Product Documentation

XenMobile Server 10.1 Fixed Issues

Oct 30, 2015

Compared to: XenMobile Server 10.

The following issues were fixed in XenMobile 10.1:

  • When you add a Generic PKI Entity (GPKI) with the client authentication type, the WSDL URL is not sent to the certificate server to carry out the authentication.


  • To remove Active Directory groups already configured in a delivery group, first search for the Active Directory groups and then clear the check boxes for the groups.


  • You can now configure Microsoft Certificate Authority using basic authentication.


  • You cannot add a single BlackBerry or Windows device in the XenMobile console.


  • You can now install VPN profiles on iOS devices.


  • When using the subject or SAN macro $user.distinguishedname, an extra CN= is no longer added to the name that is imported into the client certificate.


  • RBAC: admins with view-only rights now can only view. They can no longer see options not available to them.


  • Account creation fails on iOS when NetScaler Gateway is listening on non-default port.


  • In the XenMobile console in MDX policies under Authentication, the App Passcode or Online session required setting is now saved.


  • The SSO Account and VPN policy for iOS now works.


  • You can now publish custom-developed Android applications.

    [ #550111]

  • Special characters like $, @ and " are not recognized in passwords for the command-line interface (CLI) when installing XenMobile 10 and those assigned to certificates; the special character and all characters following it are ignored and log on fails. Subsequent to installation, the CLI password cannot be changed to include special characters.

    [#541997] [#542436]

  • On enrolled Windows Phone 8.1 devices, no managed apps appear in the software inventory list.


  • If you configure StoreFront Delivery Controller display name with a special character in the name, such as a period (.), users cannot subscribe to and open apps with XenApp through Worx Home. The error, "Cannot complete your request" appears. As a workaround, remove special characters from the name.


  • Automatic synchronization with ShareFile cloud does not occur at the set time each day. As a result, any users that the ShareFile administrator provisioned manually in the cloud since the last successful synchronization are not reconciled.


  • When you configure a Background network services app policy, the character space is limited for your list of FQDN and port of service addresses.


  • When XenMobile is installed on a hypervisor, the time on the XenMobile server may be off by several hours.


  • When an Active Directory user group name contains a dot (.), you cannot save the delivery group.


  • Enterprise apps, such as XenDesktop and XenApp apps, do not appear when users try to access them from the Worx Store through Worx Home when users enroll with an alternate User Principal Name (UPN).


  • If the list of Active Directory groups exceeds 255 characters, the list is truncated and user group memberships are not saved. As a consequence, users may not be able to enroll and delivery groups may not deploy.

    [#548762, #557918]

  • On an Android or iOS device running Citrix Receiver, in some cases, users cannot open StoreFront apps from Worx Home.


  • When you configure a VPN device policy in the XenMobile console with the Connection type of IPSec, you cannot configure a shared secret. In addition, if you set the Enable VPN on demand setting to ON, in the On Demand Domain Action list, you cannot specify an action.

    [#550560, #550844, #553296]

  • In the XenMobile console, when you configure an iOS Secure Actions Lock option, the Message and Phone Number fields allow strings longer than can be displayed properly on the device. In addition, if you click the Lock button, you receive an error message if the Message field contains a question mark character (?). Finally, after you configure the Message and Phone Number fields, and you configure another Lock command, the Message and Phone Number fields sometimes contain the previous configuration information.

    [#551200, #551201, #554811]

  • You cannot create and deploy an Exchange ActiveSync device policy when the port number follows the server address, such as


  • If you configure LDAP authentication, if the length of the user name and password exceeds 76 characters, when you request a CA certificate, an error occurs.


  • When configuring a PKI entity, if you use a distinguished name in the subject name of the certificate that you upload to XenMobile, the certificate name includes "CN" in the name, such as CN = CN=Admin, Joe.


  • When creating an enrollment confirmation template, if you configure a macro for the Recipient of ${device.imei} to return the device IMEI, the macro continually returns the IMEI of the users' first enrolled device and not the IMEI of the users' subsequent devices. The issue occurs when users have the same logon credentials for each enrolled device.


  • When you configure a new NetScaler Gateway instance, when you set the Logon Type to Domain only, you cannot set the Password Required setting to OFF.


  • The Samsung Restriction device policies for Allow Hardware Controls and Add Profiles under WiFi have no effect on devices.


  • You cannot wrap custom-developed .apk Android files. When trying to upload the .apk app to XenMobile, an invalid package type error occurs.


  • In the XenMobile console, the filter for Android for Work is missing from the Device Policies page.


  • In the XenMobile console, when you issue a lock on a device enrolled in Android for Work mode, you see an option to lock the device with a passcode.


  • When you re-enroll a device with a different user in Android for Work, the Google Directory Primary Email field is not updated with the new user information.


  • Pushing the Google Play app to an Android for Work device fails.


  • After deploying an Android for Work App Restrictions policy, the Devices tab in the XenMobile console is inaccessible. In addition, you are not able to edit the newly created policy.


  • You are able to upload an unapproved public app on the Android for Work platform.


  • When you select the deployment condition of Only when previous deployment has failed, after you deploy wrapped apps and the apps are installed on enrolled devices, when users access the Worx Store a subsequent time, the apps do not appear. The app icon no longer appears on the device springboard either.


  • In the XenMobile console, when you configure a Generic GPKI Entity, if you set the backend PKI adapter server without authentication, the GPKI does not connect to HTTPS ports. The following error appears: Could not locate the WSDL with the URL you provided. Check the WSDL URL and try again.


  • When Android for Work server settings are incorrect, you can enable Android for Work.


  • You are able to add a self-hosted Android for Work app to a delivery group as a required app.


  • In the XenMobile console, when you configure an iOS Secure Actions Lock option, the Phone Number field allows multiple plus signs (+) to be entered.


  • In the XenMobile console, when you save a Samsung KNOX device restriction policy, an error message appears.


  • When you save an Android for Work configuration without having first imported an Android for Work certificate, a configuration error occurs.


  • When you create an App uninstall device policy for Samsung KNOX and then deploy the policy to remove a particular app, the app is removed from the KNOX container and the icon is removed from the device springboard, but the app appears again after about 3 to 4 seconds.


  • When you configure an Android for Work Samsung Browser device policy, bookmark URLs are not validated.


  • In the XenMobile console, when you create a Samsung SAFE device restriction policy, an error message appears when you save the policy.