Citrix Secure Private Access

View PDF

Known issues

April 15, 2024

Contributed by:

C C

The following issues exist in release 2402.

Domain Controller configurations

The one-way or two-way trust with trust type as “Forest” between domains across different AD forests isn’t supported.

For example, if a.com and b.com domains are in two different AD forests, and SPA is installed on a machine where the domain is joined to a.com / b.com, then other domain users cannot access SPA published apps.
If the machine’s domain where Secure Private Access for on-premises is installed is different than the domain of the administrator logged in to Secure Private Access, then you must do the following:

Add a different domain service account as identity in the IIS Application pool for both the Secure Private Access admin and runtime service.
The alternate UPN suffix is not supported by Secure Private Access for Intranet (StoreFront) login and Internet/Extranet (gateway) app enumeration.
Distribution groups are not supported in Secure Private Access. Therefore, policies cannot search for distribution groups to add user and group conditions.
Secure Private Access does not capture the domain details in the admin console or service. Hence, it relies completely on the domain that the user provided. Therefore, if the corresponding domain is not accessible or if the domain name is not a valid name, then that domain is not supported.

NetScaler Gateway

The SSL virtual server with SSL profile configuration isn’t supported in the following scenario.

The customer is using NetScaler Gateway 13.1–48.47 and later or 14.1–4.42 and later.
The ns_vpn_enable_spa_onprem toggle is enabled.

Workaround:

Bind the SSL parameters configured in the SSL profile directly to the SSL virtual server or disable the ns_vpn_enable_spa_onprem toggle.

For details on the toggle, see Support for smart access tags.

RfWeb / Workspace for web

RfWeb / Workspace for web isn’t supported and hence the apps are not enumerated. For details, see When using StoreFront version 2311 or later.

Application icons

Only the ICO icon format is supported. The PNG, JPEG and other formats aren’t supported.

Application launch

Application launch fails if all of the following conditions are met:

Netscaler version 13.0.x, 13.1 prior to 13.1-48.47, 14.1 prior to 14.1–4.42 are used.
LDAP UPNs are configured with a different suffix than the actual domain.
LDAP UPN and sAMAccountName are different.

Upgrades

Upgrade of 2308 to 2402 and later is not supported.
If custom SSL certificate is used for the Secure Private Access admin service, the certificate must be bound again to the “Citrix Access Security Admin” site on Internet Information Service (IIS).

StoreFront

In Stores > Configure Unified Experience, the default receiver for Website must be configured to /Citrix/<StoreName>Web. In earlier versions of StoreFront, the default receiver for Website is set to a blank value and that does not work for Secure Private Access. Also, the earlier version of the Receiver UI is displayed on the client. For information on StoreFront configuration, see StoreFront.
If you are using the StoreFront versions 2308 or earlier, the Stores > Manage Delivery Controllers page displays the Secure Private Access plug-in type as XenMobile. This doesn’t impact the functionality.

Logging

Support bundle generation for the cluster isn’t supported.
The logs folders for admin and runtime services must not be deleted. Secure Private Access can’t recreate if these folders are deleted.

Admin console

While adding an app, if the app name contains a comma, a warning is displayed. However, the app is created.

Installer display in Uninstall or change a program page

When you upgrade Secure Private Access from 2311 to 2402 by using the ISO file, the Uninstall or change a program page ( Control Panel > Programs > Programs and Features) displays two entries for the Secure Private Access installer instead of replacing the initial entry.

Citrix Virtual Apps and Desktops 7 2402 LTSR
Citrix Virtual Apps and Desktops 7 2311 - Secure private access

You can uninstall the 2311 build installer by selecting Citrix Virtual Apps and Desktops 7 2311 - Secure private access.

Note:

This issue is not observed when the Secure Private Access 2311 standalone installer is upgraded using the 2402 standalone installer.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Known issues

April 15, 2024

Contributed by:

C C

April 15, 2024

Contributed by:

C C

Known issues

Domain Controller configurations

NetScaler Gateway

RfWeb / Workspace for web

Application icons

Application launch

Upgrades

StoreFront

Logging

Admin console

Installer display in Uninstall or change a program page

In this article