Maintenance build package name: build-10.5-51.10_nc.tgz
For: NetScaler Gateway 10.5, Build 51.10
Replaces: None
Date: August, 2014
Language supported: English (US)
Readme version: 1.0

Where to Find Documentation

This document describes the issue(s) solved, new features, and known issues in this build and includes installation instructions.

The latest version of the product documentation is available from Citrix eDocs at

Installing This Maintenance Build

The latest version of the NetScaler Gateway software can be downloaded from the Citrix web site.

To download the NetScaler Gateway software from the Citrix web site

  1. Go to the Citrix Web site, click My Account, and then log on.

  2. At the top of the web page, click Downloads.

  3. Under Find Downloads, select NetScaler Gateway.

  4. In Select Download Type, select Product Software and then click Find.

  5. On the NetScaler Gateway page, click NetScaler Gateway 10.5.

  6. Select the software and then click Download.

When the software is downloaded to your computer, you can install the software by using the Upgrade Wizard in the Configuration Utility or the command-line interface.

To install the maintenance build by using the Upgrade Wizard

  1. In the Configuration Utility, in the left pane, click System.

  2. In the right pane, click Upgrade Wizard.

  3. Click Next and then follow the directions in the wizard.

To install this maintenance build by using the command-line interface

  1. To upload the software to the NetScaler Gateway, use a secure FTP client to connect to the appliance.

  2. Copy the software from your computer to the /var/nsinstall directory on the appliance.

  3. Open a Secure Shell (SSH) client to open an SSH connection to the appliance.

  4. At a command prompt, type shell.

  5. At a command prompt, type cd /var/nsinstall to change to the nsinstall directory.
    To view the contents of the directory, type ls.

  6. To unpack the software, type tar –xvzf build_X_XX.tgz, where build_X_XX.tgz is the name of the build to which you want to upgrade.

  7. To start the installation, at a command prompt, type ./installns.

  8. When the installation is complete, restart NetScaler Gateway.

  9. When the NetScaler Gateway restarts, at a command prompt type what or show version to verify successful installation.

NetScaler Gateway 10.5 Compatibility with Citrix Products

The following table provides the Citrix product names and versions with which NetScaler Gateway 10.5 is compatible.

Citrix Product Release Version Notes
Branch Repeater or CloudBridge 5.5, 6.1, 6.2, 7.0, 7.1, and 7.2  
NetScaler 9.2, 9.3, 10.1, and 10.5  
NetScaler Platforms MPX 5550, MPX 7500, MPX8200, MPX 10500, Xen VPX  
NetScaler VPX 9.1, 9.2, 9.3, 10.1 and 10.5  
Receiver Storefront 1.2, 2.1, and 2.5  
VDI-in-a-Box 5.2, 5.3 and 5.4 Note: Compatibility with VDI-in-a-Box, Version 5.0.3 supports the SOCKet Secure (SOCKS) protocol only.
Web Interface 4.5, 5.0.1, 5.1, 5.2, 5.3, and 5.4  
XenApp 6.5 for Windows Server 2008 R2  
XenDesktop 7.0, 7.1, and 7.5  
XenMobile 9.0  
XenMobile App Edition App Controller 2.8 and 2.9  

Supported Receivers and Plug-ins

Receiver or Plug-in Release Version NetScaler Gateway Version
NetScaler Gateway Plug-in for Mac OS X 3.0.1 Supports Mac OS X 10.9 (Mavericks)
NetScaler Gateway Plug-in for Windows 10.5 Supports Windows 8.1
Receiver for Android 3.4 and 3.5  
Receiver for iOS 5.8 and 5.9  
Receiver for Mac 11.8.x  
Receiver for Windows 4.0, and 4.1  
Worx Home for iOS 8.5 and 8.6  
Worx Home for Android 8.5 and 8.6  
WorxMail for iOS 1.3.3-16  
WorxWeb for iOS 1.3.1-3  
WorxMail for Android 1.3.13-233936  
WorxWeb for Android 1.3.3-234245  

Fixed Issues in This Release

  1. Attempts to end the session for an external user fails when you enter the command kill aaa session -username <username>.

    [From NG_10_5_51.10][#446334]

  2. If the maximum number of users is set to a number greater than 5 on a NetScaler Gateway virtual server, if you remove the Universal license, the virtual server configuration is also removed.

    [From NG_10_5_51.10][#447452]

  3. The NetScaler Gateway wizard creates a VPN virtual server with the default authorization set to Deny. When users connect to the VPN virtual server, they cannot access internal network resources. To allow users to connect, set authorization to Allow.

    [From NG_10_5_51.10][#479548]

  4. If Kerberos uses x.509 certificates (PKINIT) for single sign-on, NetScaler Gateway fails to obtain tickets if the Key Distribution Center (KDC) returns a realm referral. This can cause the NetScaler Gateway appliance to fail.

    [From NG_10_5_51.10][#484245]

  5. When there are a very large number of simultaneous user authentication requests and the authentication server is slow to respond, Netscaler Gateway can fail.

    [From NG_10_5_51.10][#484431, #488182, #493939]

  6. If you configure a traffic management policy to enable single sign-on to Outlook Web App 2010, enable local authentication on the load balancing virtual server and then change to two-factor authentication with client certificate authentication and LDAP authentication, NetScaler Gateway fails when trying to access the load balancing server.

    [From NG_10_5_51.10][#485834]

  7. If you are running NetScaler Gateway 10.5, Build 50.9, the priority value of policies bound to the NetScaler Gateway virtual server are lost. You can upgrade to Build 50.10 or 51.10 to fix the issue.

    [From NG_10_5_51.10][#486857]

  8. If the authentication server is extremely slow to respond, such as 15-30 seconds or more, this can cause delays with users logging on successfully, even if the amount of simultaneous connections is low.

    [From NG_10_5_51.10][#489343]

  9. In a high availability deployment, when users log on with SAML authentication, the secondary appliance fails over.

    [From NG_10_5_51.10][#490075]

Known Issues in This Release

  1. If you configure SSL renegotiation and users log on with a PKI-enabled client certificate, logon fails.

    [From NG_10_5_51.10][#487825]

  2. If users log on to Outlook Web App by using clientless access in a Firefox web browser, sending email fails.

    [From NG_10_5_50.10][#418106]

  3. When users log on, they receive a prompt to install the Endpoint Analysis Plug-in, even though the latest version of the plug-in is installed on the user device.

    [From NG_10_5_50.10][#446735]

  4. If users log on by using the NetScaler Gateway Plug-in dialog box and the endpoint analysis scan fails, the choices pages appears in Internet Explorer. When this occurs, the correct cookies are not sent from Internet Explorer and users receive a 403 forbidden error message or the Endpoint Analysis Plug-in web page appears.

    [From NG_10_5_50.10][#447689]

  5. When users log on for the first time from a Mac OS X 10.9 computer, if the Endpoint Analysis Plug-in starts in Safari 7.x, the attempt fails because the plug-in is not installed. Users receive the error message "There is no application set to open the URL com.citrix.agmacepa." Users can click Cancel in the message and then click the Download link in Safari.

    [From NG_10_5_50.10][#454662]

  6. Earlier versions of the NetScaler Gateway Plug-in do not support OPSWAT endpoint analysis scans. When users connect to NetScaler Gateway, logon fails because the earlier version of the plug-in does not support OPSWAT endpoint analysis scans. Users can log on from a web browser and then select Network Access, which starts the upgrade to the latest version of the NetScaler Gateway Plug-in and the Endpoint Analysis Plug-in.

    [From NG_10_5_50.10][#454670]

  7. If you configure an endpoint analysis expression that includes hard disk encryption scan types ENC-TYPE and ENC-PATH, a -13 error message always appears. For example, you use the expression HD-ENC_76003_ENC-PATH_==_e_ENC-TYPE_noneof_0,1,2.

    [From NG_10_5_50.10][#457436]

  8. If you configure advanced endpoint analysis policies, endpoint analysis encryption, a proxy server, and client certification authentication, the NetScaler Gateway Plug-in does not connect and users receive the error message, "2017: Your computer does not have the necessary security software to connect to the NetScaler Gateway. Please contact your system administrator."

    [From NG_10_5_50.10][#466641]

  9. If you configure a preauthentication policy that checks for Avira Antivirus on a Mac OS X computer and the virus definitions update by using the SCAN-TIME/VIRDEF-FILE-TIME parameter, the OPSWAT libraries use the date and not the time. You must configure this setting by using the number of days between updates.

    [From NG_10_5_50.10][#467180]

  10. If you configure logon and logoff scripts that are part of a session profile, if the scripts contain Unicode characters, users cannot log on or log off of NetScaler Gateway. [#469799]

  11. If you enable a proxy server and disable ICA proxy in a session profile, users cannot start published applications.

    [From NG_10_5_50.10][#470220]

  12. If you enable digest authentication in Internet Information Services (IIS), if users log on with Unicode credentials, add the IIS website as a bookmark and then click the bookmark, single sign-on fails. Users receive a prompt to enter their user name and password.

    [From NG_10_5_50.10][#470495]

  13. During an endpoint analysis scan, NetScaler Gateway does not detect Trend Micro Titanium installed on a Mac OS X computer. As a result, the scan always fails.

    [From NG_10_5_50.10][#474615]

  14. If you enable the Green Bubble theme and then run the Clear Config -f Extended+ command , the Green Bubble theme remains instead of reverting back to the Default theme. To reset the value, you can run the set vn para uitheme command.

    [From NG_10_5_50.10][#478536]

  15. Citrix recommends that you do not bind Policy Infrastructure (PI) policies to the NetScaler Gateway virtual server. NetScaler Gateway does not support Policy Infrastructure (PI) policies.

    [From NG_10_5_50.10][#481722]

  16. If you configure the Web Interface home page with an IPv6 URL instead of IPv4 or the fully qualified domain name (FQDN), users receive a 400 Bad request error when they log on.

    [From NG_10_5_50.10][#482263]

  17. If you created a Netscaler Gateway virtual server by using the Quick Configuration wizard in NetScaler Gateway 10.1, the virtual server needs to be renamed with the prefix _XM_. For example, if the original virtual server name is XMGateway, you must manually rename it to _XM_Gateway. By changing the name with the correct prefix, you can see the virtual server in the wizard.

    [From NG_10_5_50.10][#484962]