Cannot ‘Allow’ Citrix system file extensions when installing CF for Mac

Grab a copy of the database

  • The path is: /var/db/SystemPolicyConfiguration/ . See screenshot below and the required files:
  • image.png
  • Check if the kernel extension is allowed as shown below:
  • If it is allowed, then perform the steps highlighted below.

To fix the “Drive Unavailable” error, perform the following steps:

  1. Startup the Mac in recovery mode .
  2. Click the Utilities menu and select Terminal.
  3. Enter the following command:
    • /usr/sbin/spctl kext-consent add TEAMID
  4. Press Enter
    • Example: For Citrix the command would be: /usr/sbin/spctl kext-consent add S272Y5R93J
  5. Close the Terminal app and restart

If issue persists, Trigger the prompt by loading the kernel extension manually

sudo kextutil -t /Library/Filesystems/ctxfuse.fs/Contents/Extensions/10.12/ctxfuse.kext/

Note: Older builds (20.9 or less) can use sudo kextutil -t /Library/Filesystems/ctxfuse.fs/Contents/Extensions/10.11/ctxfuse.kext/

After running this command, open the system preferences in the security pane and see if you can approve the prompt.

While running the above command, if you encounter the Unable to stage kext” error then perform the action items highlighted below:


  1. As suggested here, run the below command:
    • chflags restricted /Volumes/Macintosh HD/private/var/db/KernelExtensionManagement
  2. People who have ran into the staging error have also reported upgrading to MacOS 10.15 Catalina also fixes the issue.


  • No Related Posts

Storefront – generating event viewer warning – ” The Receiver for Windows package file could not be found at the path”

Updated the Web.config file with the correct path for the MAC receiver client on the storefront server.

1. Navigate to the following path on the storefront server C:inetpubwwwrootCitrix(storename)Web

2. Open the Web.config file.

3. Locate the Win32 and macOS file paths and update accordingly.

<pluginAssistant enabled=”true” upgradeAtLogin=”false” showAfterLogin=”false”>

<win32 path=”” />

<macOS path=””


  • No Related Posts

Workspace App for Windows – Error “Cannot start app” intermittently

In Receiver’s error file you will find following message:

Launch error code: 3

Error launching the ICA file

Unable to launch using CCM (url)

at Dazzle.LaunchUtils.ICALaunchUtils.LaunchViaFile(String quotedIcaFilePath, String cmdline, String url)

Create the following exclusions for Imprivata hooking files in the client/end point registry:





“Receiver.exe “=””




  • No Related Posts

Google Chrome Extension Fails to Install with UPM – 'An error has occurred. Could not move extension directory into profile'

Add C:Users*AppDataLocalGoogleChromeUser DataDefaultExtensionsTemp as a Windows Defender Path Exclusion on the VDA.

This can be accomplished through a Computer Group Policy. The Path Exclusion policy setting can be found in Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender > Exclusions > Path Exclusions.

After applying the Path Exclusion, restart the VDA.

To confirm that the Defender Path Exclusion is set, run ‘Get-MpPreference’ in Powershell. The new Defender Path Exclusion should be listed under ExclusionPath.


Error: “Error getting status – Cannot find license file”

To resolve this issue, run the following command from the command prompt. Ensure that the complete path of the MyFiles folder is specified:

lmstat -a -c “C:Program Files (x86)CitrixLicensingMyFiles”


lmstat -a -c “C:Program FilesCitrixLicensingMyFiles”

Note: On 64-bit versions of Windows, there are two folders for application files. All 32-bit applications are installed in Program Files (x86) folder. All 64-bit applications are installed in the Program Files folder.


SavedListOfDDCsSids.xml furninshing SIDs of old controllers for VDA registration

We examined the affected VDA using following steps:

– Since in the traces we could see the oldDDc details are showing up as hardcoded on VDA.

Verified ListofDDcs registry on the VDA was pointing to right set of controllers.

We opened a command prompt in system context using following commands with the help of psexec tool:

– Open command prompt with administrative rights and switched the directory to folder containing PSexec tool.

Run the following command:

Psexec -i -s cmd

which opens another command prompt window in system context.

– In the new cmd window, execute the following command to find the location of persisted or hardcoded data on VDA:

Get-CimInstance -Namespace “RootCitrixDesktopInformation” -Class “Citrix_VirtualDesktopInfo” | select PersistentDataLocation

You might receive the output as :

c:Program FilesCitrixPvsVmServicePErsistedData

Using the same cmd window in system context, changed the root directory to above mentioned location using following command:

cd “c:Program FilesCitrixPvsVmServicePersistedDataBrokeragentInfo”

NOTE: This location could be in ProgramData folder too.

-Rename the file SavedListOfDdcsSids.xml in that folder using the command below:

ren SavedListOfDdcsSids.xml oldSavedList

– Restart Citrix Desktop Service and it should pick up the right controllers.

In order to resolve the issue on all affected machines if there are multiple in the environment, we can use te following script:


1 Create the following batch file with the name Ren.bat in c: drive.

Ren “c:Program FilesCitrixPvsVmServicePersistedDataBrokeragentInfoSavedListOfDdcsSids.xml” oldSavedList

net stop brokeragent

net start brokeragent

2 Create a txt file (computer_list.txt) with names of VDAs in following format:




To copy the batch file to all affected computers: (use the following powershell)

$computers = Get-Content “C:computer_list.txt”

$fileToCopy = “C:ren.bat”

ForEach($computer in $Computers)


Copy-Item -Path $fileToCopy -Destination “\$computerC$”


Post that run the following command from where Psexec is placed:

psexec @c:computer_list.txt -s -d cmd.exe /c “C:ren.bat”



how to configure content root for Linux file system scanner?

I need a solution

Can anyone help me configure the content root – direct entry – when creating a new Discover Target through the Enforce console to be used with a Linux file system scanner?

Step 14 of the “Installing File System Scanner” document (…) says:

14. On the Enforce Server, create a New Target for the scanner File System type.

But I am having trouble with formatting the content root (direct entry) on the Scanned Content tab of the Discover Target properties. And when I attempt to start the Discover Target scan, I get the following error:

Failed to complete Share: //; error: The specified path cannot be found — System error 53 has occurred. The network path was not found.

On the server I am attempting to scan, I also see the following error:

WARNING: error posting file to detection server /u02/DLPscanner/outgoing/Job0155966121559681139787208652608.idx: Connection timed out (Connection timed out)

Any/all help would be most appreciated.




Error While adding software in software catlog

I need a solution

Hi All,

Error While adding software in Software Catalog.An error has been occurred during validation of software library check.

# We accessed Altiris Console > Settings > All Settings > Software > Software Catalog and Software Library Settings > Software Library Configuration 
# The UNC path mentioned here is \ServerNameSoftwareLibrary , when we clicked on ‘Validate’ we got an error, ‘The specified software library directory does not exist’.

#Screenshots attached. 

Request you to help on the same.



  • No Related Posts