Secure Private Access sessions codes in DaaS Monitor
The following tables provide a list of error codes related to application enumeration, application launch, and sessions in Citrix Monitor.
For related information, see the following topics:
Info code lookup table
The following error lookup table provides a comprehensive overview of the various errors that users can possibly run into when using the Secure Private Access service and the corresponding resolution.
| Info code | Description | Resolution |
|---|---|---|
| 0x180022 | App launch failed as authentication service is down | App launch failed as the authentication service is down |
| 0x1800B7 | App launch failed because App FQDN length exceeded | App launch failed because App FQDN length exceeded |
| 0x1800A0, 0x1800A2, 0x1800A3, 0x1800A5, 0x1800A6, 0x1800A7 | Web app launch failed as unable to connect to back end web app | Web app launch failed as unable to connect to back end web app |
| 0x18001A, 0x18001B | User details not found | User details not found |
| 0x1800AA | Web/SaaS app launch has failed due to user attributes not found while preparing the SAML token | Web/SaaS app launch has failed |
| 0x180010 | Web/SaaS app launch has failed due to inability to identify the application FQDN | Web/SaaS app launch has failed due to inability to identify the application FQDN |
| 0x180040 | Web/SaaS app launch has failed due to invalid appId provided by the SAML service provider | App launch failed due to invalid appId provided by the SAML service provider |
| 0x180011, 0x180012, 0x180013, 0x180017, 0x180032, 0x180033, 0x180034, 0x180035, 0x180048 | Web/SaaS app launch has failed due to invalid app access request | Web/SaaS app launch has failed due to invalid app access request |
| 0x1800D4, 0x1800E1, 0x180106, 0x180107, 0x1800EB, 0x1800EC | TCP/UDP app launch has failed during policy evaluation due to internal error | TCP/UDP app launch has failed during policy evaluation due to internal error |
| 0x1800D9 | TCP/UDP app launch has failed while parsing policy evaluation response | TCP/UDP app launch has failed while parsing policy evaluation response |
| 0x1800DA | TCP/UDP app launch has failed with invalid result during policy evaluation | TCP/UDP app launch has failed with invalid result during policy evaluation |
| 0x1800DB | TCP/UDP app launch has failed with invalid resource location configuration | TCP/UDP app launch has failed with invalid resource location configuration |
| 0x1800E0 | TCP/UDP app launch failed as the length of the app name is too long | TCP/UDP app launch failed as the length of App Name is too long |
| 0x1800EE | TCP/UDP app launch has failed during connection establishment to the private TCP server due to invalid app ID | TCP/UDP app launch has failed during connection establishment to the private TCP server due to invalid app ID |
| 0x1800E3 | TCP/UDP app launch has been denied during policy evaluation | TCP/UDP app launch has been denied during policy evaluation |
| 0x1800EA | TCP app launch has failed due to destination FQDN being too long | TCP app launch has failed due to destination FQDN being too long |
| 0x1800ED | TCP app launch has failed due to invalid destination IP | TCP app launch has failed due to invalid destination IP |
| 0x180102 | TCP/UDP app launch failed as no response was received from the Connector Appliance | TCP/UDP app launch failed as no response was received from the Connector Appliance |
| 0x10000005 | Web/SaaS application launch failed due to a failure to establish a connection with the back-end app server | Web/SaaS application launch failed due to a failure to establish a connection with the back-end app server |
| 0x10000101, 0x10000102, 0x10000103, 0x10000104 | Web/SaaS FormFill SSO failed due to invalid application configuration | Web/SaaS FormFill SSO failed due to invalid application configuration |
| 0x10000202 | Kerberos SSO for Web/SaaS failed | Kerberos SSO for Web/SaaS failed |
| 0x10000203 | Web/SaaS SSO failed due to internal server error | Web/SaaS SSO failed due to internal server error |
| 0x10000303, 0x10000304 | Web/SaaS app launch failed due to the configured proxy being unreachable | Web/SaaS app launch failed due to the configured proxy being unreachable |
| 0x10000305 | Web/SaaS app launch failed due to a failure to authenticate with the configured proxy | Web/SaaS app launch failed due to a failure to authenticate with the configured proxy |
| 0x10000414 | TCP/UDP application launch failed due to a request coming on an invalid IP/hostname or port | TCP/UDP application launch failed due to a request coming on an invalid IP/hostname or port |
| 0x10000415 | TCP/UDP application launch failed as the destination server refused the connection | TCP/UDP application launch failed as the destination server refused the connection |
| 0x10000416 | TCP/UDP application launch failed as the destination was not found | TCP/UDP application launch failed as the destination was not found |
| 0x10000417 | TCP/UDP application launch failed as the destination network was not reachable | TCP/UDP application launch failed as the destination network was not reachable |
| 0x10000405 | TCP/UDP application launch failed due to the inability to connect to the destination | TCP/UDP application launch failed due to the inability to connect to the destination |
| 0x10000302 | Connector failed to read the proxy details | Connector failed to read the proxy details |
| 0x10000306 | Configured proxies are not reachable | Configured proxies are not reachable |
| 0x10000403, 0x10000404, 0x10000407 | TCP/UDP application launch failed due to the internal connection error | TCP/UDP application launch failed due to the internal connection error |
App launch failed as authentication service is down
Info code: 0x180022
Secure Private Access allows admins to configure a third-party authentication service such as the traditional Active Directory, AAD, Okta, or SAML. Outages in these authentication services can this issue.
Check if the third-party servers are up and reachable.
App launch failed because app FQDN length exceeded
Info code: 0x1800B7
App FQDNs must not exceed 512 characters. Check the application FQDN in the app configuration page to ensure that it does not exceed this limit.
- Go to the Applications tab in the admin console.
- Look for the application whose FQDN exceeds 512 characters.
- Edit the application and fix the app FQDN length.
Web app launch failed as unable to connect to back end web app
Info code: 0x1800A0, 0x1800A2, 0x1800A3, 0x1800A5, 0x1800A6, 0x1800A7
Broken browsing experience of web applications running inside the corporate network.
- Filter through the diagnostic logs for the FQDNs that are not resolvable.
- Check for reachability of the back-end server from inside the corporate network.
- Check the proxy settings to see if the connector is blocked from reaching the back-end server.
User details not found
Info code: 0x18001A, 0x18001B
Domain user details are not found while the Secure Private Access service is processing the request. This issue might occur when the necessary domain user attributes are from Citrix Cloud are missing.
- Ensure that the Citrix Cloud Connector has no issues in syncing the users to Citrix Cloud.
- Ensure that the domains in Citrix Cloud > Identity and Access Management are reachable.
- Log out and log in again to Citrix Workspace.
Web/SaaS app launch has failed due to user attributes not found while preparing the SAML token
Info code: 0x1800AA
Necessary user attributes are not found while the Secure Private Access service is preparing the SAML token. This issue might occur when the necessary domain user attributes from Citrix Cloud are missing.
- Ensure that the Citrix Cloud Connector has no issues in syncing the users to Citrix Cloud.
- Ensure that the domains in Citrix Cloud > Identity and Access Management are reachable.
- Log out and log in again to Citrix Workspace.
Web/SaaS app launch has failed due to inability to identify the application FQDN
Info code: 0x180010
No application found for the given domain name.
Ensure that the domain name length doesn’t exceed the configuration limit.
Web/SaaS app launch has failed due to invalid appId provided by the SAML service provider
Info code: 0x180040
AppId provided by the SAML service provider is invalid. Not able to find the app with given app ID by the SAML service provider.
- Check the SAML service provider configuration.
- Ensure that the IdP URL configured at the SAML service provider is appropriate.
- This app ID must map with the app configured at the Secure Private Access service.
Web/SaaS app launch has failed due to invalid app access request
Info code: 0x180011, 0x180012, 0x180013, 0x180017, 0x180032, 0x180033, 0x180034, 0x180035, 0x180048
App access failed due to an invalid request received by the Secure Private Access service.
Cannot identify the application received by the Secure Private Access service. Received request parameters might be invalid.
- Re-launch the application or log out and log in again to Citrix Workspace.
- If the issue persists, contact Citrix Support.
TCP/UDP app launch has failed during policy evaluation due to internal error
Info code: 0x1800D4, 0x1800E1, 0x180106, 0x180107, 0x1800EB, 0x1800EC
Contact Citrix Support with the transaction ID and client collected debug logs.
TCP/UDP app launch has failed while parsing policy evaluation response
Info code: 0x1800D9
Application configuration might possibly have special characters or there might be an issue in the policy configuration.
Ensure that the TCP/UDP/HTTP apps configuration does not contain unsupported characters.
- Click Applications in the Secure Private Access admin console.
- Check if the application name or destinations contain any special characters.
Check if the policies are configured correctly and are assigned to the correct applications.
- Click Access Policies in the Secure Private Access admin portal.
- Review the policy configuration, policy name, and conditions.
- Check if the policy is assigned to the correct application.
If the configurations are good, contact Citrix Support with the transaction ID and client debug logs.
TCP/UDP app launch has failed with invalid result during policy evaluation
Info code: 0x1800DA
There might be an application or policy configuration issue. Ensure that the TCP/UDP/HTTP apps configuration does not contain unsupported characters.
- Click Applications in the Secure Private Access admin console.
- Check if the application name or destination domain/FQDN contains any special characters.
- Also check if the destination IP/IP range/IP CIDRs are valid.
Ensure that the Application Domain table (Secure Private Access > Settings > Application Domain) has application destination entry enabled.
Check if the policies are configured correctly and are assigned to the correct applications.
- Click Access Policies in the Secure Private Access admin portal.
- Review the policy configuration, policy name, and conditions.
- Check if the policy is assigned to the correct application.
TCP/UDP app launch has failed with invalid resource location configuration
Info code: 0x1800DB
There might be an issue with the resource location and configuration
Ensure that the resource location is configured.
- Log in to the Citrix Cloud portal and click Resource Locations from the menu.
- Check if the expected resource location is configured.
Ensure that the resource location is healthy and active.
- Log in to the Citrix Cloud portal and click Resource Locations from the menu.
- Check if the expected resource location is active and healthy.
Ensure that the correct resource location is selected for the destination in the Application Domain table (Secure Private Access > Settings > Application Domain).
- Click Settings in the Secure Private Access admin console.
- Click the Application Domain tab.
- Check if the accessed destination has the correct resource location configured.
-
Check if the accessed destination entry is active in the Application Domain table.
The destinations configured in the TCP/UDP/HTTP application are automatically added to the Application Domain table. It is recommended not to delete/disable active TCP/UDP/HTTP application’s destinations/URL.
TCP/UDP app launch failed as the length of app name is too long
Info code: 0x1800E0
Contact Citrix support with the transaction ID and client collected debug logs.
TCP/UDP app launch has failed during connection establishment to the private TCP server due to invalid app ID
Info code: 0x1800EE
Contact Citrix support with the transaction ID and client collected debug logs.
TCP/UDP app launch has been denied during policy evaluation
Info code: 0x1800E3
Contact Citrix support with the transaction ID and client collected debug logs.
TCP app launch has failed due to destination FQDN being too long
Info code: 0x1800EA
Ensure that the FQDN length is under 256 characters.
TCP app launch has failed due to invalid destination IP
Info code: 0x1800ED
Access only valid private IP addresses from the clients.
TCP/UDP app launch failed as no response was received from the Connector Appliance
Info code: 0x180102
Check the reachability of Connector Appliance.
TCP/UDP application launch failed due to a request coming on an invalid IP/hostname or port
Info code: 0x10000414
Check the validity of the host name, IP address, or port number.
TCP/UDP application launch failed as the destination server refused the connection
Info code: 0x10000415
Check the status of the destination server.
TCP/UDP application launch failed as the destination was not found
Info code: 0x10000416
Check the destination server host name.
TCP/UDP application launch failed as the destination network was not reachable
Info code: 0x10000417
Connector Appliance has connectivity issue with the back end Private TCP/UDP servers. Check the network settings of Connector Appliance.
- Check if the back end server that the end user is trying to connect is up and running and is able to receive the requests.
- Check for the reachability of the back-end servers from inside the corporate network.
- Check the proxy settings to see if the connector is blocked from reaching the back-end server.
- If the request for an FQDN based app, check the DNS entry for the respective app in the DNS server.
TCP/UDP application launch failed due to the inability to connect to the destination
Info code: 0x10000405
Connector Appliance has connectivity issue with the back end Private TCP/UDP servers. Check the network settings of Connector Appliance.
- Check if the back end server that the end user is trying to connect is up and running and is able to receive the requests.
- Check for the reachability of the back-end servers from inside the corporate network.
- Check the proxy settings to see if the connector is blocked from reaching the back-end server.
- If the request for an FQDN based app, check the DNS entry for the respective app in the DNS server.
Connector failed to read the proxy details
Info code: 0x10000302
Connector Appliance has connectivity issue with the back-end private TCP/UDP servers. Check the network settings of Connector Appliance.
- Check if the back-end server that the end user is trying to connect is up and running and is able to receive the requests.
- Check for the reachability of the back-end servers from inside the corporate network.
- Check the proxy settings to see if the connector is blocked from reaching the back-end server.
- If the request for an FQDN based app, check the DNS entry for the respective app in the DNS server.
Configured proxies are not reachable
Info code: 0x10000306
Connector Appliance has connectivity issue with the back-end private TCP/UDP servers. Check the network settings of Connector Appliance.
- Check if the back-end server that the end user is trying to connect is up and running and is able to receive the requests.
- Check for the reachability of the back-end servers from inside the corporate network.
- Check the proxy settings to see if the connector is blocked from reaching the back-end server.
- If the request for an FQDN based app, check the DNS entry for the respective app in the DNS server.
TCP/UDP application launch failed due to the internal connection error
Info code: 0x10000403, 0x10000404, 0x10000407
- Look up the transaction ID for the error code.
- Filter all events matching the transaction ID in the Secure Private Access dashboard.
- Check if any error occurred in the other component matching the transaction ID. If an error is found, do the respective workaround matching to that error code.
-
If no error is found in other components, then do the following:
- Go to the Connector Appliances admin page.
- Download the diagnostic report. For details, see Generating a diagnostic report.
- Capture the packet trace. For details, see Verify your network connection.
- Contact Citrix support with this diagnostic report and packet trace along with the error code and transaction ID.
Web/SaaS application launch failed
Web/SaaS application launch failed due to a failure to establish a connection with the back-end app server.
Info code: 0x10000005
Check the target URL or check the Connector Appliance network settings. For details, see Network settings for your Connector Appliance.
Web/SaaS FormFill SSO failed due to invalid application configuration
Info code: 0x10000101, 0x10000102, 0x10000103, 0x10000104
Check the SSO form app configuration and make sure that the user name, password, action, and login URL fields are correctly configured on the app settings.
Kerberos SSO for Web/SaaS failed
Info code: 0x10000202
Kerberos SSO for Web/SaaS failed due to either an internal server error with Connector Appliance or an inability to fetch the token from the Domain Controller.
Check the Kerberos SSO settings on the back-end server and the domain controller. Also check the fallback NTLM authentication settings.
For details, see Validating your Kerberos configuration.
Web/SaaS SSO failed due to internal server error
Info code: 0x10000203
Check the SSO settings in the Secure Private Access service and the back-end server. For Secure Private Access service, see Set the preferred sign-on method.
Web/SaaS app launch failed due to the configured proxy being unreachable
Info code: 0x10000303, 0x10000304
Check the proxy server settings and make sure that it is reachable to Connector Appliance. For details, see Register your Connector Appliance with Citrix Cloud.
Web/SaaS app launch failed due to a failure to authenticate with the configured proxy
Info code: 0x10000305
Check the proxy server credentials and make sure that they are configured correctly in Connector Appliance. For details, see After registering your Connector Appliance.
Session codes
| Code | Status | Description |
|---|---|---|
| 2101 | Failure | Session failure |
| 2102 | active/inactive/failure | Session is active or terminated or at least one app launch in the session failed |
| 2000 | Active | The session is active |
| 2001 | Inactive | Session is terminiated/inactive |
App enumeration message codes
| Code | Status | Description |
|---|---|---|
| 1000 | Success | Enumeration was successful. At least one app was enumerated |
| 1001 | Success | No applications were enumerated because they were all denied by policies |
| 1002 | Success | No applications were enumerated because no policies matched |
| 1003 | Success | No applications were enumerated because some were denied and for others, no policies matched |
| 1004 | Success | No applications were enumerated because no policies to evaluate |
| 1101 | failure | An internal error occurred during the enumeration |
| 1102 | failure | Some applications were enumerated but at least one app evaluation failed |
| 1103 | failure | No applications were enumerated and at least one app evaluation failed |
| 3000 | Allow | Application enumeration is allowed |
| 3001 | Deny | Application enumeration is denied by policy |
| 3002 | Deny | Application was not enumerated because no policies matched |
| 3003 | Unknown | Application enumeration status is unknown |
| 3004 | Application launch from CEB | Application launch attempt from Citrix Enterprise Browser |
| 3101 | Failure | Application enumeration - An internal error occurred (currently unused) |
| 3102 | Failure | Application was not enumerated because there was an exception during policy evaluation |
| 3103 | Failure | Application enumeration status is null - An internal error occurred during policy evaluation |
| 3104 | Allow/deny/failure | Error retrieving policy details for the app |
App launch message codes
| Code | Status | Description |
|---|---|---|
| 4000 | Allow | Application Launch is allowed |
| 4001 | Deny | Application launch was denied because of a policy |
| 4002 | Deny | Application launch was denied because no policy matched |
| 4101 | Failure | Application launch error - An internal error occurred during application launch |
| 4102 | Failure | Application launch error (internal) |
| 4103 | Allow/deny/failure | Error retrieving policy details for the app |
| 4104 | Failure | Application Launch Error - No application configuration found |