Troubleshooting "Unable to Authenticate" Error on SEGv2 with KCD Enabled

Log File for Review on SEGv2 with KCD Enabled

Question

On an SEGv2 where Kerberos Constrained Delegation (KCD) is enabled, sometimes users receive an "unable to authenticate" message.

Which log file needs to be reviewed when troubleshooting the issue?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

In VMware Workspace ONE Unified Endpoint Management (UEM), the Secure Email Gateway version 2 (SEGv2) is used to secure communication between email servers and mobile devices. Kerberos Constrained Delegation (KCD) is a feature that allows the SEGv2 to authenticate users with email servers using Kerberos tickets, instead of using passwords.

When users receive an "unable to authenticate" message on the SEGv2 with KCD enabled, it indicates that there may be an issue with the authentication process. To troubleshoot this issue, we need to review the log files generated by the SEGv2.

Out of the four options provided, the log file that needs to be reviewed for troubleshooting this issue is the "AirWatch.Kerberos.AuthService.log". This log file contains information related to Kerberos authentication, such as the Kerberos ticket request and response messages, and any errors or warnings encountered during the authentication process.

Option A, "U_ex####.log", is a log file generated by the IIS web server, which contains information related to web server requests and responses. This log file may not provide useful information for troubleshooting issues related to Kerberos authentication.

Option B, "AW.EAS.Web.Log", is a log file generated by the AirWatch Enterprise Authentication Service (EAS), which provides authentication services for Workspace ONE UEM. This log file may not provide useful information for troubleshooting issues related to Kerberos authentication on the SEGv2.

Option C, "AWCMservice.log", is a log file generated by the AirWatch Cloud Messaging (AWCM) service, which provides push notification services for Workspace ONE UEM. This log file may not provide useful information for troubleshooting issues related to Kerberos authentication on the SEGv2.

In summary, the correct answer to this question is option D, "AirWatch.Kerberos.AuthService.log". This log file should be reviewed for troubleshooting issues related to Kerberos authentication on the SEGv2 with KCD enabled.