Known Issues

The following table lists the known issues introduced in 9.1R14 and also the ones outstanding from previous releases:

Problem Report Number

Release Note

Release 9.1R17.1 PRs

No new known issues for this release.

Release 9.1R17 PRs

PCS- 39645

Symptom : VDI client launch is not working.

Condition : When upgrading the client from 9.1R15 to 9.1R17 with PSAL extension enabled.

Workaround : Re-install VDI launch .

PCS-39641

Symptom : Intermittently during the Client launch and upgrades, PSAL is not detected in the first attempt.

Condition : During fresh install or upgrade of client.

Workaround : Re-launch client.

PCS-39512

Symptom : JSAM auto launch is not working.

Condition : When Host checker is configured.

Workaround : Manually launch JSAM.

PCS-39271

Symptom: Unable to delete the selected username data from Behavioral Analytics User Report

Condition: When compliant users are listed in the report.

Workaround: None.

PCS-39227

Symptom: After launching JSAM an error displays, "Safari can't find the server."

Condition: When a user launches JSAM on a MAC Ventura machine using the Safari browser

Workaround: Use Chrome browser to launch JSAM

PCS-39265

Symptom: HOB auto launch is not working.

Condition: When Windows is running on a client machine.

Workaround: Launch manually.

PCS-39073

Symptom: JSAM is not launching with a browser extension on MAC devices.

Condition: Using JSAM and HOB when Browser extension is enabled.

Workaround: Use custom protocol.

PCS- 38955

Symptom: FTP is not working with IPv6 FTP server.

Condition: When IPv6 FTP server is configured for archival.

Workaround: Use IPv4 FTP server for archiving.

PCS-38731

Symptom: Enterprise onboarding profile push will not work on mobile end point.

Condition: When a new VPN client is installed on the Mobile end point.

Workaround: By using MDM server required profiles can be pushed to the mobile end point.

PCS-38455

Symptom: Only 'Citrix listed applications' bookmarks is shown in the user home page.

Condition: when 'Citrix listed applications' is the 1st entry in Users->User Roles->[User-Name]->Terminal Services->Sessions.

Workaround: Avoid 'Citrix listed applications' as the first entry. Reorder the Terminal Services Sessions from Users->User Roles->[User-Name]->Terminal Services->Sessions page using up-down arrows.

PCS-38218

Symptom: Displays error “Failed to contact server , Please check the network connection and try again”.

Condition: During XML export and import of “Citrix All Listed Application” along with other Citrix bookmarks

Workaround: Delete the “Citrix all listed application” bookmark and recreate manually using Terminal profile through admin login.

PCS-37845

Symptom: VDI-Citrix Xendesktop launch fails.

Condition: When a user uses Citrix workspace app 2112 or later.

Workaround: Use Citrix workspace app version 2109.

PCS-37839

Symptom: Citrix default ICS launch fails.

Condition: When a user uses Citrix workspace app 2112 or later.

Workaround: Use Citrix workspace app version 2109.

PCS-36999

Symptom: Oauth authentication fails in the end user page while using dynamic URL.

Condition: When creating oauth server with dynamic URL and trying the authentication after upgrade.

Workaround:

1. To delete existing Oauth configuration and create a new configuration in the latest version

2. Upgrade without using dynamic URL (with manual configuration)

Release 9.1R16.1 PRs

No new known issues found in this release.

Release 9.1R16 PRs

PRS- 412081

Symptom: Not able to launch JSAM and PDC client.

Condition: When an end-user tries from Client Apps page.

Workaround: Launch the clients from end-user home page.

PCS-37107

Symptom: 
Usernames with special characters sometimes may not get updated in the Named Users Database on the License Server.

Condition: When Named Users Remote Repo mode is enabled on License Server

Username with special characters tries to login to a gateway registered with the License Server

Workaround: None.

PCS-37024

Symptom: Client launch fails on upgrade.

Condition: When browser extension is enabled.

Workaround: Reinstall PSAL.

PCS-36513

Symptom: When the User Record sync is enabled across nodes and end user creates a HTML5 bookmark in one node .Further when the same enduser logins to other node the created HTML5 bookmark is not present.

Condition: When User record sync is enabled and enduser creates HTML5 bookmark.

Workaround: None.

PCS-36442

Symptom: "Failed to contact server" error observed sometimes when auto-launch is enabled.

Condition: When auto-launch is enabled.

Workaround: None

PCS- 36282

Symptom: JSAM launch is failing for intel-based MAC system with error stating one of the library file may be malicious.

Condition: JSAM launch fails.

Workaround: None.

PCS-36088

Symptom: RPM based PSAL download instead of DEB based PSAL download in a Debian system.

Condition: Client installation will not work for Debian based Linux like Ubuntu.

Workaround: None

Release 9.1R15 PRs

PRS-408726

Symptom: HTML5 Session recording file is not uploaded to SMB server.

Condition: When the SMB-Server is on a different VLAN than that of ICS.

Workaround: None.

PRS-408091

Symptom: For non-existing remote machine ACL check is passed.

Condition: When end-user access HTML5 bookmark of non-existing RDP remote machine.

Workaround: None.

PRS-407815

Symptom: Garbled characters are seen in Virtual desktop bookmarks.

Condition: When language is set as Chinese.

Workaround: None.

PRS-406983

Symptom: PSAL not launched because RPM format PSAL file downloaded on Ubuntu machine.

Condition: When Firefox version 91.5.0esr (64 bit) is used.

Workaround: Use Firefox version 68.10.0esr (64 bit) to avoid PSAL launch issue.

PRS-404022

Symptom: Second Node upgrade is failing in Cluster setup.

Condition: when upgrading through Pulse one.

Workaround: None.

PCS-35256

Symptom: Sometimes one of the nodes in AA cluster deployed in AWS will show as enabled and unreachable after upgrade.

Condition: When upgrading ICS AA cluster deployed in AWS Environment to 9.1R15.

Workaround: Reboot the instance in AA cluster from AWS.

PCS-35098

Symptom: In end user page Pulse collaboration is shown in the Preferences -> Advanced -> Under upload logs.

Condition: When admin enabled client-side logging.

Workaround: None.

PCS-34927

Symptom: XML Export for OAuth Servers is missing Traffic port selection settings.

Condition: Traffic port selection is configured to be at Auth Server Level.

Workaround: Configure Port Selection for OAuth Server from Admin UI as desired.

PCS-34915

Symptom: Role names are not showing for telnet/ssh and unix bookmarks in deprecated list during upgrade for roles configured with telnet/ssh and unix features bookmarks and didn't enable it in roles.

Condition: Roles configured with telnet/ssh and unix bookmarks and didn't enable telnet/ssh and unix in that role.

Workaround: Admin has to check for the role and delete the bookmarks.

PCS-34876

Symptom: In New Sign-In Policy page meeting content is shown.

Condition: When admin creates a new sign in policy.

Workaround: No functionality impact. Ignore the text.

PCS-34845

Symptom: ICS client fetches meeting license from the license server.

Condition: When license server is used to fetch the license.

Workaround: No functionality impact. Ignore the text.

PCS-34844

Symptom: Meeting related information is shown in SNMP MIB file.

Condition: In the SNMP MIB file.

Workaround: No functionality impact. Ignore the text.

PCS-34827

Symptom: If upgrade (using REST API/DMI/Pulse ONE) fails due to presence of deprecated features, the list of deprecated configurations is not given in upgrade failure message.

Condition: When upgrade is done through web UI, a list of deprecated configuration elements to be removed is displayed in the upgrade failure message. - For upgrades through REST API/DMI/PulseOne, the upgrade failure message does not give the list of deprecated features to be removed.

Workaround: - The list of deprecated features gets displayed in the serial console. - Admin needs to check the serial console for details.

PCS-34694

Symptom: Interface is getting disconnected.

Condition: On configuring static link speed (not Auto), the link is getting disconnected.

Workaround: The link speed can be set as 'Auto'.

PCS-34528

Symptom: Enable Pulse Collaboration integration on this connection is shown in Pulse secure SA connection page.

Condition: In the SA connection page.

Workaround: No functionality impact. Ignore the text.

PCS-34322

Symptom: ICS on continuous reboot when enabling "Clear all configuration data at this device".

Condition: When option is enabled.

Workaround: On admin UI, disable the option under System Maintenance --> Options --> Clear all configuration data at this device.

PCS-33741

Symptom: LS cluster: Admin sessions are not getting synced.

Condition: AA cluster gets set to config-only cluster.

Workaround: None.

PCS-33735

Symptom: Unable to run /etc/adjtimex.sh seen on ICS console on upgrade to 9.1R15.

Condition: This message is seen predominantly on VMware ESXi.

Workaround: None.

PCS-33719

Symptom: Unable to change VLS cluster type from Active-Passive to Active-Active.

Condition: When creating cluster on VLS.

Workaround: None.

PCS-32543

Symptom: Pushing sign-in URLs, notifications and pages not supported.

Condition: When creating any sign-in settings with URL.

Workaround: None.

Release 9.1R14 PRs

PRS-405889

Symptom: When creating an Advanced HTML5 RDP bookmark, "Fetch Domain" does not retrieve domain name.

Condition: When the AD-Server for which the domain is being retrieved is on a different VLAN than that of ICS.

Workaround: Enter the domain name manually.

PRS-404087

Symptom: when end user access L7 rewriter applications and click Home, end user sees "The requested resource is not valid."

Condition: When Referrer Header Validation under Configuration > Security > Miscellaneous is enabled.

Workaround: Admin can configure to enable the options to open bookmark in new window or new tab under User role settings for rewriter applications

PRS-404859

Symptom: Unable to download the file of type .ps1 with the Advanced HTML5 session.

Condition: When using chrome browser.

Workaround: Use Firefox browser.

PRS-405631

Symptom: JSAM, Pulse collaboration, Telnet/SSH clients is not working.

Condition: When client machine is a M1 MacBook

Workaround: None.

PRS-405680

Symptom: The Advanced HTML5 connections graph in the admin UI Overview, takes more time than the duration mentioned in Refresh Interval to display the correct values.

Condition: When users initiate or close one or more Advanced HTML5 connections, the sessions tab reflects these changes immediately, but takes longer than expected to reflect in the graphs.

Workaround: None.

PRS-398596

Symptom: Modifying IP config using console with VLAN interface fails.

Condition: After setting Default VLAN ID, when trying to modify, the IP config values are not reflected in cache.

workaround: None.

PRS-399744

Symptom: XML export/import fails

Condition: When name field of roles have nested square brackets.

Workaround: Make sure we rename with no square brackets as workaround.

PCS-31688

Symptom: Audio does not work with Google Chrome on Citrix Desktop.

Condition: When Google Chrome running on Citrix desktop is accessed from PCS browser interface using VDI bookmark.

Workaround: Pass "--disable-features=AudioServiceOutOfProcess" as arguments when starting Google Chrome.

Example: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-features=AudioServiceOutOfProcess

Ref: https://discussions.citrix.com/topic/406285-chrome-79-no-audio/page/2/

PCS-31598

Symptom: Advance HTML5 user is shown "Number of Advanced HTML5 connections for this session has reached the maximum allowed limit. Please close any unused session(s) and retry." even though user does not have 5 Advanced HTML5 connections.

Condition: Network disconnect on user side or server side.

Workaround: Retry after 15 minutes. The connections become available within 1 to 15 minutes from the time of network disconnect.

PCS-31168

Symptom: Sometimes WSAM resources is accessed through PCS even though resources has denied in PSAM policy.

Condition: When changing PSAM/WSAM policy from allow to deny.

Workaround: None.

Release 9.1R13.1 PRs

PCS-29121

Symptom: Toolbar not visible for bookmarks in PTP mode when using Chrome and Edge browsers.

Condition: Condition: When web bookmark is configured to access over PTP mode instead of rewriter mode.

Workaround: Open Ivanti Connect Secure home page URL in a new tab to see the toolbars again. If opening through bookmarks from Ivanti Connect Secure home page, select to open in new tab using right click.

PCS-31811

Symptom: UI shows ISA concurrent users for an existing 9.x license client.

Condition: When editing an existing 9.x license client on license server running 9.1R13.1.

Workaround: Ignore the ISA concurrent users field. Leasing functionality is not affected.

Release 9.1R13 PRs

PRS-404800

Symptom: Display of messages like "unregister_netdevice: waiting for tun_0_327 to become free. Usage count = 1".

Condition: When IPv6 is configured.

Workaround: None

PRS-403498

Symptom:OS check passes on latest Windows 11 machine when checks are configured for "Windows 10-64-Bit".

OS check will pass on Windows 10 machine when checks are configured for latest "Windows 11-64-Bit".

Windows 11 (preview version) returns version string as Windows 10 in the kernel.

Condition: OS check policy for Windows 11 systems.

Workaround: NA

PRS-403270

Symptom: Telnet/SSH bookmarks are not working on Windows 11 as IE is deprecated.

Condition: When using Windows 11 as client machine and accessing Ivanti Connect Secure through browser.

Workaround: Access Telnet/SSH bookmarks using HTML5 solution.

Release 9.1R12.1 PRs

No new known issues found in this release.

Release 9.1R12 PRs

PRS-402731

Symptom: In A/P Cluster, users might notice a delay in the VPN session resumption when restart service triggered on cluster by Admin.

Condition: In A/P Cluster, delay in user VPN session resumption happens when Admin does restart services on cluster.

Workaround: It is a delay in session resumption and session shall resume after some time. Admin can restart services during the maintenance window.

PRS-401279

Symptom: Downloading files with 6in4 and 4in6 not working properly in PSA hardware whereas 4in4 and 6in6 are working.

Condition: ESP mixed mode configured on HW.

Workaround: Disable “Use ESP tunnel for 6in4 and 4in6 traffic" in Configuration --> VPN Tunneling.

PCS-28369

Symptom: VMware tools version shows as Unsupported Older Version.

Condition: When Ivanti Connect Secure is deployed on ESXi version 7.0.

Workaround: None. Functionalities such as Reboot, Shutdown, Power Off, NTP sync will continue to work without any issues.

Release 9.1R11.5 PRs

No new known issues found in this release.

Release 9.1R11.4 PRs

PRS-400951

Symptom: Static IP allocation fails for both single and multi-session enabled users.

Condition: Overlapping IP pools are configured in VPN profile.

Workaround: If the overlapping IP pool is broken up/split up this issue is not seen.

PRS-400802

Symptom: Static IP allocation fails for both single and multi-session enabled users.

Condition: Users having multiple preferred IP addresses and/or multiple users assigned same preferred IP address.

Workaround: None.

PRS-400668

Symptom: Pulse Desktop Client (PDC) always displays upgrade prompt even when client version on the endpoint and the server are same. Clicking on upgrade prompt performs no action (Cosmetic/UI issue).

Condition: Occurs when the Pulse Desktop Client has Symantec signed binaries and the Ivanti Connect Secure on which it is hosted (9.1R11.3/ 9.1R10.2/ 9.1R9.2/ 9.1R8.4) is signed by Digicert.

Workaround: Disable End-point upgrade on Ivanti Connect Secure (Ivanti Connect Secure). Enable again only when a higher version of PDC is activated on Ivanti Connect Secure and let the users trigger the client upgrade through the browser.

PRS-400639

Symptom: Sometimes back-end resources are not accessible over L7 VPN.

Condition: When both L3 & L7 VPN are connected.

Workaround: Disconnect the L3 VPN & access back-end resources. Connect back to L3 VPN.

Release 9.1R11.3 PRs

PRS-400509

Symptom: The PSAL installation prompts for admin credentials on windows 8.1 for Local user.

Condition: On Windows 8.1 Endpoints.

Workaround: Right click on the PSAL msi->Properties and enable Unblock. Click Apply and OK. Then install the PSAL.

PRS-400486

Symptom: Upgrade prompts missing on connecting to latest Ivanti Connect Secure.

Condition: When endpoint has PSIS Installed.

Workaround: Uninstall PSIS.

Release 9.1R11 PRs

PRS-399842

Symptom: Pulse client is assigned an IP address from static pool while configuration is to prefer IP from LDAP/Radius attribute.

Condition: LDAP/Radius attribute template and static IP address/range is configured in a single user profile as resources.

Workaround: Split the connection profile into multiple profiles like one Profile with LDAP/Radius attributes/resources and other configuration and another profile with static IP address/range and other configuration. The new profiles can be ordered correctly to maintain the expected order of resources.

PRS-398121

Symptom: User sessions are not syncing with one of the node in Active-Active cluster.

Condition: LMDB related error messages observed.

Workaround: Clear session data.

Release 9.1R10 PRs

PRS-397064

Symptom: For advanced HTML5 sessions, on administrator UI shows IP address instead of hostname under virtual desktop sessions page.

Condition: When an advanced HTML5 bookmark is configured with a hostname.

Workaround: None.No functionality impact.

PRS-396895

Symptom: For basic HTML5 connections file transfer is not working on macOS.

Condition: When a basic httml5 bookmark is accessed by using Safari browser.

Workaround: Access basic html5 bookmark using chrome browser.

PRS-396726

Symptom: Active user page “Agent Type” shows “Mac OS 10.15" in place of “Mac OS 11.0.1".

Condition: When using Safari on macOS version BigSur 11.0.1.

Workaround: None.

PRS-396499

Symptom: For advanced HTML5 connections, graph shows invalid values.

Condition: When user access advanced HTML5 bookmarks.

Workaround: Check the HTML5 session count on the virtual desktop sessions page.

Release 9.1R9.1 PRs

PRS-396606

Symptom: Ctrl+C (abort) command is not working for advanced html5 sessions.

Condition: When user access Putty SSH session within Windows 10VM through advanced html5 bookmark.

Workaround: None.

Release 9.1R9 PRs

PRS-395925

Symptom: “IP Owned by device with HWADDR” messages at MAJOR level seen in Admin logs after upgrade to 9.1R9.

Condition: These messages are seen during the following sequence:

1. Active Passive Cluster upgrade (Example: Node-1 and Node-2)

2. Upgrade started on Node-1. Node-1 with upgraded version is starting up.

3. Node-2 holds the VIP, till it goes for a reboot.

Workaround: None. These messages do not cause any impact to the cluster functionality.

PRS-395911

Symptom: Pull state from server not leasing licenses to all the nodes in cluster. Following event logs are seen:

E.g.: 2020-10-19 17:25:01 - DFS_VA_NODE_115_19 - [127.0.0.1] Root::System()[] - Lease request on behalf of DFS_VA_NODE_115_20 by DFS_VA_NODE_115_19 failed: Not Cluster Member, status code=0x22..

Condition: When, occasionally, both the cluster nodes talk to license server to fetch the license clients.

Workaround:

1. Do XML export of license clients.

2. Delete the affected license clients using admin UI.

3. Re-import the license clients from XML file.

PRS-395722

Symptom: For existing HTML5 profiles configuration through REST may not set solution type properly always.

Condition: While updating the existing HTML5 profile solution type.

Workaround: Create new profile through REST API.

PRS-395711

Symptom: For Advanced HTML5 user's Zoom sessions, audio stream can be inconsistent.

Condition: When Zoom application is used for meeting session over Advanced HTML5 session.

Workaround: Use Microsoft Teams application.

PRS-395707

Symptom: For Advanced HTML5 RDP sessions, Microsoft Teams video call might disconnect the session.

Condition: When making a Microsoft Teams video call in Advanced HTML5 RDP session.

Workaround: None.

PRS-395703

Symptom: For Advanced HTML5 sessions, some documents may not invoke print function properly.

Condition: When printing a text document with Notepad++.

Workaround: Use default document mode.

PRS-395223

Symptom: REST based import of user role fails with the following error: "/sam/sam-options/wsam-autoinstall] Unsupported attribute type 0".

Condition:

1. User role config obtained from Ivanti Connect Secure running pre-9.1R9 through REST.

2. Admin uses REST PUT|POST to import the config from Step 1 on Ivanti Connect Secure running 9.1R9.

Workaround: Replace wsam-autoinstall with wsam-autouninstall and use REST based import.

PRS-393672

Symptom: Noticeable slowness seen in upgrade from 9.1R4 to 9.1R8 on AWS platform.

Condition: When the load on data center is high. Also, depends on the network parameters in the given zone.

Workaround: Please plan upgrades with sufficient upgrade window.

Release 9.1R8.2 PRs

PCS-22360

Symptom: SAML SLO is not initiated from Ivanti Connect Secure to its IDP when the user’s browser-based session is ended.

Condition: When user is authenticated using any browser to Ivanti Connect Secure with SAML authentication method where Ivanti Connect Secure is SAML SP, user session is ended in browser because of idle timeout or max session timeout or if admin ends the user session from Ivanti Connect Secure Admin console. Currently only manual sign out from browser session is supported to send SLO request to IDP from Ivanti Connect Secure side.

Workaround: Close the browser window and launch a new browser window, so that user is prompted for authentication again for security reasons.

Release 9.1R8.1 PRs

No new known issues found in this release

Release 9.1R8 PRs

PRS-393174

Symptom: Local proxy PAC file not working in Internet Explorer 11.

Condition: When PAC file resides on a local system.

Workaround: Store the PAC file on an HTTP/HTTPS-accessible server and use that link for Internet Explorer 11 proxy settings.

PRS-393172

Symptom: Windows client connecting to Ivanti Connect Secure using Firefox ESR 68.10 intermittently throws error during Compliance check through Proxy configuration.

Condition: Using Firefox ESR 68.10 version.

Workaround: Once a successful connection is established from the client to the server using Chrome/IE, try connecting to the server using Firefox ESR. This works as expected.

PRS-392749

Symptom: Pulse collaboration client version is not same in Mac and Windows.

Condition: When user installs 9.1R8 Pulse collaboration client.

Workaround: None.

PRS-392345

Symptom: Archiving on AWS S3 storage and Azure is failing when DNS server is not reachable from internal interface.

Condition: When admin trying to Archive using AWS S3 bucket or Azure storage account on management port and DNS server is not reachable through internal port.

Workaround: Admin has to configure internal port for DNS resolution, Archival interface can be internal/management for archiving on AWS S3 bucket or Azure storage account.

PRS-391947

Symptom: Websocket URL is not accessible.

Condition: When trying to access https://web.whatsapp.com/ URL.

Workaround: None

PRS-390577

Symptom: Active user page is not displaying node details correctly for the users connected in AA cluster after split and join.

Condition: After cluster split and re-join.

Workaround: Display issue, user sessions will not get impacted. Newly connected sessions are showing the details correctly.

PRS-390488

Symptom: Host checker is getting timed out (can be seen on user access log) and user is getting logged out.

Condition: When periodic evaluation is enabled.

Workaround: This issue is not replicable every time, but as a workaround, we have suggested to disable dynamic evaluation or increase the periodic policy evaluation interval.

PRS-384976

Symptom: Host Checker installation error found Intermittently while installing Host Checker or Pulse Client [HC enabled] through browser [Chromium Edge/Chrome/Firefox].

Condition: Fresh Installation of Host Checker or Pulse Client [Host Checker enabled] through browser [Chromium Edge/Chrome/Firefox] after uninstalling old Host Checker components

Workaround:

  • Uninstall the Host Checker/Pulse Client components manually and reboot the system.
  • OR

  • Manually kill Host Checker process before installing Pulse Client/Host Checker components.

PRS-375138

Symptom: Client upload logs fails for Network Connect and JSAM.

Condition: After launching Network Connect and JSAM on Windows 10, client upload log fails.

Workaround: None

PCS-21262

Symptom: Update in PSAM Resource policies configuration from Admin portal is not getting applied immediately to existing users with UDP PSAM sessions.

Condition: When Admin changes ACL action from Deny to Allow for a particular UDP based resource (i.e., UDP Server Application) for which user already has UDP PSAM Session active, user will still see access denied and vice-versa. But this condition might occur very rarely in real world scenario.

Workaround: Admin can choose to delete existing UDP PSAM user sessions for which ACL action changes from Deny to Allow and vice-versa.

Alternatively, user can disconnect and connect PSAM UDP based application session.

PCS-20664

Symptom: Pulse client is not showing correct error message when there is no bandwidth to allocate for L3 tunnel.

Error message in Pulse client - "Unable to allocate IP address".

Condition: When there is no bandwidth to allocate for L3 tunnel for that specific user.

Workaround: Display issue, correct error message will get displayed in User Access logs.

Error message in User Access logs - "Cannot find a qualified bandwidth management policy for user based on current available bandwidth."

Release 9.1R7 PRs

Known issues found in this release are resolved.

Release 9.1R6 PRs

Known issues found in this release are resolved.

Release 9.1R5 PRs

PRS-389742

Symptom: Cannot register the device with Intune to get SCEP profile that has IMEI as common name.

Condition: The devices like Wi-fi only iPad / Wi-Fi only android tablets that do not have IMEI support or do not have IMEI.

Workaround: None.

PRS-389737

Symptom: Cluster VIP is not getting migrated to other node when active node's internal interface is not reachable and external port is reachable.

Condition: In AP Cluster configured with both internal and external port, when active node's internal port became unreachable.

Workaround: Reboot the cluster node having issue with internal interface is unreachable.

PRS-389409

Symptom: User sessions will be removed for the session logged in at the time of second node upgrade in AP cluster.

Condition: During AP cluster upgrade, when the first node comes up after upgrading newer version, it informs other node to upgrade. During this time if any new user logs in, then all those sessions will be removed after second node goes for upgrade.

Workaround: User needs to re-login.

PRS-388121

Symptom: Reliable users may be prompted for secondary authentication despite Adaptive authentication being enabled for the realm.

Condition: Adaptive Authentication feature may not work in some scenarios where nodes are in the cluster setup.

Workaround: None.

Release 9.1R4.3 PRs

No new known issues found in this release

Release 9.1R4.2 PRs

No new known issues found in this release

Release 9.1R4.1 PRs

No new known issues found in this release

Release 9.1R4 PRs

PCS-18480

Symptom: Bookmark based access flow for Cloud based apps does NOT support MFA.

Condition: When user tries to access any Cloud apps using Bookmark based flow, MFA based Conditional Access policies does Not work and will Deny the access to user.

Workaround: Access Cloud apps using SP Initiated flow for MFA to work, or do NOT configure MFA for these Bookmark based Cloud apps.

PCS-18002

Symptom: Pulse Collaboration meeting is not getting launched with PSAL in macOS Catalina from the second time.

Condition: In macOS Catalina, Pulse Collaboration meeting can be launched only after the fresh download of the client. If we try to relaunch the meeting, it is getting failed.

Workaround: Delete the Pulse Collaboration client folder and perform a fresh download before launching the meeting.

PCS-17932

Symptom: TOTP server, Certificate server and SAML server authentication do not work for MFA based Conditional Access policy settings.

Condition: When TOTP server, Certificate server and SAML server are configured as MFA server for Conditional Access.

Workaround: Any other supported Authentication server can be configured as MFA server.

PCS-17926

Symptom: License report doesn't show the software version for one of the members cluster setup.

Condition: When cluster is in license client

Workaround: None (Display issue).

PRS-387697

Symptom: HOB launch on CentOS failing when Oracle JDK is installed.

Condition: Oracle JDK installed on CentOS.

Workaround: Install OpenJDK.

PRS-387572

Symptom: AliCloud Ivanti Connect Secure-7K-V: Watchdog restarting cgi-server auth processes (cgi).

Condition: Beyond 20K concurrent users under Pulse ESP and PSAM throughput test.

Workaround: None

PRS-387499

Symptom: Hob auto-launch - PSAL failing with error "Failed to contact server".

Condition: When auto-launch is enabled on HOB bookmark.

Workaround: Disable auto-launch.

PRS-387452

Symptom: SSH does not work after restarting services in AWS and Azure.

Condition: After performing restart services.

Workaround: SSH works after a reboot.

PRS-387192

Symptom: Rewriter issues with SharePoint 2019 – a few buttons and icons does not load and rename file does not work.

Condition: When using Ivanti Connect Secure web bookmark for the new SharePoint 2019 server.

Workaround: Switch to Classic View in SharePoint 2019.

PRS-384976

Symptom: Host Checker error found Intermittently while installing Pulse Client via Chromium Edge browser in presence of Host Checker configured.

Condition: Host Checker configured.

Workaround: Click on Ignore button.

Release 9.1R3 PRs

PCS-15327

Symptom: When trying to restart Ivanti Connect Secure from vCenter, Ivanti Connect Secure shuts down instead of restart.

Condition: When trying to restart Ivanti Connect Secure using the Restart Guest option from vCenter.

Workaround: Restart Ivanti Connect Secure using the PSA-V virtual console.

PRS-382259

Symptom: DNS address and domain names are taken from DHCP server when deploying new Ivanti Connect Secure instance in AWS and Azure.

Condition: When passing DNS address and domain name as parameter for initial configuration, DNS address and domain name are taken from DHCP server.

Workaround: Reconfigure DNS address and domain in network over view page.

PRS-382085

Symptom: Not able to enable "copy/paste" option for end user created bookmarks after upgrade from 9.1R2 to 9.1R3.

Condition: After an upgrade, not able to enable "copy/paste" option in the end user created bookmarks.

Workaround: The user has to delete and create the bookmarks to enable "copy/paste" option.

PRS-382083

Symptom: Not able to enable "copy/paste" option via RDP launcher URL.

Condition: When trying to enable "Copy/paste" option via RDP launcher URL.

Workaround:

  • User should use admin created bookmark.
  • User should use end-user created bookmark.

PRS-382078

Symptom: AWS or Azure new Ivanti Connect Secure deployment fails when customer using old templates with admin password is less than 10 characters.

Condition: When the template contains admin password with less than 10 characters.

Workarounds: Customer has to provide admin password length with minimum of 10 characters.

PRS-381853

Symptom: Azure Ivanti Connect Secure - Network interface speed is showing as “Unknown” in the Network Overview page.

Condition: When deploying new Ivanti Connect Secure instance in Azure, the network interface speed is showing as “Unknown” in the Network Overview page.

Workaround: This is just a display issue.

PRS-381707

Symptom: Intermittently, Behavioral analytics dashboard page shows "Unable to connect to database" error.

Condition: Sometimes, when admin navigates to Behavioral analytics dashboard page, "Unable to connect to database" error is seen.

Workaround: Administrator can reload the Behavioral analytics dashboard page after some time to get the details on the page.

PRS-381554

Symptom: When File rule configured for validating a file location using System default Directories <%HOME%> policy evaluation failed on macOS 10.14x or any higher versions.

Condition: If file located at System Directories <%HOME%> and configured a Hostcheck policy with File Rule for macOS 10.14.x or higher versions.

Workaround: Need to add permissions for "Pulse Client" under "Accessibility" and "Full Disk Access" and which can be accessed from "System Preferences" > "Security & Privacy"-> "Privacy

Or without providing permission /tmp location can be used for File validation.

PRS-367403

Symptom: Pulse collaboration not getting launched in macOS.

Condition: When the Java version above 8 is installed in the macOS, Pulse collaboration will not launch.

Workaround: Use Java version 8 for launching the Pulse collaboration in macOS.

Release 9.1R2 PRs

PRS-14530

Symptom: Shutdown of PSA-V deployed on KVM hypervisor does not complete.

Conditions:

  • PSA-V is deployed on KVM hypervisor.
  • Shutdown is initiated from PSA-V virtual console.

Workaround: None

PRS-374575

Symptom: DNS Search Order notes for macOS needs correction as Device only DNS is supported in macOS.

Condition: macOS supports Device only DNS.

Workaround: None

PRS-377549

Symptom: Older PSIS is not upgrading to 9.1R2 PSIS version.

Condition: When CTS, WTS and VDI gets upgraded to 9.1R2 in Windows 10 Redstone 5 and later, PSIS is not upgraded to latest version.

Workaround: None. Old PSIS will continue to work and no impact seen.

PRS-377700

Symptom: Using REST API - Archiving Schedule settings change from hourly to specified time does not update the hour/minute setting.

Condition: None

Workaround: Apply the same API again the second time.

PRS-378101

Symptom: JSAM fails to launch on Mac OS Catalina 10.15.

Conditions:

  • Configured a role with Host checker.
  • Configured JSAM access with auto-launch.

Workaround: None

PRS-379014

Symptom: After single logout with Ivanti Connect Secure as SP, the SP lands on either IdP page or SP page.

Condition: Ivanti Connect Secure is configured as IdP and another Ivanti Connect Secure configured as SP with single logout enable.

Workaround: None.

Release 9.1R1 PRs

PRS-373762

Symptom: Named User Remote Repo (NURR) mode does not work when MSSP unlimited license is installed on the License server.

Condition: MSSP Unlimited License installed on License server.

Workaround: MSSP customers with MSSP SKU to not use NURR mode.

PCS-11922

Symptom: DNS Port selection will not take any effect. DNS traffic will go through Internal Port only.

Condition: On a Ivanti Connect Secure Virtual Appliance, when Administrative Network is enabled under Traffic Segregation. This issue is not applicable for PSA Hardware Devices.

Workaround: None

Cloud Secure

PRS-371781

Symptom: Blocked ECP users will not be updated if Generic is selected under LDAP server Type.

Condition: LDAP server type selected is Generic.

Workaround: Select the LDAP server type as Active Directory.

PRS-372846

Symptom: Blocked ECP users will have a “Blocked till time” of 5 minutes.

Condition: Request count for a particular user is less than 3.

Workaround: None

PRS-372861

Symptom: Blocked ECP users will not be removed from the ECP reports page based on “Blocked till time”.

Condition: When a user entry is present in the ECP reports page.

Workaround: None