- What's new in XenMobile Server 10.8
- Fixed issues
- Known issues
- Architecture
- System requirements and compatibility
- Install and configure
- Certificates and authentication
- Upgrade
- User accounts, roles, and enrollment
-
Devices
- ActiveSync Gateway
- Android for Work
- Bulk enrollment of iOS and macOS devices
- Client properties
- Deploy iOS and macOS devices through Apple DEP
- Device enrollment limit
- Enroll devices
- Firebase Cloud Messaging
- Google Play credentials
- Integrate with Apple Education features
- Network Access Control
- Samsung KNOX
- Security actions
- Shared devices
- XenMobile Autodiscovery Service
-
Device policies
- Device policies by platform
- AirPlay mirroring device policy
- AirPrint device policy
- Android for Work app restriction policy
- Android for Work permissions
- APN device policy
- App access device policy
- App attributes device policy
- App configuration device policy
- App inventory device policy
- App lock device policy
- App network usage device policy
- Apps notifications device policy
- App restrictions device policy
- App tunneling device policy
- App uninstall device policy
- App uninstall restrictions device policy
- BitLocker device policy
- Browser device policy
- Calendar (CalDav) device policy
- Cellular device policy
- Connection manager device policy
- Connection scheduling device policy
- Contacts (CardDAV) device policy
- Control OS Updates device policy
- Copy Apps to Samsung Container device policy
- Credentials device policy
- Custom XML device policy
- Defender device policy
- Delete files and folders device policy
- Delete registry keys and values device policy
- Device Health Attestation device policy
- Device name device policy
- Education Configuration device policy
- Enterprise Hub device policy
- Exchange device policy
- Files device policy
- FileVault device policy
- Font device policy
- Home screen layout device policy
- Import iOS & macOS Profile device policy
- Kiosk device policy for Samsung SAFE
- Launcher configuration device policy for Android
- LDAP device policy
- Location device policy
- Mail device policy
- Managed domains device policy
- MDM options device policy
- Organization information device policy
- Passcode device policy
- Personal hotspot device policy
- Profile Removal device policy
- Provisioning profile device policy
- Provisioning profile removal device policy
- Proxy device policy
- Registry device policy
- Remote support device policy
- Restrictions device policy
- Roaming device policy
- Samsung MDM license key device policy
- Samsung SAFE firewall device policy
- SCEP device policy
- Siri and dictation policies
- SSO account device policy
- Storage encryption device policy
- Store device policy
- Subscribed calendars device policy
- Terms and conditions device policy
- VPN device policy
- Wallpaper device policy
- Web content filter device policy
- Webclip device policy
- WiFi device policy
- Windows CE certificate device policy
- Windows Information Protection device policy
- XenMobile options device policy
- XenMobile uninstall device policy
- Add apps
- Add media
- Deploy resources
- Automated actions
- Monitor and support
- REST APIs
- XenMobile Mail Manager 10.x
- XenMobile NetScaler Connector
-
Advanced Concepts
- On-premises XenMobile interaction with Active Directory
-
XenMobile Deployment
- Management Modes
- Device Requirements
- Security and User Experience
- Apps
- User Communities
- Email Strategy
- XenMobile Integration
- Multi-Site Requirements
- Integrating with NetScaler Gateway and NetScaler
- SSO and Proxy Considerations for MDX Apps
- Authentication
- Reference Architecture for On-Premises Deployments
- Server Properties
- Device and App Policies
- User Enrollment Options
- Tuning XenMobile Operations
- App Provisioning and Deprovisioning
- Dashboard-Based Operations
- Role-Based Access Control and XenMobile Support
- Systems Monitoring
- Disaster Recovery
- Citrix Support Process
- Sending group enrollment invitations in XenMobile
- Configuring an on-premises Device Health Attestation server
- Configuring certificate-based authentication with EWS for Secure Mail push notifications
Fixed issues
XenMobile 10.8 includes the following fixed issues.
For fixed issues related to XenMobile Apps, see Fixed issues.
When you upload an .ipa enterprise app to XenMobile Server, occasionally the upload fails. The following error message appears: Uploaded mobile app is invalid. Application icon was not found. [662026][CXM-43032]
After an upgrade to XenMobile Server version 10.5 or later: Device enrollment fails and the “Could not sign CSR” error message appears in the debug log of setups using Generic PKI (GPKI). This issue occurs because the GPKI protocol fails to retrieve a signed user certificate. [690361]
iOS users can’t update Citrix Receiver to version 7.2.3. When you click Check for Update, the message “The app is up-to-date with the latest version” appears even when you have an older version. [691529, CXM-38114]
When you left-click Secure Mail or Citrix Secure Web for Android in the Configure > Apps list and then click Show more, the following error might appear: “A configuration error occurred. Please try again.” In the App rating section, the Android tab is blank. [692848]
When you upload an SSL listener certificate in XenMobile Server, the error “Could not import the certificate” appears. [692965]
When you enroll iOS devices on XenMobile Server, enrollment fails intermittently, and the error “Could Not Connect” appears. [693175]
Uploading some APK files to the XenMobile console might fail with a “500 Internal Server Error.” [693978, CXM-40333]
Security actions don’t perform on a node that is already initialized for a given push if the notification is sent from another node. [695573, CXM-40418]
On Android devices, managed apps do not appear during XenMobile Server API calls. [695647]
The report that you can export from Manage > Devices has two columns labeled “ASM DEP device Type.” [695366, 695895]
If a VPN Connection name has a space, or other non-alphanumeric characters, XenMobile doesn’t deploy the policy to devices. [CXM-32538]
After a user removes a book from the iBook app, the book doesn’t reinstall automatically. To download the book again, press the download icon within iBooks. [CXM-34281]
If you send the Enable Lost Mode security action to a supervised iOS device without Secure Hub, the Locate button doesn’t appear on the device. [CXM-36106]
The Full Wipe security action fails on enrolled devices running macOS High Sierra (10.13 beta3) with the Apple File System (APFS). [CXM-36397]
On the Manage > Devices > Apps page, the inventory shows an incorrect version number for Boeing Toolbox Mobile Library. [CXM-37514]
On the Manage > Devices > Properties page: The Passcode compliant property is set to Yes for Samsung devices that don’t meet the Passcode policy requirements. [CXM-37948]
For MDM-enrolled iOS 11 devices, when you deploy XenMobile in a cluster setup in MDM or MDM+MAM mode, MDM commands may fail. As a result, the following issues might occur:
- You might not be able to push MDM policies or deploy apps
- You might not be able to carry out security actions, such as lock or wipe, on iOS 11 devices.
- On user devices, the following issues might occur:
- Apps keep trying to install
- VPN or WiFi configurations fail to install
- Security actions, such as Lock, occur repeatedly.
For more details and required action, see this Citrix Knowledge Center article. https://support.citrix.com/article/CTX227406. [CXM-38331]
If an RBAC role doesn’t have access to the App Wipe and App Lock actions: A user with that role and logged into the Self Help Portal can perform the App Wipe and App Lock actions. [CXM-38348]
Local and Active Directory users with the RBAC permission “ADD/EDIT/DELETE local users and groups” can also delete admin accounts. When those users are logged in to the XenMobile Console, the Manage > Users page includes Edit and Delete buttons for admin accounts. [CXM-38350]
A scheduled database cleanup fails due to many transaction logs exceeding disk space limits. [CXM-38439]
If the trigger for an automated action is based on a null value for a device property, the action is performed for that device. For example, if an action is set to wipe a device if the platform is not iOS, the action wipes iOS devices. [CXM-38470]
For administrators who have only the PKI Entities and Credential Providers roles in RBAC: The administrator gets logged out of the XenMobile console while adding a PKI Entity or Credential Provider. To work around this issue, add the Certificates permission to the RBAC role of the administrator. [CXM-38713]
When you configure Mobile Service Provider (MSP) on XenMobile Server over a secure connection such as https://services/zdmservice, the connection fails and the following error appears: “An error occurred when verifying security for the message.” [CXM-39048]
In Configure > Device Policies > App Lock Policy: After you type the policy name and go to the iOS page, bundle IDs don’t appear in the App bundle ID menu. After you toggle between Android and iOS, the app bundle IDs appear. [CXM-39302]
When you import a renewed SSL Listener certificate into XenMobile, the “Could not import the certificate” message appears. After you restart XenMobile Server, the Certificates page and the XenMobile database continue to reference the old certificate. However, the new certificate is shown in a web browser. [CXM-39409]
If an action marks enrolled devices as Out of Compliance when they don’t have Secure Hub installed: Devices with Secure Hub are also marked as Out of Compliance. This fix applies to actions that have the following pattern. Trigger: If Installed app name Is Not / Does Not contain <App Name>. Action: Perform <Action> after a delay of <5 to 10> minutes. [CXM-39410]
A License Server issue causes clustered XenMobile Servers to restart after an administrator logs in to the XenMobile Server console. [CXM-39411]
The number of XenMobile licenses shown on the Settings > Licenses page includes only the recently installed perpetual licenses and not the annual licenses. [CXM-39412]
When you left-click Secure Mail or Secure Web for Android in the Configure > Apps list and then click Show more, the following error may appear: “A configuration error occurred. Please try again”. In the App rating section, the Android tab is blank. [CXM-40334]
The report that you can export from Manage > Devices has two columns labeled “ASM DEP device Type”. [CXM-40872]
RBAC administrators cannot see managed devices from the XenMobile Server console. A 500 server internal error occurs. [CXM-41147]
The XenMobile store shows “Remote Office XA%3D%3DTools” instead of “Remote Office\Tools” as the App Description for XenApp and XenDesktop Apps. [CXM-41575]
During a download of a Secure Hub APK file to the XenMobile console, the following error occurs: 500 Server Internal Error. [CXM-41855]
When configuring an App Configuration device policy for iOS: If the dictionary content includes the “&” delimiter, the XML code doesn’t work on devices. The XML validation error in the log is: The reference to entity “name” must end with the ‘;’ delimiter.’ [CXM-41883]
The number of pending selective wipes displayed on the dashboard does not match the number displayed on the Analyze tab. [CXM-42020]
NAC actions written to console log files result in large files. [CXM-42071]
When you switch to Microsoft Java Database Connectivity (JDBC) driver with Windows authentication, the XenMobile Server database connectivity check fails. [CXM-42271]
An issue with a ps utility causes XenMobile Server nodes to reboot. [CXM-42305]
When you upgrade from XenMobile Server 10.6 to XenMobile Server 10.7, devices registered in MAM-only mode might fail to download MDX apps. [CXM-42345]
In certain versioning scenarios, the check for app updates feature does not function properly. [CXM-42388]
For a Restrictions device policy for Samsung SAFE: The Browser, YouTube, and Google Play/Marketplace options are deprecated. Use the Disable Applications option to enable or disable those features. [CXM-43043]
When XenMobile Server upgrades to 10.7 RP 1 or RP 2: Device enrollment stops until you add the server property ios.ssl.proxy.disable and restart all clustered XenMobile Servers. [CXM-43419, CXM-44293]
In an environment configured for Android for Work: After you enroll a device and then add an app, the app doesn’t appear in Google Play on the device. If you unenroll and then re-enroll the enterprise, and then add apps, Google Play might not show any apps. [CXM-43424]
The default number of backup archives included in support bundles results in very large files. [CXM-43598]
Enrollment fails, with this log message: com.zenprise.zdm.enroll.EnrollmentException: com.hazelcast.core.OperationTimeoutException: QueryPartitionOperation invocation failed to complete due to operation-heartbeat-timeout. [CXM-43779]
On Android devices with Tunnel and Webclip device policies: Secure Hub hangs after you open a web clip and then go back several times in the browser. [CXM-43812]
After the Control OS Updates device policy deploys to iOS devices: The ActiveSync IDs in XenMobile don’t match the device ActiveSync IDs. As a result, users can’t access email. [CXM-43958]
Using the XenMobile console to search for a user or device is slow. [CXM-44120]
After upgrading clustered XenMobile Servers to 10.7 RP2, enrollment fails with a timeout exception. [CXM-45669]
Network Access Control (NAC) actions written to console log files result in large files. [XMHELP-817]
The database table, .EWDEPLOY_HISTO, is not cleaned up periodically, resulting in a large table size. [XMHELP-827]