1.  Overview of this blog.

The intent of this document is to provide troubleshooting steps for most commonly seen iOS WorxHome issues/error messages.

XenMobile Component Version Details:

The following document is tested on these versions:

Component Version
 XMS 10.0.0.62300
 MSSQL 2012
WorxHome 10.0.3.83

2. iOS WorxHome Issues and Troubleshooting.

Error Message #1:  Access to your company network is currently not available

Check Points:
  • Please Check, the status of your NetScaler Gateway Vserver whether you are able to access it.
  • Please Check, the NetScaler Gateway configurations in XMS server.
Solution:
  • Make Sure NetScaler Gateway Virtual Server used for XenMobile is UP.
  • Make Sure NetScaler Gateway Virtual Server used for XenMobile is reachable from outside on port 443.
  • Make Sure NetScaler Gateway Virtual Server Configurations are working.
  • Make sure NetScaler Gateway Virtual Server Authentication server is working/UP.
  • Make sure NetScaler Gateway Virtual Server authentication and XMS NSG Authentication Mode matches.

Recommendation: Use XenMobile Wizard to create NetScaler Gateway Virtual Server.

Error Message #2:  Please contact support for access to your apps

Check Points:
  • Check the status of NetScaler Gateway Vserver weather you are able to access it.
  • Check the NetScaler Gateway configurations in XMS server.
  • Check the status of your MAM LB on NetScaler.
  • Check if there is a DNS A record in NetScaler for MAM LB FQDN (i.e. XMS FQDN) pointing to MAM LB Vserver IP address.

Solution:

  • Login to NetScaler and check if the MAM LB is UP and SSL certificate is bound to this Vserver.
  • Check the status of the XMS servers bound to the above MAM LB Vserver.
  • Make Sure, if you are able to reach the XMS server IP address from NetScaler.

Error Message #3:  Profile Installation Failed

Check Points:

  • Check to see whether the SSL listener certificate installed on the XMS server is trusted by the device.
  • Check to see whether the SSL listener certificate has full chain.

Solution;

  • Make Sure to install the CA root certificate on the iOS device if you are using internal CA certificates for XMS.
  • Make Sure to upload the full chain certificate in PFX format into XMS server > SSL listener. Once you upload the full chain PFX certificate into XMS server you should be able to see Root and Intermediate certificate as well. Note: You need to reboot the XMS server to have the new certificates reflected on the XMS server.

Error Message #4:  Profile Installation Failed

Check Points:

  • Check to see the maximum devices allowed for a user in XMS server.
  • Check to see whether time in XMS, NetScaler are same.
  • Check to see if you have uploaded a valid APNS certificate.
  • Check to see if XMS server is able to reach to APNS on port 2195, 2196.
Solution:
  • Login to XMS Server > Settings > Server Properties > search for Number of Devices Per User property and increase the number, if it is already configured.
  • Login to XMS server CLI and verify time and time Zone, also verify the time and time zone in NetScaler as well.
  • Login to XMS server Admin console > Support page > Select XenMobile Connectivity checks >Check box  Apple Push Notification Server, Apple Feedback Push Notification Server and hit test.

———————————————————————————————————————————————————————

Error Message #5:  Profile Installation Failed

Error Message : Http Error 417 during Profile Installation (See on screen)

Check Points:

  • Please Check, the time on XMS Nodes.
  • Please Check, the time on Hypervisors which hosts the XMS VMs.

Solution:

  • Make Sure, Time on XMS nodes in cluster should match.
  • Make Sure, Time on XMS nodes should match with the hypervisors which host the XMS servers.

———————————————————————————————————————————————————————

Error Message #6:  Profile Installation Failed

Check Points:

  • Please Check, the XMS SSL Listener Certificate installed has full chain.
  • Please Check, the XMS Time zone (UTC) matches with CA server time zone (UTC).
  • Please Check, APNS certificate is imported into XMS (both nodes in case of cluster).

Solution:

  • Change the Timezone on XMS server to correct Timezone.
  • Import the XMS SSL Certificate with Full Chain.
  • Import APNS Certificates to all Nodes in the cluster if it does not show up in other nodes.

———————————————————————————————————————————————————————-

Error Message #7:  Profile Installation Failed

Check Points:

  • Please Check, the FQDN of the XMS Server and the Enrollment FQDN. Both should match for the enrollment to succeed.
  •  Please Collect IPCU logs using the article http://support.citrix.com/article/CTX136960 and look for the error messages during the enrollment.

Solution:

  • Make Sure Enrollment FQDN  and XMS Server FQDN are same

———————————————————————————————————————————————————————-

Error #8: Worx MDX apps does not show up in WorxHome after enrollment.

Check Points:

  • Please Check, the APNS ports 2195 and 2196 connectivity from XMS server.

Solution:

  • Log in to XMS Server Support options> XenMobile Connectivity Checks > Select Apple Notification Server, Apple Feedback Push Notification Server > Hit Test Connectivity.
  • Please Verify if port 2195 and 2196 are open for APNS communication from XMS server.

Note: You might be able to see the Web links published from XMS server in WorxStore but MDX apps might not show up if there is a problem in APNS communication.

———————————————————————————————————————————————————————

Error #9: Worx MDX apps does not show up in WorxHome after enrollment.

Check Points:

  • Please check, the search by user attribute in XMS server LDAP configurations if it is set to sAMAccountName or UserPrincipalName? And use the right attribute to log in to WorxHome.
  • Please make sure you use the same username Logon Attribute in NetScaler Gateway LDAP settings.
  • Please Check, if you are able to reach AD from your XMS server.
  • Please Verify, whether user domain password had changed recently
  • Please Check, if the service account credentials used in XMS and NSG are still valid.
  • If you are using Two Factor enrollment in XMS server, make sure you use the active PIN number not the Redeemed PIN number (OLD PIN) and also a valid password.
  • Please Check, if the user account in AD is Disabled.

Solution:

  • Login to XMS Server CLI and try pinging the Active Directory.
  • Login to XMS server > Manage > Enrollment > and pick up the PIN number where the enrollment status shows as Pending.
  • If you are using PIN enrollment and if you have generated two PIN’s for same platform (iOS/Android), same user, make sure you enroll one device first and then the second device. If you try to enroll both the devices at same time using same user account enrollment will fail even though if you have used different PIN’s.

———————————————————————————————————————————————————————