Jump to content
Welcome to our new Citrix community!
  • 0

Citrix Cloud Conector does not get a connection to Cloud - Error: AuthenticateCwsUser Failed: Forbidden


Frank Eschenfelder

Question

Hi Folks,

 

I'm trying to get a CloudConnector running in my Lab.

I'm running a Windows 2019 Server and i get no Connection to the Citrix Cloud.

 

 I've downloaded the Setup from Citrix Cloud and run it. Sign in works Setup is running through and it seems all is done. Setup Window Closes. But there is no Connection to the Cloud. Checking the install logs i found this error, and i have no clue what the issue is.

 

The needed certificates are installed. IE ESC is disabled. No Proxy configured.

 

Quote

2020-11-03 02:24:38.431: [1948] New installation
2020-11-03 02:24:38.431: [1948] Getting the customer org id, geo and service profile.
2020-11-03 02:24:41.462: [1948] Registering connector xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx public keys.
2020-11-03 02:24:41.868: [1948] Error - AuthenticateCwsUser Failed: Forbidden
2020-11-03 02:24:41.884: [1948] Context execution completed successfully.

 

See the full logfile:

. CWCConnector_20201103142124_002_Citrix_Csg_AuthenticateCwsUser_blackened.txt

 

I also tried to troubleshoot with the Cloud Connector Connectivity Check but this did not help anything.

If i run the tool and Import the IE Settings, the Access type of the Default Proxy changes from 1 to 3 and the connectivity Tests to the Websites fails

 

Quote

Validating AD domain reachability...
The operation completed successfully.
Performing AD domain logon to verify reachability...
The operation completed successfully.
Verifying reachability for [www.citrix.com] ...
Contacting [https://www.citrix.com] returned HTTP STATUS [0]
Verifying reachability for [www.microsoft.com] ...
Contacting [https://www.microsoft.com] returned HTTP STATUS [0]
Verifying reachability for [www.google.com] ...
Contacting [https://www.google.com] returned HTTP STATUS [0]
Verifying reachability for [cloud.com] ...
Contacting [https://cloud.com] returned HTTP STATUS [0]
Verifying reachability for [citrixdata.com] ...
Contacting [https://citrixdata.com] returned HTTP STATUS [0]
Verifying reachability for [sharefile.com] ...
Contacting [https://sharefile.com] returned HTTP STATUS [0]
Verifying reachability for [browser-release-a.azureedge.net] ...
Contacting [https://browser-release-a.azureedge.net] returned HTTP STATUS [0]
Verifying reachability for [browser-release-b.azureedge.net] ...
Contacting [https://browser-release-b.azureedge.net] returned HTTP STATUS [0]
Verifying reachability for [wem.cloud.com] ...
Contacting [https://wem.cloud.com] returned HTTP STATUS [0]
Verifying reachability for [dl.cacerts.digicert.com/DigiCertAssuredIDRootCA.crt] ...
Contacting [https://dl.cacerts.digicert.com/DigiCertAssuredIDRootCA.crt] returned HTTP STATUS [0]
Verifying reachability for [dl.cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt] ...
Contacting [https://dl.cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt] returned HTTP STATUS [0]
[CTX223828] Checking for presence of certificate and its validity: DigiCert Assured ID Root CA
 ---> DigiCert Assured ID Root CA -> FOUND
 ---> Certificate's time is valid.
[CTX223828] Checking for presence of certificate and its validity: DigiCert SHA2 Assured ID Code Signing CA
 ---> DigiCert SHA2 Assured ID Code Signing CA -> FOUND
 ---> Certificate's time is valid.

 

Setting the empty Proxy config in the tool changes the Default Proxy Access type to 1 and all Tests are successful except citrxdata.com

 

Quote

Validating AD domain reachability...
The operation completed successfully.
Performing AD domain logon to verify reachability...
The operation completed successfully.
Verifying reachability for [www.citrix.com] ...
Contacting [https://www.citrix.com] returned HTTP STATUS [200]
Verifying reachability for [www.microsoft.com] ...
Contacting [https://www.microsoft.com] returned HTTP STATUS [200]
Verifying reachability for [www.google.com] ...
Contacting [https://www.google.com] returned HTTP STATUS [200]
Verifying reachability for [cloud.com] ...
Contacting [https://cloud.com] returned HTTP STATUS [200]
Verifying reachability for [citrixdata.com] ...
Contacting [https://citrixdata.com] returned HTTP STATUS [0]
Verifying reachability for [sharefile.com] ...
Contacting [https://sharefile.com] returned HTTP STATUS [200]
Verifying reachability for [browser-release-a.azureedge.net] ...
Contacting [https://browser-release-a.azureedge.net] returned HTTP STATUS [200]
Verifying reachability for [browser-release-b.azureedge.net] ...
Contacting [https://browser-release-b.azureedge.net] returned HTTP STATUS [200]
Verifying reachability for [wem.cloud.com] ...
Contacting [https://wem.cloud.com] returned HTTP STATUS [200]
Verifying reachability for [dl.cacerts.digicert.com/DigiCertAssuredIDRootCA.crt] ...
Contacting [https://dl.cacerts.digicert.com/DigiCertAssuredIDRootCA.crt] returned HTTP STATUS [200]
Verifying reachability for [dl.cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt] ...
Contacting [https://dl.cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt] returned HTTP STATUS [200]
[CTX223828] Checking for presence of certificate and its validity: DigiCert Assured ID Root CA
 ---> DigiCert Assured ID Root CA -> FOUND
 ---> Certificate's time is valid.
[CTX223828] Checking for presence of certificate and its validity: DigiCert SHA2 Assured ID Code Signing CA
 ---> DigiCert SHA2 Assured ID Code Signing CA -> FOUND
 ---> Certificate's time is valid.


The Server is a plain Vanilla Windows 2019 Server joined to the LAB Domain.

 

I have no more idea. I'm not really sure if there is a Connection between the results of the Cloud Connector Connectivity Check and the error. The Connectivity Checks the Setup does  upfront will pass without issues.

 

Anyone an idea?

Link to comment

6 answers to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...