AcctIdentityPool -AdminAddress “localhost:9097” -AllowUnicode -BearerToken ******** -Domain “test.domain.local” -IdentityPoolName “TEST_100” -LoggingId “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx” -StartCount 4
Set-AcctIdentityPool : An exception occurred. The associated message was Forbidden
+ CategoryInfo : InvalidOperation: (:) [Set-AcctIdentityPool], InvalidOperationException
+ FullyQualifiedErrorId : Citrix.XDPowerShell.Status.ExceptionThrown,Citrix.ADIdentity.Sdk.Commands.SetAcctIdentityPoolCommand