Maintenance build package name: build-10.1-128.8_nc.tgz
For: NetScaler Gateway 10.1, Build 128.8
Replaces: None
Date: July, 2014
Languages supported: English (US)
Readme version: 1.10

Where to Find Documentation

This document describes the issues solved, new features, and known issues in this build and includes installation instructions.

The latest version of the product documentation is available from Citrix eDocs at http://edocs.citrix.com.

Installing This Maintenance Build

The latest version of the NetScaler Gateway software can be downloaded from the Citrix web site.


To download the NetScaler Gateway software from the Citrix web site

  1. Go to the Citrix Web site, click My Account, and then log on.

  2. At the top of the web page, click Downloads.

  3. Under Find Downloads, select NetScaler Gateway.

  4. In Select Download Type, select Product Software and then click Find.

  5. On the NetScaler Gateway page, click NetScaler Gateway 10.1.

  6. Select the software and then click Download.

When the software is downloaded to your computer, you can install the software by using the Upgrade Wizard in the Configuration Utility or the command-line interface.


To install the maintenance build by using the Upgrade Wizard

  1. In the configuration utility, in the left pane, click System.

  2. In the right pane, click Upgrade Wizard.

  3. Click Next and then follow the directions in the wizard.


To install this maintenance build by using the command-line interface

  1. To upload the software to the NetScaler Gateway, use a secure FTP client to connect to the appliance.

  2. Copy the software from your computer to the /var/nsinstall directory on the appliance.

  3. Open a Secure Shell (SSH) client to open an SSH connection to the appliance.

  4. At a command prompt, type shell.

  5. At a command prompt, type cd /var/nsinstall to change to the nsinstall directory.
    To view the contents of the directory, type ls.

  6. To unpack the software, type tar –xvzf build_X_XX.tgz, where build_X_XX.tgz is the name of the build to which you want to upgrade.

  7. To start the installation, at a command prompt, type ./installns.

  8. When the installation is complete, restart NetScaler Gateway.

  9. When the NetScaler Gateway restarts, at a command prompt type what or show version to verify successful installation.

NetScaler Gateway 10.1 Compatibility with Citrix Products

The following table provides the Citrix product names and versions with which NetScaler Gateway 10.1 is compatible.

Citrix Product Release Version Notes
Branch Repeater or CloudBridge 5.5, 6.1, 6.2, and 7.0  
NetScaler 9.2, 9.3, 10.0  
NetScaler Platforms MPX 5550, MPX 7500, MPX 10500, Xen VPX  
NetScaler VPX 9.1, 9.2, 9.3, 10.1, and 10.1.120.1316.e  
Receiver Storefront 1.2 and 2.1  
VDI-in-a-Box 5.2, 5.3, and 5.4  
Web Interface 4.5, 5.0.1, 5.1, 5.2, 5.3, and 5.4  
XenApp 6.5 for Windows Server 2008 R2  
XenDesktop 7.0, and 7.1  
XenMobile 8.6 and 8.7 NetScaler Gateway 10.1 enhancement builds, starting with Build 120.1316.e, support XenMobile 8.6.
Install NetScaler Gateway 10.1, Build 124.1308.e for XenMobile 8.7.
Note: If you are running XenMobile 8.7 with Build 120.1316.e without experiencing problems, upgrading to Build 124.1308.e is not required.

Supported Receivers and Plug-ins

Receiver or Plug-in Release Version NetScaler Gateway Version
NetScaler Gateway Plug-in for Mac OS X   Supports Mac OS X 10.8 (Mountain Lion) on 10.1, Build 120.1316.e
NetScaler Gateway Plug-in for Windows   Supports Windows 8.1 starting with enhancement build 10.1, Build 120.1316.e.
Supports Windows 8.1 starting with maintenance build 10.1, Build 123.11.
Receiver for Android 3.4.x Support starts with maintenance build 10.1, Build 69.6.
Receiver for iOS 5.8.x Support starts with maintenance build 10.1, Build 69.6.
Receiver for Mac 11.8 Support starts with maintenance build 10.1, Build 69.6.
Receiver for Windows 4.0, and 4.1 Support starts with maintenance build 10.1, Build 69.6.
Worx Home for iOS 8.5 and 8.6 Versions 8.5 and 8.6 are supported starting with enhancement build 10.1, Build 120.1316.e
Worx Home for Android 8.5 and 8.6 Versions 8.5 and 8.6 are supported starting with enhancement build 10.1, Build 120.1316.e
WorxMail for iOS 1.3.3-16 Supported starting with enhancement build 10.1, Build 120.1316.e
WorxWeb for iOS 1.3.1-3 Supported starting with enhancement build 10.1, Build 120.1316.e
WorxMail for Android 1.3.13-233936 Supported starting with enhancement build 10.1, Build 120.1316.e
WorxWeb for Android 1.3.3-234245 Supported starting with enhancement build 10.1, Build 120.1316.e

New Features from Previously Released Maintenance Builds

Fixed Issues in This Release

  1. If you configure load balancing virtual servers and the Secure Ticket Authority (STA) with the same fully qualified domain name (FQDN), attempts to bind the STA to the NetScaler Gateway virtual server fail.

    [From NG_10_1_128_8][#374296]

  2. When users log on with clientless access and then open the Access Interface, the order of files that appear in Personal File Shares differs from the order of files on the file share server.

    [From NG_10_1_128_8][#461225]

  3. When users upgrade the NetScaler Gateway Plug-in from Version 10.1.122.17 or later to the latest Version 10.1 Maintenance Release on a computer that includes an installation of Citrix Receiver, the automatic upgrade fails.

    [From NG_10_1_128_8][#461279]

  4. If you bind SAML and LDAP authentication polices to the virtual server for two-factor authentication, after authenticating with SAML, which is primary authentication type, the LDAP user name populates automatically. If the first logon attempt to LDAP fails, user names are case-sensitive and must be entered again exactly as it appears after SAML authentication. For example, if the user name is populated as JohnDoe@xyzz.com and the user types johndoe@xyzz.com during the subsequent attempt, log on fails.

    [From NG_10_1_128_8][#463871]

  5. If the Domain Name Server (DNS) configuration is not available, users receive an "Internal error 500" message after successfully logging on to Netscaler Gateway.

    [From NG_10_1_128_8][#464956]

  6. Attempts to connect to the NetScaler Gateway from a Windows-based computer fails with the error 1008 when Transport Security Layer (TLS) block ciphers are configured and TLS 1.2 is enabled on NetScaler Gateway.

    [From NG_10_1_128_8][#468145]

  7. If you disable authentication on NetScaler Gateway, endpoint analysis scan can occasionally be bypassed.

    [From NG_10_1_128_8][#470059]

  8. On a multi-core appliance, if session propagation to one core fails, NetScaler Gateway fails.

    [From NG_10_1_128_8][#485042]

Known Issues in This Release

  1. The running configuration does not include group extraction policies bound to the NetScaler Gateway virtual server.

    [From NG_10_1_127.10][#368229]

  2. To configure two-factor authentication with SAML authentication, you must configure the secondary authentication policy in the primary cascade.

    [From NG_10_1_127.10][#397625]

  3. If you configure Group Extraction, you cannot bind an LDAP authentication configuration to the virtual server. However, if an LDAP authentication policy was bound to the virtual server before configuring Group Extraction, you can enable authentication on the virtual server.

    [From NG_10_1_127.10][#400171]

  4. If you configure ICA proxy and users connect with Receiver through NetScaler Gateway, the Auto Client Reconnect setting does not work if session reliability is disabled in XenApp.

    [From NG_10_1_127.10][#450544]

  5. Installing and uninstalling the NetScaler Gateway Plug-in can take a long time. This is due to multiple entries of the Citrix Virtual Adapter in the registry.

    [From NG_10_1_126.12][#398693]

  6. When you use the Set Up NetScaler for XenApp/XenDesktop wizard in NetScaler, apply optimization settings, and bind the cache policy globally, when users log on with the NetScaler Gateway Plug-in and open Citrix Receiver, the applications and desktops do not appear. The following message appears: There are no apps or desktops assigned to you at this time. Citrix recommends disabling the optimization settings.

    [From NG_10_1_126.12][#411152]

  7. When users connect, NetScaler Gateway checks if the SSL connection is free while waiting for the OCSP response. If the flag is marked as delayed free, NetScaler Gateway fails.

    [From NG_10_1_126.12][#464063]

  8. If you configure Encrypt or Opaque in Clientless access URL encoding, when users log on by using clientless access and try to upload or download a document to the home page, the upload or download fails.

    [From NG_10_1_122.11][#399449]

  9. When users log on with the NetScaler Gateway Plug-in, if any available additional network adapters are enabled or disabled on the users’ computer, the connection disconnects and reconnects when the network adapter status changes. This can cause applications, such as GoToMeeting and Outlook, to disconnect and reconnect.

    [From NG_10_1_121.11][#370673]

  10. If you configure a NetScaler Gateway virtual server, enable ICA proxy and enable the Use Source IP (USIP) mode globally, when users connect and use StoreFront to open an application, NetScaler Gateway uses the client IP address as the source IP address when contacting the STA server and the application fails to open. If you disable USIP mode, the same behavior occurs unless you restart the NetScaler Gateway appliance. To avoid the issue, you need to configure a service on NetScaler for the STA server and disable USIP on that service.

    [From NG_10_1_120.13][#411851]

  11. When you configure SAML authentication and you use Unicode characters in the default authentication group name, after you save the policy, the Unicode characters display as garbled code.

    [From NG_10_1_120.13][#383853]

  12. When users log on by using clientless access with a user name that contains Russian (RU) characters, and then click the Email tab to open Outlook Web Access 2010, single sign-on (SSO) fails. If users then enter their user name and password, they can open Outlook Web Access successfully.

    [From NG_10_1_120.13][#385825]

  13. When you configure a load balancing virtual server, if you configure the Web Interface Address as the FQDN of the load balancing virtual server, when users log on, a server error occurs. To resolve the error, use the IPv6 address of the load balancing server instead of the domain name."

    [From NG_10_1_120.13][#397150]

  14. In a high availability configuration, when you enable ICA proxy, if failover occurs, intermittently connections to applications through XenApp or desktops with XenDesktop do not reconnect or the applications or desktops may freeze. Users can restart their applications.

    [From NG_10_1_119.7][#399367]

  15. If you apply the Citrix Receiver theme to the NetScaler Gateway logon page, the layout appears garbled on computers running Windows XP Service Pack 3 with Internet Explorer 7 browsers.

    [From NG_10_1_112][#346729]

  16. On an ncore appliances, when users attempt to access the subnet IP address through the VPN tunnel over HTTP, a 401 Access Denied error message appears. Connecting to the subnet IP address works if users make the attempt by using HTTPS.

    [From NG_10_1_112][#373991]

  17. If you configure an intranet IP address, when users log on by using clientless access and then open SharePoint 2007, when they try to open a folder with Windows Explorer, a blank page appears.

    [From NG_10_1_112][#376303]

  18. If you configure the appliance with NetScaler Gateway and Application Firewall, logon attempts by unauthorized users appear in the logs. When an authorized user logs on and then attempts to access a network resource to which users are explicitly denied, the access attempt does not appear in the logs and users receive a 403 error.

    [From NG_10_1_112][#374890]

  19. When you create a tertiary authentication policy and bind the policy to a virtual server, you cannot unbind the policy.

    [From NG_10_1_112][#383792]

  20. If you configure NetScaler Gateway as a high availability pair and if there is a failover from the primary to the secondary appliance, the ICA connection to published apps that are already open on the user device is reestablished. If users attempt to open more applications from the Web Interface, the applications fail to open and user receive an error message.

    [From NG_10_1_112][#384998]

  21. If you have configured a proxy server and you configure NetScaler Gateway to route traffic through the proxy server, when users log off from a clientless access session, a 403 error occurs.

    [From NG_10_1_112][#385318]

  22. When you configure a preauthentication endpoint analysis policy, and you configure a custom logon page, when users try to connect with the NetScaler Gateway Plug-in users are redirected to a 403 error page. If users refresh the browser, the endpoint analysis scans run successfully.

    [From NG_10_1_112[#393344]

  23. If a web browser is open on the user device and users start the NetScaler Gateway Plug-in from the menu, the browser opens the virtual IP address and starts the Endpoint Analysis Plug-in. Occasionally, users receive an access denied error message.

    [From NG_10_1_112][#393357]

  24. When you configure IPv6 for a virtual server, when users log on with the NetScaler Gateway Plug-in and open XenDesktop, the users' applications do not appear.

    [From NG_10_1_112][#397101]

  25. If users log on to SharePoint 2007 and then select a view in shared documents, if users cancel the action the error message "Http/1.1 Service Unavailable" appears.

    [From NG_10_1_112][#397920]

  26. When users log on with the NetScaler Gateway Plug-in, when WiFi roaming occurs, intermittent ICMP requests time out and users cannot access network resources.

    [From NG_10_1_112][#392389]

  27. If users attempt to open intranet applications or the Home and File share in the NetScaler Gateway Plug-in for Java, the connection fails to the virtual IP address that does not use the default port.

    [From NG_10_1_112][#399405]

  28. If a connection is established to a 3G network with the NetScaler Gateway Plug-in and then the user device roams to a local area network (LAN) connection, the plug-in does not reestablish the connection on the LAN. Users need to log off and then log on again with the plug-in.

    [From NG_10_1_112][#399841]

  29. When users log on by using clientless access and then try to upload multiple documents to My Doc Library on the home page, the browser may stop responding.

    [From NG_10_1_112][#400049]

  30. If you configure a TCP compression policy and bind the policy to the NetScaler Gateway virtual server, the NetScaler Gateway Plug-in for Java does not compress traffic.

    [From NG_10_1_112][#400050]

  31. When users open Outlook Web Access 2007 by using clientless access with a Chrome browser, when they try to attach a large file, such as a file larger than 5 megabytes (MB), to an email message, an error occurs.

    [From NG_10_1_112][#400052]

  32. When users log on to Outlook Web Access 2007 by using clientless access with a Chrome browser, the browser fails intermittently and the page stops responding.

    [From NG_10_1_112]#400053]

  33. NetScaler Gateway 10.1 does not show the success and failure counters for LDAP authentication.

    [From NG_10_1_112][#400147]

Issues Fixed from Previously Released Maintenance Builds

Clientless Access

  1. If users connect to a domain-based server by using clientless access, NetScaler Gateway fails occasionally.

    [From NG_10_1_127.10][#412237]

  2. When users log on by using clientless access to Outlook Web App 2010 that is configured to use forms-based authentication, NetScaler Gateway drops the cookie PBack, which is generated from the user device. This prevents users from logging on to Outlook Web App.

    [From NG_10_1_126.12][#446262]

  3. If you configure App Firewall and NetScaler Gateway on the same appliance, when users log on by using clientless access and then log on to Outlook Web Access, notifications fail.

    [From NG_10_1_125_8][#400403]

  4. When users click hyperlinks inside emails in Outlook Web App 2010, NetScaler Gateway replaces HTTP links to HTTPS.

    [From NG_10_1_125_8][#404712]

  5. When users attempt to log on to Outlook Web App in an iOS or Android web browser, single sign-on fails.

    [From NG_10_1_125_8][#426492]

  6. When some users access Outlook Web Access 2007 from an Internet Explorer browser through clientless access, they cannot reply or forward email messages.

    [From NG_10_1_120.13][#395924]

Endpoint Analysis

  1. When users log on, preauthenication might not synchronize between processes. When this occurs, NetScaler Gateway fails.

    [From NG_10_1_127.10][#440623]

  2. Client security expressions in preauthentication and post-authentication policies that check for Windows 8.1 fail on Windows 8.1 computers.

    [From NG_10_1_126.12][#456468]

  3. If you bind a post-authentication policy to a virtual server, when users attempt to log on by using Receiver for iOS, the NetScaler Gateway fails.

    [From NG_10_1_125_8][#436602]

High Availability

  1. If a configuration change occurs while being referred in the processing engine, NetScaler Gateway fails.

    [From NG_10_1_127.10][#460997]

  2. If a failover occurs in a high availability pair, when users refresh their web browser, SSO fails and users receive a prompt to log on again.

    [From NG_10_1_125_8][#406564]

  3. In a high availability configuration in which global server load balancing (GSLB) is enabled, when failover occurs with the primary virtual appliance, the connection is reset for active users. When users try to refresh the browser log on page for the secondary appliance, however, a "page cannot be displayed" error appears.

    [From NG_10_1_123.11][#420920]

Installing, Uninstalling, and Upgrading

  1. When users upgrade the NetScaler Gateway Plug-in from earlier versions, intermittently an installation script error occurs and the installation stops.

    [From NG_10_1_120_13][#391341, #399484]

Licensing

  1. The NetScaler license is not processed if the configuration file (ns.conf) contains multiple instances of the host name, or if the host name in the ns.conf file is different from the host name in the rc.conf file. With this fix, if the ns.conf file contains multiple host names, only the name set by the set hostname command is used. Also, the host name in ns.conf no longer takes precedence over the host name in rc.conf.

    [From NG_10_1_120.13][#409202]

  2. In a high availability configuration, when you install the same license file on both nodes and set different host names of both nodes, the /nsconfig/rc.conf setting for the host name is ignored, and the license file only works on a single node and fails on the other node.

    [From NG_10_1_121.10][#401280]

Logon and Authentication

  1. If you configure the Green Bubble theme and if users do not meet the domain requirements when changing their passwords, users do not receive an error message. Instead, the logon page appears. With this fix, the error message appears to users.

    [From NG_10_1_127.10][#474027]

  2. If users connect to StoreFront by using the NetScaler Gateway Plug-in, NetScaler Gateway does not insert the headers that StoreFront needs for single sign-on. When this occurs, single sign-on fails.

    [From NG_10_1_126.12][#413728]

  3. When users log on by using clientless access, NetScaler Gateway drops cookies sent from the user device. When this occurs, users cannot connect to network resources in the internal network.

    [From NG_10_1_126.12][#426240]

  4. If you configure post-authentication endpoint analysis and Receiver send the postepa.html request with X-Citrix-Gateway in the header, NetScaler Gateway fails.

    [From NG_10_1_126.12][#436602]

  5. If you configure an authorization policy to allow or deny access based on the application MD5 checksum, the policy fails to apply intermittently.

    [From NG_10_1_126.12][#451973]

  6. If you configure two-factor SAML and LDAP authentication, when users enter an incorrect password for LDAP after SAML authentication, users receive the error message “Error: Not a privileged user.”

    [From NG_10_1_126.12][#452614]

  7. If you create an AAA virtual server that is used by a NetScaler load balancing virtual IP address, if you change the Netscaler Gateway logon page theme to either Custom or Green Bubble, the password field does not align or it is missing on the logon page.

    [From NG_10_1_126.12][#455561]

  8. When users connect and HDX Insights is consuming a lot of memory, NetScaler Gateway fails due to a memory allocation failure.

    [From NG_10_1_126.12][#457608]

  9. If you configure tertiary authentication, if the second factor authentication server goes into dialogue mode, NetScaler Gateway fails.

    [From NG_10_1_126.12][#458651]

  10. If you configure endpoint analysis policies, if the session times out and users do not close the web browser, they are unable to log on again.

    [From NG_10_1_126.12][#459149]

  11. If you enable the green bubble theme, configure device certificates or any preauthentication endpoint analysis scan, when users log on with a web browser, a "403 deny" message appears. The device certificate or preauthentication scan is successful but authentication fails.

    [From NG_10_1_126.12][#461798]

  12. NetScaler Gateway requests for a Kerberos ticket might fail if you configure the home page or bookmarks to use the fully qualified domain name (FQDN) of a load balancing server.

    [From NG_10_1_124.13][#430518]

  13. If you configure client certificate authentication and single sign-on (SSO) with Windows, users cannot use SSO to log on with the NetScaler Gateway Plug-in on computers running Windows.

    [From NG_10_1_123.11][#413676]

  14. When users try to connect from a Dell Wyse thin client, authentication fails and users cannot connect.

    [From NG_10_1_123.11][#410008, #421807, #422176]

  15. Occasionally, when users log on with the NetScaler Gateway Plug-in and enter a valid authentication challenge response, authentication fails and NetScaler Gateway subsequently fails.

    [From NG_10_1_123.11][#417639]

  16. When you configure RADIUS authentication and you enable calling-station-id, the calling-station-id is not inserted in access request messages subsequent to the first message within the same authentication request to the RADIUS server. In some cases, when this occurs, when users try to log on with the NetScaler Gateway Plug-in, authentication fails or they cannot change their password.

    [From NG_10_1_123.11][#437437]

  17. When you use external servers for authentication, when users, who are not members of any group on the authentication server, try to log on with the NetScaler Gateway Plug-in, intermittently they cannot log on.

    [From NG_10_1_122.11][#413969]

  18. If you configure LDAP authentication, you configure a Global Catalog server port, and if users do not belong to the base (node) for which the LDAP search starts, users who belong to Active Directory child domains may not be able to update their passwords after you upgrade to NetScaler Gateway Version 10.1.118.17nc from 10.1.112.15nc.

    [From NG_10_1_122.11][#414550]

  19. If users try to access through secure browse a web site in the secure network that is protected with a certificate, a 403 unauthorized error appears. If you change the Initial VPN mode policy to Full VPN tunnel, the site opens successfully.

    [From NG_10_1_122.11][#423491]

  20. When users try to log on with Receiver for Android, NetScaler Gateway expires the cookie as the logon page appears and users cannot log on. Users must close and open their browser to logon successfully.

    [From NG_10_1_121.10][#418200]

Memory or CPU Optimization

  1. This fix addresses a memory stability issue in an underlying component of NetScaler Gateway.

    [From NG_10_1_127.10][#467445]

  2. In a double-hop DMZ configuration with an app store website configured for HTML5, when users try to open applications through an HTML5-compatible browser, NetScaler Gateway fails.

    From NG_10_1_124.13][#437223, #481670]

  3. When users connect with the NetScaler Gateway Plug-in or with clientless access on a computer running Windows 8.1 and try to access a file share by using Internet Explorer 11, the file share does not open. After about a minute, a script error appears. If users then click the share folder again, Internet Explorer fails and the "Internet Explorer has stopped working" message appears.

    [From NG_10_1_124.13][#441728]

  4. This fix addresses a memory stability issue in an underlying component of NetScaler Gateway.

    [From NG_10_1_123.11][#407285]

Miscellaneous

  1. This release updates the content length of the 302 redirect to meet the standards set in rfc2616-sec4.html.

    [From NG_10_1_126.12][#420719]

  2. If you configure WorxWeb traffic on NetScaler Gateway to route through a proxy server that prompts for authentication on the CONNECT request, users receive the error message Cannot open the page. The request timed out.

    [From NG_10_1_126.12][#452925]

  3. If you edit an existing policy expression to add an HTTP header, the error message ERROR: Expression syntax error [TP.HEADER Content-Ty, 16] appears incorrectly.

    [From NG_10_1_126.12][#449140]

  4. If you configure IPv6 on the appliance, if an empty record is received, NetScaler Gateway fails.

    [From NG_10_1_125_8][#431361]

  5. In a deployment where high availability and a double-hop DMZ are configured, if a failover occurs, the appliance removes the insecure monitor, but the pointer to the monitor remains. When this occurs, NetScaler Gateway fails.

    [From NG_10_1_125_8][#431996, #481670]

  6. The ICA Only session report always shows zero sessions.

    [From NG_10_1_125_8][#450223]

  7. After users log on successfully with the NetScaler Gateway Plug-in over a 3G/4G mobile hotspot, a "page cannot be displayed" error appears.

    [From NG_10_1_123.11][#414811]

  8. When you configure and bind an ICA AppFlow policy to a virtual server, occasionally when users try to open an application from XenApp Version 4.5, following error appears: The network connection to your application was interrupted. To resolve the issue, you can unbind the AppFlow policy.

    [From NG_10_1_121.10][#411107]

NetScaler Gateway Plug-in

  1. If proxy settings are configured on the user device and the NetScaler Gateway URL is in the proxy bypass list, users cannot establish a VPN connection with the NetScaler Gateway Plug-in for Windows.

    [From NG_10_1_127.10][#456179]

Session and Connection

  1. In a session profile, if you configure the Home Page on the Client Experience tab or the Web Interface Address on the Published Applications tab, with a fully qualified domain name (FQDN) that resolves to a local server or a load balancing server, the high availability node might fail during synchronization or configuration changes. This can also occur if you unbind the session policy from the virtual server or if you clear the configuration on the appliance.

    [From NG_10_1_126.12][#451758]

  2. When users log on with the NetScaler Gateway Plug-in and then switch wireless networks without logging off, users cannot access the local area network (LAN) until they log off and then log on again with the NetScaler Gateway Plug-in.

    [From NG_10_1_125_8][#250267]

  3. If users start the NetScaler Gateway Plug-in for Windows by selecting Log On in the context menu of Receiver, proxy settings in Internet Explorer are handled incorrectly. If users start the plug-in by using the plug-in icon in the notification area or by using the plug-in logon page, proxy settings are handled correctly.

    [From NG_10_1_125_8][#445009]

  4. Devices running Windows cannot connect if the NetScaler Gateway virtual server is configured with either TLS 1.1 or TLS 1.2 or both.

    [From NG_10_1_125_8][#445485]

  5. Users might experience intermittent connection losses when they connect with Lync 2010 and the NetScaler Gateway Plug-in. This occurs if users roam or change their network connection.

    [From NG_10_1_125_8][#452873]

  6. Occasionally, when users connect with the NetScaler Gateway Plug-in and then try to open a published app or virtual desktop with connection encryption enabled, NetScaler Gateway fails and restarts.

    [From NG_10_1_124.13][#415018]

  7. If you end a user session by using the command line on the appliance, the NetScaler Gateway Plug-in does not disconnect on the user device.

    [From NG_10_1_124.13][#425101]

  8. Users cannot connect with the NetScaler Gateway Plug-in on a computer running Windows 7 when WiFi is enabled through a BlackBerry mobile hotspot.

    [From NG_10_1_123.11][#407243]

  9. When users log on with the NetScaler Gateway Plug-in by using Internet Explorer, the connection takes longer than usual to establish and for the home page to load.

    [From NG_10_1_122.11][#386604]

  10. When you configure NetScaler Gateway to work with App Controller and you configure SAML authentication, when users access a Web application, the application opens successfully. When users try to open the application a second time, however, NetScaler Gateway fails.

    [From NG_10_1_122.11][#427270]

  11. If you configure NetScaler Gateway with additional appliances in which global server load balancing (GSLB) is enabled, when users log on with the NetScaler Gateway Plug-in, occasionally the connection times out, a time-out error appears, such as "Your Citrix NetScaler Gateway session timed-out and you are not connected," and the session disconnects.

    [From NG_10_1_120.13][#308733]

Session Policies

  1. If you configure client certificate-based REQ.SSL.CLIENT.CERT expression for preauthentication or post-authentication scans, when users log on, occasionally the scan returns an incorrect result, and users cannot log on.

    [From NG_10_1_123.11][#410686]

  2. When you set a session timeout interval, when NetScaler Gateway handles user session timeouts, the timer list becomes corrupted. As a result, the sessions for some users do not time out when the user session is idle for the length of time you set.

    [From NG_10_1_123.11][#413659]

  3. When you configure a security preauthentication expression within a session policy in the configuration utility, the security check is not saved.

    [From NG_10_1_123.11][#438199]

Web Interface

  1. When users log on with the NetScaler Gateway Plug-in for Windows, the connection succeeds, but the Web Interface home page loads slowly.

    [From NG_10_1_122.11][#405340]