Jump to content
Welcome to our new Citrix community!
  • 1

"Your administrator has not given you access to this item"


Question

I'm in the process of creating a new XenMobile environment. Android Enteprise works as it should be but this message is displayed sometimes on enrolled devices in the managed google play store: Your administrator has not given you access to this item

 

I've seen this at different deployments. And want to fix this once and for all. 

 

Any one has the fix for this? :P 

Link to comment

17 answers to this question

Recommended Posts

  • 0

For us this is solved. The fix is in the latest patch for 10.12 or the new 10.13 release. 
 

The fix is for newly created users. For those non-working devices enrolled earlier, you have to run sql query to correct AW_USERS or delete the users from the table AW_USERS even if the instance is upgraded to 10.12 RP4.

 

The database stores the samaccount name instead of the userprinciplename. So change the AW_USER table form san to upn and it will work. 

  • Like 1
Link to comment
  • 0

Hi together,

I have same problem in different environments with samsung android 10 devices in full managed or COPE enrollment.

 

Problem exist in Endpointmanagement from Cloud and some on-prem Server with 10.11 or 10.12

When I add additional public apps in managed play store this apps are not visible on device (error: Your administrator has not given you access to this item). When I re-enroll this device the new public apps are visible. Is this a general android-google-citrix problem???? The Google Firebase Cloud Messaging have been successful configured in all environments.

 

I have no ideas. Next step is to open a citrix case...

 

best regards

Stefan

Link to comment
  • 0

Looks like the issue is based on upn suffix. Escalation and dev-analysis are working on the case. 
 

more background information: our ad domain name is domain.local but we have an extra upn suffix jeroentielen.nl. 
 

users their upn is based on this extra suffix. So, for example my upn is not jeroen@domain.local but jeroen@jeroentielen.nl

 

lets hope we can solve this asap. 

Link to comment
  • 0

I wanted to give an update on this. Still no solution from Tech Support, they just released version 10.13.0.11 and includes this fix:

 

On the XenMobile Server, you can’t install apps from Managed Google Play when you enroll with SamAccountName. [CXM-84973]

 

I'm not sure if this is related to the same issue reported here, but it did not work... we are now running the latest version and still getting the message "Your administrator has not given you access to this item".

 

Interesting enough, Citrix published the following screenshot, I'm wonder what is going to happen to us, the ones having this issue?.

 

Deprecation and removals:

image.thumb.png.ca63fd7f30b9cdf6aa760db70757739d.png

 

https://docs.citrix.com/en-us/citrix-endpoint-management/whats-new/removed-features.html

Link to comment
  • 0
On 11/1/2020 at 1:55 AM, Jeroen Tielen1709158489 said:

For us this is solved. The fix is in the latest patch for 10.12 or the new 10.13 release. 
 

The fix is for newly created users. For those non-working devices enrolled earlier, you have to run sql query to correct AW_USERS or delete the users from the table AW_USERS even if the instance is upgraded to 10.12 RP4.

 

The database stores the samaccount name instead of the userprinciplename. So change the AW_USER table form san to upn and it will work. 

 

Hi,

 

Could you explain in detail what has to be done?. Are you talking about the LDAP search?, change it from samaccount to upn?.

 

Thank you.

Link to comment
  • 0
On 11/1/2020 at 1:55 AM, Jeroen Tielen1709158489 said:

For us this is solved. The fix is in the latest patch for 10.12 or the new 10.13 release. 
 

The fix is for newly created users. For those non-working devices enrolled earlier, you have to run sql query to correct AW_USERS or delete the users from the table AW_USERS even if the instance is upgraded to 10.12 RP4.

 

The database stores the samaccount name instead of the userprinciplename. So change the AW_USER table form san to upn and it will work. 

 

Support just shared the same info. I deleted the user from the dbo.AW_USERS table and started working fine.

 

Thank you.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...