XenMobile Android Enterprise & iOS devices failed to enroll after ADC upgrade to 13.0-82.41+ or 12.1-62.23+

Please refer to the following Citrix ADC doc to enable SSO configuration for XenMobile Gateway Virtual server.

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/single-sign-on-types/enable-sso-for-auth-pol.html

GUI Configuration Guide:

  • Part 1: Configure a traffic policy that enabled http SSO:

5. Navigate to Security > AAA – Application Traffic > Policies > Traffic, Select Traffic Profiles tab, and click Add.

  • Part 2: After configured traffic policy, please bind it to XenMobile Gateway Virtual Server.

Navigate to Citrix Gateway> Virtual Servers, select XenMobile Gateway and Edit.

image.png

Then Scroll DOWN to the bottom to find Policies section to add binding a traffic policy:

image.png
image.png
Select the traffic policy we just created, for example named as vpn_tf_pol, then bind it with a high Priority value like 63000

image.png

CLI Configuration Guide:

Demo configuration commands follows:

//Creating traffic policy with SSO enabled

add vpn trafficaction vpn_tf_act http -SSO ON

add vpn trafficpolicy vpn_tf_pol true vpn_tf_act

//Binding traffic policy to XenMobile Gateway Virtual server

bind vpn vserver _XM_XenMobileGateway -policy vpn_tf_pol -priority 63000

Related:

  • No Related Posts

XenMobile Android Enterprise & iOS devices failed to enroll after ADC upgrade to 13.0-82.41+ or 121.1-62.23+

Please refer to the following Citrix ADC doc to enable SSO configuration for XenMobile Gateway Virtual server.

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/single-sign-on-types/enable-sso-for-auth-pol.html

GUI Configuration Guide:

  • Part 1: Configure a traffic policy that enabled http SSO:

5. Navigate to Security > AAA – Application Traffic > Policies > Traffic, Select Traffic Profiles tab, and click Add.

  • Part 2: After configured traffic policy, please bind it to XenMobile Gateway Virtual Server.

Navigate to Citrix Gateway> Virtual Servers, select XenMobile Gateway and Edit.

image.png

Then Scroll DOWN to the bottom to find Policies section to add binding a traffic policy:

image.png
image.png
Select the traffic policy we just created, for example named as vpn_tf_pol, then bind it with a high Priority value like 63000

image.png

CLI Configuration Guide:

Demo configuration commands follows:

//Creating traffic policy with SSO enabled

add vpn trafficaction vpn_tf_act http -SSO ON

add vpn trafficpolicy vpn_tf_pol true vpn_tf_act

//Binding traffic policy to XenMobile Gateway Virtual server

bind vpn vserver _XM_XenMobileGateway -policy vpn_tf_pol -priority 63000

Related:

  • No Related Posts

XenMobile Android Enterprise & iOS devices failed to enroll after ADC upgrade to 13.0-82.41+

Please refer to the following Citrix ADC doc to enable SSO configuration for XenMobile Gateway Virtual server.

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/single-sign-on-types/enable-sso-for-auth-pol.html

GUI Configuration Guide:

  • Part 1: Configure a traffic policy that enabled http SSO:

5. Navigate to Security > AAA – Application Traffic > Policies > Traffic, Select Traffic Profiles tab, and click Add.

  • Part 2: After configured traffic policy, please bind it to XenMobile Gateway Virtual Server.

Navigate to Citrix Gateway> Virtual Servers, select XenMobile Gateway and Edit.

image.png

Then Scroll DOWN to the bottom to find Policies section to add binding a traffic policy:

image.png
image.png
Select the traffic policy we just created, for example named as vpn_tf_pol, then bind it with a high Priority value like 63000

image.png

CLI Configuration Guide:

Demo configuration commands follows:

//Creating traffic policy with SSO enabled

add vpn trafficaction vpn_tf_act http -SSO ON

add vpn trafficpolicy vpn_tf_pol true vpn_tf_act

//Binding traffic policy to XenMobile Gateway Virtual server

bind vpn vserver _XM_XenMobileGateway -policy vpn_tf_pol -priority 63000

Related:

  • No Related Posts

XenMobile Android Enterprise & iOS devices failed to enroll after ADC upgrade to 13.0

Please refer to the following Citrix ADC doc to enable SSO configuration for XenMobile Gateway Virtual server.

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/single-sign-on-types/enable-sso-for-auth-pol.html

GUI Configuration Guide:

  • Part 1: Configure a traffic policy that enabled http SSO:

5. Navigate to Security > AAA – Application Traffic > Policies > Traffic, Select Traffic Profiles tab, and click Add.

  • Part 2: After configured traffic policy, please bind it to XenMobile Gateway Virtual Server.

Navigate to Citrix Gateway> Virtual Servers, select XenMobile Gateway and Edit.

image.png

Then Scroll DOWN to the bottom to find Policies section to add binding a traffic policy:

image.png
image.png
Select the traffic policy we just created, for example named as vpn_tf_pol, then bind it with a high Priority value like 63000

image.png

CLI Configuration Guide:

Demo configuration commands follows:

//Creating traffic policy with SSO enabled

add vpn trafficaction vpn_tf_act http -SSO ON

add vpn trafficpolicy vpn_tf_pol true vpn_tf_act

//Binding traffic policy to XenMobile Gateway Virtual server

bind vpn vserver _XM_XenMobileGateway -policy vpn_tf_pol -priority 63000

Related:

  • No Related Posts

Cisco SD-WAN Software Information Disclosure Vulnerability

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory.

This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq

Security Impact Rating: Medium

CVE: CVE-2021-1614

Related:

  • No Related Posts

Update version release to replace Citrix ADC VPX 12.1-55.18 – Citrix Service Provider program

This article describes the release of solution build 12.1-55.237.

Solution

In accordance with license server certificate renewal, new build version of Citrix ADC* VPX (CSP) is released.

This build 12.1-55.237 is based on existing 12.1-55.18. Only license communication part is updated and other features are unchanged.

*) Former Netscaler

Applicable Products

Citrix ADC VPX 10 – Standard Edition for Service Providers

Citrix ADC VPX 50 – Standard Edition for Service Providers

Citrix ADC VPX 200 – Standard Edition for Service Providers

Citrix ADC VPX 1000 – Standard Edition for Service Providers

Citrix ADC VPX 3000 – Standard Edition for Service Providers

Related:

  • No Related Posts

Error: “Your apps are not available at this time. Please try again in a few minutes or contact your help desk with this information: Cannot contact Store”

Command line installation (CLI) is not support for NetScaler URL. But, there are 3 options available that may be helpful.

1. Export store provisioning files for users https://docs.citrix.com/en-us/storefront/2-6/dws-manage/dws-manage-store/dws-export-file.html

2. Configuring NetScaler Gateway Store via GPO https://docs.citrix.com/en-us/receiver/windows/4-5/configure/receiver-windows-configure-app-delivery-wrapper.html#par_anchortitle_80df

3. Connecting to StoreFront by Using Email-Based Discovery http://docs.citrix.com/en-us/netscaler-gateway/10-1/ng-xa-xd-integration-edocs-landing/ng-clg-integration-wrapper-con/ng-clg-session-policies-overview-con/ng-clg-storefront-policies-con/ng-clg-storefront-email-discovery-tsk.html From the end-users perspective email discovery may be easiest. But requires support configuration of DNS entry and other configuration as noted in documentation. The export store provisioning file is easy to generate file in StoreFront, but requires user to open .CR file (it’s an XML file that is FTA with Receiver) and accept configuration (click “yes* button) and certificate accept dialog may display. So, it requires some user interaction and depends on end-user training even if the training is minimal. The GPO push of NetScaler URL (Configuring NetScaler Gateway Store via GPO) requires users to be connected to the domain to receive policy and configuration.

docs.citrix.com/en-us/netscaler-gateway/10-1/ng-xa-xd-integration-edocs-landing/ng-clg-integration-wrapper-con/ng-clg-session-policies-overview-con/ng-clg-storefront-policies-con/ng-clg-storefront-email-discovery-tsk.html

Related:

  • No Related Posts

Error: “Certificate with key size greater than RSA512 or DSA512 bits not supported” on NetScaler

To resolve this issue, apply any or both of the following resolutions, as required:

After applying the required resolution, the additional ciphers are available and you can add a certificate that has a key size greater than 512 bits. The NetScaler appliance supports certificates with key size 512, 1024, 2048, and 4096 bits.

Related:

  • No Related Posts

Error “Your smart card does not have a valid certificate” when using Citrix Receiver for iOS 7.3 with iOS 11

This article is intended for Citrix administrators and technical teams only.

Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.

When users try to connect to Storefront or NetScaler Gateway using smart cards (PIV or CAC) using Citrix Receiver 7.3 for iOS or earlier versions on iOS 11 devices, users may receive the following error message “Your smart card does not have a valid certificate”.

User-added image

However, users connecting from iOS 9 and 10 devices will not face this error and will be able to use smart cards to authenticate to Storefront or NetScaler Gateway.

Related:

  • No Related Posts