Jump to content
Welcome to our new Citrix community!
  • 2

CitrixCloud Via API getting Authentication fail


Rajesh CS1709162091

Question

Hi Team ,
Recently now when we connect to CitrixCloud Via API we are getting Authentication fail error.
Previously before a API account it was working fine.
Command used .
Set-XDCredentials -CustomerId “wih3ty4qcpfd” -SecureClientFile "<Path to the csv>\secureclient.csv" -ProfileType CloudAPI –StoreAs “default”

After that when try to query Active session getting error
PS C:\Users\rajesh.cs> Get-BrokerSession
Get-BrokerSession : Get-XDAuthentication failed: XDSDKProxy not set
At line:1 char:1
+ Get-BrokerSession
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (:) [Get-BrokerSession], SdkOperationException
+ FullyQualifiedErrorId : Citrix.XDPowerShell.Broker.AccessDenied,Citrix.Broker.Admin.SDK.GetBrokerSessionCommand

I have tried with Invoke-RestMethod and GetBearerToken i am getting error
*******************************
Invoke-RestMethod : Invalid client id or client secret.
At line:14 char:13
+ $response = Invoke-RestMethod -Uri $trustUrl -Method POST -Body (Conv ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Link to comment

18 answers to this question

Recommended Posts

  • 1

Hi - only just seen this response :(

 

 I seem 2  get 2 modes of failure

1, This is what i see in the script transcript logs, not a lot to go on there

        PS>TerminatingError(Get-XDAuthentication): "AuthenticationFailed"
        Error authenticating to Citrix Cloud. Stopping script

 

 

2, Then on other occasions I see this in the transcript log:

PS>TerminatingError(Get-XDAuthentication): "Failed contacting the remote service."
Get-XDAuthentication : Failed contacting the remote service.
At C:\Scripts\oneSpaceUsage\Script\cloudlookup.ps1:18 char:5
+     Get-XDAuthentication -ProfileName Ops
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Get-XDAuthentication:String) [Get-XDAuthentication], CoreException
    + FullyQualifiedErrorId : Citrix.Sdk.Proxy.ExceptionThrown,Citrix.Sdk.Proxy.GetXDAuthenticationCommand
Get-XDAuthentication : Failed contacting the remote service.
At C:\Scripts\oneSpaceUsage\Script\cloudlookup.ps1:18 char:5
+     Get-XDAuthentication -ProfileName Ops
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Get-XDAuthentication:String) [Get-XDAuthentication], CoreException
    + FullyQualifiedErrorId : Citrix.Sdk.Proxy.ExceptionThrown,Citrix.Sdk.Proxy.GetXDAuthenticationCommand

PS>TerminatingError(Get-XDAuthentication): "AuthenticationFailed"
Get-XDAuthentication : AuthenticationFailed
At line:1 char:1
+ Get-XDAuthentication
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Get-XDAuthentication:String) [Get-XDAuthentication], 
InvalidOperationException
    + FullyQualifiedErrorId : Citrix.Sdk.Proxy.AuthenticationFailed,Citrix.Sdk.Proxy.GetXDAuthenticationCommand
>> TerminatingError(Get-BrokerDesktopGroup): "Get-XDAuthentication failed: XDSDKProxy not set"
Get-BrokerDesktopGroup : Get-XDAuthentication failed: XDSDKProxy not set
At C:\Scripts\oneSpaceUsage\Script\cloudlookup.ps1:36 char:19
+ ... eryGroups = Get-BrokerDesktopGroup -Filter {SessionSupport -eq "Singl ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Get-BrokerDesktopGroup], SdkOperationException
    + FullyQualifiedErrorId : 
Citrix.XDPowerShell.Broker.AccessDenied,Citrix.Broker.Admin.SDK.GetBrokerDesktopGroupCommand
Get-BrokerDesktopGroup : Get-XDAuthentication failed: XDSDKProxy not set
At C:\Scripts\oneSpaceUsage\Script\cloudlookup.ps1:36 char:19
+ ... eryGroups = Get-BrokerDesktopGroup -Filter {SessionSupport -eq "Singl ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Get-BrokerDesktopGroup], SdkOperationException
    + FullyQualifiedErrorId : Citrix.XDPowerShell.Broker.AccessDenied,Citrix.Broker.Admin.SDK.GetBrokerDesktopGroupCom
   mand

 

 

The powershell script is scheduled to run once per hour at present.  the success seems pretty random - around 25% of the time the script runs perfectly

 

More recently i have tried putting the authentication within a try/catch :  which i think validates why i sometimes see error type 1 above.

try {
    Set-XDCredentials -CustomerId "##our cust ID##" -SecureClientFile "$path\script\secureclient.csv" -ProfileType CloudApi -StoreAs Ops
    Get-XDAuthentication -ProfileName Ops
}
catch [System.InvalidOperationException] {
    write-host "Error authenticating to Citrix Cloud. Stopping script"
    stop-transcript
    Exit
}

 

 

I have tried running this from mutliple locations - both desktops and servers -  but get the same results.

I can also recreate the issue if i run the script repeatedly manually from ISE, so i don't thin the task scheduler is to blame here.

 

Citrix support suggested i try removing the quotation marks from the secureclinet.csv file - so i tried that - but made no difference 

 

 

Any help or guidance you can give would be much appreciated :)

  • Like 1
Link to comment
  • 1

Same issue here, 

 

Set-XDCredentials -CustomerId "######-####-####-#######" -SecureClientFile "C:\Company\Scripts\Citrix\secureclient.csv" -ProfileType CloudApi -StoreAs "default"

 

PS C:\Users\Administrator> Get-BrokerApplication
Get-BrokerApplication : Get-XDAuthentication failed: XDSDKProxy not set
At line:1 char:1
+ Get-BrokerApplication
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Get-BrokerApplication], SdkOperationEx 
   ception
    + FullyQualifiedErrorId : Citrix.XDPowerShell.Broker.AccessDenied,Citrix.Broker.Admin.SDK. 
   GetBrokerApplicationCommand
 

 

This is my Lab environment wit no Proxy. 

  • Like 1
Link to comment
  • 1

 

VERBOSE: Get-XDAuthentication: ProcessBearerToken: Calling core: transactionId: ######d-13c4-42d2-b343-f47d04f#####f
VERBOSE: Get-XDAuthentication: DecodeCustomersFromCwsToken: Customers decoded :1
VERBOSE: Get-XDAuthentication: Error - Customer: 5ff####c-d###-##a0-a338-######a##c## not found in list: dcintfaae0f3
VERBOSE: Get-XDAuthentication: Exit

 

5ff####c-d###-##a0-a338-######a##c## ist in the Set-XDCredentials command and also in the downloaded CSV 

 

And also the ID in the portal :

image.thumb.png.38bf1b1df18ed084731f7d04f9cdbfce.png

  • Like 1
Link to comment
  • 0

Can you try it directly in PowerShell? This works for me:

PS /Users/pat/Documents> $tokenUrl = 'https://api-us.cloud.com/cctrustoauth2/root/tokens/clients'
PS /Users/pat/Documents> $response = Invoke-WebRequest $tokenUrl -Method POST -Body @{
>>   grant_type = "client_credentials"
>>   client_id = "MY_CLIENT_ID"
>>   client_secret = "MY_CLIENT_SECRET"
>> }
PS /Users/pat/Documents>                                                                                                               PS /Users/pat/Documents> $response                                                                                                                                                                                                                                           StatusCode        : 200                                         
StatusDescription : OK
Content           : 
                                            {
                                                "token_type": "bearer",
                                                "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiZjlmMzlhYjItN2FkZi00NGI…
RawContent        : HTTP/1.1 200 OK
                    Cache-Control: no-store
                    Pragma: no-cache
                    Access-Control-Expose-Headers: X-Cws-TransactionId
                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                    X-Cws-TransactionId: 88c5d553…
Headers           : {[Cache-Control, System.String[]], [Pragma, System.String[]], [Access-Control-Expose-Headers, System.String[]], [Strict-Transport-Security, 
                    System.String[]]…}
Images            : {}
InputFields       : {}
Links             : {}
RawContentLength  : 1482
RelationLink      : {}

You should also check in the Citrix Cloud console that a secure client exists with that client id. Hover the mouse to see the full client ID.

 

SecureClients.png

Link to comment
  • 0

David [don't know why I can't @mention you!] - I can help dig into this...

  • Do you have any details on the error response?
  • Are you calling the API directly via `Invoke-...` or an SDK?
  • What endpoint URL are you calling?
  • Is the behavior consistent across your desktop and the servers?
Link to comment
  • 0

Hi @David / @Sacha Thomet1709152826,

 

Looking at some internal chat - the advice is to use 

Get-XDAuthentication -verbose

to get more insight into where the problem lies.

 

There have been issues with case sensitivity, where the customer is not correctly discovered. You may be able to work around this using

Get-XDAuthentication -verbose -CustomerId <customer>

Good luck - let me know how you get on!

Link to comment
  • 0

I'm having the same issue.   First time trying to setup and use the SDK.   

I'm using the "short" customer ID name as mentioned.  

Set-XDCredentials -CustomerId "ID" -SecureClientFile "C:\Scripts\secureclient.csv" -ProfileType CloudApi -StoreAs "default"

 

Below is what I get when running Get-XDAuthentication. 

image.thumb.png.9f59d111674d2037bebee8a47dbc46c5.png

 

 

And when running other SDK commands

image.thumb.png.8dbe7b2b53cef80347b48ea1e9dc5725.png

 

we don't use a proxy

 

If I do the "Invoke-WebRequest" command at the top of this thread,  I get a good response. 

Link to comment
  • 0
On 2/8/2022 at 1:01 PM, Tracy Winchester1709162628 said:

I'm having the same issue.   First time trying to setup and use the SDK.   

I'm using the "short" customer ID name as mentioned.  

Set-XDCredentials -CustomerId "ID" -SecureClientFile "C:\Scripts\secureclient.csv" -ProfileType CloudApi -StoreAs "default"

 

Below is what I get when running Get-XDAuthentication. 

image.thumb.png.9f59d111674d2037bebee8a47dbc46c5.png

 

 

And when running other SDK commands

image.thumb.png.8dbe7b2b53cef80347b48ea1e9dc5725.png

 

we don't use a proxy

 

If I do the "Invoke-WebRequest" command at the top of this thread,  I get a good response. 

 

I have exactly the same error, I had scheduled tasks and they stopped working due to this authentication problem.

 

Can you please tell me how you could solve it?

 

Thanks.

Link to comment
  • 0

I resulted into this similar issue with my schedule reports and it was working successfully since last 8 months and all  of a sudden started showcasing the similar results when authenticating to citrix cloud using the Client ID and Secret configured in the Citrix Cloud API Access.

Were you able to find a solution to this problem @Rajesh C S 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...