Secure Hub Error : Security policy does not allow to connect on Android devices

Secure Hub Error : Security policy does not allow to connect on Android devices

book

Article ID: CTX224338

calendar_today

Updated On:

Description

This article explains on how to troubleshoot the error  Security policy does not allow you to connect on Android devices

Log analysis :

Below error could mean that user is entering an expired pin.
"WARNING ( 3)","SHTP:java.io.IOException: Connection failed, status=400 subcode=HTTP/1.1 400 SHTP0005: Security policy does not allow you to connect.
at com.zenprise.communication.SHTP.connectInternal2(SHTP.java:645)
at com.zenprise.communication.SHTP.connectInternal(SHTP.java:356)
at com.zenprise.communication.SHTP.connect(SHTP.java:346)
at com.zenprise.communication.KernelService.connectToServer(KernelService.java:681)
at com.zenprise.communication.KernelService$1.run(KernelService.java:292)

Below error message in the logs could indicate that the user’s account is disabled in LDAP.
| ERROR | http-nio-14443-exec-2 | com.citrix.xms.oca.imil.service.impl.UserServiceImpl | Could not get user details from LDAP 'ak@ctx.local'. Reason:Could not refreshUser. UserId: user1@citrix.local, Domain Name: citrix.local, isUPN: true, isDN: false. Reason:Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial

Below error could indicate that the user is entering incorrect credentials Ex: SAMAccountName instead of UserPrincipalName.
,"WARNING ( 3)","SHTP: java.io.IOException: Connection failed, status=400 subcode=HTTP/1.1 400 SHTP0005: Security policy does not allow you to connect
 

Resolution

  • Follow below article to generate a new pin for Android device enrollment.
  • http://docs.citrix.com/en-us/xenmobile/10/xmob-enrollment-adding-users-groups/xmob-enrollment-add-invitation.html
  •  Make sure user is entering correct credentials based on the authentication method chosen under LDAP settings (SAMAccountName / UserPrincipalName). To Check the LDAP configuration, navigate to the XenMobile Console--->Setting--->LDAP--->Select the LDAP configuration-->Edit--> Check User search by

Problem Cause

  • If the Enrollment pin is expired.
  •  If the user’s account is disabled on Active Directory.
  • Note:- This error may occur, if the user is authenticating directly to the XenMobile Server (Without NetScaler)
  •  If the user is providing SAMAccountName instead of UserPrincipalName or vice versa.
Powered by Wolken Software