XenMobile Domain users unable to authenticate - LDAP response read timed out, timeout used
Article ID: CTX219386
Updated On:
Description
If domain users or admins are failing to authenticate to XenMobile, verify if the following error appears in the debug log
2016-04-05T10:25:50.128+0000 | 5EAF1FBBC192FC0D | WARN | http-nio-10080-exec-77 | com.sparus.nps.apple.security.AuthUtils | Forcing LDAP auth: cannot refresh user data: user@citrix.com
org.apache.jetspeed.security.SecurityException: com.citrix.xms.oca.imil.exception.IMILException: com.citrix.xms.oca.imil.exception.IMILException: Could not refreshUser(String userName, String domainName, boolean isDN). Reason:{}
at com.sparus.nps.ldap.LdapCredentialHandlerImpl.getUserAttributes(LdapCredentialHandlerImpl.java:455)
at com.sparus.nps.ldap.LdapCredentialHandlerImpl.getBackendUserInfo(LdapCredentialHandlerImpl.java:357)
at com.sparus.nps.security.AuthenticationProviderProxyImpl.getBackendUserInfo(AuthenticationProviderProxyImpl.java:587)
Caused by: com.citrix.xms.oca.imil.exception.IMILException: com.citrix.xms.oca.imil.exception.IMILException: Could not refreshUser(String userName, String domainName, boolean isDN). Reason:{}
at com.citrix.xms.oca.imil.service.impl.UserServiceImpl.refreshUser(UserServiceImpl.java:1376)
at (+6) com.sparus.nps.ldap.LdapCredentialHandlerImpl.getUserAttributes(LdapCredentialHandlerImpl.java:453)
at com.sparus.nps.ldap.LdapCredentialHandlerImpl.getBackendUserInfo(LdapCredentialHandlerImpl.java:357)
Caused by: com.citrix.xms.oca.imil.exception.IMILException: Could not refreshUser(String userName, String domainName, boolean isDN). Reason:{}
at com.citrix.xms.oca.imil.service.impl.UserServiceImpl.getUserFromLDAP(UserServiceImpl.java:2147)
at com.citrix.xms.oca.imil.service.impl.UserServiceImpl.refreshUser(UserServiceImpl.java:1296)
at (+6) com.sparus.nps.ldap.LdapCredentialHandlerImpl.getUserAttributes(LdapCredentialHandlerImpl.java:453)
Caused by: Message: null
com.citrix.cg.exception.BOException: Could not refreshUser(String userName, String domainName, boolean isDN). Reason:{}
at com.citrix.cg.bo.GenericUserMgr.getUserFromLDAP(GenericUserMgr.java:1096)
at com.citrix.xms.oca.imil.service.impl.UserServiceImpl.getUserFromLDAP(UserServiceImpl.java:2143)
at com.citrix.xms.oca.imil.service.impl.UserServiceImpl.refreshUser(UserServiceImpl.java:1296)
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:30000ms.; remaining name 'dc=citrix,dc=com'
at com.sun.jndi.ldap.Connection.readReply(Connection.java:490)
at (+9) com.apere.int500.ii.iga.activedirectory.ActiveDirectoryIGA.refreshUserFromLDAP(ActiveDirectoryIGA.java:2496)
at com.apere.int500.ii.iga.activedirectory.ActiveDirectoryIGA.refreshUser(ActiveDirectoryIGA.java:2406)
2016-04-05T10:25:50.128+0000 | 5EAF1FBBC192FC0D | INFO | http-nio-10080-exec-77 | com.sparus.nps.ios.spi.impl.IOsMdmAuthenticationDelegate | User data refresh failed for user: user@citrix.com. Carrying on nonetheless
Resolution
To do this navigate to Server Properties >Search for "LDAP read timeout". The default value is 30000ms
Problem Cause
XenMobile is read times out before a successful retrieval of the user can happenIssue/Introduction
