Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability

A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol.

The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2018-0473

Related:

  • No Related Posts

Citrix Configuration Services

Content Collaboration Guided Installation Service Endpoint Management Guided Installation Service Virtualization Guided Installation Service

Guided Installation Services:

Content Collaboration Guided Installation Service

This service is ideal for customers who want to mobilize existing data via customer-managed StorageZones (on-prem storage) or StorageZone Connectors for CIFS & SharePoint. Service includes Active Directory integration via supported SAML 2.0 identity providers, user provisioning, and administrative training. Service also includes support for high-availability environments, configuration with Citrix NetScaler with content-switching and load balancing policies, interoperability with Citrix products including Endpoint Management, support for unlimited Storage Zones, and multi-site environments. Customers without in house expertise in data-sharing best practices will also benefit. It is a great way to realize the vast array of Content Collaboration benefits very quickly.

Click here to view the Content Collaboration Guided Installation Service Factsheet


Endpoint Management Guided Installation Service

This service is ideal for customers without extensive mobile device management and mobile application management backgrounds. As the mobile enterprise experience becomes more complex, it’s essential to secure and manage mobile devices, applications, and data as efficiently as possible. The Cloud Guided Installation Service – Endpoint Management helps you easily take advantage of the Endpoint Management Service in Citrix Cloud, which handles configuration and management of the enterprise mobility infrastructure for you.

Click here to view the Endpoint Management Guided Installation Service Factsheet.

Virtualization Guided Installation Service

This service is recommended for customers looking for guidance configuring a Virtual Apps or Virtual Desktop environment in Citrix Cloud according to best practice architecture. Customers looking to virtualize application and desktop delivery within a managed infrastructure can take advantage of this white glove service offering to lead a project based approach to expedite a smooth production roll-out. Service also includes support for high availability deployments, multi-site location, and configuration with Citrix Gateway. Ideal for customers leveraging a combination of cloud + on-prem hybrid components.

Click here to view the Virtualization Guided Installation Service FactSheet.

Other Services:

Professional Services for Cloud

Our Cloud experts will ensure the partner’s roll out will be using our leading practices and our team can work exclusively with the partner if needed.

Click here to view the Professional Services for Cloud Factsheet

Related:

Driver versions for XenServer and Citrix Hypervisor

Citrix works with partner organizations to ensure that drivers are available to enable new hardware and resolve critical issues.

Citrix regularly delivers updated versions of these drivers as driver disk ISO files.

Refer to the following table to see the driver versions that are included in the base installation for each version of XenServer or Citrix Hypervisor. If an update is available for a driver, the table also includes a link to the latest driver disk update:

Driver Name XenServer 7.0 XenServer 7.1 LTSR XenServer 7.6 Citrix Hypervisor 8.0
aacraid 1.2-1.41043

Update available: 1.2.1.55022

1.2.1.52011src

Update available: 1.2.1.57013

1.2.1.52011src

Update available: 1.2.1.57013

1.2.1[50877]-custom
arcmsr v1.30.0X.20-20150324 v1.30.0X.23-20151225 v1.30.0X.23-20151225 v1.40.00.09-20180709
be2iscsi 11.4.0.1
be2net 11.0.235.4

Update available: 11.0.235.15

11.1.196.0

Update available: 11.2.1226.2

11.1.196.6

Update available: 11.2.1226.2

12.0.0.0
bfa 3.2.1.1 3.2.23.0 3.2.23.0 3.2.25.1
bna 3.2.1.1 3.2.25.1 3.2.25.1 3.2.25.1
bnx2 2.2.5p 2.2.5r 2.2.5r 2.2.5w
bnx2fc 2.10.2 2.11.0

Update available: 2.12.5

2.11.9.1

Update available: 2.12.5

2.12.5
bnx2i 2.11.2.0 2.11.5.0 2.11.10.0 2.11.19.0
bnx2x 1.713.04

Update available: 1.714.6

1.714.1

Update available: 1.714.24

1.714.6

Update available: 1.714.24

1.714.24
bnxt_en

Update available: 1.2.3

1.5.5

Update available: 1.8.29

1.5.5

Update available: 1.8.29

1.10.0-215.0.154.0
cciss 4.6.28-22 3.6.26 3.6.26 3.4.20-125
cnic 2.5.20j 2.5.20n 2.5.20p 2.5.20w
csiostor 1.0.0 1.0.0 1.0.0-ko
cxgb3 1.1.5-ko 1.1.5-ko 1.1.5-ko 1.1.5-ko
cxgb3i 2.0.1-ko
cxgb4 2.0.0-ko 2.0.0-ko 2.0.0-ko 2.0.0-ko
cxgb4i 0.9.5-ko
e100 3.5.24-k2-NAPI 3.5.24-k2-NAPI 3.5.24-k2-NAPI 3.5.24-k2-NAPI
e1000 7.3.21-k8-NAPI 7.3.21-k8-NAPI 7.3.21-k8-NAPI 7.3.21-k8-NAPI
e1000e 3.3.3-NAPI 3.3.5-NAPI

Update available: 3.4.0.2

3.4.0.2-NAPI 3.4.2.1-NAPI
enic 2.3.0.20

Update available: 2.3.0.30

2.3.0.30

Update available: 3.1.136.0

3.1.136.0-533.0

Update available: 3.1.136.0

3.2.189.0-713.0
fm10k 0.19.3 0.21.5 0.21.5 0.26.1
fnic 1.6.0.25

Update available: 1.6.0.44

1.6.0.31

Update available: 1.6.0.44

1.6.0.44

Update available: 1.6.0.44

1.6.0.47
hpsa 3.4.10-120 3.4.16-145 3.4.16-145 3.4.20-125
i40e 1.4.25 1.3.46-k

Update available: 2.0.23

2.0.23 2.7.12
i40evf 1.3.33 1.5.14 2.0.22 3.2.2-k
ice ice-0.7.0-k
igb 5.3.4.4 5.3.5.3

Update available: 5.3.5.20

5.3.5.3

Update available: 5.3.5.20

5.3.5.20
igbvf 2.3.7.1 2.3.8.2 2.3.8.2 2.4.0-k
isci 1.2.0 1.2.0 1.2.0 1.2.0
ixgb 1.0.135-k2-NAPI 1.0.135-k2-NAPI 1.0.135-k2-NAPI 1.0.135-k2-NAPI
ixgbe 4.3.13 4.4.6

Update available: 5.5.2

4.4.6 5.5.2
ixgbevf 2.16.1 3.2.2 3.2.2 4.1.0-k
lpfc 0:11.0.0.12 0:11.1.210.1 0:11.1.210.1 0:12.0.0.10
megaraid 2.00.4 2.00.4 2.00.4 2.00.4
megaraid_sas 06.810.09.00-rc1 06.811.02.00-rc1

Update available: 07.707.03.00

07.701.18.00-rc1

Update available: 07.707.03.00

07.707.03.00-rc1
mlx4_core 3.1-1.0.4 3.4-1.0.0 3.4-1.0.0 4.0-0
mlx4_en 3.1-1.0.4 3.4-1.0.0 3.4-1.0.0 4.0-0
mlx5_core 3.1-1.0.4 3.4-1.0.0 3.4-1.0.0 5.0-0
mpt2sas 14.100.00.00 13.100.00.00 22.00.00.00 27.101.00.00
mpt3sas 12.100.00.00 13.100.00.00

Update available: 22.00.00.00

22.00.00.00 27.101.00.00
mptsas 3.04.20 3.04.20 3.04.20 3.04.20
mtip32xx 3.8.1-1 1.3.1 1.3.1 1.3.1
netxen_nic 4.0.82 4.0.82 4.0.82 4.0.82
nvme 0.9 1 1 1
qed 8.3.7.0 8.10.11.0

Update available: 8.33.9.0

8.30.15.0

Update available: 8.37.30.0

8.37.30.0
qede 8.3.7.0 8.10.11.0

Update available: 8.33.9.0

8.30.15.0

Update available: 8.33.9.0

8.37.30.0
qedf

Update available: 8.37.30.0

8.37.30.0
qedi

Update available: 8.37.30.0

8.37.30.0
qedr 8.37.30.0
qla2xxx 8.07.00.33.77.0-k 8.07.00.41.77.1-k 8.07.00.56.71.0-k 10.00.00.11.80.0-k
qla4xxx 5.04.00.00.06.06-c0 5.04.00-k6 5.04.00-k6 5.04.00-k6
qlcnic 5.3.63 5.3.65 5.3.65 5.3.66
qlge 1.00.00.34 1.00.00.35 1.00.00.35 1.00.00.35
sfc 4.5.1.1020 4.10.1.1000-xen 4.10.1.1000-xen 4.1
smartpqi 0.9.13-370

Update available: 1.2.6-015

0.9.13-370

Update available: 1.2.4-065

1.1.4-130
tg3 3.137o 3.137 3.137 3.137

More Information

If you experience any difficulties, contact Citrix Technical Support.

For information on how to build driver disks, refer to Citrix XenServer � 7.1 Supplemental Packs and the DDK Guide.

Related:

  • No Related Posts

View-Only Sharing

Enable View-Only

View-Only Sharing must be enabled for your account. Submit a request to ShareFile Customer Care to have this feature enabled.

This feature requires configuration changes to your StorageZones Controller. Click here for information on how to configure your StorageZones Controller to support View-Only Sharing.

This feature requires configuration changes to your NetScaler. Click here for information on how to configure your NetScaler to support View-Only Sharing.


Supported Files

  • Microsoft Office Files
  • PDF
  • Image files (requires SZC v3.4.1 or later)
    • BMP
    • GIF
    • JPG
    • JPEG
    • PNG
    • TIF
    • TIFF

View-Only and Audio / Video Files

Audio and Video files may be viewed with the view-only permission, but only if the audio and video files are stored on a public (Citrix-Managed) StorageZone. Only supported file types can be previewed, click here for supported types.

Due to the above, you cannot share audio and video files as a view-only message if they are stored on a private zone.

Share a File with View-Only Permissions

Once View-Only Sharing has been enabled for your account, a new setting will appear in Message Options when sharing files. Use the Allow Recipients To dropdown menu to select View Online Only. You may then customize how many views each user is permitted.

User-added image

When your recipient accesses the download link, the Download button will not be present and the recipient will be prevented from printing or saving the file.

Note – Sharing audio and video files as a view-only message is only supported for audio / video files stored on a public StorageZone. See info on those file types earlier in this article.

Grant a User the View Permission

Grant users the View permission if you want to control access to files stored in certain folders. When adding new users to folder access, select the View checkbox to grant them the permission. When viewing the folder contents with this permission, your user will not be able to download or share files. They must use the magnifying glass icon to preview the files.

User-added image

Note regarding Restricted Zones and DLP

The following files cannot be previewed or shared with the View-Only permission:

  • Files stored on a Restricted StorageZone
  • Files restricted from downloading due to DLP policy settings


Do Views trigger download notifications?

Yes, if you select to be notified when a file has been accessed.


Troubleshooting

Files cannot be previewed

  • During setup, the URL of your Microsoft Office Web Apps server must be entered into the StorageZones Controller console. The URL used must be accessible by ender users to support View-Only Sharing.
  • During setup, it is recommended that users synchronize the clock of their StorageZones Controller server with time.windows.com or another NTP server. Click here for information on Windows Time Service Tools.

View-only message cannot be sent

  • You cannot share a view-only message containing audio and video files if those files are stored on a private zone.

Note:

Restricting Print works only with few files as Citrix has no control over Browser or Operating System. Microsoft Office files which redact data when printing and restrict from printing is due to Microsoft Office Online Servers restriction and not due to Sharefile.

Related:

  • No Related Posts

Incorrect windows firewall configuration for VDA registration and session launch services

Note: This article is applicable to 7.x versions of XenApp and XenDesktop.

The Windows Firewall configuration on the VDA is preventing inbound connections from Delivery Controllers in the Site.

The VDA must allow inbound connections on the ports listed in VDA, Delivery Controller, and Director section of Citrix documentation.

These ports enable the VDA to communicate with the Delivery Controllers, register with the Site, and provide access to users’ applications and desktops. If these ports are blocked or used by other applications, users cannot launch sessions and access these resources.

Related:

  • No Related Posts

Windows 10 October 2018 Update (v1809) – Citrix Known Issues

Microsoft releases software updates for Windows 10 twice a year through the Semi-Annual Channel. On 2nd October 2018, Microsoft released its latest Semi-Annual Channel release for Windows 10 called ‘October 2018 Update’ (v1809).

This article is intended to capture known issues with Windows 10 v1809 that have been identified so far through Citrix internal testing and customer reports.

  • Citrix Virtual Delivery Agent (VDA) for Windows Desktop OS
  • Citrix Receiver for Windows
  • Citrix Provisioning Services (PVS)
  • Citrix Workspace Environment Management (WEM)
  • Citrix User Profile Management (UPM)

Note:

  • This is a live article and is updated as and when new information is available.

Known Issues

The following are the known issues:

Issue 1

Issue Description

When a user tries to launch a published desktop in full-screen mode using Smart card authentication through a NetScaler environment, the PIN prompt is not visible and just the progress indicator is seen. The connection times out and the launching desktop process closes.

[LC8579]

Problem Cause

Full-screen sessions hide the PIN prompt window. The Windows Security and UAC prompt are updated from Winform to XAML. This causes the PIN prompt window to lose focus and stay in the background.

Solution

This is a known issue with Citrix Receiver (https://docs.citrix.com/en-us/receiver/windows/current-release/about/known-issues.html).

  • Users on Current Release of Citrix Receiver are advised to upgrade to Citrix Receiver 4.12 or its replacement that contains the fix.
  • Users on the LTSR version(version 4.9) of Receiver are advised to upgrade to Citrix Receiver 4.9.3000 or its replacement that contains the fix.

Issue 2

Issue Description

The mouse cursor could appear smaller within a session when using display with high DPI/Resolution

[HDX-9959]

Problem Cause

Monochrome custom cursors created via CreateCursor() in a non-DPI aware application do not scale correctly with Windows 10 v1703 and later versions. Custom cursors created via CreateInconIndirect() in a non-DPI aware application do not scale correctly in all versions of Windows 10.

Solution

  • Users on Current Release of Citrix Receiver (version 4.8) are advised to upgrade to Citrix Receiver 4.11 or its replacement that avoids the cursor scaling issue.
  • Users on the LTSR version(version 4.9) of Receiver are advised to upgrade to Citrix Receiver 4.9.5000 or its replacement that avoids the cursor scaling issue.


Issue 3

Issue Description

The mouse cursor is distorted or may disappear at times when a published application or VDA is launched in full screen on multi-monitor setup with high DPI/Resolution.

[RFWIN-7040]

Problem Cause

Monochrome custom cursors created via CreateCursor() can be distorted on multi-monitor setups with mixed DPI in Windows 10.

Solution

  • Users on Current Release of Citrix Receiver (version 4.8) are advised to upgrade to Citrix Receiver 4.11 or its replacement that avoids the cursor scaling issue.
  • Users on the LTSR version(version 4.9) of Receiver are advised to upgrade to Citrix Receiver 4.9.3000 or its replacement that avoids the cursor scaling issue.

Issue 4

Issue Description

Print command from inside an ICA session of Windows 10 v1809 client fails to print using mapped Citrix UPS configured XPS Printer.

[HDX-13664]

Problem Cause

XPS Viewer is not available on Windows 10 v1803 and later versions by default. It is available as a Feature on Demand.

Solution

To install XPS Viewer, follow the below steps:

  • Open Command Prompt in elevated mode
  • Run the command “Dism /online /add-capability /CapabilityName:XPS.Viewer~~~~0.0.1.0”

Note:

  • The machine should be connected to the Internet for above command to acquire and install XPS Viewer.


Issue 5

Issue Description

Upgrade from Windows 10 v1803 to v1809 fails if Citrix User Profile Manager (UPM) is installed.

[TPV-1431]

Problem Cause

The upgrade fails with an error message “error during MIGRATE_DATA operation”.

Solution

The Microsoft KB4343909 resolves this issue. Install KB4343909 OR its replacement on v1803 prior to upgrade of Windows 10 v1809.

Issue 6

Issue Description

Citrix User Profile Manager (UPM) stops working after Windows 10 is upgraded to v1809.

[TPV-1307]

Problem Cause

The upgrade process is removing some of the registry entries related to UPM.

Solution

This issue is fixed with the Microsoft’s March 2019 Updates for Windows 10. Install the respective March 2019 update OR its replacement on your existing Windows 10 version before upgrading to Windows 10 v1809.

Issue 7

Issue Description

Mouse pointer is not visible within a v1809 HDX 3D pro session. All operations inside the session are to be performed by keyboard using shortcuts. This issue is seen with Citrix XenApp/XenDesktop 7.15 only. This issue is not seen with later versions of XenApp/XenDesktop.

[LCM-4951]

Problem Cause

A change in mouse functionality API’s is causing this issue.

Solution

This issue is fixed with Microsoft KB4501371. Users are advised to install this KB OR its replacement to resolve the mouse pointer issue.


Issue 8

Issue Description

After HDX 3D Pro VDA is upgraded from Windows 10 v1803 to v1809, the policy “Use hardware encoding for video codec” is not in effect and Hardware Encoding is disabled. The Registry information related to BitMap Provider is also not as expected post upgrade.

[LCM-4955, LCM-4956]

Solution

Citrix is working with Microsoft to resolve this issue.

Workaround:

  • After upgrading to v1809, restart the VDA and run below commands:

C:Program FilesCitrixICAServiceNvFBCEnable.exe -enable

  • Make sure FBC is enabled by running

C:Program FilesCitrixICAServiceNvFBCEnable.exe -checkstatus


Note – If status is still shown as disabled, then Nvidia driver may need to be reinstalled. After reinstalling the driver, try to enable FBC again.


Issue 9

Issue Description

Pass-Through Authentication (SSON) fails to work when Windows 10 is upgraded to v1809 with Workspace App installed.

[TPV-1916]

Problem Cause

While upgrading to v1809, few registry entries required by SSON gets removed under HKLM > System > CurrentControlSet > Control > NetworkProvider.

Solution

This issue is no longer seen if KB4490481 is present on target OS (v1809). If using ISO, while upgrading to v1809, check the option of obtaining updates during upgrade. This will include KB4490481 during upgrade.

If the fix is not accessible, users may manually add the registry keys (Workaround 1) OR run a Power Shell script (Workaround 2) that adds the registry entries that were deleted by the installer.

Workaround 1:

Caution! Refer to the Disclaimer at the end of this article before making changes to Registry

  1. Right click on Start button and choose Run

  2. Type regedit and click OK.

  3. Browse to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services.

  4. Right-click on Services and choose New > Key.

  5. Enter value PnSson for the new key and click OK.

  6. Right-click the key PnSson for and choose New > DWORD 32 bit, enter IsEnabled and set Value data 1

  7. Right-click the key PnSson for and choose New > DWORD 32 bit, enter Type and set Value data 4

  8. After adding the keys and values, it should appear like below:

    User-added image

  9. Right-click the key PnSson and choose New > Key.
  10. Enter value NetworkProvider and click OK.
  11. Add the following entries under the newly created key:
    • Right-click NetworkProvider > New > String Value, enter Name and set Value data Citrix Single Sign-on.

    • Right-click NetworkProvider > New > String Value, enter ProviderPath and set Value data to below value:

      C:Program Files (x86)CitrixICA Clientx64pnsson.dll on 64 bit Machine

      C:Program FilesCitrixICA Clientpnsson.dll on 32 bit Machine

      Note: If Workspace App is installed in Custom location, the above values should be changed accordingly to $InstallPath$ICA Client… Example: If install path is c:Citrix then the value should be C:CitrixICA Client….

    • Right-click NetworkProvider > New > DWORD 32 bit, enter Class and set Value data 2.

  12. After adding the keys and values, it should appear like below:

    User-added image

  13. Browse to HKEY_LOCAL_MACHINE> SYSTEM> CurrentControlSet> Control> NetworkProvider> Order

  14. Right Click on ProviderOrder and Select Modify.

  15. Add ,Pnsson to the end of the current value in the registry.

  16. After adding the keys and values, it should appear like below:

    User-added image

  17. Browse to HKEY_LOCAL_MACHINE> SYSTEM> CurrentControlSet> Control> NetworkProvider> HwOrder

  18. Right Click on ProviderOrder and Select Modify.

  19. Add ,Pnsson to the end of the current value in the registry.

  20. After adding the keys and values, it should appear like below:

    User-added image

  21. Restart the machine.

Workaround 2:

Users could run the Power Shell script that adds the above entries. Download the attachment.zip file, extract it to a folder and run Receiver_SSON.PS1. This script will add the registry entries based on the Receiver install location. It also retains services registered with Microsoft Network Provider and appends PnSson value. Users are advised to test the script before using it in a production environment.

Issue 10

Issue Description

WEM cannot pin apps to taskbar in Windows 10 v1809

[WEM-3257]

Problem Cause

After pinning apps to taskbar and refreshing the agent, the apps are still not shown on the VDA.

Solution

Citrix is investigating this issue.

Issue 11

Issue Description

Printers part of Universal Print Server are no longer mapped after Windows 10 is upgraded to Windows 10 v1809. This issue is not seen with fresh install of Windows 10 v1809.

[LCM-5677]

Solution

There is no solution. Support for custom print drivers have been deprecated by Microsoft.

Related:

  • No Related Posts