Overview
Workspot Enterprise Connector (also called Connector or EC) is an important component in Workspot deployment architecture. It plays a crucial role in the AD integration and has various other jobs like Self registration (FTU using directory services, Thin client, and Kiosk mode), group memberships, syncing deleted or disabled AD accounts and on-premise Hypervisor integration have a dependency on EC. We recommend customers to have two ECs for High Availability.
Highlights of EC:
EC runs as a service on independent & domain-joined Windows Server OS and communicates with Workspot Control on an outbound HTTPS (Port 443).
EC runs on Windows Server 2012 or later & requires 4 GB RAM, 250 MB disk space.
EC depends on the Java runtime environment, Windows PowerShell 2.0 or above.
See Workspot Enterprise Connector for installation and general information.
1. Enterprise connector (EC) Healthy State
EC is healthy if the status in Control shows as connected.
2. Known issues and troubleshooting steps
EC unhealthy state in control shows as offline.
First thing First:
If you have access to the EC server, make sure the EC server is up and the Workspot Enterprise Connector service is running. If Service is in a stopped state try starting the Workspot Enterprise Connector Service or try restarting the server.
Make sure https://Control.workspot.com and your regional instance (https://control.us.workspot.com or https://control.eu.workspot.com ) are reachable from the Server.
a. JRE missing or upgraded to an unsupported version
EC has a dependency on the JAVA runtime environment so Java must be properly installed. If there is any Java file missing or Java upgraded to an unsupported version, the ‘Workspot Enterprise Connector service’ will not start. Hence, the EC could not commutate with Control.
Error Messages: When starting Workspot Enterprise Connector Service
Event ID 7000 in Windows System Events
solution: Reinstall Java as suggested in the Prerequisites Section, point 4.
b. Enterprise Connector Service Account (SA) related issues
There are few scenarios frequently being reported related to EC Service Account:
Service account got disabled in Active Directory(AD)
Service account password expired
Service account password changed
The service account has not added or removed from “Log on as a service” policy
In all the above scenarios when starting Enterprise Connector Service, it will through below error message. However, Event viewer messages will further guide to identify the exact problem.
The service account is disabled in AD
Solution: Make Sure Service Account is not disabled in AD
The service Account password has been changed
Solution: Make sure Service Account password is correct
Service Account password has been expired
Solution: Make Sure Account Expires is set to never for Service account in AD
Service Account is not part of “Log on as a Service”
Solution: Make sure EC Service Account is part of “Log on as a Service” in Local security policy.
EC got successfully installed and had initial communication with Control over HTTPS and updated Host and version details to Control. However, still EC state is still Offline in the Control.
Initial Findings:
All the required Ports and Protocols are in place between EC and Control
EC is not able to create a secure WebSocket connection with Control for further communication.
Troubleshooting
During troubleshooting, we identified that for every PowerShell script executed by EC, EC was getting additional data which was not relevant as a result EC was unable to perform operations as expected.
As an Example:
EC was trying to generate a Secure WebSocket URL and expects the URL as: wss://control.workspot.com/ws/openPresigned?token=e00d90e0-9522-41e8-8664-7ab2ca879 to create a connection with Control.
However, because of the PowerShell Profile, the EC was getting other information (because of the PowerShell profile) and the out URL had other data not relevant to EC to build wss connection with Control.
Reason:
The Windows server where EC service was installed had PowerShell Profile ($PSHOME\Profile.ps1) configured for All Users and all Hosts and as a result, every PowerShell script executed by EC to perform those operations has unwanted data from the PowerShell profile. A PowerShell profile script runs as a startup script when PowerShell starts, interactive or non-interactive. For more details, please refer to the below link.
Solutions:
Delete the Profile.ps1 from $PSHOME (C:\Windows\System32\WindowsPowerShell\v1) location.
If you still seeing an issue with Enterprise Connector, please submit a ticket to Workspot support to investigate the issue.
Related Documents
Microsoft: Dsacls.