XenMobile is unable to identify the group membership of users
Article ID: CTX228089
Updated On:
Description
Although XenMobile can find both user objects and group objects in Active Directory, XenMobile is unable to enumerate the group membership of user objects.
This can result in no MAM resources being deployed unless they are bound to the 'All Users' Delivery Group.
You may also find that resources can still be deployed by using local groups in XenMobile Server itself.
Symptoms of this problem can been seen on the XenMobile web admin console under 'Manage' --> 'Users'.
When checking under 'Groups' on this page, you may find that this specific detail is left blank for any affected users.
Environment
Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.
Resolution
Ensure that the LDAP Group which is labelled 'Pre-Windows 2000 Compatible Access' contains appropriate membership settings.
The membership of 'Pre-Windows 2000 Compatible Access' should be configured so that the users who are enrolling in XenMobile are found to be members of 'Pre-Windows 2000 Compatible Access'.
The default settings for 'Pre-Windows 2000 Compatible Access' are such that 'Authenticated Users' is listed as a member of the group.
Any Domain Controller computer account objects are also found as members of this group, by default.
This step may fail if the membership of 'Pre-Windows 2000 Compatible Access' has been changed from the default settings.
Changes to the default settings may have been performed so as to restrict security settings.
See the links under 'Additional Resources' for information about how to restrict security settings in Active Directory without changing the default membership of 'Pre-Windows 2000 Compatible Access'.
The membership of 'Pre-Windows 2000 Compatible Access' should be configured so that the users who are enrolling in XenMobile are found to be members of 'Pre-Windows 2000 Compatible Access'.
The default settings for 'Pre-Windows 2000 Compatible Access' are such that 'Authenticated Users' is listed as a member of the group.
Any Domain Controller computer account objects are also found as members of this group, by default.
Problem Cause
During enrolment, XenMobile Server will bind to Active Directory and will enumerate the group membership of the user who is enrolling.This step may fail if the membership of 'Pre-Windows 2000 Compatible Access' has been changed from the default settings.
Changes to the default settings may have been performed so as to restrict security settings.
See the links under 'Additional Resources' for information about how to restrict security settings in Active Directory without changing the default membership of 'Pre-Windows 2000 Compatible Access'.
Issue/Introduction
Although XenMobile can find both user objects and group objects in Active Directory, XenMobile is unable to enumerate the group membership of user objects. This can result in no MAM resources being deployed unless they are bound to the 'All Users' Delivery Group.
Additional Information
Was this article helpful?
Yes
No
Powered by
