Category: XenMobile
Notes from the field: The Kerberos chronicles, the one with certificate-based authentication
If you’ve read my previous Kerberos chronicles blogs you see a trend with the Microsoft patches, hardening updates and with this one the upcoming strong mapping / full enforcement mode of certificate-based authentication. See the following article for explanation: KB5014754—Certificate-based authentication changes on Windows domain controllers – Microsoft Support This one is going to have…
Notes from the lab: Citrix XenMobile 10.15 upgrade fails
Regarding my own XenMobile deployment I had a 10.14 Rolling Patch environment 6 running and updated it to Rolling Patch 9 before the eventual upgrade to 10.15 base. This all is very easy to do and all the required information is presented at Release notes for Rolling Patches | XenMobile Server Current Release (citrix.com) regarding…
Notes from the field: Citrix XenMobile / CEM don’t touch that store name!
Just a quick shout out blog to stress the importance of the store name that XenMobile / CEM uses. This default store name is called “Store”. If you by any means have changed this store name to anything else, you might run in two issues depending on different scenarios. Scenario 1: Citrix XenMobile or CEM…
Notes from the field: Citrix Files / ShareFile MDX SSO not working
At my latest Citrix Endpoint Management customer there were some issues regarding Citrix Files / ShareFile not achieving an SSO throughout the MDX/MAM enabled applications. Everything outside the MDX/MAM application bubble would work just fine only when tunnelling through the internal only application this would fail. The setup was comprising of a dual IDP setup…
Notes from the field: Citrix CEM / XenMobile enabling Certificate Based Authentication (CBA) after enrollment
I think any consultant at some time encountered the scenario of username / password authentication being the only authentication on the Citrix Gateway setup of Citrix CEM / XenMobile. Afterwards advising the customer to use Certificate Based Authentication (CBA) and then also the sad news okay we need to reenroll all your devices for this…
Notes from the field: Citrix XenMobile / Endpoint Management Per App VPN not working for iOS
This was quite a nice one to troubleshoot, turns out there is a new configuration point for per app VPN and iOS devices, at least it was for me. If you follow the configuration at https://www.citrix.com/blogs/2016/04/19/per-app-vpn-with-xenmobile-and-citrix-vpn/#:~:text=With%20the%20iOS%20per%20app,applications%20installed%20on%20the%20device. you’ll end up with a config that won’t open up a VPN when accessing the browser. Solution for this…
Notes from the field: XenMobile Certificate Based Authentication lessons learned
Throughout the XenMobile deployments with Certificate Based Authentication(CBA) I came across some items which I thought was worth mentioning. 1. CBA up until Secure Mail 10.6.20 / Secure Hub 10.6.20 was requesting new certificates on SSL exceptions, in effect the exceptions were triggered on every SSL connection error that occurred and thus requesting a new…
Notes from the field: Be Proactive! Apple ATS is coming
For those who are not aware Apple has an upcoming change regarding App Transport Security (ATS) https://developer.apple.com/news/?id=12212016b The date it should be in effect was originally January 2017… but was pushed back for migration purposes, and the new date is yet a mystery. It will have impact! Be proactive and check your XenMobile / NetScaler…
Notes from the field: XenMobile Location services and SQL deadlocks
Came across a pretty specific issue in a large mobility environment regarding an old value from XenMobile 9 and still present in XenMobile 10, this is called device triangulation, with this the mobile service provider can triangulate the exact location from the device with constant updates regarding there location (this was an old value which…
Notes from the field: Quick win: XenMobile remove bulk redeemed enrollments
When you are using enrollment invitations and you don’t clean this up for let’s say an environment with a few thousand of users/devices this could be a time absorbing action to do. Luckily there is a quick win for this and you’ll want to create a query for “dbo.ENROLLMENT_PASS” on the Database server and remove…