Citrix Receiver 12.1.0 and Composer

Kyuubi
Contributor

All,

Trying to create a package for the new Citrix Receiver. Ran it through the normal snapshot Composer setup and get the attached. Citrix Receiver App in Applications folder has a line thru it. Any ideas why? App shows fine in the Applications folder on my build machine. Will this affect my Receiver package?

3ca00ea540e942468b76fc34fa442ded

3 ACCEPTED SOLUTIONS

bentoms
Release Candidate Programs Tester

@Kyuubi you should be able to deploy the PKG.

View solution in original post

mpermann
Valued Contributor II

@Kyuubi the PKG file that you downloaded from Citrix should work. At least it's working for me.

View solution in original post

mpermann
Valued Contributor II

@tthurman are you deploying the app to computers that already have a version of the app installed? I'm wondering if that might be an issue for you. I'm deploying the Citrix provided .pkg file at imaging time with no issues. I remember having some issues a year or so ago when I tried to deploy a newer version over the top of an existing version. I believe I had to uninstall the old version then run the Citrix provided package to get around the issue.

View solution in original post

15 REPLIES 15

bentoms
Release Candidate Programs Tester

@Kyuubi you should be able to deploy the PKG.

Kyuubi
Contributor

@bentoms Do you mean the PKG that came from Citrix or the PKG from the picture above?

mpermann
Valued Contributor II

@Kyuubi the PKG file that you downloaded from Citrix should work. At least it's working for me.

tthurman
Contributor III

@mpermann

For some reason, when I try to deploy this, it doesn't work. I always have to compose it out.

huh..

--TJ

mpermann
Valued Contributor II

@tthurman are you deploying the app to computers that already have a version of the app installed? I'm wondering if that might be an issue for you. I'm deploying the Citrix provided .pkg file at imaging time with no issues. I remember having some issues a year or so ago when I tried to deploy a newer version over the top of an existing version. I believe I had to uninstall the old version then run the Citrix provided package to get around the issue.

bentoms
Release Candidate Programs Tester

Erm. The original PKG, I meant.

No need to repackage.

tthurman
Contributor III

Good to know. Thanks guys.

--TJ

Kaltsas
Contributor III

I am able to deploy the package as is but on in place upgrades I do kill all the citrix services first. This seems to work well.

sudo killall -kill "Citrix Receiver"
sudo killall -kill "ReceiverHelper"
sudo killall -kill "Citrix Receiver Helper"
sudo killall -kill "Citrix Receiver Authentication"
sudo killall -kill "Citrix Receiver Helper"

calumhunter
Valued Contributor

You may want to look at the post install in the citrix package. Its, ahem, interesting.

Also 12.1 introduces new security settings specifically around checking certs via CRL and OCSP
If you use an authenticated proxy, this will fail

SSLCertificateRevocationCheckPolicy. This feature improves the cryptographic authentication of the Citrix server and improves the overall security of the SSL/TLS connections between a client and a server. This setting governs how a given trusted root certificate authority is treated during an attempt to open a remote session through SSL when using the client for OS X. When you enable this setting, the client checks whether or not the server’s certificate is revoked. There are several levels of certificate revocation list checking. For example, the client can be configured to check only its local certificate list, or to check the local and network certificate lists. In addition, certificate checking can be configured to allow users to log on only if all Certificate Revocation lists are verified. Certificate Revocation List (CRL) checking is an advanced feature supported by some certificate issuers. It allows an administrator to revoke security certificates (invalidated before their expiry date) in the case of cryptographic compromise of the certificate private key, or simply an unexpected change in DNS name. Applicable values for this setting include: NoCheck. No Certificate Revocation List check is performed. CheckWithNoNetworkAccess. Certificate revocation list check is performed. Only local certificate revocation list stores are used. All distribution points are ignored. Finding a Certificate Revocation List is not critical for verification of the server certificate presented by the target SSL Relay/Secure Gateway server. FullAccessCheck. Certificate Revocation List check is performed. Local Certificate Revocation List stores and all distribution points are used. Finding a Certificate Revocation List is not critical for verification of the server certificate presented by the target SSL Relay/Secure Gateway server. FullAccessCheckAndCRLRequired. Certificate Revocation List check is performed, excluding the root CA. Local Certificate Revocation List stores and all distribution points are used. Finding all required Certificate Revocation Lists is critical for verification. FullAccessCheckAndCRLRequiredAll. Certificate Revocation List check is performed, including the root CA. Local Certificate Revocation List stores and all distribution points are used. Finding all required Certificate Revocation Lists is critical for verification. Note If you don’t set SSLCertificateRevocationCheckPolicy, FullAccessCheck is used as the default value.

more info here: https://docs.citrix.com/en-us/receiver/mac/12/mac-secure-wrapper.html#par_anchortitle_9

can be disabled with

defaults write com.citrix.receiver.nomas SSLCertificateRevocationCheckPolicy NoCheck

You can deploy a profile to do that as well

mhasman
Valued Contributor

Strange issue here...

When I put the policy to Self Service and install, then original PKG downloaded from Citrix works:

Downloading Install Citrix Receiver.pkg...
Downloading http://.../CasperShare/Packages/Install%20Citrix%20Receiver.pkg...
Installing Install Citrix Receiver.pkg...
Successfully installed Install Citrix Receiver.pkg.
Inventory will be updated when all queued actions in Self Service are complete.

But when I am trying to push the installation then policy shows "Failed" status:

Downloading Install Citrix Receiver.pkg...
Downloading http://.../CasperShare/Packages/Install%20Citrix%20Receiver.pkg...
Installing Install Citrix Receiver.pkg...
Installation failed. The installer reported: installer: Package name is Citrix Receiver
installer: Upgrading at base path /
installer: The upgrade failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)

I tried to do "sudo killall -kill", but it does not help

AVmcclint
Honored Contributor

I get that same "failure" as well, but I verify that everything really was installed and is fully functional. I just ignore the "failure" and move on. It does suck that there's no way to change it from a failure to completed.

mhasman
Valued Contributor

Thanks, Clint! The same here, even push policy shows "Failed" status, Citrix is installed and is fully functional

Kyuubi
Contributor

I got this as well. On machines with a earlier version installed i see Failed and then check and the applications folder and the and Receiver is there. Checked the /Library/Internet Plugins and the citrix plug in is there. However, when i go to our citrix site and launch an app Citrix Viewer does not start. Another tab opens up in Safari and tries to connect, ends up just spinning and spinning. Anyone else seen this?

mhasman
Valued Contributor

I would check the Security settings:
Safari - Preferences - Security - Plug-in Settings
Make sure Citrix Online Web Plugin and Citrix Receiver are there and checked, and have "Allow Always" status

donmontalvo
Esteemed Contributor III

@Kaltsas been using @mm2270's script to kill processes, and we add a line or three to remove the app(s) to avoid possibility of merges. Their PKG should be fine for distribution as is.

Well...unless you count very early versions, like this one from early 2000's. This happened when we were updating the Polo Ralph Lauren environment from OS 9 to OS X. :)

2a9efdf15e204f6aaa71d7a7464c0f2a

--
https://donmontalvo.com