Contact Support

Customers who viewed this article also viewed

banner icon

Identify Changes in NetScaler build files with

File Integrity Monitoring

Learn More Watch Video
CTX224635 {{tooltipText}}

MAM Enrollment failing with Error Message"Request Failed"

Applicable Products

  • XenMobile
  • NetScaler Gateway
  • NetScaler

Symptoms or Error

You will see the following error messages in the Secure Hub Logs:
 
2016-09-06T22:55:17.691+0400        <CAMAUTH>        INFO (4)        called for store <CAMStoreID: a2a4975a7f5c84735194f3de3e1ba7ce> with error Error Domain=com.citrix.Receiver.AuthManager Code=6 "CAMAuthManErrorCodeOutOfLicences" UserInfo={com.citrix.Receiver.AuthManager.DiagnosticDescription=The gateway is out of licences, NSLocalizedDescription=CAMAuthManErrorCodeOutOfLicences}
Secure Hub        130

or You might Find following exceptions in log,
 
2017-05-12T13:34:48.384+0200 | 27844abf2d8083f2  | DEBUG | http-nio-18443-exec-4 | com.citrix.xam.bo.accounts.AccountsService | Configured Property: SEND_LDAP_ATTRIBUTES :userPrincipalName=${user.userprincipalname},sAMAccountNAme=${user.samaccountname},displayName=${user.displayName},mail=${user.mail}
2017-05-12T13:34:48.385+0200 | 27844abf2d8083f2  | DEBUG | http-nio-18443-exec-4 | com.citrix.cg.util.CGUtil | CGUtil Input params: loginId 'user@test.abc.local' and domainName 'null'
2017-05-12T13:34:48.385+0200 | 27844abf2d8083f2  | DEBUG | http-nio-18443-exec-4 | com.citrix.cg.util.CGUtil | Entered into getDomainByAlias 'test.abc.local'
2017-05-12T13:34:48.385+0200 | 27844abf2d8083f2  | DEBUG | http-nio-18443-exec-4 | com.citrix.cg.bo.GenericUserListMgr | Entered into getUserListByDomainAlias(String domainAlias) method
2017-05-12T13:34:48.385+0200 | 27844abf2d8083f2  | DEBUG | http-nio-18443-exec-4 | com.citrix.cg.bo.GenericUserListMgr | Exit from getUserListByDomainAlias(String domainAlias) method
2017-05-12T13:34:48.385+0200 | 27844abf2d8083f2  | DEBUG | http-nio-18443-exec-4 | com.citrix.cg.util.CGUtil | DomainName managed in XMS 'test.abc.local'
2017-05-12T13:34:48.385+0200 | 27844abf2d8083f2  | DEBUG | http-nio-18443-exec-4 | com.citrix.cg.bo.GenericUserMgr | Entered into getUserByUPN(String UPN:user@test.abc.local)
2017-05-12T13:34:48.386+0200 | 27844abf2d8083f2  | DEBUG | http-nio-18443-exec-4 | com.citrix.cg.bo.GenericUserMgr | Exit from getUserByUPN
2017-05-12T13:34:48.386+0200 | 27844abf2d8083f2  | DEBUG | http-nio-18443-exec-4 | com.citrix.cg.util.CGUtil | User 'user@test.abc.local' not found in DB by UPN. Use the GC if enabled
2017-05-12T13:34:48.386+0200 | 27844abf2d8083f2  |  INFO | http-nio-18443-exec-4 | com.citrix.cg.identity.IdentityManagerFactory | ClassName com.citrix.cg.identity.ldap.ADManagerImpl
2017-05-12T13:34:48.389+0200 | 27844abf2d8083f2  |  WARN | http-nio-18443-exec-4 | com.citrix.cg.identity.ldap.LdapManager | Domain Name not getting from GC
2017-05-12T13:34:48.389+0200 | 27844abf2d8083f2  | ERROR | http-nio-18443-exec-4 | com.citrix.cg.entity.UserEntity | User domain not found from Global Catalog: userName: 'user@test.abc.local'; domainName: 'test.abc.local'
2017-05-12T13:34:48.389+0200 | 27844abf2d8083f2  | ERROR | http-nio-18443-exec-4 | com.citrix.cg.util.CGUtil | Unable to get the domain name for user 'user@test.abc.local': User domain not found from Global Catalog: userName: 'user@test.abc.local'; domainName: 'test.abc.local'
com.citrix.cg.exception.EntityException: User domain not found from Global Catalog: userName: 'user@test.abc.local'; domainName: 'test.abc.local'
       at com.citrix.cg.entity.UserEntity.identifyDomainByGCContext(UserEntity.java:570) ~[oca.jar:?]
       at com.citrix.cg.util.CGUtil.getUserDomain(CGUtil.java:2618) [oca.jar:?]
       at com.citrix.cg.util.CGUtil.splitLoginId(CGUtil.java:1398) [oca.jar:?]
       at com.citrix.cg.util.CGUtil.splitLoginId(CGUtil.java:1311) [oca.jar:?]
       at com.citrix.xms.oca.imil.service.impl.UserServiceImpl.splitLoginId(UserServiceImpl.java:169) [oca.jar:?]
       at sun.reflect.GeneratedMethodAccessor640.invoke(Unknown Source) ~[?:?]
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_66-XMS]
       at java.lang.reflect.Method.invoke(Method.java:497) ~[?:1.8.0_66-XMS]
 
As per Engineering the issue is in Macros (MacroProcessingHelper.java). It is trying to getUser with ‘sAMAccountName@domainName’ first and it is failing with GC configuration. 

 

Solution

For problem cause one
Allocate adequate universal licenses for the NetScaler Gateway.
Also make sure you have set the correct Universal License Count on the below NetScaler Gateway settings.

NetScaler Gateway --> Global Settings --> Authentication Settings --> Change authentication AAA settings --> Maximum Numbers of Users.

For Problem cause two 

Workaround:
Remove the Client property " SEND_LDAP_ATTRIBUTES", to be able to enroll with Secure Hub.

Permanent Solution:
Fix is verified on  10.5 RP4 build 10.5.010040

Problem Cause

There can be multiples causes of the issue 

  1.  gateway is out of licenses, causing MAM enrollment to fail.
  2.  macro configured ‘SEND_LDAP_ATTRIBUTES’.LDAP is configured with UPN and with Global Catalog. For e.g. the Domain ‘test.abc.local’ is managed with alias ‘xyz.ab, xyz-test-racing.ab, xms.com’ Users are login with alias like ‘user@xyz.ab’ .