Fixed Issues

The following table lists release numbers and the PRS numbers with the summary of the issue fixed during that release:

Problem Report Number

Summary

Release 9.1R18.1 PRs

PRS-414906

The VPN tunnel disconnects and shows the error as “Server busy”.

PRS-415013

Web profile access using the Launch JSAM option fails.

PRS-415043

The critical event logs as Program hprewrite-server fails.

PRS-415082

ICE license does not deactivate automatically when the number of users goes below licensed user count. Issue only occurs when there is no subscription/consec license installed.

PRS-415248

On Terminal Service, NLA checkbox is not enabled by default while duplicating resource profile.

PRS-415647

Update the note "Note: Please do not disable this option as it helps to debug system issues. This option does not affect system performance." Under Troubleshooting -> Monitoring -> Node Monitor.

PRS-415802

Change the Pulse Embedded KB links to equivalent Ivanti Links.

PRS-416052

Inconsistencies in Japanese Language while using Host Checker.

PRS-415885

Built-in Integrity check scanner tool does not accept 0 in hour field for scheduled scan on ICS.

PRS-416241

ICS crashes sometimes when using ipv6.

Release 9.1R18 PRs

PRS-414659

RADIUS accounting User-Name is blank after upgrading to 9.1R17.

PRS-414456

Input validation check on the IP Destination Field in ACL check failing causing VPN disruption.

PRS-414418

Image uploaded in the default sign in page does not show up in the new GUI after upgrading the server to 9.1R17.

PRS-414409

REST API allows two certificates to be mapped with the same port.

PRS-414406

REST API Delete causes device to not respond in 9.1R17.

PRS-414310

Wong username and ip address are seen in the logs (unauthenticated requests and Invalid URL log) because auth context was not set correctly.

PRS-414292

Source IP based on Geo-Location Czechia is not working.

PRS-414283

Client users failing LDAP based authorization first attempt but works in next attempt.

PRS-414259

Unable to allocate IP address to the users from static pool due to failure in setting up ACLs for the tunnel.

PRS-414222

Upgrade fails while checking the AD legacy Authentication Check.

PRS-414063

Program fqdnacl fails on 9.1R15.

PRS-414054

User Records increments constantly after upgrading to 9.1R15

PRS-413998

Users are redirected to dana/meeting/meeting_weekly.cgi post logging in to the VPN.

PRS-413953

ICS is not showing the assigned IP addresses when using Infoblox as DHCP server in the active users tab and concurrent user session graph. UI issue only.

PRS-413953

ICS is not showing the assigned IP addresses when using Infoblox as DHCP server in the active users tab and concurrent user session graph. UI issue only

PRS-413919

dsagentd and rewrite-server processes crashes very often.

PRS-413891

The client does not display the custom messages for failures when using TOTP RADIUS server.

PRS-413842

SNMP polling is not working for Node 100 after upgrading to 9.1r15 version in Active/ Active cluster with Zabbix SNMP manager

PRS-413821

Duplicated and pushed configuration with lockdown exceptions assigned to a role does not update the exceptions

PRS-413793

On registering Ivanti Policy Secure devices to the Pulse One device, IPS displays a "Publish Failed" message and crashes.

PRS-413761

Mouse-related issues like scroll and click when using Advanced HTML5.

PRS-413696

Warning message found in Edge browser in IE mode with 9.1R16.

PRS-413678

Duplicating connection sets with lockdown exceptions enabled will not enable the exceptions on the configuration file without saving changes on the new connection set.

PRS-413490

When a higher resolution (width and height) is used, the End-user RDP webpage will have a scroll bar and icons are appear bigger. 

PRS-413161

Advance HTML5: Post Upgrade to 9.1R16 SSO credentials are not working

PRS-413133

IKE tunnel disconnects in the case of IKE fragmentation and large data transfer.

PRS-412236

Create blacklist option as admin UI to blacklist specific user agent strings to avoid bot requests

PRS-412190

Upgrade to 9.1R16 from 9.1R14.1 fails due to "Archiving Sensor Logs" but it is disabled

PRS-411462

SAML-Server process crashes on 9.1R14.1 due to memory leaks.

PRS-410122

PowerBi Application is loading blank via rewriter.

Release 9.1R17.1 PRs

PRS-415013

Web profile access using the Launch JSAM option fails in versions 9.1R16 and 9.1R17.

PRS-414662

Users unable to add HTML5 sessions due to field missing from the UI.

PRS-413761

Mouse-related issues seen with scroll and click when using Advanced HTML5.

PRS-413490

Higher resolution in Advance html5 is scaled down and can be viewed without a scrollbar.

Release 9.1R17 PRs

PRS-413406

Jira application is not working through rewriter after upgrade 9.1R15 to 9.1R16.1

PRS-413734

The sign-in URLs are reordered on ICS upgrade.

PRS-413543

VPN tunneling drops immediately when connected using DHCP scope.

PRS-413367

HTTP Only flag is not set via PTP virtual hostname.

PRS-413102

Breaks seen in the graphs.

PRS-413093

While importing xml file for include-system-config false value is not getting updated.

PRS-413072

Program rewrite-server recently failed.

PRS-412899

REST API based certificate import and mapping to ports failed with PSA 7000 fiber in customer environment.

PRS-412890

Web hits on graph showing constantly at 500M on PSA-7000C.

PRS-412793

PSA7000c unresponsive in Active-Passive cluster with warm restart on 9.1R16.

PRS-412751

PSA3000-V VMware keeps crashing on upgrade to 9.1 R16.

PRS-412651

When multiple users are created through Auth Servers > System Local > Users, usernames are incorrect in User Access logs.

PRS-412335

RDP access over Citrix Storefront through rewriter is not loading the desktop screen.

PRS-412323

Authorization-Only Access not working in 9.1R16.

PRS-412308

Unable to allocate VPN tunnelling IP from static pool.

PRS-412190

"Archiving Sensor Logs" error appears during upgrade, even though the option is disabled and upgrade to 9.1R16 fails.

PRS-412115

Unexpected policies deleted after removing user roles.

PRS-412081

Not able to launch JSAM and Ivanti Secure Access client.

PRS-411521

Slow IPv6 access.

PRS-411357

Multiple DHCP lease request is Initiated by client for same user.

PRS-411134

User logging in from a location that contains special characters in the name of city or country will be prompted for secondary authentication repeatedly.

PRS-411002

Some ports appear to open unexpectedly.

PRS-410965

User configuration Archive fails creating a temp file and taking up disk space under/var/tmp, also causes SNMP alerts.

PRS-410900

NMAP output shows port-5432(UEBA port) as open and not filtered.

PRS-410897

Unable to login to the ICS after changing the Local user/Admin password via REST API

PRS-410519

Upgrade failure to 9.1R15 due to legacy active directory mode configuration

PRS-410212

Import, Cancel, etc. buttons are not displaying due to syntax error.

PRS-410138

After the upgrading to 9.1R14.1, sporadically users are getting redirected with error https://auth/welcome.cgi.

PRS-409932

Citrix JICA/CTS to Storefront 3.1/CTS improvement for admin profile flow.

PRS-409891

Memory Leak on web process leading to process crash and disconnects users.

PRS-409668

"Program cgi-server recently failed." critical log seen frequently.

PRS-409481

Pulse One looping to "Publish Required" while "Trusted Server CA" is the only selected block.

PRS-408157

Facing slowness in Admin GUI while editing Licensing Summary.

PRS-408015

Print function is not working properly with Advanced HTML5

PRS-407793

ICS is not validating the sign in URL in login.cgi.

PRS-406983

PSAL not launched because RPM format PSAL file downloaded on Ubuntu machine.

PRS-404735

Menu button on the Top Left corner is no longer working on Gitlab Website.

PRS-393301

Web bookmark stays in the credential page after providing credentials via rewriter.

PRS-393278

Web bookmark loading as blank page without any data.

Release 9.1R16.1 PRs

PRS-412751

System: Enabling Kernel protectionmay cause unexpected system crashes on virtual appliances.

PRS-411094

Logging: Login may timeout or is delayed if the roles and realms use more than 4K data.

PRS-412666

An invalid password expiry warning may display when MaxPasswordAge is set to never expire.

PRS-412190

System: Incorrect archiving validation for sensor logs may prevent upgrading to 9.1R16.

PRS-412248

VPN Tunneling: An ACL with wildcard ("*") for port ranges prevents resources access on 9.1R16

PRS-412424

PSAL: Citrix Terminal Services (CTS) client may fail to launch on Chromium-based browsers (with and without the browser extension installed).

PRS-412744

System/Admin UI: The re-branding alert message cannot be dismissed.

PRS-412747

Host Checker/Admin UI: The alert message to increase Host Checker periodic Host Checker evaluation cannot be dismissed.

PRS-412763

System: Browsers configured for Italian may not render messages with proper accents.

Release 9.1R16 PRs

PRS-411923

Signing-in page got doubled after upgrading the AA cluster to 9.1R15.

PRS-411805

"Password Expiration Prompt" when enabled shows an unusually huge number (say 24855 days).

PRS-411257

Post Upgrade to 9.1R15, we can no longer change the precedence/ordering of the Sign-In URLs (Save changes take no effect).

PRS-411031

Unable to select the existing VNet while deploying PCS appliance from Azure marketplace due to the /24 subnet enforcement.

PRS-410957

Program dsnetd recently failed (Log improvements added to facilitate RCA in the future).

PRS-410868

For geolocation rules, the Access log does not contain the location of the source IP Address.

PRS-410256

Getting an Error FB-19 while accessing shared sub folder.

PRS-410172

Href instruction output under Sign in Page for End users is showing up extra characters.

PRS-409992

Default Sign-In page instruction is repeated twice in PCS9.1R15.

PRS-409905

HTML5 User added bookmark not visible.

PRS-409894

"ueba-monitor" service restarting frequently after upgrading to 9.1R15.

PRS-409871

cgi-server process crashed when using "Always-on VPN using wizard" feature.

PRS-409778

Upgrade to PCS 9.1R15 caused configuration to be wiped out only on hardware( PSA7K) not on VMs.

PRS-409726

DHCP failure seen after upgrade to 9.1R15 using Infoblox.

PRS-409627

Auth traffic control fails post-upgrade to 9.1R12+ with IPV6 and Management interface only.

PRS-409543

Save All Logs button missing in 9.1R15 in IPS and ICS.

PRS-407681

Named User license does not allow users to login to VPN and gives error “Number of named users (55918) exceeded the system limit (0)” as special characters in the user name are not properly handled in the named license users’ functionality.

PRS-409424

Restriction with geolocation feature is not working for UK/Germany IP Addresses.

PRS-409418

PCS/PPS Connection error with Pulse One: Operation timed out after xxx milliseconds with 0 out of -1 bytes received.

PRS-409103

Program Web failed on 9.1R14.

PRS- 408829

Program TNCS failed.

PRS-408573

PCS server deployed on Azure goes unresponsive.

PRS-408542

When using PDC client on Window 11 OS ,authentication report shows Device OS as "Windows" instead of "Windows 11".

PRS-408525

Import of "Enable Pulse Client Components removal Tool for Cert issue Remediation." setting fails.

PRS-408446

Duplication of host checker policy fails if it is configured with the Registry settings.

PRS-408397

User disconnections are not properly logged in the User Access logs giving rise to confusion at times.

PRS-408234

Deprecated SSH Cryptographic Algorithms Supported on Azure.

PRS-406752

Vision Center app not working via re-write.

PRS-408049

Named User Record is not populating in License server Named user repository page.

PRS-407681

Named User license does not allow user to login to VPN and gives error Number of named users (55918) exceeded the system limit (0).

PRS-407644

On 9.1R12 System Software unable to pulldown backup configuration using REST.

PRS-406991

High CPU due to dsserver-tasks on PSA5000-v due to huge file transfers.

PRS-406832

With Static proxy and chrome PSAL+JSAM+Proxy , JSAM is not launching. PSAL is not using static proxy.

PRS-406707

Active Directory authentication server 'XXXX': No logon servers are currently available. Device could not connect to any domain controller of the domain.

PRS-406657

Program Web Failure due to memory leak.

PRS-405934

Users unable to establish tunnel - TUNSETIFF failed with error 16.

PRS-405192

ICS crashes sometimes when using ipv6.

PRS-404710

DMI update of PSAM destination servers takes effect on reconnecting of PDC client.

PRS-404126

Users were unable to connect, existing users got disconnected due to aggressive “Periodic Check” timers.

PRS-403095

HC Logs in User Access shows Local Username instead of VPN Username while using Embedded Browser.

PRS-390142

Outlook via Office365 fails to view or send email for all browsers.

Release 9.1R15 PRs

PRS-408555

Upgrade failed from 9.1R13.1 to EA build 9.1R15.

PRS-407882

Users unable to access the VPN as the host checker fails with McAfee anti-virus.

PRS-407810

Priority of log SYS31048 (Lost syslog connection to server) is reduced to major from critical.

PRS-407805

Garbled text displayed in IE JSAM Window upon launching bookmark.

PRS-407184

HC re-evaluate Carbon Black virus definition check fails with number of updates.

PRS-407143

Internet Check during HC for EDR products is removed to prevent false-positive scenarios - https://forums.ivanti.com/s/article/KB45142.

PRS-407034

Users are dropped with Dsagentd snapshots generated.

PRS-407029

When saving the Terminal Services Profile, it unchecks the NLA option in the bookmark tab.

PRS-407023

Stales entries in shards is now removed. This will prevent shards from overload.

PRS-407010

Same IP address from IP pool was assigned immediately to different users in short span.

PRS-406654

'Profiler Events' is missing in REST API call.

PRS-406149

XML export on 9.1R13 doesn’t contain Local user accounts data.

PRS-405891

Role mapping clash causes connectivity issues for PDC.

PRS-405756

Rewriter application doesn’t work via rewriter due to parsing failure (Triple dot and return statement).

PRS-405597

HTML5: File cannot be downloaded if filename contains certain special characters (spec chars $ # % £).

PRS-405494

Full screen mode for multi monitor setup does not match native resolution.

PRS-405462

Top Level DNS domain is not validated properly under connection profiles and console.

PRS-405158

Logs generated on the desktop when accessing the VPN using Internet explorer / MS Edge.

PRS-405155

Events logs generated with wrong source IP address when users tried to connect.

PRS-405102

ICE license does not get auto-disabled.

PRS-404794

Lots of CRL failure entries getting generated in event logs for failed CDPs and it would be there every 5min for each failed CDP.

PRS-404605

Error Invalid Total Maximum Bandwidth "250" Must be between 0 and "0" when attempting to define the "Total Maximum Bandwidth".

PRS-404564

LDAP Domain Name not able to process Truncated TCP DNS response.

PRS-404538

ICS on AWS crash after Disk usage increase.

PRS-404512

Sign-in policy was not getting synched in config-group in pulse one.

PRS-404494

namedusersrestserver.log is filling up causing the HDD 86% usage.

PRS-404178

Intermittent resource access issue (RDP, SSH etc) through PSAM.

PRS-403817

BeyondSSL (Advanced HTML5) logging improvement added like Basic HTML5.

PRS-403588

Importing certificates with system config fails if special characters are part of the password.

PRS-402863

Config option provided for User Record (State Storage) management.

PRS-402627

Pulse One configuration in ICS shows 6 days "Credential Renegotiation Interval" but logs shows every 6 hours.

PRS-402567

Public IP of user in the access logs change when changing password.

PRS-400073

SNMPv3 Engineboots & EngineTime value as 0 with netSNMP lib 5.7.3.

PRS-398595

Modifying IP config using console with VLAN interface fails.

PRS-398358

Disk space getting full resulting in service restart on PSA-V.

PRS-397883

Webpage not loading via ICS.

PRS-396712

PCLS responding to heartbeat request with 404 error.

Release 9.1R14 PRs

PRS-406149

Data is missing in XML export for Local user accounts in 9.1R13.

PRS-405422

Telnet/SSH: If User localization is JAPANESE, the display screen is garbled.

PRS-405395

Secondary RSA Authentication failing on PDC.

PRS-405370

Super Admin Session is not working when HTTP Only Device Cookie is enabled.

PRS-405203

Admin UI Unable to switch from ICT periodic scan to scheduled scan.

PRS-405082

Core dump generated while rewriting html with xsl stylesheet.

PRS-405071

Resource policy-based detailed rules failure user logs are flooding the User access logs.

PRS-405008

Mac OS Catalina 10.15.7 is failing to pass the HC policy set for File Vault.

PRS-404961

Difference in the GUI and XML export values for Integrity check specifications.

PRS-404839

Radio button on changing the Periodic scan to every 2 hours is not saved.

PRS-404771

User access log was being printed with default username as "System" instead actual username.

PRS-404768

Activity dashboard shows incorrect number of active users over the PCS appliance.

PRS-404713

Issue with high CPU utilization with rewrite-server process snapshot generation.

PRS-404688

User access log prints default username as "System" instead of actual username.

PRS-404264

The ifSpeed default value for physical interface of PSA7000 device is set to 10 Mbps.

PRS-404252

SNMP output of signedinWebUsers, iveConcurrentUsers and clusterConcurrentUsers is returning same value.

PRS-404114

Web Crash in 9.1R12 Version.

PRS-404081

Rewriter URLs ending special characters like (# or | ) are not being redirected as the URLs will not be rewritten.

PRS-404016

Session extension with Pre-HC function is enhanced to contain the realm details.

PRS-403945

Background URL mentioned as style attribute not getting rewritten.

PRS-403822

Process SAML-SERVER crash in 9.1R12.

PRS-403777

PCS is not logging useragent string in logs for PDC clients.

PRS-403568

Login issues seen during session extension or during network switching.

PRS-403481

Program dsagentd failed after upgrading to 9.1R12.

PRS-403422

Lockout enforcement not working on PDC when AD is used as authentication source.

PRS-403216

Built in Integrity check scanner tool in PCS version 9.1R12 not accepting 0 in hour field for scheduled scan.

PRS-403208

Issue with Integrity check tool in standalone PSA 300.

PRS-403046

Users face permission denied while browsing file URLs.

PRS-403030

iOS Pulse Mobile users unable to access intranet resources through Per-App VPN after upgrading PCS to 9.1R10 or above

PRS-402559

Seamless Upgrade Helper prompt in Italian Browser does not work as expected.

PRS-402387

System: watchdog restarts cgi-server for at least one hour after changing SSL cipher selection.

PRS-402171

Throughput graph getting cleared on PCS Virtual Appliances.

PRS-401685

Triple dot creates a syntax error while rewriting API.

PRS-399221

A/A Nodes have user record differences.

PRS-398443

Citrix JICA/WI through CTS fails application access after import XML of same resource profile, manually creating fixes issue.

Release 9.1R13.1 PRs

PRS-404658

Advanced HTML5 SSH Sessions and do not support scroll bar

PRS-404298

Advanced HTML5 Copy/Paste does not work for SSH

PRS-402150

Suddenly new L3 ESP/SSL VPN connection request fails for users due to auto-generation of Dsagentd cores.

Release 9.1R13 PRs

PRS-403552

Client certificate information (serial number and certificate) is not available in Ivanti Connect Secure user access logs.

PRS-403495

Browser based end user UI error message for invalid credentials is not seen.

PRS-403462

Warn customers to follow mandatory steps before upgrading Ivanti Connect Secure/Ivanti Policy Secure.

PRS-403370

PDF files with streams having no Length attribute create segmentation fault causing rewriter server core.

PRS-403036

Source IP restriction for IPV6 Subnet in Roles restriction is not working.

PRS-403027

Core Access: SSO redirect with concur is not working

PRS-402999

XML import fails when config with the connection set containing option "Connect to URL of this server only" is disabled. This is due to improper initialization

PRS-402922

Improvements for ICT

PRS-402855

Ivanti Connect Secure archiving is not happening on Azure server

PRS-402633

DSDID length is not calculated properly causing Process web crash in FIPS mode.

PRS-402583

ICT page is skewed to left in classic UI but OK in new UI

PRS-402447

The image quality needs improvement for advanced HTML5 RDP.

PRS-402338

"Bookmarks open in new window" option is not exported in XML Export.

PRS-402271

While creating citrix profiles and change the options from java/html5/non-java, the auto policies created are not being handled as expected.

PRS-402253

Display a log message when the Root Partition gets into Read/Write Mode

PRS-402218

Unable to open Sharepoint documents using MS office native apps.

PRS-402075

HTML5: Option needed to hide basic HTML5 bookmarks/RDP launcher

PRS-401872

File download fail as file URL is getting truncated where newline exist in file name.

PRS-401553

When launching the Citrix client, 60 seconds delay is seen with no UI feedback, before PSAL download link appears.

PRS-401376

dsTermServ.exe crashes and unable to access terminal services with Applocker installed.

PRS-401160

Import of configs from older software to 9.1R11.4 may generate some error logs along with 'import done' message.

PRS-400261

REST API incorrectly responding to queries with ascii symbols

PRS-400152

With Recursive DNS domain name resolution for LDAP server is not successful.

PRS-399042

Process dswsd crashed during network fluctuation when some of the variable is not set correctly.

PRS-398648

Enabling/Disabling ICE license on PSA7000 increases the CPU usage

PRS-396540

On the IE browser for the advanced HTML5 intermediate, login page text displays “submit query” instead of submit.

PRS-395709

In MAC Safari browser, Advanced HTML5 sessions clipboard is not available.

PRS-395699

For Advanced HTML5 RDP sessions, video quality can be inconsistent at times.

PRS-392135

Pulse One disconnected from Ivanti Connect Secure after Ivanti Connect Secure upgrade

PRS-390822

Page rendering issue due to Cross-origin Object.

Release 9.1R12.1 PRs

PRS-403735

Lost connections and dsagent process restarts due to a malformed IKEv2 packet.

PRS-403191

Unable to assign NCIP from the static IP pool in Ivanti Connect Secure 9.1R12.

Release 9.1R12 PRs

PRS-401930

Authentication fails with no authentication prompt even though “Allow Smartcard with Network Level Authentication” shows enabled in the UI. However, XML export shows it as "Disabled".

PRS-401673

Due to Password Policy Control Changes introduced in 9.1R5, if we do not receive the proper response from LDAP server the authentication fails and associated process crashes.

PRS-401574

Duplicated Named User Licenses as usernames are treated case sensitive.

PRS-401421

Ivanti Connect Secure does not send DSID cookie to Pulse Client (SiteMinder authentication).

PRS-401356

The default admin realm is enabled with source IP restriction which restricts the access from a public network..

PRS-401318

Event log modification from “info to critical” for SYS30948 and from “critical to major” for SYS30912.

PRS- 401294

Log ERR32037 “Server name contains unsupported/unsfe characters”, is seen even if the server name is valid and spelling unsafe is corrected in 9.1R12.

PRS-401213

Web crashes (restart) due to a problem in JSAM/WSAM data path leading to user disconnection and reconnection.

PRS-401185

Multiple Syslog entries are seen under in A/A clusters having more than 2 nodes.

PRS-401064

PSA7000 shows improper interface speeds when VLAN is configured.

PRS-400976

Multiple monitors, sound does not work when HTML5 is configured with NLA and no SSO set.

PRS-400960

Static IP via Radius Attributes not working as expected.

PRS-400951

Static IP allocation fails when there are IP pools which overlap with other IP pools.

PRS-400771

Windows Terminal Services client disconnects the sessions intermittently.

PRS-400725

Windows Terminal Services client disconnects when copying the files.

PRS-400655

Importing certificates from system config fails when there is no password set during config export.

PRS-400631

AP cluster fail-over VIP is taking more time for Cluster VIP reachable.

PRS-400495

Azure Ivanti Connect Secure instance goes unresponsive intermittently.

PRS-400285

Added an event log to monitor internal shard usage.

PRS-400243

VIP status change notification event sent by passive node on reboot is treated as VIP status change notification from Active node, and users notice VPN reconnection.

PRS-400229

Session extension using PDC through SAML authentication server does not work.

PRS-400206

Changes to entity ID and SAML auth server instances are not recorded in the admin access log.

PRS-400067

Windows Pulse Client 9.1r11 with Avaya One-X causes BSOD.

PRS-400023

when User role is duplicated, VPN tunneling option is reset to default options and not updated.

PRS-399963

Impexserver crash is observed when importing Ivanti Connect Secure is having a duplicate certificate.

PRS-399925

Yearly graph shows incorrect data for active user sessions.

PRS-399842

After upgrade to 9.1R11, IP Assignments through LDAP/Radius Attributes is failing but Static Pool works fine.

PRS-399626

PSA7000f server restarts unexpectedly and user connection fails. Additional logs added to determine the Root Cause.

PRS-398621

Enabling “SNMP Diagnostic Logging On is not working.

PRS-399559

Static IP allocation issue when multi session is enabled.

PRS-399450

Citrix VDI not working in the first attempt, Second attempt starts working and CTS launches and connects.

PRS-399292 (PRS-397227)

Admin URLs are not accessible if administrator logs in with IPv6 address of Ivanti Connect Secure. (PRS-397227 - Fixed in R12 via this PRS-399292.)

PRS-399409

Only ntpd Client service runs going further (Previously both server and client services were run).

PRS-399192

Failed to upload configuration on the newly registered PSA device on pulse one.

PRS-399136

Redirected URLS encoded not passing properly.

PRS-399021

When creating an admin role, User roles in the Users delegation displays incorrect number of selected roles.

PRS-398969

Bandwidth management policy does not work in the SSL Mode.

PRS-398814

guacd process protection mechanism where each instance of guacd instance is monitored and killed if the instance takes 100% CPU till the grace time.

PRS-398703

Healthcheck.cgi does not work from F5 load balancer.

PRS-398600

Named User Record/Database do not show up on license client.

PRS-398371

VLAN details are not removed from VLAN page after removing VLAN ID from management port.

PRS-398348

Ivanti Connect Secure device does not send the SNMPv3 trap out from the device.

PRS-398303

HTML5 bookmarks will not be accessible.

PRS-398270

Expired certificates alarms for deleted certificates.

PRS-398262

Web process failures due to DSEvntTimer observed on Ivanti Connect Secure.

PRS-398002

Limitation on number of realms in sign in URL while connecting through PDC client.

PRS-397693

Compliance report for hostchecker policies mapped against realm/role is generated for user that does not belongs to that realm/role.

PRS-397676

License server low-level protocol error,Code=[6]: Could not resolve host name through external port.

PRS-397664

XML export of Admin/User realms shows the directory-server attribute same as authentication-server even though there is None in the UI.

PRS-397574

With Pre Host checker configured, if the Pulse credentials prompt times out, the session is extended instead of resumption.

PRS-397461

Basic HTML5 : Users not able to use mouse emulation with guacamole RDP sessions on iOS13 iPad.

PRS-397414

Extra fields appear under Role > Web Bookmark for new or existing bookmark prior to upgrade.

PRS-397380

User record synchronisation feature may not occur as-expected across all configured devices.

PRS-397349

User Record Sync clients disconnecting from green to grey status.

PRS-397346

Host Checker Re-Triggers with error message 'ESAP upgrade is needed or Patch Management policy configured' in event logs.

PRS-397290

SAML Single logout is failing.

PRS-397227 (Fixed in R12 via PRS-399292)

Admin URLs are not accessible if administrator logs in with IPv6 address of Ivanti Connect Secure. (Fixed in R12 via PRS-399292.)

PRS-397213

MSSP: watermark does not get reset, even if license client is not leasing licenses from the license server.

PRS-397059

AAA: X-forward-for IP is not evaluated/used when using geoLocationCountry rules.

PRS-397043

One cluster node stops accepting new VPN connections post getting deactivate/activated in cluster.

PRS-396972

Number of MC groups has been increased to 40 & 36 on Linux and Windows respectively.

PRS-396200

Upgrade fails when data partition does not have enough space to hold system configurations.

PRS-396062

Users unable to join hosted pulse collaboration meeting session through IE 11 browser.

PRS-395544

Upgrade failing for one node In A/P cluster.

PRS-395508

User gets disconnected when cert restriction policy is configured and SAML authentication server is used. This has been fixed as part of this PRS.

PRS-395347

Incorrect Source IP address used when sending packets to secondary radius server (When using “Traffic Decoupling” at “Auth Server Level”).

PRS-394657

Pulse Collaboration: Customer gets an error while scheduling the meeting if the localization set to French.

PRS-394572

SNMP alerts shows abnormal increase in device temperature.

PRS-394202

Manual failover takes time to resume user tunnel connections. This is now improved.

PRS-393712

Terminal Session stops working after upgrade to 9.1R8. Adding logs to improve debug ability.

PRS-393675

Failed to send API requests from Ivanti Connect Secure(MDM) to Microsoft Intune for device authorization.

PRS-391871

Openstack KVM deployment - after reboot only local subnet can connect, Ivanti Connect Secure ignoring other packets.

PRS-390315

Fed-Wide session sync delay between Replicas results in user session getting removed from Imported sessions within few minutes.

PRS-380985

Incorrect Interface Status sent by the Ivanti Connect Secure appliance while performing SNMP Walk after upgrade to 9.1R1.

PRS-361501

Sometimes end-user is unable to access backend resources.

Release 9.1R11.5 PRs

PRS-401116

Pulse Upgrade Helper tool upgrades Pulse Desktop Client once and terminates IE processes during the process.

PRS-400823

State Storage full and Program cache-server failed.

PRS-400746

Unable to see the details of package uploaded into Staging Area in Admin UI

PRS-400717

Improper titles for lines on HTML5 dashboard graph and some titles missing in Concurrent users graph.

PRS-400614

PSAL fails to launch Java Applets.

PRS-400653

In versions 9.1R11.4 and below, if the 'HTTP only cookie' option is enabled for admin role, the super admin session will not work.

PRS-400544

Program web recently failed on 9.1R11.3

PRS-399600

Users are not prompted to enter credentials as well as MFA on successful connection to VPN.

PRS-399576

The localization support is not available for new options on user created advanced HTML5 bookmarks.

PRS-399150

Host header Validation is failing for Virtual hostnames.

PRS-396923

PSA 5000 crashes with no access to UI or Console.

PRS-384770

GARP frames are not being sent under Default VLAN configured on an interface - VIP IP is not accessible after manual failover in A/P cluster.

Release 9.1R11.4 PRs

PRS-400095

Web crash due to empty session IDs.

PRS-399115

Warm restart of services is observed on two node PSA7K AA cluster when run continuously for multiple days causing L3 and L4 connection drops.

PRS-398510

Error code 1326 displays on Pulse Client when username/password is saved on Client and expired on AD server.

PCS-27395

Custom expression failure messages is flooding User Access Logs.

Release 9.1R11.3 PRs

PRS-400438

Code signing certificate fails globally when launching HC using browser. The certificate issue is addressed. For information refer KB44781.

Release 9.1R11 PRs

PRS-398532

During Kernel Panic (System stalls with no access to Admin UI), Ivanti Connect Secure/Ivanti Policy Secure devices will automatically reboot by default.

PRS-397979

Process snapshot gets generated for dsagentd/Web processes in 9.1R10. This issue can happen rarely when Client closes PSAM session with Ivanti Connect Secure server immediately just after closing TCP application connection.

PRS-397324

Dsagentd crashes when Ivanti Connect Secure System load average goes high.

PRS-397190

Rename all the places that contain WSAM keyword on the Admin UI to PSAM.

PRS-397171

Kernel panic is observed sometimes and Ivanti Connect Secure restarts.

PRS-397072

Host Check fails on macOS 11.1 when the policy is enforced.

For more information, refer KB44663.

PRS-397046

Background image and recaptcha is not loading through rewriter.

PRS-397000

Supporting corner cases for jquery usage in client side rewriter handling.

PRS-396944

WTS: End users unable to enable MIC on the user interface.

PRS-396921

When a user access basic html5 bookmark, guacd process may restart.

PRS-396870

PDC: Virtual adapter stops intercepting IPv6 packets on Mac/Windows/Linux platforms using PDC 9.1R9 build in ESP mix mode.

PRS-396827

When advanced HTML5 connections are accessed first time, user may see “Failed to connect to gateway” message.

PRS-396773

Host Checker fails after upgrading ESAP version to 3.7.1 or 3.7.2 or 3.7.4 from any previous ESAP version on macOS endpoints (KB44643).

PRS-396710

For advanced HTML5 sessions, REST API count displays invalid values.

PRS-396675

Fixed rewriting for other elements of div tag caused due to Data-srcset support.

PRS-396609

For unsuccessful HTML5 connection, VDS page displays the entry for advanced bookmarks.

PRS-396389

User is not able to configure Azure as backup server in China region.

PRS-396262

Login button is not enabled when accessing web rewriter through IE browser.

PRS-396134

NTP will not synchronize time when default VLAN ID is configured on the interface.

PRS-396116

Browser-based Host checker fails to get launched in 64 Bit Internet Explorer.

PRS-396097

Kernel panic “nf_udp_esp6” may be observed on PSA7000F.

PRS-395982

Rename all the places that contain WSAM keyword on the Admin UI to PSAM.

PRS-395973

User column for SNMP traps does not show the username.

PRS-395902

Pulse Component Set is selected to NONE does not update the “connstore” in spite of changing the connection set. A warning message is displayed to guide configuring the “Connection Set”.

PRS-395813

Disabled DMI Inbound connections setting is not retained after reboot.

PRS-395330

SNMP query for “sysObjectID” is returning PSA7000F for PSA7000C platform.

PRS-395217

Pulse One fails to sync files Windows ACL policies on Target Ivanti Connect Secure from Master Ivanti Connect Secure.

PRS-394382

Handling rewriting of Data URLs at server side code to avoid rewriter crashes.

PRS-393851

Invalid Admin log shows as “Unable to synchronize time, either NTP server(s) are unreachable or provided symmetric key(s) are incorrect.“ even though NTP servers are reachable and clock is syncing.

PRS-392135

Pulse One disconnected from Ivanti Connect Secure after Ivanti Connect Secure upgrade.

PRS-391999

TOTP Authentication fails for all users.

PRS-391667

Aligned the latest MaxMind DB pointer with local DB for Ueba package upgrade.

PRS-390324

Spikes are observed at regular intervals in the concurrent SSL connections graph.

Release 9.1R10 PRs

PRS-396733

For advanced HTML5 bookmarks, when the target machine is configured with hostname resource, may not be available at times.

PRS-396149

Web process crashes.

PRS-395696

For Advanced HTML5 sessions, error messages are not displayed.

PRS-395039

License client reports the excess allowed usage while sending the usage to server.

This issue is fixed to limit the reported count to maximum lease limit.

PRS-394744

“Error updating data for chart hc_failure_reason/auth_mechanism” log on Ivanti Connect Secure is not seen.

The Exception that was causing this error is fixed.

PRS-394586

Administrator can set a guaranteed minimum users on a realm to allow an user from that realm to log into the Ivanti Connect Secure/Ivanti Policy Secure when the licensed concurrent user limit is reached.

From Release 9.1R10, guaranteed minimum users is applicable when no ICE license is installed or ICE license is installed and enabled.

PRS-393989

When the current MSP license expires, and customers installs a new MSP license, VLS needs to re-register with PCLS. This was not happening previously, and this resulted in billing against older authcode.

In 9.1R10, we have fixed this issue, so that VLS re-registers with the next active MSP license. Hence, the license usage is reported against the new authcode.

PRS-393140

Certificate authentication fails when the option 'Trusted for Client Authentication' is disabled in client CA certificate hierarchy.

Added a new user access log and an Admin UI note to alert the Ivanti Connect Secure administrator in such cases.

PRS-389455

Analytics Device OS graph does not show Windows 10 OS information.

This issue is fixed in 9.1R10 onwards.

PRS-387059

Unable to publish config when trusted client CA cert (using CRL) is deleted on Master appliance.

This issue is fixed in 9.1R10 onwards.

PRS-380696

Predefined Host Checker policy can now be configured with a ignore category based on the vendor.

PRS-390086

End-Points connected through slow internet now will not hit the incomplete ESAP package download scenario.

PRS-395701

Access to advanced HTML5 custom URL is not successful without user logging into Ivanti Connect Secure server.

The user is now prompted to log into Ivanti Connect Secure followed by log in prompt to target machine.

PCS-22768

Remote-program, Multi Monitor, Session recording options are not working for end-user created bookmark.

PCS-22757

Advanced HTML5 graph is not implemented.

Release 9.1R9.1 PRs

PRS-396149

Web process restarts when Client Application profiles are configured under
SAM --> Resource Profiles.

PRS-396441

For advanced HTML5 sessions, web process restarts if the FQDN is not resolved.

PRS-396463

For advanced HTML5 sessions, login may fail if the target machine username or password contain special characters.

Release 9.1R9 PRs

PRS-395306

“Failed file system integrity check” warning appears on Admin UI when the file “integrity_check” is either not created or deleted. This is addressed in 9.1R9.

PRS-394759

DHCP Set option is added for AWS (If no DNS server configured in DHCP option set, it will take the second IP address as primary DNS server from the internal port subnet).

PRS-394604

Agent Type in active users page on Ivanti Connect Secure fails to show Windows OS version with 9.1R8 PDC builds.

PRS-394537

XML export shows virtual Platform for physical license clients. This is addressed in 9.1R9 release.

PRS-394390

Ivanti Connect Secure is not responding to ping with payload size larger than the MTU size.

PRS-394242

Rewriter client side parser issue fixed for DanaGetURLUnencoded API.

PRS-394137

Performance tuning is incorporated for FQDN ACL feature.

PRS-394107

Pulse Client version does not display under "Active Users" tab for mobile devices. The issue is addressed in 9.1R9.

PRS-394075

Pulse Collaboration stops working after Setup Client download fails, after upgrading it to Ivanti Connect Secure 9.1R8.

PRS-393736

Dssecidcheck program fails. This is addressed in 9.1R9.

PRS-393649

If a session is no longer present in the system when the IP lease period is active, then the IP address is released back to the DHCP server.

PRS-393627

Host Checker: Compliance check fails when using Sophos Cloud Endpoint 2.8.6.

PRS-393624

SNMP polling on ifHighSpeed does not return the correct speed of a network interface, if default VLAN is enabled for that interface. This is resolved in 9.1R9.

PRS-393603

File Share: When a big file is uncompressed, Ivanti Connect Secure will ensure that all the chunks are read properly from 9.1R9.

PRS-393544

On the "Virtual Port" view page, if admin clicks "Cancel" button without saving any changes, then Network service is restarted. This is addressed in 9.1R9.

PRS-393437

From 9.1R9, if Ivanti Connect Secure VA is hosted by VMware, then NTP setting at "Date and Time" page will have an extra note which informs admin that the Virtual appliance should have only one source of Time Sync (VMware ESXi or NTP Server, NOT both).

PRS-393313

Web Process crash due to timer Library corruption is addressed in 9.1R9.

PRS-393269

Ivanti Connect Secure was unable to handle "Unknown" OCSP Response. This is addressed in 9.1R9.

PRS-393230

Sometimes, TCP Dump does not start. This is addressed in 9.1R9.

PRS-393146

Host Checker process tncs crash.

PRS-393070

Logical volume support is removed from KVM instances.

PRS-392934

Ivanti Connect Secure does not restrict user logins, even though dsagentd crossed 80% CPU utilization.

PRS-392547

Custom start page takes about a minute to show up when connected from IE with split tunnel and VPN auto-launch enabled. This is addressed in 9.1R9.

PRS-392359

The default password length has been increased and the same has been updated in the Azure ARM Template.

PRS-391949

In spite of installing the Meeting license on a virtual appliance running A/A cluster, the effective count of concurrent meeting users remain zero. This is addressed in 9.1R9.

PRS-391629

PSAL Linux is unable to connect to Ivanti Connect Secure. This is addressed in 9.1R9.

PRS-391573

During domain controller reachability test under LDAP Auth Server, Ivanti Connect Secure does not close the LDAP TCP socket connection with domain controller. This is addressed in 9.1R9.

PRS-391273

When SAML config has both SLS and SSO service types using same Location URL, Import XML fails causing SAML metadata publish to go into loop. This is addressed in 9.1R9.

PRS-389484

Ivanti Connect Secure appliance now sends IPv6 Neighbor Advertisement with correct VLAN tag for user roles mapped with sourceIP as VLAN interface.

PRS-389448

dsagentd process crashes when handling multicast traffic. This is addressed in 9.1R9.

PRS-388972

Session extension fails when custom sign-in page is configured for the sign-in policy. This is addressed in 9.1R9.

PRS-387807

When default VLAN is enabled, virtual port is not considered for the user role while calculating the source IP. So, default IP was assigned as source IP. This is addressed in 9.1R9.

Release 9.1R8.2 PRs

PRS-394540

A tactical fix was provided as part of 9.1R8.1 (PRS-393243). However, Custom Rule Expression evaluation is now made more robust with thread safety in 9.1R8.2.

PRS-394113

Ivanti Connect Secure can parse and store up to 32 IP addresses returned by DNS server.

PRS-393865

Running TCP Dumps can get the Disk Full as there is no Log Rotation in place. This is addressed in 9.1R8.2.

PRS-393666

Application level integrity check was missing on Ivanti Connect Secure for Fragmented EAP-TLS packets. This is addressed in 9.1R8.2.

PRS-393440

Host Checker fails with Error "Host checker did not get installed properly. Your computer does not meet requirements". This is addressed in 9.1R8.2.

PRS-392873

The desktop settings configured under terminal services bookmarks will not apply if the resource's Operating System is Windows 8 or later. This issue is seen in Pulse Client 9.1R8.1 or earlier. The issue is resolved after implementing new interfaces of the Microsoft MsTscAx component.

PRS-392156

Modified WebRequest code to prevent null pointer (Hprewrite-server) crashes.

PRS-391188

DHCP options disappear upon clicking “Refresh Now” button under Connection Profiles > Proxy Server Settings. This is addressed in 9.1R8.2.

PRS-391141

Duplicate syslog (SYS31407) messages appear in event logs. This is addressed in 9.1R8.2.

PRS-388494

Large Username XML Import now logs proper error message.

PRS-385110

Upgrade failure due to white spaces in the configuration is fixed in 9.1R8.2.

Release 9.1R8.1 PRs

PRS-393434

Time drift is observed when NTP is configured on Virtual Appliances. This can affect authentication, cluster sync, and cause licensing issues. This is addressed in 9.1R8.1 (KB44558).

PRS-393243

Host Checker policy evaluation fails very intermittently for some time if policy rules need to be evaluated based on Custom Rule expression. This is addressed in 9.1R8.1.

PRS-392995

dsagentd crashes occasionally in load condition during initial data channel establishment. This is addressed in 9.1R8.1.

PRS-392842

The Overview/cockpit graphs representation will now show data similar to the Classic UI (It will omit the duration for which the data is not available).

PRS-392593

Restriction of REST API commands via the internal port is now fixed.

PRS-392254

SNMP polling was not returning false Ivanti Connect Secure Model Number and device type. This is addressed in 9.1R8.1.

PRS-392153

Session Server failures due to cluster instability is fixed in 9.1R8.1.

PRS-392096

Winbindd crash seen due to an exception is fixed in 9.1R8.1.

PRS-391990

SSH/Netconf clients should now be able to connect Ivanti Connect Secure DMI Agent successfully.

PRS-391708

Quick navigation link added to Enable/Disable FQDN ACL. And the following warning message is also added:

“Ensure that there is no DNS latency/delay in the network to avoid performance issues”.

PRS-391690

When a license client surrenders a license, the expiry date of that surrendered license keeps changing in license server to keep the expiry date always as 10 days (default) ahead of current date. The change is reflected in “License Summary” page of license server admin UI. But the change is not always reflected correctly at the “Pool of available licenses” section under the “Configure Clients” tab as there is a sync-up issue. This is addressed in 9.1R8.1.

PRS-391253

When Pulse Desktop client is used, Ivanti Connect Secure server does not provide session ID in User Access log after a successful login. Here “session ID” denotes the last 8 characters of actual session ID in server, and it is used to differentiate a session from other sessions for one user. From 9.1R8.1, Ivanti Connect Secure server will provide this ID for all types of Pulse clients after successful logins.

PRS-390500

From 9.1R8.1, Ivanti Connect Secure end user name will appear as client name (instead of Localhost) in HTML5 RDP session.

PRS-389526

From 9.1R8.1, a warning message will be sent only when the lease request fails or no leasable license is left with the number of users reaching towards maximum concurrent users limit.

PRS-389251

Frequent warning message about “number of concurrent users is nearing system limit” creates confusion about actual issue with concurrent users limit. Form 9.1R8.1, a warning message will be sent only when lease request fails or no leasable license is left and number of users are reaching towards maximum concurrent users.

PRS-387936

Global session configuration values (Users > User Roles > Default Options) are used when individual user role is not configured with session options.

Release 9.1R8 PRs

PRS-392702

PRS-391725

Additional logging to debug web crashes.

PRS-392244

PRS-388907

Active users were not able to sync to the newly added node on a 3 node Active/Active cluster. This is addressed in 9.1R8.

PRS-392236

Hyper-V 9.1R8 upgrade from earlier versions is not supported.

PRS-392040

PRS-388907

User sessions are not synced across the nodes in an Active/Passive cluster. This is addressed in 9.1R8.

PRS-391902

Invalid packet processing in kernel is addressed in 9.1R8.

PRS-391879

Intermittent audio disconnect issue with HTML5 RDP session is addressed in 9.1R8.

PRS-391837

PRS-380638

tncs process crash with Host Checker caching enabled is addressed in 9.1R8.

PRS-391305

Upgrading Azure images from 9.1R5 to any later releases returns with error message if the factory reset version is 9.1R5.

PRS-391004

The dsunitysamlhandler process crash is addressed in 9.1R8.

PRS-390937

In 9.1R4 to 9.1R7, when multi monitor option is selected under the Terminal Services session/bookmark page as well as under Terminal Services Options page, XML config data shows incorrect value. This is addressed in 9.1R8.

PRS-390916

Kernel panic during upgrade on PSA5000-V running 9.1R3 on Hyper-V. This is addressed in 9.1R8.

PRS-390907

Log rollover is implemented for postgresd so that it does not cause the Disk to get full.

PRS-390831

SAML authentication is now successful when signing is enabled for SAML requests/responses using certificates.

PRS-390828

As dshealthstatsunity process was getting exited due to exceeding process size, data was not being sent to Pulse One for that particular interval and thus calculated cumulative count at Pulse One was incorrect. This issue is addressed in 9.1R8.

PRS-390769

Kernel logging options are added by default for better debuggability.

PRS-390426

As process was getting exited due to exceeding process size, data was not being sent to Pulse One for that particular interval. This issue is addressed in 9.1R8.

PRS-390274

For config elements with unicode characters and having length exceeding 4096 bytes, the config import fails on Pulse One client. This issue is addressed in 9.1R8.

PRS-390217

Tunnels get dropped during connection resumption due to a server error. This is addressed in 9.1R8.

PRS-390106

Inconsistent upgrade issues seen while upgrading Hyper-V images in clustering and single node.

PRS-389927

The TCPDump filter expression can now contain characters from the set "<>|;()[]?#$^&*=\'`"" .

PRS-389897

Kernel Panic hrtimer_interrupt issue is fixed.

PRS-389771

Multiple VIP fail over was seen on Virtual A/P cluster due to the time drift between system clock and hardware clock. This is addressed in 9.1R7 (KB44457).

PRS-389756

The dsagentd process crash during assignment of IP address from DHCP server is addressed in 9.1R8.

PRS-389737

Cluster VIP is not getting migrated to other node when active node's internal interface is not reachable and external port is reachable.

PRS-389642

XML import is failing if configuration file has syslog IPv6 settings.

PRS-389451

TCPDump fails to capture packets when multiple interfaces are selected.

PRS-388630

With current OPSWAT library code, the verification of update functionality was not working. OPSWAT has fixed the issue and provided a new library.

PRS-388104

The top-roles section displayed on dashboard was not showing the roles name in Japanese and other languages. This issue is fixed for both Classic UI and New UI in 9.1R8.

PRS-385646

Whenever a user tries to access the VDI resource, a wrong error code for timeout was written in the logfile. The user sees the message "Missing host name/IP, Invalid host name/IP: "

To address the issue:

1. Timeout error ID is passed to write in logfile.

2. A proper validation has been done for the wrong false alarm.

PRS-364693

Bandwidth Management policy not getting enforced for VPN tunneling users is fixed in 9.1R8 - https://forums.ivanti.com/s/article/KB44402/?kA13Z000000L3Dc.

PCS-20480

Ivanti Connect Secure was returning "Incorrect ICE action" error message when trying to execute api/v1license/ice REST API to fetch the current status of ICE. This is addressed in 9.1R8.

PCS-20433

Existing HTML5 active sessions are not displayed under "Active Virtual Desktop Sessions" tab.

PCS-19628

Platform page shows hypervisor information as KVM instead of Alibaba-Cloud-KVM or OpenStack-KVM.

Release 9.1R7 PRs

PRS-391296

Application access using Citrix Terminal Services through IE browser fails in 9.1R5-9.1R6 Ivanti Connect Secure versions. This is addressed in 9.1R7.

PRS-390778

Host Checker support for OS version check is added for iOS versions 13.4 and 13.4.1.

PRS-390775

Ivanti Connect Secure syslog forwarder does not work if connection to syslog server fails during startup of the syslog forwarder process. This is addressed in 9.1R7.

PRS-390530

Enterprise user onboarding fails in Mac OS Catalina as the filename extension was not populated as '.mobileconfig'. This extension is added in 9.1R7.

PRS-390475

Noticeable slowness was seen in several applications including Citrix HTML5 video rendering in 9.1R3-9.1R6 Ivanti Connect Secure versions. This is addressed in 9.1R7.

PRS-390401

SNMP functionality was not working after cache sync. This is addressed in 9.1R7.

PRS-390234

User access log now shows real-time active HTML5 sessions count.

PRS-390118

In Ivanti Connect Secure A/P cluster split and joined scenario, lease license IDs are validated to reset the stale ID and license client will be able to lease licenses successfully.

PRS-389481

Cloud Platforms: Improved SNAT performance by tuning kernel module parameters based on the memory available in the device.

PRS-389209

With Ivanti Connect Secure 9.0R2-9.1R6 and Pulse 9.0R2-9.1R3, the client continues to send the CAV traffic to Ivanti Connect Secure every 300 seconds even when Cloud Secure license is not installed. From Ivanti Connect Secure 9.1R7 onwards, the PDC client (Pulse 9.0R2-9.1R3) will contact the Ivanti Connect Secure server only once per user session - KB44410.

PRS-388932

From Ivanti Connect Secure 9.1R7, the "Synchronization of last access time in user sessions" option in A/A Cluster mode will be auto-enabled and grayed out when the "Synchronize user sessions" option is enabled (otherwise, it can affect session migration). Existing cluster configuration is not modified during upgrade, so we recommend admins to enable this option for existing configurations as well.

PRS-388455

If epupdate_hist.xml is hosted internally with no authentication and if "Use Proxy Server" (With/without auth) is enabled with FQDN or IP Address, the first 3 characters are ignored thus causing it to fail. For example, proxy.domain.net is taken as xy.domain.net. This issue is now fixed for both Ivanti Connect Secure and Ivanti Policy Secure.

PRS-382777

Client's original Source IP was not logged if Load Balancer is used. Client's Source IP is now retrieved from 'X-Forwarded-For' header and logged in user access logs.

Release 9.1R6 PRs

PRS-390370

PRS-390145

Java Script is displayed after the user scans the QR code only during the TOTP user registration.

PRS-390352

Hostname resolution for an FQDN with up to 255 characters was not supported through the L3 tunnel in Ivanti Connect Secure 9.1R5.

PRS-390198

Admin cannot download reports in PDF format for Ivanti Connect Secure.

PRS-389973

HTML5 connections cause memory leak in Guacamole server and result in high memory usage and swap memory usage

PRS-389811

CPU Allocation issue on PSA-7000 (all flavors/varieties) appliances in case of Single-Arm mode VA deployments is now resolved on PSA-7000 HW and ESXi (VMWare) solutions.

Refer KB44446 for more details.

PRS-389744

Process snapshot for "dsserver-tasks" is generated while deleting meeting objects for corresponding users.

PRS-389544

Some of the examples listed under "Split Tunneling Networks" policies are not supported.

PRS-389523

External backend resource access using HTTP GET request with username in the URL for the file login.cgi fails through Rewriter.

PRS-389517

Web server crashes and results in User disconnections due to webSocket upgrade related messages during Auth Only URL access.

PRS-389440

User Accounts under TOTP Auth server Users section cannot be exported.

PRS-389406

Delayed or no response from Ivanti Connect Secure for SNMP queries under load condition.

PRS-389276

The corruption of blob during the epupdate results in Host Checker scan failure for users until the next successful epupdate.

PRS-389262

Web process snapshot is generated while sending POST request by REST API with an empty body.

PRS-389127

Garbled text in Citrix VDI profiles page when accessed using bookmark with the Japanese language.

PRS-388796

The dsagentd process (client server process) crashes and frequently disconnects in 9.1R4 when there are more than 1024 tunnels including MobIKE IKEv2 tunnels.

PRS-388645

After upgrading Ivanti Connect Secure/Ivanti Policy Secure to 9.1R3-9.1R5, slow Host Checker response is observed due to a very frequent re-evaluation of Cybereason Active Probe product.

PRS-388542

Garbled text in file share page when accessed using bookmark with the Japanese language.

PRS-374603

During system downtime activities such as an upgrade, Event IDs such as 20412/20413 are missing in the Syslog server.

Release 9.1R5 PRs

PRS-389938

9.1R4.3 Radius crashing, unable to authenticate Pulse.

PRS-389550

Intermittently, the system throughput falls drastically and user connections fail.

PRS-389246

“500 Internal Error” is displayed when opening Authentication related pages.

PRS-389212

Intuitive Customer friendly ways and relevant logs to avoid customers configuring single core.

PRS-388958

Idle timeout session is not working, OWA 2016 keepalives not ignored through web-rewrite.

PRS-388885

License Surrendering not happening due to the heartbeat not sent.

PRS-388743

Host Checker :: OS Checks :: MAC :: Add support to configure Minimum Service Pack/Version for MAC Catalina(10.15).

PRS-388734

PSA7000 at 30% total CPU due to two guacd processes at 100% CPU, planning pandemic and wanted to know root cause.

PRS-388536

One node in Cluster is surrendering the licenses to the License server. However, the increment of the surrendered time is not happening.

PRS-388479

PSA5000 : 9.1R4 : A/P Cluster : REST API calls are failing intermittently when they are executed in a loop continuously.

PRS-388429

Text corrected under Log/Monitoring > Admin Access > Settings.

PRS-388421

Ivanti Connect Secure 9.1R4 incorrectly reporting duplicate machine ID.

PRS-388409

Unable to upload config to Pulse One: Configuration changed while preparing configuration to upload.

PRS-388331

After upgrade VA-DTE & PSA-V to 9.1R4, nfqueue unable to create IPTables when VM is configured with 1 CPU core only.

PRS-388244

FileShare:: Customer unable to download direct file from FileShare on 9.1R4 Ivanti Connect Secure version.

PRS-387954

Rewrite: Web page of the maps web applications fails to load via rewrite.

PRS-387780

Registered Ivanti Connect Secure Appliance failing with Pulse one communication after importing user config and shows registration expired error message.

PRS-387641

"Sign Out message" does not properly display unicode text (Japanese, Korean, Chinese, etc.) with Sign-In Pages via browser.

PRS-387359

Unable to authenticate user using certificate. Reason: Wrong Certificate::unsupported name constraint type.

PRS-387349

System: Built-in Trusted Server CAs cannot be removed if they have subCAs.

PRS-387062

PSAM sending unintended traffic via tunnel to VPN in 9.1R3.

PRS-386875

User Sessions get disconnected after upgrading to 9.1R3HF1.

PRS-385747

Program dsdashsummary failing continuously on Ivanti Connect Secure running on 9.0R4.1.

PRS-385466

Sharepoint 2019 is not loading properly through web-rewrite.

PRS-385027

VDI Bookmark would not establish connection to the VDI resource without host entry on the client machine.

PRS-384955

XML Import of trusted server CAs generates a spurious admin log message for each unchanged CA.

PRS-382364

System: Device does not boot up when upgrading from 8.3R7.1 to 9.0R5 with option DELETES all system and user configuration data before installing the service package is selected.

PRS-381972

System : Licensing : "License server low-level protocol error, server=, Code = [6] :Could not resolve host name" populated in event logs of license server.

PRS-381905

After upgrading to iOS 13, HTML5 Access users seems to have broken the on-screen mouse pointer.

PRS-381716

AAA::Issues with host checker when user logs in to a different realm with TOTP auth server enabled.

PRS-381699

Pulse One 2.0.1902: Certificate > Trusted Server CA changes not being distributed (deleted expired CA).

PRS-381678

VIP became unreachable from enforcer when upgrading from 5.4R7 to 9.1R2.

PRS-381046

Rewrite: Dynamic365 menu tabs do not render when on 9.1R1.

PRS-380298

User access log indicates Login failed using auth server LDAP Server (Failed::unable to verify the first certificate) for wrong password.

PRS-380225

"Program fqdnacl recently failed" event failure on Ivanti Connect Secure 9.0R4.

PRS-379752

Reboot failed on PSA7000f.

PRS-379137

Gliffy Plugin in Confluence does not work via Web Rewrite.

PRS-376852

IPV4 Settings change in External or Internal port keeping Default VLAN ID same does not reflect under VLAN tab..

PRS-365669

SNMP: ifAdEntAddr mapped to wrong ifAdEntIndex values.

PCS-18217

License report did not show proper values for older dates (Dec month) after upgrading to 9.1R4 image.

Release 9.1R4.3 PRs

PRS-389246

“500 Internal Error” is displayed when opening Authentication related pages.

Release 9.1R4.2 PRs

PRS-380298

User Access log indicates “Login failed using Auth. server LDAP server (Failed: unable to verify the first certificate)” for wrong password.

PRS-387780

Registered Ivanti Connect Secure Appliance fails with Pulse One communication after importing user config and shows “Registration Expired” error message.

Release 9.1R4.1 PRs

PRS-382268

PDC throws Authentication rejected by server [Error : 1319] when using global Ivanti Connect Secure url.

PRS-387062

PSAM sending unintended traffic via tunnel to VPN in 9.1R3.

Release 9.1R4 PRs

PRS-365669

SNMP: ifAdEntAddr mapped to wrong ifAdEntIndex values.

PRS-367786

Device locked up and dropped all connections due to Web process consuming CPU.

PRS-375181

VLS does not throw any error if there is no response for Heartbeats sent to PCLS.

PRS-377456

EasyPrint feature using the Premier Java RDP Applet not working.

PRS-379345

Program dsagentd failed.

PRS-379411

Ivanti Connect Secure not sending any Syslog traffic to configured Syslog servers.

PRS-379801

Active Sync stopped working after upgrading the device to 9.0R4.

PRS-382021

Dismiss until next upgrade option is not working for banner related to perpetual licensing.

PRS-381990

During peak hours when multiple users try to do browser-based login on PSA5K, a few users might not be able to connect in the very first attempt.

PRS-380136

Cluster communication and state storage problems on A/A cluster.

PRS-380765

Program dsagentd recently failed after upgrading Ivanti Connect Secure from 9.0R3.2 to 9.0R4.

PRS-380796

Ivanti Connect Secure-VA sending critical SNMP alerts while leasing license.

PRS-380993

DFS: process snapshot generated by snmptrap process.

PRS-381100

Program dsagentd recently failed while running Mixed [V4 and V6] 60K VPN Tunneling ACL's throughput test on PSA5k for secure cache build-3164.

PRS-381579

Sometimes logs are not shown under Log/Monitoring page.

PRS-381366

Multiple users getting disconnected from Pulse Client.

PRS-381403

Sharing Feature is not working in macOS Catalina.

PRS-381579

Sometimes empty logs are seen under "Log/Monitoring".

PRS-381621

9.0R4 and 9.0R5 SPE (PSA-V) do not show the User Record Sync column in Admin UI > Auth Server page.

PRS-381633

Host Checker checking for virus definition file based on Number of updates fails for Sophos Endpoint Security and Control 10.8.4.

PRS-381736

After Upgrade from 8.3R7.1 to 9.1R1, error encountered while upgrading cache (in Host Checker).

PRS-381795

[FQDN ACL / NFQUEUE] Request DEV help in determining why thousand of VPN Tunnels dropped traffic within.

PRS-381960

Facing slowness when accessing web application through Authorization-only access post upgrading to Ivanti Connect Secure OS 9.0R5.

PRS-381963

Group Names in the role mapping rule will get added with &, # and; special character if more than 5 groups are selected with AD as the auth server.

PRS-381984

The cookie setting should be included in the resource profile.

PRS-382001

UI: Description incorrect on default deny in 9.1R3 initial deployment.

PRS-382021

Button to dismiss the banner on Ivanti Policy Secure/Ivanti Connect Secure Dashboard for not accepting Perpetual license is not working.

PRS-382031

Need to replace VA-SPE|PSA-V in "Only EVAL licenses are allowed for manual installation in VA-SPE|PSA-V".

PRS-382035

Proper logging for NFQUEUE full and drops needed, also consider this situation for cluster A/P failover or add to healthcheck.

PRS-382191

Unable to ping the IPv6 VLAN-Gateway from the Ivanti Connect Secure device after changing the Gateway address.

PRS-382240

User dropped from the VPN tunnel connection ##g_dhcp_proxy_wbuf is maxed!.

PRS-382350

Unknown RAID status in PSA7000f due to no space left on device.

PRS-382804

Active node went unresponsive in A/P cluster and generated multiple Watchdog snapshots.

PRS-384939

“Invalid EKU text” error found while configuring "E-mail protection" under EKU text.

PRS-384963

Host checker: After upgrading to 9.1R3, HC "Successfully loaded" message is garbled when it is initiated in browser with Japanese language.

PRS-384967

healthcheck.api showing incorrect MAXIMUM-LICENSED-USER-COUNT in AA cluster.

PRS-385144

Web Rewrite: Images not loading on the web page for a web resource configured via rewrite.

PRS-385150

Access via SSH port forwarding fails.

PRS-385159

Home page of eTime (Timesheet) Web application is not rendering properly via Rewrite in all web browsers.

PRS-385203

Add iOS check for 13.2, 13.2.1, 13.2.2.

PRS-385496

Adding default policy for Citrix resources.

PRS-385500

VLS should use only MSP Authcode for registering with PCLS.

PRS-385526

Add iOS Check for 13.2.3.

PRS-385550

Users cannot see full display of shared screen, if the size of text, app and other items in the "Scale & layout" in Display settings is set to 150% (Recommended) on the client's machine.

PRS-385721

Unable to restore Local User Accounts Backup on Ivanti Connect Secure 9.0R5.

PRS-387517

DanaLoc appears to be missing when using IE11.

PRS-387541

Web Rewrite: Drop-down menu, Refresh button, Change Password option and Login button not working on the login page.

Release 9.1R3 PRs

PRS-366490

System| Temperature status value on SNMP server displaying wrong value.

PRS-371351

Citrix sessions drop regularly causing various issues. These issues are observed in Ivanti Connect Secure 9.0 with Citrix port 2598 via JSAM. This issue is not found in 8.2R8.

PRS-371699

Users unable to login as well as dropping users - LMDB full.

PRS-372805

Realm level certificate restriction skipped with SAML Auth.

PRS-372999

Host checker is failing for Host Checker (OS-Check only) for Chrome OS 71.0.3578.127 with Ivanti Connect Secure 9.0R1 firmware version.

PRS-373160

Dropdown option misses internal menu while accessing via web rewrite.

PRS-374124

VDI Session are not showing under Virtual Desktop Sessions.

PRS-374146

UNC path is not handled properly by HOB Applet.

PRS-374318

Ivanti Connect Secure deployed on the AWS Cloud showing speed 10 Mbps.

PRS-374344

Last core dumps being generated at customer after 9.0R2.1HF6 with fixes.

PRS-374603

Syslog missing event logging info when upgrading.

PRS-374765

PSA7000f RAID failed after upgrading.

PRS-374831

Login page is not rendering properly for a web resource configured through rewrite.

PRS-374992

Ivanti Connect Secure using DUO as secondary authentication fails the first authentication attempt after installation.

.PRS-375079

CORE.fqdnacl crashes continues to occur even after 9.0R2.1HF6 (with fix).

PRS-375880

None of the contents in the Azure web portal are loading through rewrite.

PRS-375906

Unable to load a sign-in page getting stuck in loading the web page while accessing a web resource configured through the rewrite.

PRS-376036

Ivanti Connect Secure evaluation of the custom expression "time.dayOfYear" is not working as expected.

PRS-376247

Factory-reset does not work in 9.1R1 instead it boot up Ivanti Connect Secure with current image.

PRS-376249

Logon page of SAP fiori portal displayed as blank in IE11 only via rewrite.

PRS-376343

Mails are not getting synced in Native Email Client in iOS when using SA as ActiveSync Proxy due to stale records present and crash is happening in aseproxy-server service.

PRS-376357

When extending Pulse Client sessions, it causes network drop.

PRS-376429

JSAM stuck on loading forever on IE - Java.

PRS-376458

HOB stuck on loading forever on IE - Java.

PRS-376500

Azure 9.0R3.1 - postgresd service restarts constantly after deployment.

PRS-376520

Host checker fails to detect FireEye Endpoint Agent 29.7.0.

PRS-376840

Running Add command when the Disk is missing will cause a minor error message which requires a reboot.

PRS-376869

Dns_cache process snapshots persist after upgrading to 9.0R4HF6.

PRS-376953

Unable to view PDF files in the myDocuments application.

PRS-377022

File Share accessing issue in 9.0R4.

PRS-377160

HTML-5 -RDP requires additional authentication.

PRS-377482

After upgrading to 9.1R1, host checker word is garbled when it is initiated in browser with Japanese language.

PRS-377681

PSA7000f reports HDDs missing and inactive after upgrade to 9.1R1.

PRS-377825

After upgrading to 9.1R1, the name of the user role displayed in submenu is broken if the language is in Korean.

PRS-377979

When accessing the resources via bookmark, contents are not displayed correctly.

PRS-378049

Failed filesystem integrity check message seen on PSA5K console after upgrading from 9.1R1 to 9.1R2-2119.

PRS-378882

Periodic Snapshot settings via REST fails with error "Modification of Attribute not Allowed".

PRS-378964

When the admin clicks on 'Agent', they receive an error "the page you requested could not be found".

PRS-379125

Pulse One 2.0.1901: With Ivanti Connect Secure 9.0R5 (EA) having failure in target importing SAML using Artifact - empty "Source Artifact Resolution Service URL".

PRS-379336

Chat option not working on the Medical application.

PRS-379773

Syslog - If an appliance is rebooted, it cannot successfully reconnect to a P1 syslog server.

PRS-379974

Critical Events do not get displayed in System > Overview Page.

PRS-380009

REST API calls failing for RDWeb Profiles in Ivanti Connect Secure.

PRS-380148

When syslog server's FQDN resolves to two IP addresses, one of which is reachable, Ivanti Connect Secure/Ivanti Policy Secure may fail to connect.

PRS-380762

Delay during session failover of Ivanti Connect Secure in Active/Active cluster in AWS.

PRS-381014

Japanese words are garbled when we click on the File share bookmark.

PRS-381318

DMI get-config of RDWeb resource profile returns badly formed XML.

Release 9.1R2 PRs

PRS-367907

FQDNST denied IP is going via tunnel.

PRS-370210

Clear config on PSA 300 fails with unable to mount /webserver partition.

PRS-372439

Post failover, session resumption delayed with Pulse Client.

PRS-373290

Clear config on PSA 300 fails with unable to mount /webserver partition.

PRS-375013

Radius OTP as Secondary authentication fails for the Pulse Client.

PRS-375329

HOB failed to launch through Java in IE.

PRS-375886

JSAM launch failing for IE -JAVA.

PRS-376312

Factory reset from VMware VA console does not load the factory reset version and loads the current version.

PRS-376348

VMWare View 5.1 client does not connect after upgrade.

PRS-376859

Premier Java Applet for Terminal Service failed to download .jar file.

PRS-377945

Publishing for certain block types causes many log messages and other side effects.

Release 9.1R1 PRs

PCS-5064

Remove legacy mode from Active Directory auth. server.

PRS-375534

JSAM Stats value (Bytes count) is not getting displayed in IE - Activex.

PRS-375067

DNS resolution not working for alternate VPN connections.

PRS-374597

The definition update is not listed for Sentinelone product in "epupdate_hist.xml" file.

PRS-374057

Unable to add the resource <userAttr.Framed-Route> in IPV4 address under Split tunneling policy for Ivanti Connect Secure version 9.0Rx.

PRS-374037

Rewrite: PSAL launching Citrix app multiple times in an infinite loop on all the browsers.

PRS-373948

Contents of a web response are not getting compressed as content encoding header is missing in the response from Ivanti Connect Secure.

PRS-373769

Host Checker IMC detects the Antivirus Change in the client PC and report it to IMV even when Perform Check every min is set to 0.

PRS-373696

Split tunneling FQDN policy with special character, fails to save.

PRS-370953

Unable to edit word documents hosted on SharePoint 2013 via PTP using MS Edge.

PRS-371023

Resource access dropped (RDP, SSH etc.) intermittently on SAW environment.

PRS-373102

Core Access: E-mail web page getting stuck on "login processing".

PRS-373076

Core Access:Web page shows horizontal scrollbars at the bottom of screen.

PRS-372181

DanaLoc fails in case of old window object reference from a new window object.

PRS-372834

PSAM:Pulse SAM takes at least 40 seconds to open custom start up page in UI Options compared to WSAM.

PRS-372677

AAA/Security/Pulse: SAML AuthnRequest leaks data across users with "Reuse NC/Pulse session" enabled.

PRS-372595

User getting same IP address assigned from IP pool in few hours.

PRS-372489

Pulse browser Toolbar is flickering when accessing OWA 2016 resource on iOS device through webrewrite.

PRS-372285

PSA 7000f Frequently reports one of the power supplies is back up.

PRS-372055

Unable to save Citrix listed application using Hostname with port number.

PRS-371973

HC: Compliance fails using Pulse Desktop client 9.0.2 build 1151.

PRS-371970

Users with username in UPN format in System Local Authserver are unable to log in using TOTP after upgrading to 9.0R3.

PRS-371944

Killed user session admin log "ADM23534" does not display admin user but the actual user being terminated.

PRS-371800

Ivanti Connect Secure device is unable to get the enrolled mobile device attribute from MDM server.

PRS-371394

Setting the hash property of location object causes problem in IE, Edge and Firefox browsers because the URL is appended with fragment identifier. In chrome and Safari browsers things work fine.

PRS-371602

Post upgrade to Ivanti Connect Secure 9.0R3, "License server low-level protocol error Code = [47]" error is triggered on license client.

PRS-371513

Page does not load via IE browser.

PRS-371406

"Auto populate domain information" behavior when unchecked: blank first then if wrong password, auto populates domain.

PRS-371357

HTML5 RDP logging do not show realm and shows ().

PRS-371342

Add iOS Check 12.1.1.

PRS-371266

Menu is not loading when accessing the application through web-rewrite.

PRS-371231

Ivanti Connect Secure 9.0 VA-DTE :: Nodes in cluster gets disabled automatically.

PRS-371205

Multicast Traffic not working intermittently in the VPN Tunnel in 8.3R6 / 5.3R6 version and after restarting services, works fine for all users.

PRS-371154

Wrong information in the log messages for Authorization Only Access when source ip restriction is configured on role.

PRS-371114

Add support for adding parameters “client-name’ for HTML5 Access.

PRS-369351

LDAP authorization does not work when using ikev2 tunnel (handle 10K tunnels+few hundred ikev2 clients).

PRS-370138

Read-only admin sessions see an option as disabled that is actually enabled on user roles.

PRS-369960

Page displayed while PSAL downloads to a Mac client shows instruction for Mac; but then references Windows System Tray.

PRS-369200

Logs are not fully displayed if select the date as filter.

PRS-369142

File browsing SSO is not working with user details are given in variable form as well when configured to use system credentials.

PRS-369031

When a configuration object is renamed, not all of the resulting configuration changes are uploaded to Pulse One.

PRS-368927

Web process crashes and logs "ERR31093: Program web recently failed." in the event logs.

PRS-367879

Core Access: Unable to import or download the image using PTP.

PRS-367789

DMI agent not responding to netconf commands as expected.

PRS-367285

System| Active/Passive cluster responding to ICMP request even after shutdown.

PRS-366634

Randomly users are not able to access IPv6 resources through VPN device via VPN tunneling.

PRS-364219

PSA7000f interface status in Network Settings not working.

PRS-366490

System| Temperature status value on SNMP server displaying wrong value.

PRS-371351

Citrix sessions drop regularly causing various issues. These issues are observed in Ivanti Connect Secure 9.0 with Citrix port 2598 via JSAM. This issue is not found in 8.2R8.

PRS-371699

Users unable to login as well as dropping users - LMDB full.