Workspot Enterprise Connector Troubleshooting Guide

Overview

Workspot Enterprise Connector (also called Connector or EC) is an important component in Workspot deployment architecture. It plays a crucial role in the AD integration and has various other jobs like self-registration (FTU using directory services, Thin client, and Kiosk mode), group memberships, syncing deleted or disabled AD accounts, and on-premise Hypervisor integration have a dependency on EC. We recommend that customers have two ECs for High Availability.

Highlights of EC:

• EC runs as a service on independent & domain-joined Windows Server OS and communicates with Workspot Control on an outbound HTTPS (Port 443).

• EC runs on Windows Server 2012 or later & requires 4 GB RAM, 250 MB disk space.

• EC depends on Java; the supported version can be downloaded from:

  • Till EC version 6.0: https://www.azul.com/downloads/?version=java-8-lts&os=windows&architecture=x86-64-bit&package=jdk#zulu

  • For EC version 6.1 and above: https://www.azul.com/downloads/?version=java-21-lts&os=windows&architecture=x86-64-bit&package=jdk#zulu

• Windows PowerShell 2.0 or above.

See Workspot Enterprise Connector for installation and general information. 

1. Enterprise connector (EC) Healthy State

EC is healthy if the status in Control shows as connected.

2. Known issues and troubleshooting steps

EC unhealthy state in control shows as offline.

First things first:

• If you have access to the EC server, make sure the EC server is up and the Workspot Enterprise Connector service is running. If the Service is in a stopped state, try starting the Workspot Enterprise Connector Service or try restarting the server.

• Make sure https://Control.workspot.com and your regional instance (https://control.us.workspot.com or https://control.eu.workspot.com ) are reachable from the Server.

a. JRE missing or upgraded to an unsupported version

EC has a dependency on the JAVA runtime environment, so Java must be properly installed. If there is any Java file missing or Java upgraded to an unsupported version, the ‘Workspot Enterprise Connector service’ will not start. Hence, the EC could not communicate with Control.

Error Messages: When starting Workspot Enterprise Connector Service

Event ID 7000 in Windows System Events

Solution: Reinstall Java as suggested in the Prerequisites Section, point 4.

b. Enterprise Connector Service Account (SA) related issues

There are a few scenarios frequently being reported related to EC Service Account:

• • The service account got disabled in Active Directory(AD)

  • Service account password expired

  • Service account password changed

  • The service account has not been added or removed from the “Log on as a service” policy

In all the above scenarios, when starting the Enterprise Connector Service, it will throw the following error message. However, Event Viewer messages will further guide you to identify the exact problem.

• The service account is disabled in AD

Solution: Make Sure the Service Account is not disabled in AD

• The service Account password has been changed

Solution: Make sure the Service Account password is correct

• Service Account password has expired

Solution: Make Sure Account Expires is set to never for the Service account in AD

• Service Account is not part of “Log on as a Service”

Solution: Make sure the EC Service Account is part of “Log on as a Service” in the Local Security Policy.

• EC got successfully installed and had initial communication with Control over HTTPS, and updated Host and version details to Control. However, still EC state is Offline in the Control.  

Initial Findings: 

• All the required Ports and Protocols are in place between EC and Control 

• EC is not able to create a secure WebSocket connection with Control for further communication.  

Troubleshooting 

During troubleshooting, we identified that for every PowerShell script executed by EC, EC was getting additional data that was not relevant; as a result, EC was unable to perform operations as expected.  

As an Example:  

EC was trying to generate a Secure WebSocket URL and expects the URL as: wss://control.workspot.com/ws/openPresigned?token=e00d90e0-9522-41e8-8664-7ab2ca879 to create a connection with Control. 

However, because of the PowerShell Profile, the EC was getting other information (because of the PowerShell profile) and the out URL had other data not relevant to EC to build wss connection with Control.

Reason:  

The Windows server where EC service was installed had a PowerShell Profile ($PSHOME\Profile.ps1) configured for All Users and all Hosts, and as a result, every PowerShell script executed by EC to perform those operations has unwanted data from the PowerShell profile. A PowerShell profile script runs as a startup script when PowerShell starts, interactive or non-interactive. For more details, please refer to the link below.  

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7.4 

Solutions:  

Delete the Profile.ps1 from the $PSHOME (C:\Windows\System32\WindowsPowerShell\v1) location.

If you are still seeing an issue with Enterprise Connector, please submit a ticket to Workspot support to investigate the issue. 

Related Documents

• Workspot Enterprise Connector

• Microsoft: Dsacls.