"Your administrator has not given you access to this item"

[Jeroen Tielen1709158489]

I'm in the process of creating a new XenMobile environment. Android Enteprise works as it should be but this message is displayed sometimes on enrolled devices in the managed google play store: Your administrator has not given you access to this item

 

I've seen this at different deployments. And want to fix this once and for all. 

 

Any one has the fix for this? :P 

[Jeroen Tielen1709158489]

For us this is solved. The fix is in the latest patch for 10.12 or the new 10.13 release. 
 

The fix is for newly created users. For those non-working devices enrolled earlier, you have to run sql query to correct AW_USERS or delete the users from the table AW_USERS even if the instance is upgraded to 10.12 RP4.

 

The database stores the samaccount name instead of the userprinciplename. So change the AW_USER table form san to upn and it will work. 

[Abbas Hamdani]

This problem also happens for some of Our users, so am following this to see if any good ideas will be posted.   

[Grant Schmidt]

This problem is also happening in our environment, been on support with Citrix yesterday and today and no ideas...

[Stefan Krueger1709156530]

Hi together,

I have same problem in different environments with samsung android 10 devices in full managed or COPE enrollment.

 

Problem exist in Endpointmanagement from Cloud and some on-prem Server with 10.11 or 10.12

When I add additional public apps in managed play store this apps are not visible on device (error: Your administrator has not given you access to this item). When I re-enroll this device the new public apps are visible. Is this a general android-google-citrix problem???? The Google Firebase Cloud Messaging have been successful configured in all environments.

 

I have no ideas. Next step is to open a citrix case...

 

best regards

Stefan

[Jean Defrank1709154104]

We are also having this issue with an Android 10 device using the Android Enterprise Enrollment. We are running onprem version 10.12.0.8 with Patch 10.12.0.10324.

 

Thanks in advance.

 

Jean

[Abbas Hamdani]

Some of our users experience this aswell, but not all.   Anyone found any workarounds or any sensible solutions from Citrix?  

[Jean Defrank1709154104]

I'm going to open up a case with Support to see what they say.

 

Jean

[Jeroen Tielen1709158489]

I’m working with support on this on.  Case is open for weeks :(

[Stefan Krueger1709156530]

Last week I opened a case but there is no idea until now 

 

[Abbas Hamdani]

I opened a case last week aswell,  still no solution.

[Jean Defrank1709154104]

A few weeks now with a ticket opened and still no solution from the Support Team.

[Jeroen Tielen1709158489]

Looks like the issue is based on upn suffix. Escalation and dev-analysis are working on the case. 
 

more background information: our ad domain name is domain.local but we have an extra upn suffix jeroentielen.nl. 
 

users their upn is based on this extra suffix. So, for example my upn is not jeroen@domain.local but jeroen@jeroentielen.nl

 

lets hope we can solve this asap. 

[Jeroen Tielen1709158489]

Update: 

 

We are enrolling with UPN but the user account is added as samaccountname in the database. 

Bug is identified. Citrix is working on a fix. 

 

finally. 

[Grant Schmidt]

By Citrix is working on a fix does this mean they will roll the update on the next securehub update?

[Jean Defrank1709154104]

I wanted to give an update on this. Still no solution from Tech Support, they just released version 10.13.0.11 and includes this fix:

 

On the XenMobile Server, you can’t install apps from Managed Google Play when you enroll with SamAccountName. [CXM-84973]

 

I'm not sure if this is related to the same issue reported here, but it did not work... we are now running the latest version and still getting the message "Your administrator has not given you access to this item".

 

Interesting enough, Citrix published the following screenshot, I'm wonder what is going to happen to us, the ones having this issue?.

 

Deprecation and removals:

 

https://docs.citrix.com/en-us/citrix-endpoint-management/whats-new/removed-features.html

[Jean Defrank1709154104]

On 11/1/2020 at 1:55 AM, Jeroen Tielen1709158489 said:

For us this is solved. The fix is in the latest patch for 10.12 or the new 10.13 release. 
 

The fix is for newly created users. For those non-working devices enrolled earlier, you have to run sql query to correct AW_USERS or delete the users from the table AW_USERS even if the instance is upgraded to 10.12 RP4.

 

The database stores the samaccount name instead of the userprinciplename. So change the AW_USER table form san to upn and it will work. 

 

Hi,

 

Could you explain in detail what has to be done?. Are you talking about the LDAP search?, change it from samaccount to upn?.

 

Thank you.

[Jean Defrank1709154104]

On 11/1/2020 at 1:55 AM, Jeroen Tielen1709158489 said:

For us this is solved. The fix is in the latest patch for 10.12 or the new 10.13 release. 
 

The fix is for newly created users. For those non-working devices enrolled earlier, you have to run sql query to correct AW_USERS or delete the users from the table AW_USERS even if the instance is upgraded to 10.12 RP4.

 

The database stores the samaccount name instead of the userprinciplename. So change the AW_USER table form san to upn and it will work. 

 

Support just shared the same info. I deleted the user from the dbo.AW_USERS table and started working fine.

 

Thank you.