Update the version to “4.4.0 (510)” name=“' type=“MAC-VPN' version=“4.4.0 (510)” path=“/vpns/scripts/mac/CitrixAccess. If the endpoint analysis plug-in is not installed, then it will be automatically downloaded from CAG when access is first made to a logon point where endpoint analysis is enabled. The user will see two dialogue boxes during the process. Endpoint analysis scans. Instead, Citrix Access Gateway will automatically determine the most recent versions, minimizing the effort administrators need to invest in configuring and maintaining endpoint scan policies. Control access based on endpoint scan results Citrix Access Gateway provides capabilities to dynamically adjust a client.
- Citrix Endpoint Analysis Plugin Download
- Citrix Access Gateway Plugin Download
- Citrix Access Gateway Endpoint Analysis Download
- Citrix Access Gateway Endpoint Analysis Download Mac Os
- Performing a Citrix ADC check. Log on to Citrix Endpoint Analyzer and then click Gateway Configuration. The Gateway Configuration Check page appears. Upload the latest ns.conf file from your instance of Citrix Gateway. You can either drag the file into the upload box.
- Downloads Citrix Gateway product software, firmware, components, plug-ins, hotfixes, virtual appliances. Sign In to access restricted downloads. Earlier Versions. NetScaler Gateway Plug-in v4.4.8 for Mac OS X. NetScaler Gateway Plug-in v4.4.4 for Mac OS X.
Applicable Products
- NetScaler Gateway
Symptoms or Error
When using End Point Analysis (EPA), the plug-in fails to start or fails to scan after starting on MAC. Using a web browser does not initiate the scan, even when using ICA-Proxy for EPA.
The following errors are displayed:
Cannot connect to NetScaler Gateway. Contact your help desk with following information: Endpoint analysis process failed.
Cannot connect to NetScaler Gateway. Contact your help desk with following information: Endpoint analysis process failed.
3006: The plug-in failed to start. Contact your help desk or system administrator.
Solution
Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.
To resolve this issue ensure that the preauthentication policy and NetScaler Gateway plug-in are correctly configured.
In this article a File Exist Policy for preauthentication is used to illustrate the correct configuration.
- Create the preauthentication policy and bind it to the NetScaler Gateway virtual server.
For more information refer to Citrix Documentation - Configuring Preauthentication Policies and Profiles.
Note: Ensure that you enable Smart Access Mode. - Download and install the Citrix NetScaler Gateway Plug-in for MAC OS X.
- Create a file on the MAC OS X. Currently, the only supported directory is the /Library directory.
In this example /Library/test.txt is created. - Run Citrix NetScaler Gateway Plug-in.
- Select EditConnections.
- Enter a name for this connection in the Connections tab.
Note: This need not be an FQDN. The FQDN is added as a placeholder for reference. - Specify the FQDN for the NetScaler Gateway virtual server in the Connections tab.
Note: Do not use http or https when specifying the FQDN. - If two-factor authentication is used, select Show secondary password field check-box.
- Close the Preferences Window and select the new site to start the log on process.If you are using a preauthentication policy, then the following screen appears for logon:
Problem Cause
This error is usually observed when preauthentication policy or NetScaler Gateway plug-in is in correctly configured.
Additional Resources
In the NetScaler command line interface, you can run the following command to view the failed EPA scans:
tail -f /var/log/ns.log | grep EVAL
tail -f /var/log/ns.log | grep EVAL
The EPA scans that pass will not show in this log.
For more information about EPA, refer to Citrix Documentation - Configuring Endpoint Polices.
Language
NetScaler Gateway
Software Solution Disclaimer
This package contains a software solution that has been replaced by a more recent version available for download from the Citrix support website (support.citrix.com). It is provided merely for your convenience. Citrix recommends applying the most up-to-date version of the software, which addresses the fix or enhancement being targeted. Later versions of the release may include multiple changes that address different areas including security vulnerabilities, code fixes, and enhancements. Installation of this software should only be performed on test or developmental environments. This software is not supported and is provided 'AS IS.' You are solely responsible for your selection and use of the software. Any reported issues will require the most current revision of the software (http://www.citrix.com/English/SS/supportThird.asp?slID=5107&tlID=1861652). Please visit our security site for additional security notices and information (support.citrix.com/securitybulletins ).
CITRIX MAKES NO REPRESENTATIONS OR WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE PROVIDED SOFTWARE SOLUTION. THE SOFTWARE SOLUTIONS ARE DELIVERED ON AN 'AS IS' BASIS WITH NO SUPPORT. YOU SHALL HAVE THE SOLE RESPONSIBILITY FOR ADEQUATE PROTECTION AND BACK-UP OF ANY DATA USED IN CONNECTION WITH THE SOFTWARE SOLUTION. IN NO EVENT SHALL CITRIX BE LIABLE FOR (i) SPECIAL, INDIRECT, DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, OR (ii) ANY OTHER CLAIM, DEMAND OR DAMAGES WHATSOEVER RESULTING FROM OR ARISING OUT OF OR IN CONNECTION WITH THE SOFTWARE SOLUTION, WHETHER AN ACTION IN CONTRACT OR TORT, INCLUDING NEGLIGENCE, OR OTHERWISE.
Applicable Products
Maintenance build package name: build-10.1.120.1316.e_nc.tgzFor: NetScaler Gateway 10.1, Build 120.1316.e
Replaces: None
Date: November, 2013
Language supported: English (US)
Readme version: 1.0
Important Notes About This Release
- Caution! This release may require you to edit the registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
- Do not interrupt the install/uninstall process of this hotfix by clicking Cancel. Interrupting the process prevents a clean rollback and leaves your original installation corrupted.
Where to Find Documentation
This document describes the issue(s) solved, new features, and known issues in this build and includes installation instructions.
The latest version of the product documentation is available from Citrix eDocs at http://edocs.citrix.com.
Installing This Maintenance Build
The latest version of the NetScaler Gateway software can be downloaded from the Citrix web site.
To download the NetScaler Gateway software from the Citrix web site
- Go to the Citrix Web site, click My Account, and then log on.
- At the top of the web page, click Downloads.
- Under Find Downloads, select NetScaler Gateway.
- In Select Download Type, select Product Software and then click Find.
- On the NetScaler Gateway page, click NetScaler Gateway 10.1.
- Select the software and then click Download.
When the software is downloaded to your computer, you can install the software by using the Upgrade Wizard in the Configuration Utility or the command-line interface.
To install the maintenance build by using the Upgrade Wizard
- In the Configuration Utility, in the left pane, click System.
- In the right pane, click Upgrade Wizard.
- Click Next and then follow the directions in the wizard.
To install this maintenance build by using the command-line interface
- To upload the software to the NetScaler Gateway, use a secure FTP client to connect to the appliance.
- Copy the software from your computer to the /var/nsinstall directory on the appliance.
- Open a Secure Shell (SSH) client to open an SSH connection to the appliance.
- At a command prompt, type shell.
- At a command prompt, type cd /var/nsinstall to change to the nsinstall directory.
To view the contents of the directory, type ls. - To unpack the software, type tar xvzf build_X_XX.tgz, where build_X_XX.tgz is the name of the build to which you want to upgrade.
- To start the installation, at a command prompt, type ./installns.
- When the installation is complete, restart NetScaler Gateway.
- When the NetScaler Gateway restarts, at a command prompt type what or show version to verify successful installation.
NetScaler Gateway 10.1 Compatibility with Citrix Products
Citrix Endpoint Analysis Plugin Download
The following table provides the Citrix product names and versions with which NetScaler Gateway 10 is compatible.
Citrix Product | Release Version |
XenMobile App Edition | AppController 2.0, 2.5, 2.6 App Controller 2.8, 2.9 (Build 111000) |
Branch Repeater or CloudBridge | 5.5, 6.1, 6.2, and 7.0 |
NetScaler | 9.2, 9.3, 10.0 and 10.1.120.1316.e |
NetScaler VPX | 9.3, 10.1, and 10.1.120.1316.e |
Receiver Storefront | 1.3, 2.0, and 2.1 |
VDI-in-a-Box | 5.1 and 5.0.3 Note: Compatibility with VDI-in-a-Box, Version 5.0.3 supports the SOCKet Secure (SOCKS) protocol only. |
Web Interface | 4.5, 5.0.1, 5.1, 5.2, 5.3, and 5.4 |
XenApp | 4.5 (Windows Server 2003) 5.0 (Windows Server 2003 and Windows Server 2008) XenApp 5 Feature Pack 2 for Windows Server 2003 6.0 (Windows Server 2008) 6.5 for Windows Server 2008 R2 |
XenDesktop | 2.1, 3.0, 4.0, 5.0, 5.5, 5.6, 7.0, and 7.1 |
Supported Receivers and Plug-ins
Receiver or Plug-in | Release Version |
Receiver for Android | 3.0 |
Receiver for iOS | 5.5.x |
Receiver for Mac | 11.4, 11.5, and 11.8.1 |
Receiver for Windows | 1.2, 2.0, 2.1, 3.0, 3.1, 3.2, 4.0, and 4.1 |
Worx Home for iOS | 8.6.0.183 |
Worx Home for Android | 8.6 (229449) |
WorxMail for iOS | 1.3.2.51 |
WorxWeb for iOS | 1.3.74 |
WorxMail for Android | 1.3 (229385) |
WorxWeb for Android | 1.3 (229354) |
New Features in This Release
Citrix Access Gateway Plugin Download
This release of NetScaler Gateway includes support for the following:
Citrix Access Gateway Endpoint Analysis Download
- Advanced endpoint analysis that supports the creation of multiple profiles by using the configuration utility. Citrix recommends using the configuration utility and not the command line to configure advanced endpoint analysis profiles. For more information about advanced endpoint analysis scans, see Creating Advanced Endpoint Analysis Scans in Citrix eDocs.
- Device certificates
- Client certificate authentication for Mac OS X computers
- Kerberos Constrained Delegation
- NetScaler Gateway Plug-in for Mac OS X 10.9
- NetScaler Gateway Plug-in for Windows 8.1
- Proxy support for traffic policies
- Support for Internet Explorer 11
NetScaler Gateway Plug-in 3.0 supports the following:
- Mac OS X 10.9
- Client certificate authentication
- Device certificates
- Endpoint analysis scans
Known Issues in This Release
Citrix Access Gateway Endpoint Analysis Download Mac Os
- If a failover occurs in a high availability pair, when users refresh their web browser, single sign-on (SSO) fails and users receive a prompt to log on again.[From NG_10_1_120_1316_e][#406564]
- If users log on to Outlook Web App by using clientless access in a Firefox web browser, sending email fails.[From NG_10_1_120_1316_e][#418106]
- Users can use SSO to CIFS/SMB file shares in the internal network with NTLM authentication. Kerberos Constrained Delegation (KCD) authentication is not supported for SSO to CIFS/SMB file shares.[From NG_10_1_120_1316_e][#419570]
- If you configure client certificate authentication and device certificates on a virtual server, when users attempt to log on by using the NetScaler Gateway Plug-in for Mac OS X, the plug-in fails. Client certificates must be installed on in login.keychain. Device certificates must be installed in system.keychain.[From NG_10_1_120_1316_e][#423933]
- If you install certificates in the login and System keychains on a Mac OS X computer and you configure client certificate authentication and device certificates on NetScaler Gateway, when users log on with the NetScaler Gateway Plug-in, the certificate list contains both login and System keychain certificates. The System keychain certificate requires an administrator password to access the key, whereas the login keychain does not. Users who are not administrators cannot access the system keychain and logon to NetScaler Gateway fails.[From NG_10_1_120_1316_e][#423944]
- If the device certificate installed on NetScaler Gateway is in the Certificate Revocation List (CRL), when users attempt to log on with the revoked certificate, NetScaler Gateway accepts the certificate and allows users to log on.[From NG_10_1_120_1316_e][#424109]
- If you configure device certificates on NetScaler Gateway, when users log on for the first time with Mac OS X 10.9 (Mavericks), the Endpoint Analysis Plug-in for Mac OS X does not run the endpoint analysis scan. Users can log on again and the plug-in runs successfully.[From NG_10_1_120_1316_e][#424411]
- When users log on with NetScaler Gateway Plug-in for Mac OS X, the Safari web browser does not trust the Endpoint Analysis Plug-in. In Safari, users need to explicitly trust the Endpoint Analysis Plug-in.[From NG_10_1_120_1316_e][#424415]
- When users log on and receive the prompt from the Endpoint Analysis Plug-in to select a device certificate, if users wait for a length of time (one to five minutes) to select the certificate, the Endpoint Analysis Plug-in fails.[From NG_10_1_120_1316_e][#424453]
- If you configure device certificates in NetScaler Gateway, the NetScaler Gateway Plug-in for Windows must be installed. In addition, the NetScaler Gateway Plug-in and the Endpoint Analysis Plug-in must be the same version.[From NG_10_1_120_1316_e][#424853]
- If you configure device certificates on NetScaler Gateway, to allow the endpoint analysis scan to run with requiring the keychain administrator credentials, users need to explicitly provide access to the certificates key in the keychain by adding the Endpoint Analysis Plug-in to Accessible Apps in Key Access Control.[From NG_10_1_120_1316_e][#426579]
- If you configure NetScaler Gateway Advanced Endpoint Analysis or device certificates, when users log on with Safari, the Endpoint Analysis Plug-in page appears, even though the plug-in is installed on the user device. To allow the endpoint analysis scan to run, users must quit the web browser. When users open the web browser again, the scan runs and users can log on.[From NG_10_1_120_1316_e][#426666]
- If you create and bind multiple advanced endpoint analysis profiles and device certificates to a virtual server and the endpoint analysis scan runs successfully, if you later unbind endpoint analysis profiles, the scan does not run on the user device. This occurs if you use the invalid logical expressions OR and AND consecutively in the profile or scan.[From NG_10_1_120_1316_e][#427026]
- If users log on without administrator priviledges and installs the Endpoint Analysis Plug-in, users receive a prompt to restart the devices when the installation is finished. Users need to restart their device.[From NG_10_1_120_1316_e][#427335]
- If you configure a large number of advanced endpoint analysis scans (~17004 byte size scans), when users log on with the NetScaler Gateway Plug-in for Windows, the endpoint analysis scan fails.[From NG_10_1_120_1316_e][#428353]
- The NetScaler VPX virtual image does not contain the folders admin_ui, themes, vpn, epa in the /var/netscaler/gui folder. When you install the image, the following might occur:
- If you install a new instance of NetScaler VPX and then change the theme on the Client Experience tab in a session profile, the theme is not applied when users log on.
- If you set the default theme for the NetScaler Gateway logon page, the User name and password fields are occasionally interchanged and distorted. If you restart the web browser or clear the cache, the fields appear normally.
To resolve this issue, copy the file GuiCorrection.sh located in the directory /netscaler/ns_gui/epa/scripts/ path and copy the file to the directory /var/netscaler/gui. After you copy the file, in the NetScaler Gateway command-line interface, run the following commands from the shell:cd /var/netscaler/guish GuiCorrection.shNote: You must run this command from the folder to which you copied the file GuiCorrection.sh.The command copies all of the relevant files for the Green Bubble and Default themes.[From NG_10_1_120_1316_e][#428425, #429052, #429056, #429060] - When you create an advanced endpoint analysis scan by using Unicode or special characters in the name, you cannot bind the policy to a virtual server. Citrix recommends using policy names that do not contain Unicode or special characters.[From NG_10_1_120_1316_e][#428696, #428725]
- If users log on from a Windows 8.1 computer and Internet Explorer 11, the web browser redirects to the download plug-in page even though the plug-in is the same version installed on the device. Users can proceed by clicking the 'Run add on' prompt.[From NG_10_1_120_1316_e][#428973]