Package name: xms_10.4.0.10040.bin

For: XenMobile Server 10.4.0

Deployment type: On-premises only

Replaces: xms_10.4.0.10020.bin, xms_10.4.0.10034.bin

Date: January, 2017

Languages supported: English (US)

Readme version: 1.01

Note: This hotfix is no longer available for public download. Citrix plans to include the fixes in an upcoming release.

Readme Revision History

Version Date Change Description 1.01 February, 2017 Added withdrawal notice and known issue #CXM-22991 1.00 January, 2017 Initial release

Important Notes about This Update

As a best practice, Citrix recommends that you install this and other updates only if you are affected by the specific issues they resolve.

Important Disclaimer - Limited Release Update

If the Download link is not available on this page and you wish to obtain this limited distribution release, visit our support site at http://www.citrix.com/support and open a support case using your Citrix account credentials, or contact your reseller at http://www.citrix.com/partners/locator.

Testing of this release was targeted only at the affected functionality, and regression testing was minimal. Introduce this release to a test environment for evaluation before deploying it to a production environment.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, CITRIX AND ITS SUPPLIERS MAKE AND YOU RECEIVE NO WARRANTIES OR CONDITIONS, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND CITRIX AND ITS SUPPLIERS SPECIFICALLY DISCLAIM WITH RESPECT TO THE UPDATE ANY CONDITIONS OF QUALITY, AVAILABILITY, RELIABILITY, SECURITY, LACK OF VIRUSES, BUGS OR ERRORS, OR SUPPORT AND ANY IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE. TO THE EXTENT PERMITTED BY APPLICABLE LAW, NEITHER CITRIX, NOR ITS SUPPLIERS SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, MULTIPLE, PUNITIVE OR OTHER DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF DATA, LOSS OF INCOME, LOSS OF OPPORTUNITY, LOST PROFITS, COSTS OF RECOVERY OR ANY OTHER DAMAGES), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, AND WHETHER OR NOT FOR BREACH OF CONTRACT, NEGLIGENCE OR OTHERWISE, AND WHETHER OR NOT CITRIX, ITS SUPPLIERS, OR LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Where to Find Documentation

This document describes the issue(s) resolved by this release and includes installation instructions. For additional product information, see XenMobile Server 10.4 on the Citrix Product Documentation site.

Known Issue(s) in this Release

Occasionally, the CPU consumption and memory usage of XenMobile deployment might be very high and can cause the XenMobile console to become slow or unresponsive. [From xms_10.4.0.10040.bin][#CXM-22991]

New Fixes in This Update

Apple requires App Transport Security (ATS) for all apps submitted to thes Apple App Store. ATS uses Transport Layer Security (TLS) protocol version 1.2, which is now the required server protocol for Secure Hub for iOS. [From xms_10.4.0.10040.bin][#CXM-21003] Delivery groups might show a pending deployment status even though the apps associated with the devices in those delivery groups are successfully installed. [From xms_10.4.0.10040.bin][#654162] When you add the Skype for Business public app on XenMobile Console, the icon might not appear. However, you can search and add the app on the console and the app can be installed on the device. [From xms_10.4.0.10040.bin][#668341]

Fixes From Replaced Releases

App update prompts do not appear in the XenMobile store or when a XenMobile app update is available in the iOS App Store or the Google Play Store after a user opens the app. [From xms_10.4.0.10034.bin][#CXM-19927] If the Global Catalog TCP port field is left blank during LDAP configuration on XenMobile Server, an error message appears: "Enter a port number between 1 and 65535". [From xms_10.4.0.10034.bin][#658150] Users from a RBAC assigned group might see enrolled devices from other domains. This issue occurs when two RBAC roles have the same name for RBAC assigned groups taken from different domains. [From xms_10.4.0.10034.bin][#661360] Certain nodes in a cluster might not respond to some HTTP requests. [From xms_10.4.0.10034.bin][#666036] Launching the Managed Devices page on the XenMobile console might be very slow for RBAC users. [From xms_10.4.0.10034.bin][#666041] In clustered XenMobile deployments managed by Hazelcast, a node in the cluster might intermittently fail to appear in the Hazelcast member list. [From xms_10.4.0.10034.bin][#657995, #CXM-16537] When you attempt to enroll iPhone 6 and iPhone 6 Plus devices into a XenMobile server by using enrollment invitations with IMEI binding, the first profile installs successfully but the second profile installation fails with the following error message: "Profile Installation Fails. A connection to the server could not be established." The enrollment of iPhone 6 and iPhone 6 Plus devices fails. [From xms_10.4.0.10020.bin][#606162] Occasionally, when users reenroll an Android device, a selective wipe occurs unexpectedly. [From xms_10.4.0.10020.bin][#640072] With Site Aggregation enabled in StoreFront, HDX app delivery might fail. As a result, the application icons might not populate and the following error message appears when you click on the apps: "Failed to get application detail. Please try again later." [From xms_10.4.0.10020.bin][#658058] When adding lengthy text and screen shots to an application description, the cursor might not be positioned correctly in that particular description of the application in Worx Store. [From xms_10.4.0.10020.bin] [#660195] When sending an enrollment invitation with the enrollment URL and PIN in one template by using macros through email, either the PIN or URL does not appear. [From xms_10.4.0.10020.bin][#661251] When navigating to the second page under "CA Certificates" in the "Generic PKI Entity" page, the certificates of the first page are displayed instead of those of the second page. [From xms_10.4.0.10020.bin][#661680] Attempts to upload certain .ipa files to the XenMobile server might fail with the following error message: "Uploaded mobile app is invalid. Application icon was not found." [From xms_10.4.0.10020.bin][#662026] After upgrading to XenMobile Server 10.4: If you attempt to open a ShareFile tab, the page might not load and the information does not appear.

If you attempt to add or edit a Delivery Group, the following error message might appear:

"500 Internal Server error" [From xms_10.4.0.10020.bin][#663344, #663788] After upgrading to XenMobile Server 10.4, attempts to access the “Delivery Group Assignments” section of any policy, app, or action might result in the following error message: "500 Internal Server error" [From xms_10.4.0.10020.bin][#664519] After configuring the Device Enrollment Program settings under iOS Bulk Enrollment, the Delivery Group resource might not be created as expected. The following error appears: "Resources bag (container) with name 'Worx Home by Citrix' doesn't exist." [From xms_10.4.0.10020.bin][#667122] The macro resolution for "SEND_LDAP_ATTRIBUTES" might fail when "sAMAccountName" is different from the UPN username. As a result, automatic enrollment in Secure Mail might fail. [From xms_10.4.0.10020.bin][#667737] This patch contains a defense-in-depth measure for CVE-2016-5195, aka Linux Dirty Cow. [From xms_10.4.0.10020.bin][#668029]

Installing This Update

Important: Before installing this update, take a snapshot of the current settings and create a backup of the database.

For installation instructions, see Upgrading XenMobile on the Citrix Product Documentation site.

Note: After applying this patch, XenMobile requires a restart and you must use the command line to reboot the XenMobile server.

Important: If your system is configured in cluster mode, follow these steps to update each node:

Shut down all but one node. Update that node Confirm that the service is running before updating the next node.

If for some reason the update cannot be completed successfully, an error message appears indicating the problem. The system reverts to its state prior to the update attempt.

To verify the patch deployment

After installing this patch, log on to the XenMobile console as an administrator, then navigate to Settings page > Release Management > Updates. Information about the most recent successful patch installation appears in this section.