Known Issues

Problem Report Number	Release Note
Release 21.12R1 PRs
PCS-32765	Symptom:Intermediate file bookmark page is shown when end user tries to access file bookmark. Conditions:Happens when end user tries to access Windows file bookmark. Workaround: After end user provides credentials to access windows file bookmark, if he gets a list of same file bookmark again, then once again end user needs to select the desired file bookmark.
PCS-32717	Symptom: XML import is failing for UserRecordSync configuration. Condition: When UserRecordSync is enabled. Workaround: NA
PCS-32594	Symptom: Bookmarks are not getting Synced for end user. Condition: When UserRecordSync is enabled. Workaround: NA
PCS-32543	Symptom: Pushing sign-in URLs, notifications and pages not supported. Condition: Create any sign-in settings with URL. Workaround: NA
PCS-32467	Symptom: Latest syslog Server will be displayed if entire cluster is selected. Condition: Multiple syslog servers needs to be added in the cluster mode. Workaround: NA
PCS-32324	Symptom: Error messages related to upgrading cache are seen under event logs. Condition: After the ICS upgrade. Workaround: NA
PCS-31168	Symptom : Sometimes WSAM resources being accessed through PCS even though resources has denied is PSAM policy. Condition: when changing PSAM/WSAM policy from allow to deny. Workaround: NA
PCS-30489	Symptom:Bandwidth is not restricted even though minimum and maximum levels are configured. Condition:When Admission Privilege Level is configured for bandwidth management in esp and ssl mode. Workaround:NA
PCS-30439	Symptoms : End user login fails for users created in Local authentication server with clear text password enabled. Condition: creating local authentication server with clear text enabled. Workaround: for Non IKE use cases use without enabling clear text password.
PCS-30280	Symptom: Not able to launch windows/citrix terminal services through IPv6 address. Condition: when end user used IPv6 address to launch WTS/CTS Workaround: launch with IPv4 address.
PCS-29121	Symptom : Toolbar not visible for bookmarks in PTP mode when using Chrome and Edge browsers. Condition : When web bookmark is configured to be accessed over PTP mode instead of rewriter mode. Workaround : User can open another tab and open PCS home page URL to see the toolbars again, or while clicking on bookmarks from PCS home page, select to open in new tab by doing right click.
PCS-32836	Symptom: Pulse Client copyright date is not updated with 2022 year. Condition: Pulse client copyrights year on still pointing as 2021. Workaround: NA
PCS-32596	Symptom: Upgrade from 9.1R13 and 9.1R12 GA to 9.1R13.1 is failing at the upload step with Access restricted error. Condition: When we keep the Administrator session to default settings and we initiate upgrade using the package file the upgrade process fails with the Access error and the upgrade process is not initiated. Workaround: The Admin session timeout needs to be increased while performing the upgrade so that the session does not time out before the package upload process finishes. It can be done from the Administrators -> Delegated Admin Roles -> Administrators -> session timeout . Increase idle timeout to 400 and Max Session Length to 600 before starting the upgrade.
PCS-32374	Symptom: AD authentication not happening when we have Role based vlan configured. Condition: When AD authentication selected. Workaround: NA
PCS-30917	Symptom: During session extension from pulse client or automatic session extension for the end user portal. New session count getting incremented for the gateway, old session not at all getting deleted from the Controller/NSA Condition: During session extension from pulse client or automatic session extension for the end user portal. and license count has exhausted. Workaround: NA
PCS-32833	Symptom: The status info like cluster reboot/ICT/cluster upgrades are not synced between GWs in nSA cluster. Condition: In any cluster ,the cluster wide actions status are not synced. Workaround: This is only status information, the actually tasks are already performed.
PCS-32906	Symptom: ISA VM machine ID getting changed. Conditions: Navigate to System>Maintenance>Options and Check/Uncheck the "Enable Virtual Terminal console" check box and then click "save changes" . Workaround: NA
PCS-32354	Symptom: Registration status of PCS is in green color. Condition: When we import binary config of existing registered PCS system config. Workaround: clearing and re-registration of NSA registration will solve this.
PCS-32834	Symptom: Test connection for AWS/Azure archival server is showing as "Failed to connect to S3 bucket, WrongBucketLocation". Condition: When configuring AWS or Azure as archival server location. Workaround : Admin can configure SCP or FTP Server for archiving.
PCS-28777	Symptom: End User is not able to launch Apps listed in MS RDweb console. Condition: End User is using Google Chrome Browser to login. Workaround: End User can use MS Edge or Firefox browser to login and launch Apps.
PCS-31245	Symptom: Logs from 9.x hlgw setup is not sent to nSA Condition: When DNS preferred settings has configured with IPv6 in network overview page. Workaround : Admin can configure DNS preferred settings as IPv4 in network overview page.
PCS-32404	Symptom: AP Cluster VIP migration is taking around 2 minutes when cluster VIP configured with IPv6 address Condition: When cluster VIP configured with IPv6 address. Workaround : None, time is a time delay in cluster VIP migration and cluster VIP will migrate to other node.
PCS-33249	Symptom: Error message “ERROR: ld.so. object '/home/lib/libdspreload.so' from /etc/ld/so/preload cannot be preloaded:” appears at the end of successful completion of ICS boot Condition: After the completion of ICS installation & boot Workaround: None. This does not affect the ICS functionality. This will be fixed in future release.

Release 21.9R1 PRs
PCS-30626	Symptom: Failed to update profile for user error is seen in user access logs for every user. Condition: Importing system and user binary configs from 9.x where UEBA was configured and working fine. Solution: The UEBA package has to be imported manually for the Adaptive Authentication feature to continue to work fine and stop getting these messages for every user.
PCS-31165	Symptom: ESP to SSL session fallback happens randomly on L3 session. Conditions: In AA Cluster setup, when VPN Tunneling connection profile is configured with ESP to SSL fallback, sometimes L3-VPN session can fallback to SSL mode after a node leaves and joins the Cluster. Workaround: Restarting Services on the Cluster resumes all users VPN session to ESP mode.
PCS-30694	Symptom: Number of concurrent users (xx) exceeded the system limit (2) seen in user access logs. Conditions: When nSA Named User Mode is enabled in System > Configuration > Licensing Workaround: None. End-user does not see any warning and logins will work.
PCS-31051	Symptom: Max Concurrent Users do not get updated immediately. Conditions: After installing ICS-EVAL license. Workaround:None. System takes around 3-4 minutes for the page to get updated.
PCS-30919	Symptom: In Advanced HTML5 session, Copy paste functionality does not work after a while Conditions:When connected to backend windows machines through Advanced HTML5 session Workaround:Disconnect and Reconnect to Advanced HTML5 session
PCS-31161	Symptom: • Error updating data for chart cloud_secure_roles seen in Admin logs •Dashboard charts are not getting updated Conditions: After upgrading to 21.9R1 gateway build Workaround: None. Dashboard charts get updated after a while.
PCS-30280	Symptom: Not able to launch windows/citrix terminal services through IPv6 address. Condition: when end user uses IPv6 address to launch WTS/CTS Workaround: launch with IPv4 address.
PCS-31156	Symptom: Sessions are not synced between nodes on an AA/AP cluster. Condition: PCS failover because of reboot/power cycle. Workaround: New sessions after node recovery will be synced across both nodes and data on insights will be accurate.
PCS-31234	Symptom: html5 graph shows incorrect value for RDP sessions. Condition: RDP sessions created on PCS. Workaround: No workaround.
PCS-31046	Symptom: XML import from 9.x PCS GW to 21.x GW fails with a directory-server attribute error in a corner condition. Condition: When exported XML from 9.x gateway has a authentication server as system local server and attribute server set to "same as above". Workaround:In the XML file either: 1.Set <directory-server> attribute value as None: <directory-server>None</directory-server>. 2.Or remove the <directory-server> attribute, save file, XML import will be successful after that.
PCS-31168	Symptom : WSAM resources being accessed through PCS even though resources are denied in PSAM policy. Condition: when changing PSAM/WSAM policy from allow to deny. Workaround: NA
PCS-30652	Symptom: Antivirus host checker policy will be failed with error server has not received any information on mac os big surr. Condition: when Host checker policy with antivirus is configured on mac os big surr for pre-auth/post-auth. Workaround: NA
PCS-31058	Symptom: On ISA-V or PSA-v VMware platform, spikes in dashboard throughput graph are seen every 5 minutes, when NTP server is configured. Condition: If NTP server is configured and there is time drift on gateway. Workaround: Change view of graph to 2 days or more. Or use "Sync time with ESX host" in VMware tools and remove NTP server configuration on gateway.
PCS-31213	Symtom: Multicast traffic does not flow thru ICS GW when using IGMPv3. Condition: Only when 3rd party tool send multicast traffic with IGMPv3. Workaround: For multicast to work, IGMPv2 should be configured on 3rd party tool.
PCS-30439	Symptoms : End user login fails for users created in Local authentication server with clear text password enabled. Condition: creating local authentication server with clear text enabled. Workaround: For Non IKEv2 use cases, use without enabling clear text password.
PCS-31193	Symptom:HealthCheck REST API /api/v1/system/healthcheck?status=all returns Security gateway is inaccessible error. Conditions: When the default gateway of internal port is NOT reachable. Workaround: Make the internal gateway as reachable.
PCS-30658	Symptom: Run Gateway Diagnostics option does not return any output. Conditions: When triggering Run Gateway Diagnostics option from System Maintenance. Workaround: None. This command is not supported on ICS.
PCS-29657	Symptom: Kill command is seen on ISA-V virtual console. Condition: On a fresh deploy of ISA-V on VMware ESXi, AWS or Azure. Workaround: No functionality is affected. The message can be safely ignored.
PCS-30629	Symptom: End-user sees old sign-in page instead of modernised sign-in page. Conditions: 1.ICS is configured to use Remote TOTP for Secondary Auth 2.Remote TOTP server is NOT reachable Workaround: None. If the Remote TOTP server is reachable, this page would NOT be seen.
PCS-30854	Symptom: XML Import or Push Config fails with /users/user-roles/user-role[name=xyz-role]/html5-access/sessions Conditions: When trying to do XML import or Push Config of Selective Config. Workaround: •XML Import: Remove sessions block under html5-access from XML file and then do XML import. •Push Config: There is no workaround.

Release 21.12R1 PRs

PCS-32765

Symptom:Intermediate file bookmark page is shown when end user tries to access file bookmark.

Conditions:Happens when end user tries to access Windows file bookmark.

Workaround: After end user provides credentials to access windows file bookmark, if he gets a list of same file bookmark again, then once again end user needs to select the desired file bookmark.

PCS-32717

Symptom: XML import is failing for UserRecordSync configuration.

Condition: When UserRecordSync is enabled.

Workaround: NA

PCS-32594

Symptom: Bookmarks are not getting Synced for end user.

Condition: When UserRecordSync is enabled.

Workaround: NA

PCS-32543

Symptom: Pushing sign-in URLs, notifications and pages not supported.

Condition: Create any sign-in settings with URL.

Workaround: NA

PCS-32467

Symptom: Latest syslog Server will be displayed if entire cluster is selected.

Condition: Multiple syslog servers needs to be added in the cluster mode.

Workaround: NA

PCS-32324

Symptom: Error messages related to upgrading cache are seen under event logs.

Condition: After the ICS upgrade.

Workaround: NA

PCS-31168

Symptom : Sometimes WSAM resources being accessed through PCS even though resources has denied is PSAM policy.

Condition: when changing PSAM/WSAM policy from allow to deny.

Workaround: NA

PCS-30489

Symptom:Bandwidth is not restricted even though minimum and maximum levels are configured.

Condition:When Admission Privilege Level is configured for bandwidth management in esp and ssl mode.

Workaround:NA

PCS-30439

Symptoms : End user login fails for users created in Local authentication server with clear text password enabled.

Condition: creating local authentication server with clear text enabled.

Workaround: for Non IKE use cases use without enabling clear text password.

PCS-30280

Symptom: Not able to launch windows/citrix terminal services through IPv6 address.

Condition: when end user used IPv6 address to launch WTS/CTS

Workaround: launch with IPv4 address.

PCS-29121

Symptom : Toolbar not visible for bookmarks in PTP mode when using Chrome and Edge browsers.

Condition : When web bookmark is configured to be accessed over PTP mode instead of rewriter mode.

Workaround : User can open another tab and open PCS home page URL to see the toolbars again, or while clicking on bookmarks from PCS home page, select to open in new tab by doing right click.

PCS-32836

Symptom: Pulse Client copyright date is not updated with 2022 year.

Condition: Pulse client copyrights year on still pointing as 2021.

Workaround: NA

PCS-32596

Symptom: Upgrade from 9.1R13 and 9.1R12 GA to 9.1R13.1 is failing at the upload step with Access restricted error.

Condition: When we keep the Administrator session to default settings and we initiate upgrade using the package file the upgrade process fails with the Access error and the upgrade process is not initiated.

Workaround: The Admin session timeout needs to be increased while performing the upgrade so that the session does not time out before the package upload process finishes.

It can be done from the Administrators -> Delegated Admin Roles -> Administrators -> session timeout .

Increase idle timeout to 400 and Max Session Length to 600 before starting the upgrade.

PCS-32374

Symptom: AD authentication not happening when we have Role based vlan configured.

Condition: When AD authentication selected.

Workaround: NA

PCS-30917

Symptom: During session extension from pulse client or automatic session extension for the end user portal. New session count getting incremented for the gateway, old session not at all getting deleted from the Controller/NSA

Condition: During session extension from pulse client or automatic session extension for the end user portal. and license count has exhausted.

Workaround: NA

PCS-32833

Symptom: The status info like cluster reboot/ICT/cluster upgrades are not synced between GWs in nSA cluster.

Condition: In any cluster ,the cluster wide actions status are not synced.

Workaround: This is only status information, the actually tasks are already performed.

PCS-32906

Symptom: ISA VM machine ID getting changed.

Conditions: Navigate to System>Maintenance>Options and Check/Uncheck the "Enable Virtual Terminal console" check box and then click "save changes" .

Workaround: NA

PCS-32354

Symptom: Registration status of PCS is in green color.

Condition: When we import binary config of existing registered PCS system config.

Workaround: clearing and re-registration of NSA registration will solve this.

PCS-32834

Symptom: Test connection for AWS/Azure archival server is showing as "Failed to connect to S3 bucket, WrongBucketLocation".

Condition: When configuring AWS or Azure as archival server location.

Workaround : Admin can configure SCP or FTP Server for archiving.

PCS-28777

Symptom: End User is not able to launch Apps listed in MS RDweb console.

Condition: End User is using Google Chrome Browser to login.

Workaround: End User can use MS Edge or Firefox browser to login and launch Apps.

PCS-31245

Symptom: Logs from 9.x hlgw setup is not sent to nSA

Condition: When DNS preferred settings has configured with IPv6 in network overview page.

Workaround : Admin can configure DNS preferred settings as IPv4 in network overview page.

PCS-32404

Symptom: AP Cluster VIP migration is taking around 2 minutes when cluster VIP configured with IPv6 address

Condition: When cluster VIP configured with IPv6 address.

Workaround : None, time is a time delay in cluster VIP migration and cluster VIP will migrate to other node.

PCS-33249

Symptom: Error message “ERROR: ld.so. object '/home/lib/libdspreload.so' from /etc/ld/so/preload cannot be preloaded:” appears at the end of successful completion of ICS boot

Condition: After the completion of ICS installation & boot

Workaround: None. This does not affect the ICS functionality. This will be fixed in future release.

Release 21.9R1 PRs

PCS-30626

Symptom: Failed to update profile for user error is seen in user access logs for every user.

Condition: Importing system and user binary configs from 9.x where UEBA was configured and working fine.

Solution: The UEBA package has to be imported manually for the Adaptive Authentication feature to continue to work fine and stop getting these messages for every user.

PCS-31165

Symptom: ESP to SSL session fallback happens randomly on L3 session.

Conditions: In AA Cluster setup, when VPN Tunneling connection profile is configured with ESP to SSL fallback, sometimes L3-VPN session can fallback to SSL mode after a node leaves and joins the Cluster.

Workaround: Restarting Services on the Cluster resumes all users VPN session to ESP mode.

PCS-30694

Symptom: Number of concurrent users (xx) exceeded the system limit (2) seen in user access logs.

Conditions: When nSA Named User Mode is enabled in System > Configuration > Licensing

Workaround: None. End-user does not see any warning and logins will work.

PCS-31051

Symptom: Max Concurrent Users do not get updated immediately.

Conditions: After installing ICS-EVAL license.

Workaround:None. System takes around 3-4 minutes for the page to get updated.

PCS-30919

Symptom: In Advanced HTML5 session, Copy paste functionality does not work after a while

Conditions:When connected to backend windows machines through Advanced HTML5 session

Workaround:Disconnect and Reconnect to Advanced HTML5 session

PCS-31161

Symptom:

• Error updating data for chart cloud_secure_roles seen in Admin logs

•Dashboard charts are not getting updated

Conditions: After upgrading to 21.9R1 gateway build

Workaround: None. Dashboard charts get updated after a while.

PCS-30280

Symptom: Not able to launch windows/citrix terminal services through IPv6 address.

Condition: when end user uses IPv6 address to launch WTS/CTS

Workaround: launch with IPv4 address.

PCS-31156

Symptom: Sessions are not synced between nodes on an AA/AP cluster.

Condition: PCS failover because of reboot/power cycle.

Workaround: New sessions after node recovery will be synced across both nodes and data on insights will be accurate.

PCS-31234

Symptom: html5 graph shows incorrect value for RDP sessions.

Condition: RDP sessions created on PCS.

Workaround: No workaround.

PCS-31046

Symptom: XML import from 9.x PCS GW to 21.x GW fails with a directory-server attribute error in a corner condition.

Condition: When exported XML from 9.x gateway has a authentication server as system local server and attribute server set to "same as above".

Workaround:In the XML file either:

1.Set <directory-server> attribute value as None: <directory-server>None</directory-server>.

2.Or remove the <directory-server> attribute, save file, XML import will be successful after that.

PCS-31168

Symptom : WSAM resources being accessed through PCS even though resources are denied in PSAM policy.

Condition: when changing PSAM/WSAM policy from allow to deny.

Workaround: NA

PCS-30652

Symptom: Antivirus host checker policy will be failed with error server has not received any information on mac os big surr.

Condition: when Host checker policy with antivirus is configured on mac os big surr for pre-auth/post-auth.

Workaround: NA

PCS-31058

Symptom: On ISA-V or PSA-v VMware platform, spikes in dashboard throughput graph are seen every 5 minutes, when NTP server is configured.

Condition: If NTP server is configured and there is time drift on gateway.

Workaround: Change view of graph to 2 days or more. Or use "Sync time with ESX host" in VMware tools and remove NTP server configuration on gateway.

PCS-31213

Symtom: Multicast traffic does not flow thru ICS GW when using IGMPv3.

Condition: Only when 3rd party tool send multicast traffic with IGMPv3.

Workaround: For multicast to work, IGMPv2 should be configured on 3rd party tool.

PCS-30439

Symptoms : End user login fails for users created in Local authentication server with clear text password enabled.

Condition: creating local authentication server with clear text enabled.

Workaround: For Non IKEv2 use cases, use without enabling clear text password.

PCS-31193

Symptom:HealthCheck REST API /api/v1/system/healthcheck?status=all returns Security gateway is inaccessible error.

Conditions: When the default gateway of internal port is NOT reachable.

Workaround: Make the internal gateway as reachable.

PCS-30658

Symptom: Run Gateway Diagnostics option does not return any output.

Conditions: When triggering Run Gateway Diagnostics option from System Maintenance.

Workaround: None. This command is not supported on ICS.

PCS-29657

Symptom: Kill command is seen on ISA-V virtual console.

Condition: On a fresh deploy of ISA-V on VMware ESXi, AWS or Azure.

Workaround: No functionality is affected. The message can be safely ignored.

PCS-30629

Symptom: End-user sees old sign-in page instead of modernised sign-in page.

Conditions:

1.ICS is configured to use Remote TOTP for Secondary Auth

2.Remote TOTP server is NOT reachable

Workaround: None. If the Remote TOTP server is reachable, this page would NOT be seen.

PCS-30854

Symptom: XML Import or Push Config fails with /users/user-roles/user-role[name=xyz-role]/html5-access/sessions

Conditions: When trying to do XML import or Push Config of Selective Config.

Workaround:

•XML Import: Remove sessions block under html5-access from XML file and then do XML import.

•Push Config: There is no workaround.