Diagnose Device Posture service events failure
Administrators can now diagnose and troubleshoot Device Posture events failures effectively. Perform the following steps to view the event logs for the Device Posture service:
-
Copy the transaction ID of the failed or access denied session from the end user device.
- Sign into Citrix Cloud.
- On the DaaS tile, click Manage, and then click the Monitor tab.
-
In the Monitor UI, enter the transaction ID in the Search field and click Details.
You can view the transaction summary and the verification details of the configured Device Posture policies. The different values for policy evaluation are compliant, non-compliant, and deny.
Denied:
Device Posture Checks - Error Code:
The preceding screen shows the following sections:
- Transaction Summary
- Verify Configured Policies
- Error Code
Transaction summary
The Transaction Summary page provides the outcome of the Device Posture policy.
In case of compliant, non-compliant, and denied results, the Device Posture policy evaluation includes the following information in the transaction summary section:
- Platform: The OS of the client device.
- Policy name: Name of the Device Posture policy.
- Evaluation result: Indicates whether the Device Posture policy passed or failed.
- Device Posture result: Indicates whether the Device Posture outcome is compliant, non-compliant, or denied.
- Last scanned time: The time when the device was last scanned.
Verify configured policies
The Verify Configured Policies section provides comprehensive details of policy evaluation, including the reasons for failure, the specific rule that failed, and the evidence collected. This information allows admins to troubleshoot and take appropriate actions based on the policy details.
Device posture policy evaluation process
-
Policy failure and rule identification:
- Identify which rule failed and why it failed.
- Collect evidence related to the failure.
-
Outcome determination:
- Depending on the policy evaluation, the outcome can be compliant, non-compliant, or denied.
- If no policies match, the outcome will be “no matching policy.”
-
Viewing policy details:
- Admins can view the details of each device policy for a specific transaction ID.
- Use the backward and forward arrows to navigate through different policies.
In cases of compliant, non-compliant, and denied results, the Device Posture policy evaluation includes the following information in the Verify Configured Policies section:
- Policy name: Name of the device policy.
- ID: The order in which the policy is evaluated.
- Evaluation result: Indicates whether the Device Posture policy passed or failed.
- Policy result: Indicates whether the Device Posture outcome is compliant, non-compliant, or denied.
-
Policy Conditions:
- Type: The device scan type.
- Condition criteria: The condition to evaluate the policy rule.
- Expected value: The configured value of the policy condition.
- Actual value: The evidence collected from the endpoint.
- Condition result: Indicates whether the condition passed or failed.
Error code
When there is an issue and Device Posture fails to evaluate the policy, the error code is displayed.
In case of failures, copy the error code and contact Citrix support.
The policy details and error codes simplify the triage and troubleshooting of user issues.
The following table provides the error code, error message, and solution for the error:
# | Error message | Error code | Action |
---|---|---|---|
1 | Failed to read configured policies. | 0x0050001 | Contact Citrix Support |
2 | Failed to evaluate endpoint scans. | 0x0050002 | Contact Citrix Support |
3 | Failed to process policies or expression. | 0x0050003 | Contact Citrix Support |
4 | Failed to save endpoint details. | 0x0050004 | Contact Citrix Support |
5 | Failed to process scan results from endpoints. | 0x0050005 | Contact Citrix Support |
6 | Failed to read Device Posture mode configuration. | 0x0050006 | Contact Citrix Support |