Error while downloding the Citrix Gateway Plugin from Downloads Tab of ADC : Forbidden you don't have permission to access

Fixed with 13.0 build 41.20 where the Citrix Access gateway plugin file for MAC OS X is present under /var/netscaler/gui/vpns/scripts/mac directory despite upgrading through CLI with or without creating a director under /var/nsinstall.

Follow the below steps:

With 13.0 build 41.20:


1) Copy 13.0 build 41.20 package to /var/nsinstall via CLI.

2) Extracted the package directly under /var/nsinstall ( NOTE: No need to create any directory under /var/nsinstall to save Citrix ADC firmware package)

3) Ran ./installns

RESULT: Access the NetScaler through GUI > Download Tab > Clicked on “ Download Citrix Gateway Plug-in for Mac OS X” or “Download Citrix Gateway Plug-in for Windows” > Should be able to download the files

MAC or Vista Folder found under : / var/netscaler/gui/vpns/scripts/

Work-Around for build blow 13.0


Upgrade or Downgrade through CLI by creating a folder under /var/nsinstall or upgrade or downgrade Citrix ADC firmware prior to 13.0 via GUI.


  • No Related Posts

Error:”An SSL connection to the server couldn't be established” while trying to authenticate to StoreFront using Linux Receiver

1. Obtain the root certificate in PEM format.

Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.

2. As the user who installed the package (usually root):

  • Copy the file to $ICAROOT/keystore/cacerts.
  • Run the following command: $ICAROOT/util/ctx_rehash


  • No Related Posts

Unable to Wrap a 3rd Party/public store Application – Error: “This is a public store application”

Wrapping of the any public store application is not supported since it is already presigned for the public store use and are non mdx-compatible.. Also, if you acquire the application using a third party extractor or any other source it is also not supported .

If you want to wrap the application you will have to request the developer of the application for unsigned apk and ipa for wrapping. This unsigned application can be used for wrapping .

Or you can publish the application as a public store application(without wrapping) by browsing the same under application tab as public store app.

In order to verify whether the application to be wrapped is MDX COMPATIBLE or not, we need to check the crypt id for the apk/ipa file.

If the crypt id is “1” (as highlighted in snippet below) then we cannot wrap the application, which means the application is already signed by Apple / Google and uploaded on the public app store.

Hence any third party application which is required to be wrapped with Citrix MDX toolkit , one need to get it as a raw application from application vendor and not be side downloaded from public store.

User-added image

Below are the steps to check the crypt id and to confirm if IPA was configured to Apple store deployment

1) Rename IPA file to ZIP and unzip

2) Right click on file contained within and click on “Show Package Contents”

3) Find main binary name, it should have the same name as the package, and no extension. Copy it to somewhere else.

4) Run the following command from MAC terminal

> otool –l AppBinary | grep crypt

5) If there is a “cryptid” field displayed and its value contains non-zero, the binary has DRM applied. This means it was configured for apple store deployment


bash-3.2# otool -l <appBinary>|grep crypt

cryptoff 8192

cryptsize 245760

cryptid 0

cryptoff 8192

cryptsize 245760

cryptid 0

Here the crypt id is “0” which means this app is not for AppStore

More details can be found in:

NOTE: We need a Mac Machine with X-code installed (as it contains the otool package) or otool package need to installed seperately.


Does Altiris support deployment of MSIX format packages

I do not need a solution (just sharing information)


Currently in our enviornment, Atiris as deployment solution of Win OS, MSI packages and legacy setups. As Microsoft is already relased a new tool named  MSIX packaging tool to manage the automate installaton of application installers of format of exe, msi, appx (appv ) to new format MSIX.

Need to know Altiris deployment kit would support the MSIX format packages/installer to deploy in an enterprise level ? If not , does Symantec is going to release new version of Altiris deployment tool to support the msix format ?.





  • No Related Posts

Installing Windows clients with Microsoft SCCM/SMS

I do not need a solution (just sharing information)

Follow “Steps 1” to “Step 4” from below procedures provided by Symantec Support.



Step 1

Export a managed client installation package from Symantec Endpoint Protection Manager that contains the software and policies to install on your client computers. By default, a managed client installation package contains a file named Sylink.xml, which identifies the server that manages the clients.

Step 2

Create a source directory and copy the Symantec client installation package into that source directory. For example, you would create a source directory and copy the Setup.exe file that you exported from Symantec Endpoint Protection Manager.

Step 3

In SCCM/SMS, create a custom package, name the package, and identify the source directory as part of the package.

Step 4

Configure the Program dialog box for the package to specify the executable that starts the installation process, and possibly specify the MSI with parameters.

Once you completed the above procedures, follow below recommendations.



Step 5

Open System Center Configuration Manager (SCCM) 2016 Console and look for Applications from the Software Library.

  • Click Software Library, Overview, Application Management;

Step 6

Right Click, Applications and select Create Application

Step 7

Create Application Wizard will open

  1. From General, select Automatically detect information about this application from installation files;
  2. Click Browse and locate any dummy MSI file, then
  3. Click Next

Step 8

From Import Information, Click Next

Step 9

From General Information

  • Enter the Application details;
  • Select Install for system if resource is device; otherwise install for user; then
  • Click Next

Step 10

From Summary, Click Next


Step 11

From Completion Window, Click Close to complete the Application Wizard.

Symantec EndPoint Protection Application is now created with below details.

Step 12

From Applications List;

  • Right Click on Symantec EndPoint Protection; then
  • Select Properties

Step 13

From Symantec EndPoint Protection Properties

  • Look for Deployment Types;
  • Click Add;
  • Then follow Create Deployment Type Wizard

Step 14

Create Deployment Type Wizard will open

  • From Specific settings for this deployment type, Select Script Installer from the dropdown;

Step 15

From General Information

  • Enter Name and Administration comments; then
  • Click Next

Step 16

From Content,

  • From Content locations, click Browse then locate the location of Setup.exe;
    • Sample: \sccm01SourcesApplicationsSymantecClient InstallationsMy Company_Head Office_WIN64BIT
  • From specify the command used to install this content, Click Browse, select Setup.exe file; then
  • Click Next

Step 17

From Detection Method

  • Click Add Clause

Step 18

Detection Rule Pop-up will open,

  • From Specify the file or folder to detect this application,
    • Click Browse, locate the Setup.exe file from local SCCM folder;
    • Click Ok twice; then
    • Click Next

Step 19

From User Experience,

  • Select Install for system if resource is device; otherwise install for user;
  • Click Next four times until Completion; then
  • Click Close

Step 20

From Symantec EndPoint Protection Properties

  • Delete the MSI File;
  • Click Yes; then
  • Click OK

Note* Make sure to keep Symantec EndPoint Protection with Script Type only.

Now you have working Symantec EndPoint Protection application and start deploying



Cannot Configure package for remote deployment in MAC in SEPM 14.2 RU2

I do not need a solution (just sharing information)


We have upgraded SEPMs to 14.2 RU2, and we are also encountering issues with MAC, when “Configuring the package for remote deployment” , using Tools > Create remote deployment package

Issue is:  Symantec Endpoint Protection Installer can’t be opened 

is anyone experiencing this issue?
(I have admin rights and read/write permissions over installer)




Windows Software Update Installation new task not working as expected

I need a solution

We have modified an update package to run a custom command line.

If we deploy the update using a policy, the custom command run as expected

But… If we deploy the package with the new task named “Windows Software Update Installation” (from 8.5 RU2 if I remember correctly) the custom command is not run as expected.  The task only run the altiris default command.

Even if we create the task using this document, only the default command is started.




Failed to download package: Bad Hash (0x80090002)

I need a solution

I created an MSI and added it to a new software release. I distributed it to all the site servers and deployed it to 3 computers along with my test computer. I had to change the MSI later on, so I had to rebuild it. I deleted the msi from the Software Library via the GUI and added my modified version. I re-distributed the package again. I normally run a SQL query to see if the package is ready:

SELECT rrsp.Name,sps.Status,vc.Name FROM RM_ResourceSoftware_Package rrsp
JOIN SWDPackageServer sps ON sps.PackageId = rrsp.Guid
JOIN vComputer vc ON vc.Guid = sps.PkgSvrId
WHERE rrsp.Name like '<%Package name%>'
order by rrsp.Name

When I deployed it to my test machine again I got the message in the logs:

PackageDownload    AeXPackageDelivery.dll    AeXNSAgent.exe    Failed to download package ‘{55555-3333-6666-7777-abcdefabcdef}’ from: \<SoftwareLibraryShare>55555-3333-6666-7777-abcdefabcdef, local blocks: 0/1, error: Bad Hash (0x80090002)

PackageDownload    AeXPackageDelivery.dll    AeXNSAgent.exe    Failed to download package ‘{55555-3333-6666-7777-abcdefabcdef}’ from:…, local blocks: 0/1, error: Bad Hash (0x80090002) 

I checked the sig and snapshot for that package on the NS and matched it with the same package on the package server. They both matched, but when I checked the same data on the endpoint via C:Program FilesAltirisAltiris AgentAgentsSoftwareManagementSoftware Delivery{55555-3333-6666-7777-abcdefabcdef}, everything is from the first time I deployed the MSI. Also, when the file gets downloaded, the MSI has 0 bytes and the task fails because it took longer than expected. I deployed it throughout the day and still the same issue. If I deploy it to a computer that never had the software, it deploys just. Any insight as to why this is happening and how to resolve it?

I have tried to delete the folder struction where the MSI is downloaded to and also deleted the whole folder C:Program FilesAltirisAltiris AgentAgentsSoftwareManagementSoftware Delivery{55555-3333-6666-7777-abcdefabcdef}. I noticed when I did that the folder {55555-3333-6666-7777-abcdefabcdef} never regenerates in C:Program FilesAltirisAltiris AgentAgentsSoftwareManagementSoftware Delivery.