AirWatch ACC unable to search for users but can for groups successfully - error

If you have implemented an ACC and you can sucessfully browse for users but cannot for groups then obviously it is going to be the Group configuration that you have configured in the System/Enterprise Integration / Directory Services/Group section.

After checking the ACC logs you will see this error for an 8.1.0 ACC unsure for other versions:

2016/02/09 01:43:26.701 OPS-AWACC-01 00000000-0000-0000-0000-000000000000 [0000000-0000000] (4) Info AirWatch.CloudConnector.CloudConnectorService * Starting CloudConnector 8.1.1.0
2016/02/09 01:43:26.920 OPS-AWACC-01 2859c449-d479-4ef2-95db-8c8ef8a69969 [0000000-0000000] (4) Info AirWatch.CloudConnector.CloudConnectorService._GetLatestInstalledDotnetVersion .NET framework version 4.5.51650.379893
2016/02/09 01:43:26.920 OPS-AWACC-01 2859c449-d479-4ef2-95db-8c8ef8a69969 [0000000-0000000] (4) Info AirWatch.CloudConnector.CloudConnectorService.CheckForUpdates Checking for update with https://mdm.com.com.com/AirWatch
2016/02/09 01:43:28.373 OPS-AWACC-01 2859c449-d479-4ef2-95db-8c8ef8a69969 [0000000-0000000] (4) Info AirWatch.CloudConnector.CloudConnectorService.CheckForUpdates This component is up-to-date!
2016/02/09 01:43:28.388 OPS-AWACC-01 ba54975a-b8df-49ba-8297-cf1fe97e9557 [0000000-0000000] (13) Info AirWatch.CloudConnector.AccServiceListener.ListenForRequestsLoop/1 Listener thread started.
2016/02/09 01:43:58.733 OPS-AWACC-01 ba54975a-b8df-49ba-8297-cf1fe97e9557 [0000000-0000000] (13) Error AirWatch.CloudConnector.AccServiceListener.ListenForRequestsLoop/1 ACC Listener Task faulted with state SecurityError; exiting.
*** EXCEPTION ***
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
Diagnostics Context


PID: 3044
Process Name: CloudConnector.Service
Process Identity:
Error obtaining Application Identity: Object reference not set to an instance of an object.


2016/02/09 01:43:58.764 OPS-AWACC-01 2859c449-d479-4ef2-95db-8c8ef8a69969 [0000000-0000000] (11) Error AirWatch.CloudConnector.CloudConnectorService.TasksFailed All listener threads have terminated; killing application.
2016/02/09 01:43:58.764 OPS-AWACC-01 2859c449-d479-4ef2-95db-8c8ef8a69969 [0000000-0000000] (11) Info AirWatch.CloudConnector.CloudConnectorService

This is a generic message.

Basically, check that the attributes exist in AD with ADSI edit. This configuration is CASE SENSITIVE. Having a capital G for Group vs group can be the mistake so cross reference and then this will be successful.

We often come across not being able to search groups, but it is unusual to be able to search groups but not users. The first two search strings are common for the user account and the second two are common for Groups.

(&(objectCategory=person)(sAMAccountName={EnrollmentUser}))
(&(objectCategory=user)(sAMAccountName={EnrollmentUser}))

(&(objectClass=group))
(&(=group))

Cheers

Mike