Workspot Enterprise Connector(EC) Troubleshooting Guide

Overview

Workspot Enterprise Connector (often referred to as Connector or EC) is a vital element in the architecture of Workspot deployment. It is essential for Active Directory integration with Workspot Control and is involved in several operations, such as users’ self-registration (AD-based authentication), Kiosk login, synchronizing users’ group memberships and deleted/disabled users’ accounts, and executing resource operations triggered from Workspot Control on on-premise Hypervisors, all of which rely on EC. We advise customers to maintain two ECs for High Availability.

Highlights of EC:

• EC runs as a service on a domain-joined Windows Server OS and communicates with Workspot Control on an outbound HTTPS (Port 443).

• EC runs on Windows Server 2012 or later & requires 4 GB RAM, 250 MB disk space. (Recommended to run on 2022 or 2025 Windows server)

• EC depends on Java; Workspot recommends Azul Zulu OpenJDK. As of July 4, 2025, Enterprise Connector 6.0 requires Java version 8.x,  and from Enterprise Connector 6.1 onwards, Java version 21.x is needed.

  • Download and install https://www.azul.com/downloads/?version=java-8-lts&os=windows&architecture=x86-64-bit&package=jdk#zulu

  • Download and install https://www.azul.com/downloads/?version=java-21-lts&os=windows&architecture=x86-64-bit&package=jdk#zulu

• Windows PowerShell 2.0 or above.

See Workspot Enterprise Connector for installation and general information. 

Enterprise connector (EC) Healthy State

EC is healthy if the status in Control shows as connected.

Known issues and troubleshooting steps

EC's unhealthy state in control shows offline.

First things first:

• If you can access the EC server, make sure the Windows server is up.

• Ensure the Workspot Enterprise Connector service is running. If the Workspot Enterprise Connector Service is in the stopped state, try starting the service or restarting the server.

• Ensure https://Control.workspot.com and your regional instance (https://control.us.workspot.com or https://control.eu.workspot.com) are reachable from the Server.

JRE/JDK is missing, or an unsupported version is installed

EC relies on the JAVA runtime environment, so Java needs to be installed correctly. If any Java files are absent or if Java is updated to an incompatible version, the ‘Workspot Enterprise Connector service’ will fail to start. Consequently, the EC will be unable to interact with Control.

Error Messages: When starting Workspot Enterprise Connector Service

Event ID 7000 in Windows System Events

Solution: Reinstall Java as suggested in the Prerequisites Section, point 4.

Enterprise Connector Service Account (SA) related issues

There are a few scenarios frequently being reported related to the EC Service Account:

• The service account got disabled in Active Directory(AD)

• Service account password expired

• Service account password changed

• The service account has not been added or removed from the “Log on as a service” policy

In all the above scenarios, when starting the Enterprise Connector Service, it will throw the following error message. However, Event Viewer messages will further guide you to identify the exact problem.

• The service account is disabled in AD

Solution: Make Sure the Service Account is not disabled in AD

• The service Account password has been changed

Solution: Make sure the Service Account password is correct

• Service Account password has expired

Solution: Ensure the Service Account Expires is set to never for the Service account in AD

• Service Account is not part of “Log on as a Service.”

Solution: Make sure the EC Service Account is part of “Log on as a Service” in the Local Security Policy.

EC was successfully installed and had initial communication with Control over HTTPS. However, the EC state is still offline in the Control.

Initial Findings: 

• All the required Ports and Protocols are in place between EC and Control 

• EC is not able to create a secure WebSocket connection with Control for further communication.  

Troubleshooting 

During troubleshooting, we identified that for every PowerShell script executed by EC, EC was getting additional data that was not relevant; as a result, EC was unable to perform operations as expected.  

EC was trying to generate a Secure WebSocket URL and expected the URL to be: wss://control.workspot.com/ws/openPresigned?token=e00d90e0-9522-41e8-8664-7ab2ca879 to create a connection with Control. 

However, because of the PowerShell Profile, the EC was getting other information (because of the PowerShell profile), and the out URL had other data not relevant to EC to build wss connection with Control.

Reason:  

The Windows server where EC service was installed had a PowerShell Profile ($PSHOME\Profile.ps1) configured for All Users and all Hosts, and as a result, every PowerShell script executed by EC to perform those operations has unwanted data from the PowerShell profile. A PowerShell profile script runs as a startup script when PowerShell starts, interactive or non-interactive. For more details, please refer to the link below.  

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7.4 

Solution: Delete the Profile.ps1 from the $PSHOME (C:\Windows\System32\WindowsPowerShell\v1) location.

EC treats the AD group membership as False even though the user is in the AD Group.

• Error Code: 11110, as per EC log

• Error Message: Error checking user membership.

• Reason: Customer added a new cloud for a new domain and added groups from the domain. EC was throwing an error during the group membership check.

• Solution: Removing the unwanted groups from the customer’s added domain

If you continue to experience a problem with the Enterprise Connector, please create a support ticket with Workspot to look into the matter.

Related Documents

• Workspot Enterprise Connector

• Microsoft: Dsacls.