XenMobile

What’s new in XenMobile Server 10.14

Continued support for the Classic policies deprecated from Citrix ADC

Citrix recently announced the deprecation of some Classic policy based features starting with Citrix ADC 12.0 build 56.20. The Citrix ADC deprecation notices have no impact to existing XenMobile Server integrations with Citrix Gateway. XenMobile Server continues to support the Classic policies and no action is needed.

XenMobile Migration Service

If you’re using XenMobile Server on-premises, our free XenMobile Migration Service can get you started with Endpoint Management. Migration from XenMobile Server to Citrix Endpoint Management doesn’t require you to re-enroll devices.

To start migration, contact your local Citrix salesperson or Citrix partner. See XenMobile Migration Service.

Deprecation announcements

For advanced notice of the Citrix XenMobile features that are being phased out, see Deprecation.

Before upgrading endpoints to iOS 14.5

Before upgrading any endpoint to iOS 14.5, Citrix recommends that you perform the following actions to mitigate app crashes:

  • Upgrade Citrix Secure Mail and Secure Web to 21.2.X or higher. See Upgrade MDX or enterprise apps.
  • If you use the MDX Toolkit, wrap all third-party iOS applications with MDX Toolkit 21.3.X or higher. Check the MDX Toolkit download page for the latest version.

Before you upgrade an on-premises Citrix ADC

Upgrading an on-premises Citrix ADC to certain versions can result in a single sign-on error. Single sign-on to Citrix Files or the ShareFile domain URL in a browser with the Company Employee Sign in option results in an error. The user is unable to sign in.

To work around this issue: If you haven’t already run the following command from the ADC CLI on Citrix Gateway, run it to enable global SSO:

`set vpn parameter SSO ON`
`bind vpn vs <vsName> -portalTheme X1`

For more information, see:

After you complete the workaround, users can authenticate to Citrix Files or the ShareFile domain URL using SSO in a browser with the Company Employee Sign-in option. [CXM-88400]

Before you upgrade to XenMobile 10.14 (on-premises)

Some systems requirements changed. For information, see System requirements and compatibility and XenMobile compatibility.

  1. If the virtual machine running the XenMobile Server to be upgraded has less than 8 GB of RAM, we recommend increasing the RAM to at least 8 GB.

  2. Update your Citrix License Server to 11.16 or later before updating to the latest version of XenMobile Server 10.14.

    The latest version of XenMobile requires Citrix License Server 11.16 (minimum version).

    Note:

    The Customer Success Services date (previously, Subscription Advantage date) in XenMobile 10.14 is September 15, 2021. The Customer Success Services date on your Citrix license must be later than this date.

    You can view the date next to the license in the License Server. If you connect the latest version of XenMobile to an older License Server environment, the connectivity check fails and you can’t configure the License Server.

    To renew the date on your license, download the latest license file from the Citrix Portal and upload the file to the Licensing Server. See Customer Success Services.

  3. For a clustered environment: iOS policy and app deployments to devices running iOS 11 and later have the following requirement. If Citrix Gateway is configured for SSL persistence, you must open port 80 on all XenMobile Server nodes.

  4. Recommendation: Before you install a XenMobile update, use the functionality in your VM to take a snapshot of your system. Also, back up your system configuration database. If you experience issues during an upgrade, complete backups enable you to recover.

To upgrade

With this release, XenMobile supports VMware ESXi 7.0. Ensure that you upgrade to 10.14 before installing or upgrading ESXi 7.0.

You can directly upgrade to XenMobile 10.14 from XenMobile 10.13.x or 10.12.x. To perform the upgrade, download the latest binary available: Go to https://www.citrix.com/downloads. Navigate to Citrix Endpoint Management (XenMobile) > XenMobile Server > Product Software > XenMobile Server 10. On the tile for the XenMobile Server software for your hypervisor, click Download File.

To upload the upgrade, use the Release Management page in the XenMobile console. See To upgrade using the Release Management page.

After you upgrade

If functionality involving outgoing connections stop working, and you haven’t changed your connections configuration, check the XenMobile Server log for errors such as the following: “Unable to connect to the VPP Server: Host name ‘192.0.2.0’ does not match the certificate subject provided by the peer”.

  • The certificate validation error means you must disable host name verification on the XenMobile Server.
  • By default, host name verification is enabled on outgoing connections except for the Microsoft PKI server.
  • If host name verification breaks your deployment, change the server property disable.hostname.verification to true. The default value of this property is false.

Platform support updates

  • iOS 15: XenMobile Server and Citrix Mobile productivity apps are compatible with iOS 15, but don’t currently support any new iOS 15 features.

  • Android 12: XenMobile Server supports Android 12. For information about how the deprecation of Google Device Administration APIs impacts devices running Android 10+, see Migrate from device administration to Android Enterprise. Also see this Citrix blog.

Device policies

  • We added two settings to all Android Enterprise enrollment modes to more closely align with Google settings and to simplify configuration.

    • Allow Bluetooth sharing: If unselected, users can’t establish outgoing Bluetooth sharing on their device.
    • Allow app uninstall: Allows users to uninstall apps from within the Managed Google Play Store.

    Also, we moved the Allow over-the-air upgrade setting from the Restrictions policy to the OS update policy.

    For more information about these changes, see Restrictions device policy and OS Update device policy.

  • The restriction settings for Android Enterprise have been reorganized for clarity. Sometimes, minor changes to setting names have been made. For more information about the reorganization, see Android Enterprise settings.

  • You can now automatically update managed apps on Android Enterprise devices. For more information, see Automatically update managed apps device policy.

  • You can configure a list of file types that can be uploaded using the Files device policy. The following file types can’t be uploaded even if you add them to this allow list:

    • .cab
    • .appx
    • .ipa
    • .apk
    • .xap
    • .mdx
    • .exe

    For more information, see Server properties

Device enrollment

  • You can now create different enrollment profiles for iOS and Android devices. XenMobile Server supports a number of enrollment profiles with different enrollment types. For more information, see Enrollment profiles.

  • Fully managed Android 11+ devices enroll in work profile on corporate-owned devices mode. The new mode further separates the personal and work profiles on a device. This change offers an organization greater control on the managed profile and offers users more privacy on their personal profile. For more information, see Android Enterprise and Server properties.

  • You can now specify more setup screens to skip when users set up iOS or macOS devices.

    • iOS
      • Restore completed: Prevents users from seeing whether a restore completes during setup. For iOS 14.0 and later.
      • Update completed: Prevents users from seeing whether a software update completes during setup. For iOS 14.0 and later.
    • macOS
      • Accessibility: Prevents the user from hearing Voice Over automatically. Only available if the device is connected to Ethernet. For macOS 11 and later.
      • Biometric: Prevents the user from setting up Touch ID and Face ID. For macOS 10.12.4 and later.
      • True Tone: Prevents users from setting up four-channel sensors to dynamically adjust the white balance of the display. For macOS 10.13.6 and later.
      • Apple Pay: Prevents users from setting up Apple Pay. If this setting is cleared, users must set up Touch ID and Apple ID. Ensure that the Apple ID and Biometric settings are cleared. For macOS 10.12.4 and later.
      • Screen Time: Prevents users from enabling Screen Time. For macOS 10.15 and later.

    For more information about configuring setup options, see Deploy devices through the Apple Deployment Program

Display update log files

A new option called Display update log file is available in the Logs command-line interface of the Troubleshooting Menu. This option allows you to see a list of the update log content, and increases the troubleshooting efficiency. For more information about the command-line interface tools, see Command-line interface options.

Error log file

When viewing logs at Troubleshooting and Support > Logs, you can now view a log that displays errors filtered from the debug log. For more information, see View log files in XenMobile.

Server properties

  • You can decide whether legacy Android apps are delivered to Android Enterprise apps by configuring the afw.allow.legacy.apps server property. For more information, see Server properties.

  • XenMobile Server now supports using port 2197 as an alternative to port 443. You use port 2197 to send and receive APNs notifications from api.push.apple.com. The port uses the HTTP/2-based APNs provider API. The default value of the server property apns.http2.alternate.port.enabled is false. To use port 2197, update the server property and then restart the server.

  • Password validation prevents users with weak passwords. When the property enable.password.strength.validation is set to true, you can’t create local users with weak passwords.

VPN virtual server list enhancement

If the VPN server name does not include _XM_XenMobileGetway, then the XenMobile Server selects the first available VPN virtual server on the list.

Support for Citrix Launcher

XenMobile Server supports Citrix Launcher on Android Enterprise devices. For more information see Launcher configuration device policy.

Color revamp for XenMobile Server

XenMobile Server is compliant with Citrix brand color updates.