Alerts     Sign In
[x]

Site Alert(s):

  • Server maintenance Saturday Nov 22, 2008, 12:00 PM - 3:00 PM. The Knowledge Center will be unavailable during this time.
Rate this Article:
You must be signed in to rate again
 Article Feedback Print View
Alternate Languages: N/A

Advanced Access Control 4.x Users Receive an "Access Denied" Error Message

Document ID: CTX110871   /   Created On: Aug 25, 2006   /   Updated On: Jun 18, 2008
Average Rating: 3

Symptoms 1

Advanced Access Control 4.x users receive an “Access Denied” error message when logging on.

The Event Viewer Application Log may report the following event:

Event Type: Error

Event Source: CitrixAGLicensing

Event Category: None

Event ID: 114

Date: 11/6/2007

Time: 12:40:47 PM

User: N/A

Computer: AACServerName

Description:

License request denied to user ID testadmin. No valid license available. User cannot log on to Access Gateway Advanced Edition.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

OR

“Source: CitrixAGLicensing
Description: License request denied to user ID testadmin. No valid license available. User cannot log on to Advanced Access Control.”

Symptoms 2

You receive the following error message when accessing a logon point (bypassing the Access Gateway - http://localhost/CitrixLogonPoint/SampleLogonPoint):

"Access denied.

Your computer does not meet the minimum requirements for accessing corporate resources securely. Contact the system administrator for assistance.

Please quote Reference ID....."

Resolution 1

1. In the Access Suite Console, verify that the Advanced Access Control 4.x server is pointing to a license server the Advanced Access Control licenses are uploaded to.

2. On the license server, verify that the Advanced Access Control server has been issued a startup license.

3. If the environment is Access Gateway with Advanced Access Control, the license file contains options for both Access Gateway and Advanced Access Control. For example:

License file:

CITRIXTERM FEATURE     1.0   CAG_SSLVPN_CCU    EN    Citrix Access    Gateway|Concurrent User
CITRIXTERM FEATURE     1.0   CAG_AAC_CCU       EN    Citrix Advanced Access Control Option|Concurrent User

License Server:

4. A temporary workaround may be to create a batch file on the license server to restart the license services or enter a bogus license server entry into the Access Management Console to force the server to refresh its license counts or enter a grace period.

5. Verify, using the Session Viewer Tool on the Advanced Access Control Server, that any expired sessions that should have automatically deleted themselves do not exist. Adjust the Session Timeouts in the Access Management Console so sessions have an expiration date. In addition, check the error tab in the Session Viewer Tool. The tool may indicate a permission problem when accessing the database for the session information. It may be necessary to investigate any outdated information in the following three tables with the Advanced Access Control database: LicensePendingRelease, LicenseHoldingServer, and MasterSession.CDF Tracing, CTX104578 – Using Citrix Diagnostic Facility and the Access Suite Console for Tracing, on the following modules; MSAM_SessionFactory, MSAM_Library_NavUI_TokenURI, MSAM_Library_Session_Management_Server, MSAM_Library_Licensing, MSAM_Session. You may have to ask Citrix Technical Support to compare them to a working environment.

6. Verify the access policies within the environment. An access policy may be denying access to the logon point.

Resolution 2

  1. Investigate the client workstations' configuration with respect to Endpoint Analysis (EPA) scans that may have failed, Presentation Server Clients being downloaded, or any other programs or configurations that are needed to access the logon point.
  2. An Internet Explorer 7 workstation received this message. The same user account was able to access the same logon point from another workstation. Adjust the following browser settings to allow the download/update of the Presentation Server Client:
    1. Enable the Automatic Prompting for ActiveX Controls setting.
    2. Enable the Automatic Prompting for File Downloads setting.
  3. Ensure the SQL database server hosting the Advanced Access Control database is functioning properly (for example: ensure there is enough drive space, correct permissions, and so on). During troubleshooting, Citrix Technical Support attempted to create a new logon point. The logon point creation failed. Upon making a connection to the SQL Server, Citrix Technical Support noticed the SQL Server displayed a message that it was low or out of disk space. After freeing up some disk space, logons to the existing logon point were successful. In addition, a new logon point could be created.
  4. If Internet Information Services (IIS) is in IIS 5.0 isolation mode (see http://support.microsoft.com/kb/812408/en-us), clear the Run WWW service in IIS 5.0 isolation mode check box and apply the changes.

More Information

CTX114824 – Access Gateway 4.5 Advanced Edition Licenses are Consumed but not Released


This document applies to:

Search
Knowledge Center
Advanced Search
XenApp
XenApp Plugins (Clients)
XenServer
XenDesktop
NetScaler Application Delivery
Access Gateway
EdgeSight
Provisioning Server
WANScaler
Password Manager
>> View All Products
Does it work with Citrix? Verify it - introducing the new Citrix Ready Community Verified
©1999-2008 Citrix Systems, Inc. All rights reserved.