WEM Management Console launch error message

[Stefanos Evangelou1709159370]

I have a new VAD LTSR 1912 environment with WEM 1912. I deployed standalone WEM infrastructure server and have configured the broker service, WEM database created fine (SQL Server 2019). I have defined custom AD service account and complex password for wuemUser. Mixed mode authentication is enabled in SQL Server. I have confirmed network connectivity between the WEM server and the database instance and all relevant firewall ports are open. Server clocks are synchronized. When i try to launch the WEM console I receive the following error message:

Specified infrastructure server seems to be offline or have a wrong database configuration. Please check configuration and try again.

 

In the WEM server I see following Norkale Broker service events in the event log: 

1) Error - Service appears to be Offline and no valid local cache found!

2) No start or product license detected. [ReasonCode: 1]

3) Unauthorized connection attempt from : [username] , where username is member of the defined Citrix Administrator AD group. 

 

I am using the embedded 30-day license period of Citrix VAD 1912. Could the lack of Advanced or Premium licenses be the issue? Any other ideas?

[Kasper Johansen1709159522]

Hi,

 

Did you run the WEM Infrastructure Service Configuration wizard?

 

Scroll down to the "Configure the infrastructure service" part here:
https://docs.citrix.com/en-us/workspace-environment-management/current-release/install-and-configure/infrastructure-services.html

[Stefanos Evangelou1709159370]

Hello,

 

Yes I have run  the WEM Infrastructure Service configuration wizard. I am using a custom password for wuemUser SQL login and also a Windows infrastructure service account. I have declared these accordingly in the "Advanced settings" tab in the wizard. The DB has been configured successfully and I can see all required logins created with permissions to the database.

 

I carried out additional checks:

1) I have seen articles in which it is mentioned that WEM (former Norskale) does not support IPv6, so I disabled IPv6 on all interfaces on the WEM infrastructure server.

2) I thoroughly checked https://docs.citrix.com/en-us/workspace-environment-management/current-release/system-requirements.html  and all requirements are met.

3) I checked SQL Server and there are no relevant error logs in the SQL Server log from WEM connections.

4) I ran TCPView on the WEM infrastructrure server and I can see that there are multiple sessions established successfully from the Norskale Broker Service to the SQL Server. Same thing confirmed by running Wireshark on the WEM server,k so this is definitely not a networking issue.

 

Further items?

1) I am using the embedded 30-day license period of Citrix VAD 1912. Could the lack of Advanced or Premium licenses be the issue?

2) Are there any more verbose logs I can get from WEM?

 

 

 

 

[James Kindon]

i don't think  the embedded licence gives you what you need for WEM (advanced/enterprise is the starting point)

[Stefanos Evangelou1709159370]

I have installed premium VAD licenses and confirmed that these were recognized by the license server. I declared the license server in the WEM configuration wizard and ensured again that all configuration information is correct. I then run again the WEM infrastructure server and console installations (repair operation) and rebooted the WEM infrastructure server. After reboot I tried the WEM console connection again but the same error came up again - Specified infrastructure server seems to be offline or have a wrong database configuration. Please check configuration and try again. (attached).

 

As a second test I created a new WEM database and related WEM broker service configuration with the default wuemUser password and no AD service account (used default Local system instead). However I am getting same error message.

 

Norskale Broker Service event log in WEM server shows persistent error: "Service appears to be Offline and no valid local cache found!"

 

Is there anything else I am missing?

[James Kindon]

8 hours ago, Stefanos Evangelou1709159370 said:

ensured again that all configuration information is correct

Must be something missing here - WEM is pretty simple in its IS service setup - you may have to enable verbose logging on the broker to identify what's failing and where - usually its something simple like a bad DB entry in the service config or something like that (or permissions on the DB or firewall)

[Stefanos Evangelou1709159370]

Hello,

 

I re-checked WEM official system requirements and they are all met, as per: https://docs.citrix.com/en-us/workspace-environment-management/current-release/system-requirements.html. I fully disabled IPv6 in the SQL server and in the WEM infrastructure server, having seen that Norkale/WEM does not support IPv6 yet. I re-checked configuration of the WEM database, database permissions, firewall rules and the WEM infrastructure server configuration wizard and all values provided are correct. In this first SQL instance I was running a standalone named instance with static TCP port, with Latin1_General_100_CI_AS_KS instance collation and the SQL connection string provided to WEM for DB connection was [SQLSERVER_HOSTNAME]\[SQL_INSTANCENAME],[TCP_PORT].

 

Since I had a named SQL instance running SQL Server 2019, I tried another go with a new SQL instance running as default instance (MSSQLSERVER) with static port, with Latin1_General_100_CI_AS_KS instance collation and mixed mode authentication enabled. The SQL connection string provided to WEM in this case for DB connection was [SQLSERVER_HOSTNAME]. Database is created successfully but I am getting same exact error when trying to connect via the WEM console and the only Event log entry appearing is :"Service appears to be Offline and no valid local cache found!".

 

Could this be a bug with version 1912 of WEM? The only remaining check I can think of at this point is to re-download and re-install the WEM 1912 binaries, in case there was some sort of corruption during download, which is highly unlikely.

[Stefanos Evangelou1709159370]

I will try verbose WEM trace collection as per https://support.citrix.com/article/CTX228742 and revert with my findings.

[James Kindon]

what is the name of your DB? The exact name...

[Stefanos Evangelou1709159370]

Even though the WEM database has been successfully created and there are no errors in the DB creation log, the following entries appear in the "Citrix WEM Infrastructure Service Debug.log" file. Windows Firewall is disabled in the WEM server and in the SQL server hosting the WEM database.

 

12:23:01 PM Event -> MainBrokerWinSvc.OnStart() : Minimum number of worker threads: 200
12:23:01 PM Event -> MainBrokerWinSvc.OnStart() : Minimum number of asynchronous I/O threads: 200
12:23:01 PM Warning -> BrokerServiceHelper.CheckSqlConnection() : Network Detected as disconnected
12:23:01 PM Exception -> BrokerServiceHelper.CheckSqlConnection() : Database Check -> Failed
12:23:01 PM Exception -> MainBrokerWinSvc.InitService() : Service appears to be Offline and no valid local cache found!
12:23:04 PM Event -> LicensingMonitor.UpdateLicenseServerConnectionState() : License server connection successful [licserver:27000]
12:23:07 PM Event -> MainBrokerWinSvc.InitService() : Initialization Completed.

 

Broker Service Version: 1912.1.0.1
12:23:07 PM Event -> AnalyticMonitor.InternalRun() : Analytics scheduled execution completed successfully
12:23:12 PM Event -> MainBrokerWinSvc.<StartAdminBroker>b__45_0() : Connection in progress -> Client WEMSERVERHOSTNAME version 1912.1.0.1 with Ip address IPv4
12:23:12 PM Event -> AdminBrokerService..ctor() : MultiTenantApiBroker false
12:24:07 PM Event -> AnalyticMonitor.InternalRun() : Analytics scheduled execution completed successfully
12:24:30 PM Event -> MainBrokerWinSvc.<StartAdminBroker>b__45_0() : Connection in progress -> Client WEMSERVERHOSTNAME version 1912.1.0.1 with Ip address IPv4
12:24:30 PM Event -> AdminBrokerService..ctor() : MultiTenantApiBroker false
12:25:07 PM Event -> AnalyticMonitor.InternalRun() : Analytics scheduled execution completed successfully
12:25:32 PM Event -> MainBrokerWinSvc.<StartAdminBroker>b__45_0() : Connection in progress -> Client WEMSERVERHOSTNAME version 1912.1.0.1 with Ip address IPv4
12:25:32 PM Event -> AdminBrokerService..ctor() : MultiTenantApiBroker false
12:26:07 PM Event -> AnalyticMonitor.InternalRun() : Analytics scheduled execution completed successfully
12:26:26 PM Event -> MainBrokerWinSvc.<StartAdminBroker>b__45_0() : Connection in progress -> Client WEMSERVERHOSTNAME version 1912.1.0.1 with Ip address IPv4
12:26:26 PM Event -> AdminBrokerService..ctor() : MultiTenantApiBroker false.

 

 

 

The WEM Administration Console Debug trace gives the following output:

=========================================================================

<ExceptionString>System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.</ExceptionString></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent><E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>131075</EventID><Type>3</Type><SubType Name="Error">0</SubType><Level>2</Level><TimeCreated SystemTime="2020-02-04T20:36:35.2014237Z" /><Source Name="System.ServiceModel" /><Correlation ActivityID="{13047e9f-59d2-4e3f-bd19-e402b514fc7e}" /><Execution ProcessName="Norskale Administration Console" ProcessID="3288" ThreadID="5" /><Channel/><Computer>[WEMSERVERHOSTNAMEHERE]</Computer></System><ApplicationData><TraceData><DataItem><TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier><Description>Throwing an exception.</Description><AppDomain>Norskale Administration Console.exe</AppDomain><Exception><ExceptionType>System.ServiceModel.Security.SecurityNegotiationException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>

 

<Message>The caller was not authenticated by the service.</Message><StackTrace>   at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetNextOutgoingMessage(Message incomingMessage, T negotiationState)
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
   at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryGetChannel()
   at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.SyncWaiter.TryWait(TChannel&amp;amp; channel)
   at System.ServiceModel.Channels.ReliableChannelBinder`1.ChannelSynchronizer.TryGetChannel(Boolean canGetChannel, Boolean canCauseFault, TimeSpan timeout, MaskingMode maskingMode, TChannel&amp;amp; channel)
   at System.ServiceModel.Channels.ReliableChannelBinder`1.Send(Message message, TimeSpan timeout, MaskingMode maskingMode)
   at System.ServiceModel.Channels.SendReceiveReliableRequestor.OnRequest(Message request, TimeSpan timeout, Boolean last)
   at System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan timeout)
   at System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ClientReliableDuplexSessionChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.ServiceModel.Channels.ServiceChannelProxy.ExecuteMessage(Object target, IMethodCallMessage methodCall)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeChannel(IMethodCallMessage methodCall)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&amp;amp; msgData, Int32 type)
   at System.ServiceModel.ICommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ClientBase`1.System.ServiceModel.ICommunicationObject.Open(TimeSpan timeout)
   at Norskale.Common.Data.BaseBrokerClient`1.OpenNegociatedSecurityConnection()
   at Norskale.Common.Data.BaseBrokerClient`1.TryOpenConnection()
   at Norskale.Common.Data.BaseBrokerClient`1.Open()
   at Norskale.Common.Forms.Administration.General.ConnectToBroker.Run()
   at System.Threading.Tasks.Task.Execute()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task&amp;amp; currentTaskSlot)
   at System.Threading.Tasks.Task.ExecuteEntry(Boolean bPreventDoubleExecution)
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
</StackTrace>

[Stefanos Evangelou1709159370]

5 minutes ago, James Kindon said:

what is the name of your DB? The exact name...

Name of the Database is CitrixWEM

[Stefanos Evangelou1709159370]

I am already using Domain Service account for the WEM Broker Server. Based on the verbose traces from the WEM console, I will apply this solution as well and revert with results: https://support.citrix.com/article/CTX225352

[James Kindon]

ok just making sure there is no weird DB names in the mix - there has been a history...

 

best off with a ticket into Citrix on this one - there is no WEM bugs that i know currently, it may be something to do with static ports being configured etc - but that would be past my knowledge

[Stefanos Evangelou1709159370]

17 minutes ago, Stefanos Evangelou1709159370 said:

I am already using Domain Service account for the WEM Broker Server. Based on the verbose traces from the WEM console, I will apply this solution as well and revert with results: https://support.citrix.com/article/CTX225352

 

After applying https://support.citrix.com/article/CTX225352 , connection proceeds with new step shown in the WEM console UI (attached) but there is new error message in the WEM Admin console trace as follows:

 

<ExceptionString>System.ServiceModel.FaultException`1[Norskale.Common.Data.Faults.DataReaderFault]: The creator of this fault did not specify a Reason.  (Fault Detail is equal to Norskale.Common.Data.Faults.DataReaderFault).</ExceptionString></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent><E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>458799</EventID><Type>3</Type><SubType Name="Information">0</SubType><Level>8</Level><TimeCreated SystemTime="2020-02-04T20:53:22.7511797Z" /><Source Name="System.ServiceModel" /><Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /><Execution ProcessName="Norskale Administration Console" ProcessID="5572" ThreadID="6" />

[Nishant Singh1709163573]

Hello Everyone,

Has this ever resolved?  Currently, I am facing the same issue in my environment?