Real-time session troubleshooting using Monitor
Administrators can monitor and troubleshoot Secure Private Access sessions in real-time using the Monitor console.
For related information, see the following topics:
-
For information on integrating Secure Private Access with Monitor, see Integration with DaaS monitor.
-
You can search for Secure Private Access user sessions in Monitor to quickly locate specific sessions for troubleshooting and reporting purposes. For details, see View a Secure Private Access session by user.
-
For more information on Monitor, see DaaS Monitor.
The following error codes are captured for Secure Private Access hybrid deployments:
Session codes
| Code | Status | Description |
|---|---|---|
| 2101 | Failure | Session failure |
| 2102 | active/inactive/failure | Session is active or terminated or at least one app launch in the session failed |
| 2000 | Active | The session is active |
| 2001 | Inactive | Session is terminiated/inactive |
App enumeration message codes
| Code | Status | Description |
|---|---|---|
| 1000 | Success | Enumeration was successful. At least one app was enumerated |
| 1001 | Success | No applications were enumerated because they were all denied by policies |
| 1002 | Success | No applications were enumerated because no policies matched |
| 1003 | Success | No applications were enumerated because some were denied and for others, no policies matched |
| 1004 | Success | No applications were enumerated because no policies to evaluate |
| 1101 | failure | An internal error occurred during the enumeration |
| 1102 | failure | Some applications were enumerated but at least one app evaluation failed |
| 1103 | failure | No applications were enumerated and at least one app evaluation failed |
| 3000 | Allow | Application enumeration is allowed |
| 3001 | Deny | Application enumeration is denied by policy |
| 3002 | Deny | Application was not enumerated because no policies matched |
| 3003 | Unknown | Application enumeration status is unknown |
| 3004 | Application launch from CEB | Application launch attempt from Citrix Enterprise Browser™ |
| 3101 | Failure | Application enumeration - An internal error occurred (currently unused) |
| 3102 | Failure | Application was not enumerated because there was an exception during policy evaluation |
| 3103 | Failure | Application enumeration status is null - An internal error occurred during policy evaluation |
| 3104 | Allow/deny/failure | Error retrieving policy details for the app |
App launch message codes
| Code | Status | Description |
|---|---|---|
| 4000 | Allow | Application Launch is allowed |
| 4001 | Deny | Application launch was denied because of a policy |
| 4002 | Deny | Application launch was denied because no policy matched |
| 4101 | Failure | Application launch error - An internal error occurred during application launch |
| 4102 | Failure | Application launch error (internal) |
| 4103 | Allow/deny/failure | Error retrieving policy details for the app |
| 4104 | Failure | Application Launch Error - No application configuration found |
App launch error codes
| Code | Description | Resolution/Workaroud |
|---|---|---|
| 5001 | TCP - connection failed | Verify network reachability to the destination (ping -S <SNIP> from NetScaler Gateway).
|
| 5003 | TCP - probe failed | |
| 5002 | TCP - proxy server down | Ensure that the proxy host is UP. |
| 5004 | TCP - memory allocation in gateway failed | Enable debug level logging and collect support bundle from NetScaler. |
| 5005 | TCP - server down | Verify network reachability to the destination (ping -S <SNIP> from NetScaler Gateway) and check if the server is DOWN. |
| 5006 | TCP - proxy connection failed | Ensure that the proxy host is UP and accepting connections. |
| 5007 | TCP - proxy probe failed | Verify network reachability to the destination (ping -S <SNIP> from NetScaler Gateway). Enable debug level logging and collect support bundle from NetScaler. |
| 5008 | SPA - server down | Verify that the Secure Private Access site URL is UP. (Use the show vpn securePrivateAccessProfile CLI command on NetScaler CLI to check the URL status). |
| 5009 | SPA - callout request error | Verify that the Secure Private Access site URL is UP. Enable debug level logging and collect support bundle from NetScaler.
|
| 5010 | SPA - callout response error | |
| 5011 | TCP - session expired | This indicates that the app was accessed when the user session was no longer active. Start a new active user session. |
| 5013 | TCP - gateway internal error | Enable debug level logging and collect support bundle from NetScaler. |
| 5014 | TCP - DNS server down | Ensure that the DNS server is UP. |
| 5015 | TCP - gateway DNS internal error | Ensure that the DNS Server is UP. Enable debug level logging and collect support bundle from NetScaler. |
| 0x1300000C | DNS resolution failed for application domain | Ensure that the host name your application uses is resolved by the intended DNS servers (internal vs public). |
Real-time session troubleshooting using Monitor
Copied!
Failed!