Last Monday, we started getting multiple reports from MacBook users experiencing an issue with their Citrix Workspace app for Mac. At first the issue wasn’t very clear to use, because everybody reported it slightly different, but soon we noticed the common thread was the resolution. Affected users somehow got a very high resolution in their Citrix session, while their local screen resolution was normal. The Citrix session didn’t seem to adopt the local screen resolution.
I wasn’t able to reproduce the issue myself, so I contacted an affected user. He had done some analyses himself and discovered a curious phenomenon. If you would ran the Citrix Workspace App setup again all seemed to be fine. A Citrix session would adopt the local screen resolution upon connection. Soon as you rebooted the MacBook, the problem suddenly returned. Reinstalling the Citrix Workspace app again made the issue disappear.
We compared the Citrix Workspace App version we were both using and noticed a small difference. The affected user was running version 22.04.0.44, I was running 22.04.0.25. By the end of the day I upgraded my Citrix Workspace App to version 22.04.0.44 and rebooted my MacBook hoping I would also be able to reproduce the issue. And indeed I had the issue myself 🙂
An external software supplier wanted to make a new app available for a selected group of smartphones. We were asked if it would be possible to retrieve the smartphone from the XenMobile database. New smartphones added to the delivery group would be detected automatically. Since XenMobile has a REST API, this didn’t seem like a problem at first. We made the REST API available to our software supplier, after which they created a link between their backend and our On-Prem XenMobile environment based on the Citrix XenMobile REST API documentation
At first everything seemed to work perfectly and our software supplier thought they saw all our devices. After some time we noticed that there was a difference between the devices visible in the XenMobile console (Web GUI) and the devices that our software supplier saw through the REST API. Based on the query that was used in the REST API, we then did some testing ourselves using Postman, in the hope of uncovering the difference in devices.
Recently we added the Citrix Gateway connector for Exchange ActiveSync (formerly XenMobile NetScaler Connector) to a customer environment, with the intention of giving only known smartphones access to ActiveSync. The definition of known in this case, is a smartphone enrolled within Citrix Endpoint Management (formerly XenMobile). After some testing, we switched on “Blocking Mode” on the Gateway connector for Exchange ActiveSync and indeed all the ActiveSync traffic was nicely regulated. Only connections from device which existed in the Endpoint Management database were allowed access to ActiveSync. The check if a email client is allowed access is done based on the ActiveSync ID, which should be unique for every device.
Just to clarify, a short explanation how the Gateway connector for Exchange ActiveSync works. The Citrix Gateway connector for Exchange ActiveSync is connected to the Endpoint Management server(s) and periodically graps all ActiveSync ID’s. All the grapped ActiveSync ID’s are stored locally on the Gateway connector for Exchange server, in a .xml file. Depending you installation folder and provider name it’s stored on the Gateway connector for Exchange Server in : “%InstallFolder%\XenMobile NetScaler Connector\config\%ProviderName%.xml”
Depending your Endpoint Management ActiveSync Gateway configuration devices can be allowed or denied access based on several rules.
Recently I was asked to increase the security for a public reachable ActiveSync url. Although the customer was using Citrix Endpoint Management (XenMobile) and Citrix Secure Mail was available in their Enterprise AppStore, employees were also allowed to use their native “un-secure” mail client, which made use of a public reachable ActiveSync URL.
A big advantage they had, was that almost all mobile devices were already enrolled within Citrix Endpoint Management, so we knew which ActiveSync ID’s where legit and allowed to access ActiveSync.
Cause we were already making use of Citrix Endpoint Management, we decided to use the Citrix Gateway connector for Exchange ActiveSync (formerly XenMobile NetScaler Connector), to add an extra layer of security to the public reachable ActiveSync url.
Until recently I used to wrap all XenMobile applications using an Apple provisioning profile which used a wildcard App ID. This way only a single provisioning profile was required for all my XenMobile applications.
Last week at a new customer site I noticed something different with their new Apple iOS Developer Enterprise account, which was created somewhere last week. I started by creating a “In-House” Production iOS Certificate to sign the apps
During a recent implementation of XenMobile 10 Enterprise (build 10.0.0.62300) I created a ShareFile Administrator Account within the ShareFile control plane to be used for the XenMobile integration.While I was still doing some testing and configuring a simple, non complex password was used for the ShareFile Administrator account. Soon as everything was working correctly I logged in to the ShareFile Control Plane and updated the password used for the ShareFile Administrator account for a complex one. Well so far so good. Next step in the process would naturally be to update the ShareFile Administrator account within the XenMobile Server (XMS) settings.
I logged in to the XenMobile 10 console and went to Configure > Settings > More > ShareFile and finally clicked Sharefile. Almost immediately I was confronted with an Error message “Username or Password was incorrect”.
In order to integrate XenMobile with the Google Play Store, a Public App Store you will need to configure your Google Play Credentials. Beside the user name and password, you will also need to enter the Device ID (Configure > Settings > More > Server > Google Play Credentials)
I went ahead entering the account credentials and Device ID supplied by the customer. While trying to save the Google Play configuration an error message appears “The Google logon request used a user name or password that is not recognized”.
During the Citrix Summit 2015 in Las Vegas Citrix officially announced the next version of the XenMobile solution, called XenMobile 10. Monday 19 January finally came the long awaited Tech Preview XenMobile version available for Partners. This article will give you a clear view of all the steps required during Installing Xenmobile 10 which was released today!
Citrix XenMobile is delivered as a single appliance (combining MDM/MAM) which needs to be imported into your hypervisor. The appliance is available for XenServer, HyperV & VMware.
After the appliance is imported and powered on a first time wizard starts, guiding you through the setup. First you’ll need to configure an console Admin account, not to be confused with the web Administrator account. This account is only being used to access the appliance from the console:
Since the initial community release of SFGuru Explorer on 25-10-2014 we (Daniel Nikolic / Rink Spies) have been busy developing the application. Every time when we detect repeating, or labor intensive tasks within our ShareFile support team we try to improve the job by integrating an optimized task in SFGuru Explorer. Currently we have lots of ideas and beta versions which we need to do some further testing on, but before releasing these features we want to be 100% sure everything runs stable. While all the coding and testing needs to be done in our spare time it could take some time before we can release all new features.
Meanwhile we made some great improvements, which have been fully tested. Improvements of which we are proud of 🙂 We decided to add all the tested features to a interim release, which will be released as SFGuru Explorer version 1.2!
So lets’s start with the new features we added:
SFGuru Explorer stores its configuration in an encrypted .config file. While working on several ShareFile environments we had to constantly switch .config files, or change the login information to connect with the correct site. We added a multitenant option, which supports multiple .config files in the SFGuru Explorer folder. As Soon as the application detects multiple .config files on startup it will display a menu in which you can select the desired environment:
Citrix ShareFile Files can be hosted in the Citrix Managed cloud, or a Customer Managed Cloud. For a Customer Managed Cloud a StorageZone Controller needs to be placed within the boundaries of your own datacenter. Up to and including StorageZone Controller version 2.2, Citrix Sharefile stored all the files within one single folder. In very large environments this could lead to some challenges due to the large amount of files within one single folder. Some time ago I wrote a blog “Citrix ShareFile : Lessons learned in real life“, in which I discussed the maximum number of files supported by the storage array.
Up to and including StorageZone Controller 2.2 all zone files were stores in a single folder.
With this new release, according to the eDocs StorageZone Controller version 2.3 is able to handle more files per zone. Unfortunately the documentation about this new feature is limited. Let me start to explain how ShareFile accomplished this, how to enable and configure this new feature.
By default the feature to support more files per zone is switched off. To enable this new feature you need to update a registry key on all StorageZone Controllers in your zone.