Error: “Your apps are not available at this time. Please try again” When Receiver Connects Through NetScaler Gateway

Solution 1

To resolve this issue change the beacon entries in StoreFront. Add the NetScaler Gateway addresses to external beacon.

Reference: https://docs.citrix.com/en-us/storefront/3-11/integrate-with-netscaler-and-netscaler-gateway/configure-beacon.html

External Beacon

If you want to use ICA proxy from internal and external connections (all clients should only go through NetScaler), then add a fake address in the internal beacon of StoreFront.

Note: The internal beacon should only be resolvable inside the network, if the beacon is resolvable externally then Citrix Receiver will not be able to add the account.

Solution 2

The issue relates to compatibility of Receiver 4.x and Web Interface XenApp services site. Receiver 4.x supports services sites but when connecting thru NS, users may experience issues as described in CTX136828 – Error When Using Windows Receiver PNAgent through Access Gateway Enterprise Edition Appliance.

Also note Citrix Documentation – NetScaler to Web Interface XenApp Services site is not supported.

Related:

  • No Related Posts

Access to a Citrix Knowledge Center Article is Denied

Citrix has introduced Customer Success Services that allow customers to see privileged Knowledge Center content. Contact your local Citrix Solution Advisor or call 1-800-424-8749 and listen for the option to contact the Sales department; they can help determine which program is right for you.You will continue to have access to certain content as per the matrix below.

Software Updates

Product Type Readme Visible to Download Available to
XenApp 7.X or Higher

XenDesktop 7.X or Higher

Provisioning Services 7.x or Higher

XenMobile 10.X or Higher
Public or Limited or Superseded All
  • Customer Success Services customers
  • Subscription Advantage customers
  • Partners
XenApp 6.X or Earlier

XenDesktop 5.6 or Earlier

Provisioning Services 6.x or Earlier

XenMobile 9.X or Earlier

Application Streaming (all versions)

EdgeSight (all versions)

Single Sign-On (all versions)

Secure Gateway (all versions)

Smart Auditor (all versions)

User Profile Management (all versions)

Web Interface (all versions)

CloudPortal Services (all versions)

CloudPortal Business Manager (all versions)

CloudPlatform (all versions)

VDI-in-a-Box (all versions)
Public All All logged in users
Limited or Superseded All
  • Partners
  • Customers with a TRM agreement

XenServer 7.1 LTSR Cumulative Update 1

XenServer CR release earlier to the latest CR release

XenServer 7.0 hotfixes released after 1 December 2017 (XS70E050 and later)

Public All
  • Customer Success Services customers
  • Subscription Advantage customers
  • Partners
XenServer (Other versions) Public All All logged in users

Citrix Supportability Pack

Readme Visible to Download Available to
All
  • Customer Success Services customers
  • Partners


Premium Content

  • Available to Customer Success Services Customers and Partner designated technical contacts on customer’s support entitlement.


Other Content Type

Type Readme Visible to Download Available to
Technotes All All logged in users
Tools All All logged in users
Learning All All logged in users
Security Bulletins All All


Chat

  • Available only to Customer Success Services customers.


For Application Networking Group products (such as NetScaler, CloudBridge, NetScaler (Access) Gateway, Communication Gateway, and Application Gateway), consider subscribing to the Citrix Appliance Maintenance program.

Related:

  • No Related Posts

Notice of Change Announcement for NetScaler SD-WAN 4000-SE (Standard Edition)

Citrix Systems, Inc. announces End of Maintenance for NetScaler SD-WAN 4000-SE (Standard Edition) appliances.

The tables below explain the Citrix NetScaler SD-WAN life cycle management milestones as well as important information regarding dates and options during this period. The dates and milestones provided are in accordance with stated End of Life/End of Support policies for Citrix Systems, Inc.

Table 1. Milestones and Dates

Milestone Definition Date
Notice of Change (NSC) The NSC date is the date on which Citrix announces the intent to initiate the lifecycle management process for a hardware platform. May 15, 2018
End of Sale (EOS) The date on which Citrix will no longer offer the product. June 15, 2018
End of Maintenance (EOM) / End of Life (EOL) The EOL milestone signals the point at which no support or maintenance is provided. Product information will be limited to the historical material available on MyCitrix.com or other online resources and is subject to removal beyond this date. June 15, 2023

Click here for the Citrix Product LifecycleMilestones Definitions.

Products Affected

The products affected by this announcement and their replacements are listed in Table 2 (below). The products listed in the Product Replacement / Alternatives column represent the migration path for these discontinued platforms.

Table 2. Platforms affected by this announcement.

Product Description Replacement / Alternatives
NetScaler SD-WAN 4000-SE (Standard Edition) 4100-SE (Standard Edition)

Customer Actions

Citrix recommends that existing customers take steps to upgrade to the latest NetScaler SD-WAN platform so that they can take advantage of the upgraded features and performance. This will ensure the best transition of the product.

For More Information

For more information about the Citrix NetScaler SD-WAN, visit https://www.citrix.com/products/netscaler-sd-wan/ or contact your local Citrix sales representative / authorized Citrix business partner..

Related:

  • No Related Posts

Netscaler VPX 1000 – Azure – Slowness getting through Netscaler.


With 12.0 builds, we have changed default yield behavior for PE vCPUs. vCPU will not yield to hypervisor, even though if there is less/moderate traffic in 12.0 build, which was not the case for 11.1 builds. That’s the reason, VPX vCPU is always 100% on hypervisor. However, vCPU is allocated to management core might not be 100%.

NetScaler yields PE vCPUs to hypervisor in sparse/moderate traffic cases. Since we have observed Tx overflow/congestion, it’s somewhat related to scheduling, we thought not yielding vCPU helps in improving the situation.

– set ns vpxparam -cpuyield NO

Upgrade to 12.0.53.X+

Related:

  • No Related Posts

How to Use the Authentication Feature of a NetScaler Appliance with a Load Balancing or Content Switching VServer on the Appliance

This article describes how to use the authentication feature of a NetScaler appliance with a Load Balancing or Content Switching virtual server on the appliance.

Requirements

To complete this task, the NetScaler appliance must have license for the Load Balancing, Content Switching, and Authentication, Authorization, and Auditing (AAA – Application Traffic) features.

Related:

  • No Related Posts

Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway leading to arbitrary code execution and host compromise

This vulnerability has been addressed in the following versions of Citrix NetScaler ADC and NetScaler Gateway:

• Citrix NetScaler ADC and NetScaler Gateway version 12.0 Build 57.24 and later

• Citrix NetScaler ADC and NetScaler Gateway version 11.1 Build 58.13 and later

• Citrix NetScaler ADC and NetScaler Gateway version 11.0 Build 71.24 and later

• Citrix NetScaler ADC and NetScaler Gateway version 10.5 Build 68.7 and later

Citrix NetScaler ADC and NetScaler Gateway version 10.1 are not planned to be updated as part of remediating this issue. Customers on version 10.1 should plan to move to a later version to receive the latest security updates.

These new versions can be downloaded from the following locations:

https://www.citrix.com/downloads/netscaler-adc.html

https://www.citrix.com/downloads/netscaler-gateway.html

Citrix strongly recommends that customers using affected versions of NetScaler ADC and NetScaler Gateway to upgrade to a version of the appliance firmware that contains the fixes for this issue as soon as possible.

Related:

  • No Related Posts

How to Allocate an Extra Management CPU to NetScaler MPX Appliance

You can use the NetScaler CLI, GUI, or NITRO API to allocate an extra management CPU. This section includes the following topics:

Allocate or deallocate an extra management CPU by using the NetScaler CLI

Allocate an extra management CPU by using the NetScaler GUI

Configure an extra management CPU by using the NITRO API

Statistics and Monitoring

Allocate or deallocate an extra management CPU by using the NetScaler CLI

At the command prompt, type one of the following commands:

  • enable extramgmtcpu
  • disable extramgmtcpu

Note

After you enable and disable this feature, the NetScaler appliance displays a warning to restart the appliance, for the changes to take effect.

To show the configured and effective state of an extra management CPU

At the command prompt, type command:

User-added image

Note : In this example, the show command is entered before restarting the appliance.

Parameter Descriptions of Commands Listed in the CLI Procedure

  • enable extramgmtcpu

Enables and dedicates extra CPU for management from PE pool.

See also:

disable system extramgmtcpu

show system extramgmtcpu

  • disable extramgmtcpu

Disables extra CPU for management and returns it to the PE pool.

See also:

enable system extramgmtcpu

show system extramgmtcpu

  • show extramgmtcpu

Displays configured and effective states of the extra management CPU.

Configured and effective state are different if enable extramgmtcpu command has been entered but system is has not been restarted.

See also:

enable system extramgmtcpu

disable system extramgmtcpu

Allocate an extra management CPU by using the NetScaler GUI

To allocate an extra management CPU by using the NetScaler GUI, navigate to System>Settingsand click Configure Extra Management CPU. From the Configured State drop-down menu, selectEnabled and then select OK.

localized image

To check CPU usage, go to System > Settings > Dashboard.

Configure an extra management CPU by using the NITRO API

Use the following NITRO methods and formats to enable, disable, and show an extra management CPU.

To enable an extra management CPU

HTTP Method: POST

URL: http://<NSIP>/nitro/v1/config/systemextramgmtcpu?action=enable

Payload: {“systemextramgmtcpu”:{}}

curl -v -X POST -H "Content-Type: application/json" -u nsroot:nsroot http://10.102.201.92/nitro/v1/config/systemextramgmtcpu?action=enable -d '{"systemextramgmtcpu":{}}'

To disable an extra management CPU

HTTP Method: POST

URL: http://<NSIP>/nitro/v1/config/systemextramgmtcpu?action=disable

Payload: {“systemextramgmtcpu”:{}}

curl -v -X POST -H "Content-Type: application/json" -u nsroot:nsroot http://10.102.201.92/nitro/v1/config/systemextramgmtcpu?action=disable -d '{"systemextramgmtcpu":{}}' 

To show an extra management CPU

HTTP Method: GET

URL: http://<NSIP>/nitro/v1/config/systemextramgmtcpu

curl -v -X GET -H "Content-Type: application/json" -u nsroot:nsroot http://10.102.201.92/nitro/v1/config/systemextramgmtcpu 

Statistics and Monitoring

The following examples show the differences in the output of the stat system cpu and stat system commands before and after adding an extra management CPU.

1. stat system cpu

This command displays statistics of CPUs.

Here is a sample output before adding an extra management CPU on one of the supported models.

Example: Output Before Adding an Extra Management CPU

> stat system cpu

CPU statistics

ID Usage

8 1

7 1

11 2

1 1

6 1

9 1

3 1

5 1

4 1

10 1

2 1

Here is the output after adding an extra management CPU on the same MPX appliance.

Example: Output After Adding an Extra Management CPU

> stat system cpu

CPU statistics

ID Usage

9 1

7 1

5 1

8 1

11 2

10 1

6 1

4 1

3 1

2 1

2. stat system

This command displays CPU use. In the following example, the output before adding an extra management CPU on one of the supported models is:

Mgmt Additional-CPU usage (%) 0.00

Example: Output Before Adding an Extra Management CPU

> stat system

NetScaler Executive View

System Information:

Up since Wed Oct 11 11:17:54 2017

/flash Used (%) 0

Packet CPU usage (%) 1.30

Management CPU usage (%) 4.00

Mgmt CPU0 usage (%) 4.00

Mgmt Additional-CPU usage (%) 0.00

Memory usage (MB) 2167

InUse Memory (%) 5.76

/var Used (%) 0

In the following example, the output after adding an extra management CPU on the same MPX appliance is:

Mgmt Additional-CPU usage (%) 0.80

Example: Output After Adding an Extra Management CPU

> stat system

NetScaler Executive View

System Information:

Up since Wed Oct 11 11:55:56 2017

/flash Used (%) 0

Packet CPU usage (%) 1.20

Management CPU usage (%) 5.70

Mgmt CPU0 usage (%) 10.60

Mgmt Additional-CPU usage (%) 0.80

Memory usage (MB) 1970

InUse Memory (%) 5.75

/var Used (%) 0

Note :After you enable and disable this feature, the NetScaler appliance displays a warning to restart the appliance, for the changes to take effect.

Related:

  • No Related Posts

How to upgrade SDX appliance from 10.5/11.x to 12.0 Version

If you are already running 11.x or 10.5 Build 57.x or later, then please jump to STEP 7, as STEP 1 to STEP 6 are only valid for versions up to 10.5 Build 56.x.

STEP 1: Make sure that your SVM (Management Service) version 10.5 Build 66.x or later. You can download it from downloads.citrix.com. Downloaded file will be of format build-svm-10.5-6x.xx.tgz

Download Link: https://www.citrix.co.in/downloads/netscaler-adc/service-delivery-appliances/sdx-release-105-build-6710.html

In this article, we would be using SVM 10.5 Build 67.10 as an example.

Please see the screenshots below to find out the download location/naming of the file:

User-added image

User-added image

STEP 2: Upload the downloaded file to the SDX under Management Service–>Software Images

User-added image

STEP 3: Click on System–>Under System Administration–>Upgrade Management Service

NOTE: In the screenshot below, you can also see “Upgrade Appliance” option. This is because we are already running SVM 10.5 Build 66+, however if you are running older versions of SVM (Example builds older than 10.5 Build 56.x) then you might not see the option of Upgrade platform. If you see the “Upgrade Appliance” option on your current version of SVM then you can skip the SVM upgrade and directly go for Single Bundle upgrade (STEP 7). The idea behind upgrading SVM to 10.5 Build 66+ is to get the “Upgrade Platform” option.

User-added image

This will take you to the next page with the list of builds that you have uploaded on the appliance. Select the one that you need to upgrade to and hit OK.

Hitting OK will give you a warning pop up before proceeding. Hit Yes.

User-added image

Hitting Yes will start the SVM upgrade process and will take you to a screen with the timer.

User-added image

NOTE: This only means that currently SVM is upgrading and none of the VPX hosted (if any) on the appliance are effected. VPX appliances are only effected if the whole SDX appliance is rebooted. With SVM rebooting, you only lose the SVM to VPX communication temporarily.

Once the reboot of the SVM is done, you will be presented with the login screen. Login again and confirm that you can see the new version.

STEP 4: Make sure that you have the bundle file downloaded for the Single Bundle Upgrade. The file format would be similar to build-sdx-12.0-xx.xx.tgz

Download Link: https://www.citrix.co.in/downloads/netscaler-adc/service-delivery-appliances/sdx-bundle-120-5719.html

Screenshots from the download site:

User-added image

User-added image

STEP 5: Upload the file under Management Service–>Software Images

NOTE: Since this is 10.5 and the bundle file is of .tgz format, it needs to be uploaded under Software Images and not platform Images.

User-added image

After Upload:

User-added image

STEP 6: Navigate to System–>System Administration–>Upgrade Management Service

User-added image

This is similar to STEP 3, however the only difference is that we have used the platform file (build-sdx-12.0-xx-xx.tgz) and not the SVM upgrade (build-svm-xx.xx.xx.tgz).

We do not have separate files for SVM upgrade starting 11.0 Version, and hence we have used the whole bundle to upgrade.This will go for a reboot after the warning.

NOTE: After the upgrade you will notice that only SVM has been upgraded and none of the other components like Platform Version, XenServer Version is still showing old. However, the new SVM will give us a new GUI option of “Upgrade Appliance” and old options of upgrade Management service/Upgrade platform are not existing on the new SVM.

STEP 7: Navigate to System–>System Administration–>Upgrade Appliance

User-added image

Choose the file and Hit OK.

User-added image

After you hit OK, you will be directed to a different page which shows the summary of the upgrade. Important to note is that platform version will be upgraded with this including the supplemental fix and hot fixes.

User-added image

Hit Upgrade.

NOTE: The process of upgrade takes time and you will notice that the appliance reboots more than once before it is finally up. During the upgrade you will see that the SVM page on browser is not displayed; this is expected.

After the upgrade is completed you will see a page that confirms the upgrade status.

User-added image

STEP 8: Login and confirm the upgraded Hypervisor information.

User-added image

NOTE: If for some reason you do not see the XenServer version as 6.5, then please collect the support bundle (Management Service + XenServer) and reach out to support.

Related:

  • No Related Posts

FAQ: XenMobile Server Support

This article contains answers to the frequently asked questions on XenMobile Server Support.

General

What is XenMobile Server Support?

How do I get to the support page on App Controller server?

In which version of App Controller Support feature is available?

What are the browsers and platforms supported?

What ports needs to be open for the support feature to work?

I am getting error “Unable to get the details from the server.” for NetScaler Gateway?

I am getting error “Failed to authenticate with the App Controller”?

I am getting error “Login Failed: Check XDM credentials or Database server is down.”?

How do I exit from the support page?

What if I have queries/suggestions regarding Support page?

Servers and Operations

What are the servers supported by the supportability framework?

How should I add App Controller HA pair in the Support Page?

How should I add XenMobile Device Manager Cluster Setup?

Can I add multiple servers for each server type?

Do I need to add the servers again in the next session/login?

What are the operations supported in the Support Page?

Can I perform more than one operation at a time?

Should all the three servers be in the same deployment of XenMobile Environment?

Connectivity Checks

Where/how are the connectivity checks done?

What does ‘Perform Connectivity Checks’ on NetScaler Gateway do?

What does ‘Perform Connectivity Checks’ on XenMobile Device Manager do?

I am unable to perform Connectivity Checks on App Controller?

Support Bundles

What information is collected in support bundles?

Can I collect support bundles for more than one server at a time?

Will I download multiple support bundles in this case?

Where do the support bundles get downloaded?

Are the generated support bundles permanently stored on the App Controller server?

Citrix Insight Services

What is “Citrix Insight Services” server?

What are the credentials to be used for uploading Support Bundles to Citrix Insight Services?

I do not have a “Citrix Insight Services” account. How do I upload the support bundle?

I do not have a SR number from “Citrix Insight Services”. Can I still upload support bundles?

General

  • IS it possible to install/configure DNS server on XenMobile appliance.
The DNS server should be installed on windows machine that is in the same network as that of your XenMobile , Since the XenMobile is linux appliance it is not possible ,

  • Is it possible to configure internal (sql and internal network )and external (apns )on dns server
All of the internal ip address and hostname can be added on the dns server as an address record . the external url are already public and dont require separate entries on DNS server . However if you are using proxy/firewall the traffic should be open bidirectional for communications. You can check out the following document for the same.
http://docs.citrix.com/en-us/xenmobile/server/system-requirements/ports.html

  • can we add static route to XenMobile

    We can only add static route on Netscaler , this is not possible for XenMobile. Can you please elaborate the exact requirement here so that .

Q: What is XenMobile Server Support?

A: XenMobile Server Support is an online platform that provides a one-stop location where administrators can perform various troubleshooting and instrumentation related tasks. It provides an easy way to collect troubleshooting information. For example, logs, configurations, environment information among other information.

Q: How do I get to the support page on App Controller server?

A: To access XenMobile Server Support page, open a browser and logon to App Controller admin ControlPoint. After you logon, edit the URL in the address bar to replace “main.html” by “support”. Now the URL should look like https://<AppControllerServer>:4443/ControlPoint/support.

Q: In which version of App Controller Support feature is available?

A: Support feature is available from App Controller 9.0 onwards.

Q: What are the browsers and platforms supported?

A: Support feature is supported on latest versions of Firefox, Chrome, Safari, IE10 and IE11. It is tested on Windows and Mac.

Q: What ports needs to be open for the support feature to work?

A: Port 443 for SSL/HTTPS and port 22 for file transfer needs to be open for support feature to work.

Q: I am getting error “Unable to get the details from the server.” for NetScaler Gateway?

A: Ensure correct password for the server is entered in the support page. Passwords are not cached, and it needs to be entered each time the page is refreshed or a new session is started.

Q: I am getting error “Failed to authenticate with the App Controller”?

A: Ensure correct password for the App Controller server is entered in the support page. Passwords are not cached, and it needs to be entered each time the page is refreshed or a new session is started.

Q: I am getting error “Login Failed: Check XDM credentials or Database server is down.”?

A: Ensure correct password for the XenMobile Device Manager server is entered in the Support page. Passwords are not cached, and it needs to be entered each time the page is refreshed or a new session is started.

Q: How do I exit from the support page?

A: Use the Exit button on the bottom right of the Support page. It will redirect to the ControlPoint Page.

Q: What if I have queries/suggestions regarding Support page?

A: Contact the Citrix Support Personnel for more information.

Servers and Operations

Q: What are the servers supported by the Supportability Framework?

A: Supportability Framework supports App Controller, XenMobile Device Manager, and NetScaler Gateway Server.

Q: How should I add App Controller HA pair in the Support Page?

A: App Controller Cluster deployments are currently not supported. You can provide each cluster node separately to collect respective support bundles.

Q: How should I add XenMobile Device Manager Cluster Setup?

A: You can add any one of the cluster nodes of the XenMobile Device Manager cluster. Operations are performed on all the nodes in the cluster.

Q: Can I add multiple servers for each server type?

A: Yes, you can add multiple servers under each server type.

Q: Do I need to add the servers again in the next session/login?

A: No, all servers added are persistent across sessions. However, passwords are not cached, and it needs to be entered again.

Q: What are the operations supported in the Support Page?

The following operations are supported:
  • Perform Connectivity Checks
  • Collect Support Bundles and Download to Client
  • Collect Support Bundles and Upload to ‘Citrix Insight Services’

Q: Can I perform more than one operation at a time?

A: Yes, you can select all the operations or a combination of operations at a time.

Q: Should all the three servers be in the same deployment of XenMobile Environment?

A: Not Necessary. Any supported XenMobile server which is reachable from the App Controller can be added to the support page.

Connectivity Checks

Q: Where/how are the connectivity checks done?

A: Connectivity checks are initiated and controlled by the App Controller . However, actual Connectivity Checks happen from the NetScaler Gateway/XenMobile Device Manager Server to their associated backend servers.

Q: What does ‘Perform Connectivity Checks’ on NetScaler Gateway do?

A: ‘Perform Connectivity Checks’ on NetScaler Gateway does a reachability check for all the backend servers associated with NetScaler Gateway. The connectivity validation also involves performing server-specific protocol and port validation ensuring the validity of the backend servers.

Q: What does ‘Perform Connectivity Checks’ on XenMobile Device Manager do?

A: ‘Perform Connectivity Checks’ on XenMobile Device Manager does reachability checks for Apple Servers.

Q: I am unable to perform Connectivity Checks on App Controller?

A: Currently, ‘Perform Connectivity Checks’ is not supported on App Controller .

Support Bundles

Q: What information is collected in support bundles?

A: You receive the following information for each server:

XenMobile Device Manager Server Support bundle

  1. Logs
  2. Config files
    • Cluster_configuration
    • Ew-Config.properties
    • Pki.xml
    • Log4j
    • Push_services
    • Oscache
    • Server.xml
  3. Information collected as part of helper.jsp
    • Patches
    • Cluster Info
    • Thread Dump
    • Thread Dump V2
    • Push Service Status (if IOS)
  4. Server details (Windows)
    • OS Version
    • Number of cores (CPU)
    • Memory
    • Page file settings
    • Interfaces settings (speed, ipv4, ipv6 (enabled)
    • Disk space

App Controller Server Support bundle

  • Audit logs with information for customers to get an overall picture of what is happening in the system
  • Debug file with information required for DEV during debugging

NetScaler Server Support bundle

  • NetScaler System information
  • NetScaler Gateway logs
  • NetScaler Gateway database information
  • NetScaler Gateway core information
  • NetScaler Trace files

Q: Can I collect support bundles for more than one server at a time?

A: Yes, you can collect support bundles for multiple servers of same type/different type at the same time.

Q: Will I download multiple support bundles in this case?

A: No, all support bundles are compressed into one single file.

Q: Where do the support bundles get downloaded?

A: Support bundles get downloaded into the default “downloads” folder set by the browser.

Q: Are the generated support bundles permanently stored on the App Controller server?

A: No. At any point, only the last generated support bundle is present on the App Controller Server. All support bundles are cleaned up periodically, during Logoff, session expiry, or reboot of App Controller.

Citrix Insight Services

Q: What is “Citrix Insight Services” server?

A: Citrix Insight Services (formerly known as TaaS) is an initiative from Citrix focused on making the support of Citrix environment as easy as possible. Citrix has developed tools and online analysis capabilities to help collect environment information, analyze that information and receive tailored recommendations based on Citrix environment and configuration.

Q: What are the credentials to be used for uploading Support Bundles to Citrix Insight Services?

A: You need to use your My Account credentials for uploading Support bundles to Citrix Insight Services.

Q: I do not have a “Citrix Insight Services” account. How do I upload the support bundle?

Q: I do not have a SR number from “Citrix Insight Services”. Can I still upload support bundles?

A: Yes, SR number is an optional parameter while uploading support bundles. However, if a case is already open with Citrix, and you have an SR number, the support bundles uploaded with SR number, would directly be linked with the case.

Related:

  • No Related Posts

XenMobile Port Requirements

The following tables list the ports that must be open on the Firewall.

Open the following ports to allow user connections from Citrix Secure Hub, Citrix Receiver, and the NetScaler Gateway Plug-in through NetScaler Gateway to the following components:

  • XenMobile
  • StoreFront
  • XenDesktop
  • XenMobile NetScaler Connector
  • Other internal network resources, such as intranet websites

TCP port

Description

Source

Destination

21 or 22

Used to send support bundles to an FTP or SCP server.

XenMobile

FTP or SCP server

53 (TCP and UDP)

Used for DNS connections.

NetScaler Gateway

XenMobile

DNS server

80

NetScaler Gateway passes the VPN connection to the internal network resource through the second firewall. This situation typically occurs if users log on with the NetScaler Gateway Plug-in.

NetScaler Gateway

Intranet websites

80 or 8080

XML and Secure Ticket Authority (STA) port used for enumeration, ticketing, and authentication.

Citrix recommends using port 443.

StoreFront and Web Interface XML network traffic

NetScaler Gateway STA

XenDesktop or XenApp

443

123 (TCP and UDP)

Used for Network Time Protocol (NTP) services.

NetScaler Gateway

XenMobile

NTP server

389

Used for insecure LDAP connections.

NetScaler Gateway

XenMobile

LDAP authentication server or Microsoft Active Directory

443

Used for connections to StoreFront from Citrix Receiver or Receiver for Web to XenApp and XenDesktop.

Internet

NetScaler Gateway

Used for connections to XenMobile for web, mobile, and SaaS app delivery.

Internet

NetScaler Gateway

Used for general device communication to XenMobile Server

XenMobile

XenMobile

Used for connections from mobile devices to XenMobile for enrollment.

Internet

XenMobile

Used for connections from XenMobile to XenMobile NetScaler Connector.

XenMobile

XenMobile NetScaler Connector

Used for connections from XenMobile NetScaler Connector to XenMobile.

XenMobile NetScaler Connector

XenMobile

Used for Callback URL in deployments without certificate authentication.

XenMobile

NetScaler Gateway

514

Used for connections between XenMobile and a syslog server.

XenMobile

Syslog server

636

Used for secure LDAP connections.

NetScaler Gateway

XenMobile

LDAP authentication server or Active Directory

1494

Used for ICA connections to Windows-based applications in the internal network. Citrix recommends keeping this port open.

NetScaler Gateway

XenApp or XenDesktop

1812

Used for RADIUS connections.

NetScaler Gateway

RADIUS authentication server

2598

Used for connections to Windows-based applications in the internal network using session reliability. Citrix recommends keeping this port open.

NetScaler Gateway

XenApp or XenDesktop

3268

Used for Microsoft Global Catalog insecure LDAP connections.

NetScaler Gateway

XenMobile

LDAP authentication server or Active Directory

3269

Used for Microsoft Global Catalog secure LDAP connections.

NetScaler Gateway

XenMobile

LDAP authentication server or Active Directory

9080

Used for HTTP traffic between NetScaler and the XenMobile NetScaler Connector.

NetScaler

XenMobile NetScaler Connector

9443

Used for HTTPS traffic between NetScaler and the XenMobile NetScaler Connector.

NetScaler

XenMobile NetScaler Connector

45000

80

Used for communication between two XenMobile VMs when deployed in a cluster.

XenMobile

XenMobile

8443

Used for enrollment, XenMobile Store, and mobile app management (MAM).

XenMobile

NetScaler Gateway

Devices

Internet

XenMobile

4443

Used for accessing the XenMobile console by an administrator through the browser.

Access point (browser)

XenMobile

Used for downloading logs and support bundles for all XenMobile cluster nodes from one node.

XenMobile

XenMobile

27000

Default port used for accessing the external Citrix License Server

XenMobile

Citrix License Server

7279

Default port used for checking Citrix licenses in and out.

XenMobile

Citrix Vendor Daemon

Open XenMobile ports to manage devices

Open the following ports to allow XenMobile to communicate in your network.

TCP port

Description

Source

Destination

25

Default SMTP port for the XenMobile notification service. If your SMTP server uses a different port, ensure that your firewall does not block that port.

XenMobile

SMTP server

80 and 443

Enterprise App Store connection to Apple iTunes App Store (ax.itunes.apple.com), Google Play (must use 80), or Windows Phone Store. Used for publishing apps from the app stores through Citrix Mobile Self-Serve on iOS, Secure Hub for Android, or Secure Hub for Windows Phone.

XenMobile

Apple iTunes App Store (ax.itunes.apple.com and *.mzstatic.com)

Apple Volume Purchase Program (vpp.itunes.apple.com)

For Windows Phone: login.live.com and *.notify.windows.com

Google Play (play.google.com)

80 or 443

Used for outbound connections between XenMobile and Nexmo SMS Notification Relay.

XenMobile

Nexmo SMS Relay Server

389

Used for insecure LDAP connections.

XenMobile

LDAP authentication server or Active Directory

443

Used for enrollment and agent setup for Android and Windows Mobile.

Internet

XenMobile

Used for enrollment and agent setup for Android and Windows devices, the XenMobile web console, and MDM Remote Support Client.

Internal LAN and WiFi

1433

Used by default for connections to a remote database server (optional).

XenMobile

SQL Server

2195

Used for Apple Push Notification service (APNs) outbound connections to gateway.push.apple.com for iOS device notifications and device policy push.

XenMobile

Internet (APNs hosts using the public IP address 17.0.0.0/8)

2196

Used for APNs outbound connections to feedback.push.apple.com for iOS device notification and device policy push.

5223

Used for APNs outbound connections from iOS devices on Wi-Fi networks to *.push.apple.com.

iOS devices on WiFi networks

Internet (APNs hosts using the public IP address 17.0.0.0/8)

8081

Used for app tunnels from the optional MDM Remote Support Client. Defaults to 8081.

Remote Support Client

Internet, for app tunnels to user devices (Android and Windows only)

8443

Used for enrollment of iOS and Windows Phone devices.

Internet

XenMobile

LAN and WiFi

Related:

  • No Related Posts