Post on 11-Jan-2016
v2 March © 2015 Citrix
Troubleshooting Common Issues with XenMobile WorxMailCitrix TechEdge 2015
Juan Zevallos
Senior Escalation Engineer
May 2015
© 2015 Citrix
Agenda
WorxMail and its MDX Policies
Communication Flow
Troubleshooting Use Case & Tools
Push Notification Support with WorxMail
Resources
Q&A
© 2015 Citrix
What is WorxMail?
• WorxMail app gives users access to their mail, calendar, and contacts on their mobile phones and tablets.
• Supported operating systems– iOS– Android– Windows Phone 8.1
• WorxMail is an ActiveSync client.
© 2015 Citrix
WorxMail MDX Policies
• Export contacts
• Accept all SSL certificates
• Enable download of attachments over WiFi
• Control locked screen notifications
© 2015 Citrix
MDX Policies that affect Communication Flow
• Network Access– Unrestricted– Tunnel to internal network– No access
• Background network service– Mail server FQDN– Mail server ActiveSync port
• Background services ticket expiration– STA ticket lifetime before user must re-authenticate
• Background network service gateway– NetScaler Gateway proxy FQDN
© 2015 Citrix | Confidential
How WorxMail Communicates with the Mail server
© 2015 Citrix
Mail Server
InternetInternet Data centerData center
WorxMail direct to mail server
© 2015 Citrix
MDX Policies To Connect Directly to Mail Server
Network access: Unrestricted
Background network services: <blank>
Background services ticket expiration: <blank>
Background network service gateway: <blank>
© 2015 Citrix
InternetInternet
Mail ServerNetScaler
XenMobile Server
Data centerData center
11
22
33WorxMail using STA to access mail server
© 2015 Citrix
MDX Policies To Use STA Tunnel
Network access: Tunneled to the internal network
Background network services: mail.juanz.lab:443
Background services ticket expiration: 168 hours
Background network service gateway: gateway3.juanz.lab:443
© 2015 Citrix
Background network service
gatewayBackground
network services
Background services ticket
validation
NetScaler
XenMobile Server
Mail Server
InternetInternet Data centerData center
© 2015 Citrix | Confidential
Troubleshooting Use Case
© 2015 Citrix
One of the most common errors : “Your Company Network Is Not Currently Available”
© 2015 Citrix
CTX200538
1st Step: Grab Logs!
© 2015 Citrix
WorxMail Log Files (iOS)
• CtxLog_AppInfo.txt
• CtxLog_AppPolicies.xml
• CtxLog_VPNConfig.xml
• Diagnostics Logs
© 2015 Citrix
Check the Device and App Information
Application: WorxMail (10.0.3.82)
MDXToolkit Version: v10.0.3.135
Hardware model: iPad4,2
iOS Version: 8.2
Jailbroken?: NO
Device model: iPad
Ctx_AppInfo.txtCtxLog_AppInfo.txt
© 2015 Citrix
Check the NetScaler Attributes CtxLog_VPNConfig.xml
© 2015 Citrix
MDX Policies Currently Applied CtxLog_AppPolicies.xml
© 2015 Citrix
How To Read WorxMail Diagnostics Logs
Timestamp Message Class Message
2015-03-23T15:29:12 AGTunnelerAG policy: Intercepting mail.juanz.lab:443 for STA tunneling
2015-03-23T15:29:12 AGTunnelerNew TCP proxy connection to (null):443 established
Diagnostics Logs
© 2015 Citrix
How To Read WorxMail Diagnostics Logs
Timestamp Message Class Message
2015-03-23T15:29:12 AGTunnelerAG policy: Intercepting mail.juanz.lab:443 for STA tunneling
2015-03-23T15:29:12 AGTunnelerNew TCP proxy connection to (null):443 established
Diagnostics Logs
© 2015 Citrix
How To Read WorxMail Diagnostics Logs
Timestamp Message Class Message
2015-03-23T15:29:12 AGTunnelerAG policy: Intercepting mail.juanz.lab:443 for STA tunneling
2015-03-23T15:29:12 AGTunnelerNew TCP proxy connection to (null):443 established
Diagnostics Logs
© 2015 Citrix
InternetInternet
NetScaler
XenMobile Server
Mail Server
Data centerData center
© 2015 Citrix
InternetInternet
NetScaler
XenMobile Server
Mail Server
Data centerData center
1
STA
© 2015 Citrix
Did Worx Home Obtain an STA Ticket?
Timestamp Message Class Message
2015-03-23T15:26:48 INFO (4) Getting STA Ticket
2015-03-23T15:26:48 INFO (4) Got STA Ticket response
2015-03-23T15:26:49 INFO (4)STA Ticket – Success obtaining STA ticket for App --WorxMail
Diagnostics Logs
© 2015 Citrix
Did The XenMobile Server Issue an STA ticket?
Time: 2015-03-23T12:26:34.771-0700
User: user2
Device: Mozilla/5.0 (iPad; CPU OS 8_1_2 like Mac OS X)
Result: Successfully generated STA ticket for user 'user2' for app 'MobileApp2'
UserAuditLogFile.log
© 2015 Citrix
NetScaler
XenMobile Server
Mail Server
InternetInternet Data centerData center
DNS?Network?
© 2015 Citrix
Can I Access OWA with WorxWeb?
© 2015 Citrix
NetScaler
XenMobile Server
Mail Server
Data centerData centerInternetInternet
© 2015 Citrix
“Your Company Network Is Not Currently Available”
© 2015 Citrix
ERROR found in WorxMail Diagnostics Logs
Timestamp Message Class Message
2015-03-23T15:29:27 ERROR (2)AsyncHttpOptions – Received back non HTTP 200 response from the server
2015-03-23T15:29:27 INFO (4)HTTP request failed with error.domain=(null), error.code=0, httpStatus=500
Diagnostics Logs
© 2015 Citrix
ERROR found in WorxMail Diagnostics Logs
Timestamp Message Class Message
2015-03-23T15:29:27 ERROR (2)AsyncHttpOptions – Received back non HTTP 200 response from the server
2015-03-23T15:29:27 INFO (4)HTTP request failed with error.domain=(null), error.code=0, httpStatus=500
Diagnostics Logs
© 2015 Citrix
Mail Server HTTP Requests and Responses
C:\inetpub\logs\LogFiles\W3SVC1\U_EX*.log
IBM_TECHNICAL_SUPPORT > HTTHR*.log
© 2015 Citrix
One of the most common errors : “Your Company Network Is Not Currently Available”
FIXED
© 2015 Citrix | Confidential
Additional Troubleshooting Tools
© 2015 Citrix
Use Worx Exchange ActiveSync Test Tool
© 2015 Citrix
How does the Worx EAS Tool work?
Available for iOS only
Supports MS Exchange and IBM Notes Traveler
Test explicit username or client certificate authentication
Validate the function of WorxMail
Provide a list of recommendations for correcting any problems
© 2015 Citrix
Example of an Error reported by Worx EAS Tool
Server: 23.29.105.113Username: user2Reported Error:
Provisioning failed due to an untrusted SSL certificate.
Negotiating ActiveSync protocol: FailedFolder Sync: Not performed
Recommendations:–Ensure that certificate is issued by a trusted CA–Ensure that certificate has a valid host name and is not expired–Ensure that correct certificate is bound with HTTPS in IIS on Exchange server
© 2015 Citrix
What if there is an issue with Email, Contacts or Calendar?
© 2015 Citrix
Exchange ActiveSync Mailbox Logging
Use after device connects, gets past IIS, and into Exchange code
See the incoming requests sent by the device and outgoing response from the mail server
© 2015 Citrix
APNs Push Notification Support for WorxMail
Leverage APNs push notification to notify WorxMail on mailbox activity
Badge icon will get updated when there is new mail or if the mail status changed
Badge icon will get updated even if WorxMail has been terminated
33
© 2015 Citrix
Overview of APNs Push Notification for WorxMail
We will utilize Exchange’s EWS notification feature
Citrix will host “listener” service to push APNs notifications to WorxMail Exchange
InternetInternet Data centerData center
EWS Notification
APNs Notification
Citrix Listener Service
33
© 2015 Citrix
Requirements for APNs Push Notification with WorxMail
• Allow outbound SSL (over 443) connection to Citrix hosted listener service (*.mailboxlistener.xm.citrix.com), if there is a firewall or web proxy controlling outbound traffic
• Create an Explicit App ID for WorxMail– Upgrading from older version of WorxMail that is using a Wildcard App ID is not supported
• Create/Upload an APNs certificate for WorxMail– This is when Citrix generates a tenant ID for the push notification parameters
• Add Push Notification parameters into WorxMail’s MDX Policies
© 2015 Citrix
Resources
• Microsoft Exchange EWS (Microsoft Dev Center)
• Citrix Worx EAS Tool Download/How To/FAQ (CTX141685)
• Under The Hood: Exchange ActiveSync Mailbox Log Analysis (Microsoft Blog)
• XenMobile 10 Logs Collection Guide (CTX200538)
• Improving Battery Life with WorxMail using STA (Citrix Blog)
© 2015 Citrix
© 2015 Citrix
Recap
WorxMail and its MDX Policies
Communication Flow
Troubleshooting Use Case & Tools
Push Notification Support with WorxMail
Resources
Q&A
© 2015 Citrix
Before you leave…
• Conference Surveys are available online at www.citrixsynergy.com starting Thursday, May 14 at 9:00 a.m.– Those who provide feedback by 6pm, Friday, May 15th will receive:– $20 Amazon e-gift card– Name entered in a drawing for a free Trip to Synergy 2016 (5 chances)
Download presentations starting Monday May, 18th from the My Event Planning tool
© 2015 Citrix
Work better. Live better.Work better. Live better.