Troubleshoot License Server VPX

Active Directory integration

These errors are the most commonly encountered errors during integration of the License Server VPX to Active Directory:

• ERROR: Cannot find user
  • The domain user account being used is not found in the target domain.
  • Trust domains are not supported. You might see this error if a user belongs to any trusted/parent domain and is not a part of the target domain.
• ERROR: User does not have access
  • Ensure that the domain user has the right privileges to join the machine to Active Directory.
  • For more information, see this Microsoft Support article.
• ERROR: Cannot contact the domain
  • Correct the domain name or check if the domain is reachable from the License Server VPX and fix any network related issues.
• ERROR: User has insufficient permissions to join the domain
  • The account does not have the privileges required to join a machine to Active Directory.

For more information, see this article.

For any other errors, see this article for details.

Keytab creation

If you see any issues during the keytab creation, follow these instructions and retry:

1. Ensure that you have elevated permissions when running the ktpass.exe command. Run the cmd prompt as Administrator.
2. Ensure that the User Account Control (UAC) restrictions are minimal.
3. Ensure that all password requirements are met. For example, password filters aren’t blocking password characters on the target domain and you are specifying a supported number of characters.
4. Retry the command by adding the domain to account used in the -mapuser argument. Use a user principal name (account@domain.com) or a down-level logon name (domain\username).
5. Ensure that the account being used is a member of the target domain and not of a trusted or parent domain.
6. Add the -target argument to the command and pass the domain.
   1. Ensure that the account used in the -mapuser argument is a service account created solely for this purpose.
   2. Ensure that the first name, last name, and the service account name for the account are the same.
   3. We recommend that you name the account with the name of the License Server VPX name to ensure that uniqueness is maintained during mappings.

For more details, see the ktpass command article.

Manually install a certificate

Use this procedure if you are a Director or Studio administrator who doesn’t want to use the self-signed certificate that is generated during installation.

Install the .crt and .key files on the License Server:

VPX - License Administration Console:

1. Stop Citrix licensing etc/init.d/citrixlicensing stop.
2. Copy the server.crt and server.key created earlier in this procedure to /opt/citrix/licensing/LS/conf/.
3. Start Citrix licensing etc/init.d/citrixlicensing start.

VPX - Web Services for Licensing:

1. Stop the services etc/init.d/ citrixwebservicesforlicensing stop.
2. Copy the server.crt and server.key created earlier in this procedure to /opt/citrix/licensing/WebServicesForLicensing/Apache/conf/.
3. Start the services etc/init.d/ citrixwebservicesforlicensing start.

Configure a proxy server for use with Citrix Licensing Manager, Customer Experience Improvement Program (CEIP), and Call Home

You can use a proxy with the Citrix Licensing Manager, CEIP, and Call Home. When you configure a proxy server, requests to download licenses and upload Call Home data are sent through a proxy server.

Important:

Citrix Licensing components requiring outward bound web communications can inherit network proxy settings using Windows automatic proxy detection. We do not support authenticated proxies. For more information about Windows automatic proxy detection, see WinHTTP AutoProxy Functions.

Configure a proxy server manually

Edit the SimpleLicenseServiceConfig.xml file, which is in /opt/citrix/licensing/WebServicesForLicensing/.

Add a line of xml to the file in the format <Proxy>proxy server name:port number</Proxy>. The .xml tags are case-sensitive.