"Enterprise Service Account Key is not found. Please check the configuration values.

Citrix XenMobile 10.3 Setup of Android for Work: Enterprise Service Account Key is not found

I’m working to setup Citrix XenMobile 10.3 with Android for Work in the office.  I’ve been working through this set of documentation from Citrix here.  After Citrix enabled their side of the configuration and it correctly shows in my Google Admin console, when I try to add the Android For Work settings to XenMobile there are number of things that are strange:

  1. There are only prompts for the Domain Name, Domain Admin Account, and Service Account ID.  There is no option for the Binding Token as shown in the screenshots.
  2. Once I enter this information I get the following error message “Enterprise Service Account Key is not found. Please check the configuration values.”

There is currently no XenMobile 10.3 specific information, so I don’t know if this is a change specific to 10.3 or a bug in 10.3.

Are you seeing this same error message?  How did you get around it?

UPDATE 1/13/2016: 

We have a case open with Citrix Support.  They are currently trying to duplicate the problem on a clean system, so hopefully I should know more later today if it is a bug with the newest version of software or something we did incorrectly with the setup.  Since the Google web pages have changed the Citrix documentation is out of date, so there might be some steps missing now that Google’s process has changed.

UPDATE 1/13/2016 4:37 PM UTC:

From Citrix Support: “We have been able to confirm the errant behavior and are currently engaged with engineering on a fix. We believe that the issue centers around the changes implemented on the Google Api site, as it does not seem to generate the service account details in the same format. I hope to have an idea by EOB if this is actually the case, or if we can come up with a workaround for the problem. Thanks!”

UPDATE 2/4/2016 11:28 PM UTC

Unfortunately I don’t have a fix that I can provide directly for this.  Based on the case we had open with Citrix support it sounds like Google’s API changed breaking this functionality.  Through a combination of additional undocumented steps and changes on the Citrix back end they were able to get this working.

7 thoughts on “Citrix XenMobile 10.3 Setup of Android for Work: Enterprise Service Account Key is not found”

  1. Same error here, is there a Solution for this issue now?
    i cant find any related info, please advise.

  2. This should be under SR 70686628 with Citrix.

    There were a number of changes not included in the documentation from Citrix that we had to do as well as potentially things that Citrix Support did on the back end. Good luck!

    We are running into other interesting issues now that we have Android for Work (AfW) running that will maybe turn into another quick article, but feel free to get in touch if you have more questions or at least confirm experiences.

  3. Thanks Matthew,

    Just opened a support case to activate the google account, will see if I still have the error after that. I for one would be very interested in your experience with AfW!

  4. I was able to get around this issue thanks to the ‘known issues section for XenMobile 10.3’: http://docs.citrix.com/en-us/xenmobile/10-3/xmob-knownandfixedissues-con.html

    You cannot enable Android for Work in the XenMobile console. When you configure Android for Work account settings and enter the service account ID you obtain from Google, which contains only numbers, an error appears when you save the settings. If you enter the service account ID using the earlier Google format that contained numbers and characters, the same error occurs because this format does not correspond to the service account ID in XenMobile server. This is a third-party issue.
    As a workaround, to enable Android for Work, add a server property for the Google client ID.

    1. In the XenMobile console, click the gear icon in the upper-right corner. The Settings page appears.

    2. Click Add. The Add New Server Property page appears.

    3. In the Key list, click Custom Key.

    4. In Key, enter google.aw.enterprise.client.id

    5. In Value, enter the numerical part of the client ID, such as 3838383838388383.

    6. Enter a Display name, such as “Google domain client ID.”

    7. Click Save.

    [#615118]

    This allowed me to enable Android for Work but i still need to test if this is completely functional

Leave a Reply

Your email address will not be published. Required fields are marked *