Microsoft Security Patch Validation Report January 2018

Summary

Microsoft’s January 2018 security updates have passed Citrix testing (the updates are listed below). The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software updates/patches in a development environment before implementing the updates in a production environment.

  • XenApp 6.5 HRP07
  • XenApp/XenDesktop 7.6 CU5
  • XenApp/XenDesktop 7.15 CU1
  • XenApp/XenDesktop 7.16

Where applicable, the above Citrix products were tested with below updates.

Product KB Article
Windows 10 v1709 (Fall Creators Update) 4056892
Windows 10 v1703 (Creators Update) 4056891
Windows 10 v1607 (Anniversary Update) and Windows Server 2016 4056890
Windows 10 v1511 4056888
Windows 10 v1507 LTSB 4056893
Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly rollup 4056894, 4056897
Windows 8.1 and Windows Server 2012 R2 Monthly rollup 4056895, 4056898
Internet Explorer 11 4056568
Microsoft Office 4011658, 4011659, 4011651, 4011643, 4011660, 4011627, 4011639, 4011580, 4011636, 4011632, 4011574, 4011611, 4011610, 4011626, 4011273, 4011637
Adobe Flash Player 4056887
.NET Framework 4054998, 4054176, 4054999, 4054177, 4054182, 4055002, 4054183, 4055001, 4054182
SQL Server 4058559, 4058560, 4058561, 4057118, 4057122, 4058562, 4057113


Note: Following patches were not selected for validation

Windows Vista and Windows Server 2008 4054996, 4054174, 4056613, 4056615, 40567594056941, 4056942, 4056944
Windows Server 2012 4054997, 4054175, 4055000, 4054181, 4056896, 4056899
SharePoint Server 4011609, 4011609, 4011642, 4011579, 3114998, 4011599, 4011653, 3141547
Office Web Apps 4011648, 4011615
Office Online Server 4011021
Office 2007 and older 4011607, 4011641, 4011657, 4011606, 4011602, 4011656, 4011213
Office for Mac Release Notes
SQL Server 2008 4057114


Visit the Microsoft Security TechCenter page to view Microsoft security updates.

Additional Resources

Citrix Interoperability Validation

Related:

  • No Related Posts

Microsoft Security Patch Validation Report February 2018

Microsoft’s February 2018 security updates have passed Citrix testing (the updates are listed below). The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software updates/patches in a development environment before implementing the updates in a production environment.

  • XenApp 6.5 HRP07
  • XenApp/XenDesktop 7.6 CU5
  • XenApp/XenDesktop 7.15 CU1
  • XenApp/XenDesktop 7.16

Where applicable, the above Citrix products were tested with below updates.

Product KB Article
Windows 10 v1709 (Fall Creators Update) 4074588
Windows 10 v1703 (Creators Update) 4074592
Windows 10 v1607 (Anniversary Update) and Windows Server 2016 4074590
Windows 10 v1511 4074591
Windows 10 v1507 LTSB 4074596
Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly rollup 4074598, 4074587
Windows 8.1 and Windows Server 2012 R2 Monthly rollup 4074594, 4074597
Internet Explorer 11 4074736
Microsoft Office 3114874, 3172459, 4011143, 4011682, 4011686, 4011690, 4011697, 4011707, 4011711, 4011574, 4011610, 4011643, 4011651, 4011659
Adobe Flash Player 4074595

Note: The following patches were not selected for validation

Windows Vista and Windows Server 2008 4034044, 4058165, 4073079, 4073080, 4074603, 4074736, 4074836, 4074851,
Windows Server 2012 4074593, 4074589, 4074736,
SharePoint Server 4011680, 4011701,
Office 2007 and older 4011200, 4011703, 4011715, 4011607, 4011656, 4011657,

Visit the Microsoft Security TechCenter page to view Microsoft security updates.

Related:

  • No Related Posts

Secure Web 10.7.20 iOS: While launching a Web Link, before authorizing the app, it crashes the app.

Tradução automática

Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.

Related:

  • No Related Posts

How to Configure “Allowed Secure Web domains” in Secure Mail

On Android MDX policy settings on Secure mail:

1. Add {package=com.android.chrome} under Restricted Open-In exception list

( the package ID is for Chrome browser)


2. Add the DNS suffix of the internal site under Allowed Secure Web domains

3. For any other third party browser, use the below formatting accordingly

{package=<packageID of the browser>}


On iOS MDX Policy settings on Secure Mail:

1. add +^safari: under Allowed URLs

2. add ,safari: under App URL schemes

3. Add the DNS suffix of the internal site under Allowed Secure Web domains

Note: On Android end users would be prompted to select native browser(Chrome) or Secure Web due to OS limitation. However on iOS, user will be automatically redirected to designated browser.

Related:

  • No Related Posts

NetScaler MAS “masd” Processes Do Not Start in HA Pair After Both Nodes are Rebooted

Tradução automática

Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.

Related:

  • No Related Posts

Configure EPA Scan for Windows Update parameters

Use Case

Scan the user device for Windows update and take a decision to allow or deny access to internal network.

Introduction to EPA

On NetScaler Gateway, End Point Analysis (EPA) can be configured to check if a user device meets certain security requirements and accordingly allow access of internal resources to the user. This can be configured by using preauthentication policy. If the user device fails the preauthentication scan, users are not allowed to log on. If additional security is needed, a session policy can be configured and bound to a AAA user or group or VPN vserver or VPN global level. This type of policy is called a post-authentication policy, which runs during the user session to ensure the required software, such as antivirus is running. If the policy fails, the connection to NetScaler Gateway ends. The Endpoint Analysis Plug-in downloads and installs on the user device when users log on to NetScaler Gateway for the first time. If a user does not install the Endpoint Analysis Plug-in on the user device or chooses to skip the scan, the user cannot log on with the NetScaler Gateway Plug-in. Optionally, user can be put in a quarantine group where (s)he gets limited access to internal network resources.

Configuration Steps

Step 1: Create Preauthentication profile

Create preauthentication profile which contains the action to allow or deny logon after preauthentication policy check. Optionally admin can also configure process to be cancelled and files to be deleted by EPA tool and also the default group that is chosen when the EPA check succeeds.

CLI:

> add preauthenticationaction ALLOW

GUI:

Go to NetScaler Gateway -> Policies -> Preauthentication Profiles -> Add

Create EPA Scan profile
Step 2: Create Preauthentication Policy

Create preauthentication policy with a profile and an expression to check for windows update on user device.

CLI:

> add aaa preauthenticationpolicy CLIENT.SYSTEM(WIN-UPDATE_MISSED-PATCH_==_CRITICAL[COMMENT: Windows Update]) EXISTS

In this example, expression EPA scans for Critical updates being enabled on the client system.

GUI:

To create policy go to NetScaler Gateway -> Policies -> Preauthentication Policies -> Add. You can use OPSWAT EPA editor to create custom EPA expression. Selecting Microsoft Windows Update Agent will give expression to check for the presence of the Windows update agent in client device. Additional parameters can be added to the expression by clicking on the + button and filling the required values about the Windows update.

User-added image
User-added image

https://support.citrix.com/article/CTX219296

Related:

  • No Related Posts

NetScaler drops a DNS UDP response larger than 512 bytes.

Tradução automática

Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.

Related:

  • No Related Posts

Provisioning Services target device fails to boot in read/write mode on Hyper-v

This issue will be resolved in a future version of RES ONE Workspace. The below workarounds should help resolve the issue.

Note: If you wish to go for solution 1 you will need to contact RES Workspace support to download the driver.

Workaround:

Choose one of the following workaround to solve this issue:

Workaround 1:

Replace the TDI based RES ONE Netguard driver with the WFP based RES ONE Workspace Netguard driver

– First extract the driver from the MSI package of RES-ONE-Workspace-2016-SR1.msi (use 7zip or peazip to extract the MSI and afterwards the disk1.cab and copy the file netguard_amd64.sys (64-Bit Version), netguard.sys (32-Bit Version) or the RES Support engineer will provide you with a suitable version of the file.

– Replace the file on the designated system in folder C:windowsSystem32Drivers (32-bit system) and C:WindowsSysWOW64drivers (64-bit system)

– Reboot the system


Workaround 2:

Disable the RES Netguard driver in the registry via the following setting and restart the machine:

Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRES NetGuard

Value: START

Type: REG_DWORD

Data: 3

NOTE:

This only applies to environments where the RES ONE Workspace Network security is NOT in use.

Related:

  • No Related Posts

Error “The task cannot be completed. RDS is currently busy” session stuck in AppCenter

Tradução automática

Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.

Related:

  • No Related Posts

MFCOM Errors During Discovery Process in the Access Management Console for Custom Citrix Administrators

There are multiple possible causes for this issue. Following are the most common causes and the appropriate resolutions:

Cause 1

The account used to run discovery is not an Citrix Administrator. Error: “You must be a Citrix Administrator to perform this action”

Resolution 1

Use DSView to check all the Administrators of the farm and use another Citrix Admin credentials to launch AppCenter.

Once launched, you can change it to any user as per your requirement.

Cause 2

The user is not a member of the Distributed COM Users group on the server:

Resolution 2

Add the user to the BUILT-INDistributed COM Users group on the server that you are connecting to. The recommendation is to do this using nested groups, such as Citrix Admins group.

Cause 3

The users do not have View Published Applications and Content permissions configured.

Resolution 3

  1. In the properties of the Citrix Administrator account, go to the Applications section.

  2. Under the node Published Applications, select View Published Applications and Content (on the Applications node and all sub folders).

    User-added image

Cause 4

An application might contain an invalid character. (Update AppCenter to newest release prevents invalid characters).

Capture a CDF trace while attempting to launch AppCenter or re-run discovery in AppCenter. Check for message entries similar to:

>Inside GetXmlNodesFromXml

>inside LoadXml

>Exception While Loading XML..srtipping non xml chars and retrying..

>”, hexadecimal value 0x1F, is an invalid character. Line 1, position 2428522.

>Inside stripNonValidXMLCharacters

>Failed to call method EnumFarmObjects: Exception has been thrown by the target of an invocation…

If Citrix XenApp 6.5 PowerShell SKD is installed a XenApp server, then use the PowerShell commands (…

Add-PSSnapin citrix.*

get-xaapplication | ft displayname, browsername, enabled -auto

…and review the output of the PowerShell command and identify any application that display unexpected characters. Example output:

DisplayName BrowserName Enabled

———– ———– ——-

Excel False

Filezilla v3_▼10 Filezilla v3_▼10 True

Note that the Filezilla application includes a unexpected character ‘▼’.

Resolution 4

Again if Citrix XenApp 6.5 PowerShell SKD is installed- Use the PowerShell command is used to remove the suspect published application.

remove-xaapplication (“Filezilla v3_” + [char]0x001F + “10”)

After removing the application, Citrix AppCenter discover works as expected.

Cause 5

Discovery would fail if a custom administrator has permissions to a nested subfolder but no permissions to the parent folder of that subfolder.

Resolution 5

For discovery to work add atleast the view permission or remove the permissions.

Cause 6

Invalid MFServer entry in database

Resolution 6

Perform DScheck on server. Ensure that a backup of the database has been perform before proceeding.

Select “Server” > “All Servers”> Check Only” > “Run”.

User-added image

Review results for any invalid entries

User-added image

Once object is found: Select “Delete server from Datastore”> Enter object name > “Run”

User-added image

Once object has been deleted, Select “Clean” > “Run”.

Cause 7

The account used to run discovery is not an Citrix Administrator. Error: “You must be a Citrix Administrator to perform this action”

Resolution 7

Use DSView to check all the Administrators of the farm and use another Citrix Admin credentials to launch AppCenter.

Once launched, you can change it to any user as per your requirement.

Run DSVIEW

Expand Server Neighborhoods—– Farm Name—–

Admin Tools———- Users———–GUID———-

Attribute(click on each attribute GUID)——–Adminfriendlyname

Related:

  • No Related Posts