Skip to main content
Matrix42 Self-Service Help Center

Troubleshoot the Active Directory Connector

  1. Last updated
  2. Save as PDF

Summary

Matrix42 allows to integrate MyWorkspace seamless into an existing Active Directory infrastructure based on the Active Directory Connector component. This guide describes how to troubleshoot the component to handle infrastructure problems directly. 

Goal

After completing this guide you will be able to handle infrastructure problems regarding the Active Directory connector directly. This helps to increase business continuity and the service quality in your organization. 

Install connector

In order to correctly install the Active Directory Connector, you need to run the setup as an Administrator.

Ensure the correct connector version is installed

The Azure Active Directory connector introduces logging with version 1.0.16.17. Ensure that you install or update the latest version by just executing the downloaded installer. To verify which version is installed use the Windows Explorer and check the file properties of the following file: 

%programfiles%\matrix42\Universal Agent Framework\Matrix42.Platform.Service.Extension.ACSTunnel.Router.dll

The system should reflect a result similar to the following one: 

mws-connector-version.png 

Logs of the registration wizard

The registration wizard is executed during the initial setup or when the connector is updated. During that process the system registers the connector within MyWorkspace. In case of unsuspicious issues the logs of the registration wizard are available here:

%programfiles%\matrix42\MyWorkspace Cloud Connector\Tools\wizard.log

Matrix42 Univeral Agent Logs

MyWorkspace is using the Matrix42 Universal Agent platform for all on-premise connectors like the Active Directory connector. The general logs for the agent platform are available here:  

%programfiles%\matrix42\Universal Agent Framework\Matrix42.Platform.Service.Host.log

This log contains all information and should be send to the support organization in case of trouble with any on premise connector. 

Log-Level Configuration 

The log level ot the Active Directory Connector can be configured in the central configuration of the Matrix42 Universal Agent platform as described in the following steps: 

  1. Open the file %programfiles%\matrix42\Universal Agent Framework\Matrix42.Platform.Service.Host.exe.config as an administrator
  2. Change logging configuration and save. More details about the different logging settings can be found in the documentation of the Enterprise Application Logging Block here.
  3. Restart service “Matrix42 Universal Agent Framework” (Matrix42UAF) in the service control manager.

Different Tasks

The MyWorkspace Active Directory connector has different tasks in the MyWorkspace ecosystem. The following tasks are the most important ones in case of troubleshooting: 

  • Active Directory Forms Login
    This action will be performed when ever a user needs to be authorized via Active Directory but no pass through authentication is possible, for example the end user sits in front of a MAC OS X device
  • Active Directory NTLM Login 
    This action will be performed when ever a user needs to be authorized via Active Directory and a pass through authentication is or should be possible, for example the end user sits in front of a domain member Windows device. 
  • Active Directory Group Sync
    The AD group sync observes the directory and as soon important groups are changed the system sends the different changes into the MyWorkspace service.
  • Receive Remote Apps (RDS)
    When a user logs into MyWorkspace and a Remote Desktop Services farm is connected the system triggers this action to receive all remote apps which are assigned to the user. This applications will be rendered automatically in the launchpad of the end user.

Sample Log: Active Directory forms login

2016-03-02 11:10:18.755 [Information] [ActiveDirectoryService.Validate] Login validation requested for user jkuehle in domain IV.
2016-03-02 11:10:18.974 [Information] [ActiveDirectoryService.Validate] Validation failed for user jkuehle. Username or password invalid.
2016-03-02 11:10:41.698 [Information] [ActiveDirectoryService.Validate] Login validation requested for user jkuehle in domain IV.
2016-03-02 11:10:41.745 [Information] [ActiveDirectoryService.Validate] Validation successful for user jkuehle.

Sample Log: Active Directory NTLM login

2016-03-02 12:04:29.640 [Information] [ActiveDirectoryService.GetNTLMChallenge] AuthContext added to cache. SessionId a9eeac65-5816-4033-b075-4891be49957e
2016-03-02 12:04:29.656 [Information] [<>c__DisplayClass7.<GetNTLMChallengeAsync>b__6] NTLMChallenge generated. Message: TlRMTVNTUAACAAAABAAEADgAAAAFgomi8NJQvm8u0zMAAAAAAAAAAIYAhgA8AAAABgOAJQAAAA9JAFYAAgAEAEkAVgABABYAQwBNAE0AVwBTAEQARQBNAE8AQQBEAAQAEABpAHYALgBsAG8AYwBhAGwAAwAoAGMAbQBtAHcAcwBkAGUAbQBvAGEAZAAuAGkAdgAuAGwAbwBjAGEAbAAFABAAaQB2AC4AbABvAGMAYQBsAAcACACdzJ+se3TRAQAAAAA=; SessionId: a9eeac65-5816-4033-b075-4891be49957e
2016-03-02 12:04:30.578 [Information] [ActiveDirectoryService.ValidateNTLMMessageType3] AuthContext found in cache. Parsing started.
2016-03-02 12:04:30.593 [Debug] [ActiveDirectoryService.ValidateNTLMMessageType3] NTLM message Parsed. Domain: iv; UserName: jkuehle; Host: M42-NB-305
2016-03-02 12:04:30.593 [Information] [ActiveDirectoryService.ValidateNTLMMessageType3] NTLM message Parsed. Domain: iv; UserName: jkuehle
2016-03-02 12:04:30.969 [Information] [ActiveDirectoryService.ValidateNTLMMessageType3] ADValidationResult generated. result.IsValid: True
2016-03-02 12:04:31.000 [Debug] [ActiveDirectoryService.CacheEntryRemovedCallback] CacheEntryRemovedCallback called.
2016-03-02 12:04:31.015 [Debug] [ActiveDirectoryService.CacheEntryRemovedCallback] CacheEntryRemovedCallback.arguments.RemovedReason: Removed; removed key: a9eeac65-5816-4033-b075-4891be49957e
2016-03-02 12:04:31.015 [Debug] [ActiveDirectoryService.CacheEntryRemovedCallback] CacheEntryRemovedCallback trying to get NtlmAuth context from cache.
2016-03-02 12:04:31.015 [Debug] [ActiveDirectoryService.CacheEntryRemovedCallback] CacheEntryRemovedCallback NtlmAuth context was DISPOSED.
2016-03-02 12:04:31.015 [Information] [ActiveDirectoryService.ValidateNTLMMessageType3] AuthContext was removed from cache.

Sample Log: Active Directory Group Sync

 

2016-03-02 11:07:24.225 [Information] [<SyncChanges>d__7.MoveNext] Found new changes. USN of domain controller 2192070 is different than last synchronized USN 2192066.
2016-03-02 11:07:24.241 [Information] [<SyncChanges>d__7.MoveNext] Start synchronization for the whole active directory.
2016-03-02 11:07:24.242 [Debug] [ActiveDirectoryGroupRepository.GetChanges] Query AD for deleted objects using the query: (&(objectClass=Group)(isDeleted=TRUE)(usnChanged>=2192067))
2016-03-02 11:07:24.242 [Debug] [ActiveDirectoryGroupRepository.GetChanges] Query AD for new or updated objects using the query: (&(objectClass=Group)(usnChanged>=2192067))
2016-03-02 11:07:24.242 [Debug] [<SyncChanges>d__d.MoveNext] Synchronize deletion of group drtzu with SID S-1-5-21-937310773-1359273415-650307667-2614.
Sample Log: Remote Desktop Services - Published Apps

 

2016-03-02 07:03:01.768 [Information] [<GetUserRemoteAppsAsync>d__e.MoveNext] Remote apps requested for user arthur.admin@imagoverum.com and hosts https://cmmwsdemords.cloudapp.net/.
2016-03-02 07:03:01.877 [Information] [<GetUserRemoteAppsAsync>d__e.MoveNext] User arthur.admin@imagoverum.com resolved to iv.local/arthur.admin.
2016-03-02 07:03:01.909 [Information] [<GetSessionKeyAsync>d__2d.MoveNext] Performing login of user iv.local/arthur.admin to https://cmmwsdemords.cloudapp.net/rd...Feedlogin.aspx...
2016-03-02 07:03:02.299 [Information] [RemoteAppsService.GetFeedApps] Receiving apps from feed https://cmmwsdemords.cloudapp.net/rd...d/webfeed.aspx...
2016-03-02 07:03:02.424 [Debug] [<<GetUserRemoteAppsAsync>b__1>d__9.MoveNext] Found app Calculator for user iv.local/arthur.admin.
2016-03-02 07:03:02.440 [Debug] [<<GetUserRemoteAppsAsync>b__1>d__9.MoveNext] Found app iexplore for user iv.local/arthur.admin.
2016-03-02 07:03:02.456 [Debug] [<<GetUserRemoteAppsAsync>b__1>d__9.MoveNext] Found app Internet Information Services (IIS) Manager for user iv.local/arthur.admin.
2016-03-02 07:03:02.456 [Debug] [<<GetUserRemoteAppsAsync>b__1>d__9.MoveNext] Found app Paint for user iv.local/arthur.admin.
2016-03-02 07:03:02.456 [Debug] [<<GetUserRemoteAppsAsync>b__1>d__9.MoveNext] Found app Resource Monitor for user iv.local/arthur.admin.
2016-03-02 07:03:02.471 [Debug] [<<GetUserRemoteAppsAsync>b__1>d__9.MoveNext] Found app WordPad for user iv.local/arthur.admin.