Fixed Issues

Release 9.1R18 PRs

RADIUS accounting User-Name is blank after upgrading to 9.1R17.

Input validation check on the IP Destination Field in ACL check failing causing VPN disruption.

Image uploaded in the default sign in page does not show up in the new GUI after upgrading the server to 9.1R17.

REST API allows two certificates to be mapped with the same port.

REST API Delete causes device to not respond in 9.1R17.

Wong username and ip address are seen in the logs (unauthenticated requests and Invalid URL log) because auth context was not set correctly.

Source IP based on Geo-Location Czechia is not working.

Client users failing LDAP based authorization first attempt but works in next attempt.

Unable to allocate IP address to the users from static pool due to failure in setting up ACLs for the tunnel.

Upgrade fails while checking the AD legacy Authentication Check.

Program fqdnacl fails on 9.1R15.

User Records increments constantly after upgrading to 9.1R15

Users are redirected to dana/meeting/meeting_weekly.cgi post logging in to the VPN.

ICS is not showing the assigned IP addresses when using Infoblox as DHCP server in the active users tab and concurrent user session graph. UI issue only.

ICS is not showing the assigned IP addresses when using Infoblox as DHCP server in the active users tab and concurrent user session graph. UI issue only

dsagentd and rewrite-server processes crashes very often.

The client does not display the custom messages for failures when using TOTP RADIUS server.

SNMP polling is not working for Node 100 after upgrading to 9.1r15 version in Active/ Active cluster with Zabbix SNMP manager

Duplicated and pushed configuration with lockdown exceptions assigned to a role does not update the exceptions

On registering Ivanti Policy Secure devices to the Pulse One device, IPS displays a "Publish Failed" message and crashes.

Mouse-related issues like scroll and click when using Advanced HTML5.

Warning message found in Edge browser in IE mode with 9.1R16.

Duplicating connection sets with lockdown exceptions enabled will not enable the exceptions on the configuration file without saving changes on the new connection set.

When a higher resolution (width and height) is used, the End-user RDP webpage will have a scroll bar and icons are appear bigger. 

Advance HTML5: Post Upgrade to 9.1R16 SSO credentials are not working

IKE tunnel disconnects in the case of IKE fragmentation and large data transfer.

Create blacklist option as admin UI to blacklist specific user agent strings to avoid bot requests

Upgrade to 9.1R16 from 9.1R14.1 fails due to "Archiving Sensor Logs" but it is disabled

SAML-Server process crashes on 9.1R14.1 due to memory leaks.

PowerBi Application is loading blank via rewriter.

Release 9.1R17.1 PRs

Web profile access using the Launch JSAM option fails in versions 9.1R16 and 9.1R17.

Users unable to add HTML5 sessions due to field missing from the UI.

Mouse-related issues seen with scroll and click when using Advanced HTML5.

Higher resolution in Advance html5 is scaled down and can be viewed without a scrollbar.

Release 9.1R17 PRs

Jira application is not working through rewriter after upgrade 9.1R15 to 9.1R16.1

The sign-in URLs are reordered on ICS upgrade.

VPN tunneling drops immediately when connected using DHCP scope.

HTTP Only flag is not set via PTP virtual hostname.

Breaks seen in the graphs.

While importing xml file for include-system-config false value is not getting updated.

Program rewrite-server recently failed.

REST API based certificate import and mapping to ports failed with PSA 7000 fiber in customer environment.

Web hits on graph showing constantly at 500M on PSA-7000C.

PSA7000c unresponsive in Active-Passive cluster with warm restart on 9.1R16.

PSA3000-V VMware keeps crashing on upgrade to 9.1 R16.

When multiple users are created through Auth Servers > System Local > Users, usernames are incorrect in User Access logs.

RDP access over Citrix Storefront through rewriter is not loading the desktop screen.

Authorization-Only Access not working in 9.1R16.

Unable to allocate VPN tunnelling IP from static pool.

"Archiving Sensor Logs" error appears during upgrade, even though the option is disabled and upgrade to 9.1R16 fails.

Unexpected policies deleted after removing user roles.

Not able to launch JSAM and Ivanti Secure Access client.

Slow IPv6 access.

Multiple DHCP lease request is Initiated by client for same user.

User logging in from a location that contains special characters in the name of city or country will be prompted for secondary authentication repeatedly.

Some ports appear to open unexpectedly.

User configuration Archive fails creating a temp file and taking up disk space under/var/tmp, also causes SNMP alerts.

NMAP output shows port-5432(UEBA port) as open and not filtered.

Unable to login to the ICS after changing the Local user/Admin password via REST API

Upgrade failure to 9.1R15 due to legacy active directory mode configuration

Import, Cancel, etc. buttons are not displaying due to syntax error.

After the upgrading to 9.1R14.1, sporadically users are getting redirected with error https://auth/welcome.cgi.

Citrix JICA/CTS to Storefront 3.1/CTS improvement for admin profile flow.

Memory Leak on web process leading to process crash and disconnects users.

"Program cgi-server recently failed." critical log seen frequently.

Pulse One looping to "Publish Required" while "Trusted Server CA" is the only selected block.

Facing slowness in Admin GUI while editing Licensing Summary.

Print function is not working properly with Advanced HTML5

ICS is not validating the sign in URL in login.cgi.

PSAL not launched because RPM format PSAL file downloaded on Ubuntu machine.

Menu button on the Top Left corner is no longer working on Gitlab Website.

Web bookmark stays in the credential page after providing credentials via rewriter.

Web bookmark loading as blank page without any data.

Release 9.1R16.1 PRs

System: Enabling Kernel protectionmay cause unexpected system crashes on virtual appliances.

Logging: Login may timeout or is delayed if the roles and realms use more than 4K data.

An invalid password expiry warning may display when MaxPasswordAge is set to never expire.

System: Incorrect archiving validation for sensor logs may prevent upgrading to 9.1R16.

VPN Tunneling: An ACL with wildcard ("*") for port ranges prevents resources access on 9.1R16

PSAL: Citrix Terminal Services (CTS) client may fail to launch on Chromium-based browsers (with and without the browser extension installed).

System/Admin UI: The re-branding alert message cannot be dismissed.

Host Checker/Admin UI: The alert message to increase Host Checker periodic Host Checker evaluation cannot be dismissed.

System: Browsers configured for Italian may not render messages with proper accents.

Release 9.1R16 PRs

Signing-in page got doubled after upgrading the AA cluster to 9.1R15.

"Password Expiration Prompt" when enabled shows an unusually huge number (say 24855 days).

Post Upgrade to 9.1R15, we can no longer change the precedence/ordering of the Sign-In URLs (Save changes take no effect).

Unable to select the existing VNet while deploying PCS appliance from Azure marketplace due to the /24 subnet enforcement.

Program dsnetd recently failed (Log improvements added to facilitate RCA in the future).

For geolocation rules, the Access log does not contain the location of the source IP Address.

Getting an Error FB-19 while accessing shared sub folder.

Href instruction output under Sign in Page for End users is showing up extra characters.

Default Sign-In page instruction is repeated twice in PCS9.1R15.

HTML5 User added bookmark not visible.

"ueba-monitor" service restarting frequently after upgrading to 9.1R15.

cgi-server process crashed when using "Always-on VPN using wizard" feature.

Upgrade to PCS 9.1R15 caused configuration to be wiped out only on hardware( PSA7K) not on VMs.

DHCP failure seen after upgrade to 9.1R15 using Infoblox.

Auth traffic control fails post-upgrade to 9.1R12+ with IPV6 and Management interface only.

Save All Logs button missing in 9.1R15 in IPS and ICS.

Named User license does not allow users to login to VPN and gives error “Number of named users (55918) exceeded the system limit (0)” as special characters in the user name are not properly handled in the named license users’ functionality.

Restriction with geolocation feature is not working for UK/Germany IP Addresses.

PCS/PPS Connection error with Pulse One: Operation timed out after xxx milliseconds with 0 out of -1 bytes received.

Program Web failed on 9.1R14.

Program TNCS failed.

PCS server deployed on Azure goes unresponsive.

When using PDC client on Window 11 OS ,authentication report shows Device OS as "Windows" instead of "Windows 11".

Import of "Enable Pulse Client Components removal Tool for Cert issue Remediation." setting fails.

Duplication of host checker policy fails if it is configured with the Registry settings.

User disconnections are not properly logged in the User Access logs giving rise to confusion at times.

Deprecated SSH Cryptographic Algorithms Supported on Azure.

Vision Center app not working via re-write.

Named User Record is not populating in License server Named user repository page.

Named User license does not allow user to login to VPN and gives error Number of named users (55918) exceeded the system limit (0).

On 9.1R12 System Software unable to pulldown backup configuration using REST.

High CPU due to dsserver-tasks on PSA5000-v due to huge file transfers.

With Static proxy and chrome PSAL+JSAM+Proxy , JSAM is not launching. PSAL is not using static proxy.

Active Directory authentication server 'XXXX': No logon servers are currently available. Device could not connect to any domain controller of the domain.

Program Web Failure due to memory leak.

Users unable to establish tunnel - TUNSETIFF failed with error 16.

PCS crashes sometimes when using ipv6.

DMI update of PSAM destination servers takes effect on reconnecting of PDC client.

Users were unable to connect, existing users got disconnected due to aggressive “Periodic Check” timers.

HC Logs in User Access shows Local Username instead of VPN Username while using Embedded Browser.

Outlook via Office365 fails to view or send email for all browsers.

Release 9.1R15 PRs

Upgrade failed from 9.1R13.1 to EA build 9.1R15.

Users unable to access the VPN as the host checker fails with McAfee anti-virus.

Priority of log SYS31048 (Lost syslog connection to server) is reduced to major from critical.

Garbled text displayed in IE JSAM Window upon launching bookmark.

HC re-evaluate Carbon Black virus definition check fails with number of updates.

Internet Check during HC for EDR products is removed to prevent false-positive scenarios - https://forums.ivanti.com/s/article/KB45142.

Users are dropped with Dsagentd snapshots generated.

When saving the Terminal Services Profile, it unchecks the NLA option in the bookmark tab.

Stales entries in shards is now removed. This will prevent shards from overload.

Same IP address from IP pool was assigned immediately to different users in short span.

'Profiler Events' is missing in REST API call.

XML export on 9.1R13 doesn’t contain Local user accounts data.

Role mapping clash causes connectivity issues for PDC.

Rewriter application doesn’t work via rewriter due to parsing failure (Triple dot and return statement).

HTML5: File cannot be downloaded if filename contains certain special characters (spec chars $ # % £).

Full screen mode for multi monitor setup does not match native resolution.

Top Level DNS domain is not validated properly under connection profiles and console.

Logs generated on the desktop when accessing the VPN using Internet explorer / MS Edge.

Events logs generated with wrong source IP address when users tried to connect.

ICE license does not get auto-disabled.

Lots of CRL failure entries getting generated in event logs for failed CDPs and it would be there every 5min for each failed CDP.

Error Invalid Total Maximum Bandwidth "250" Must be between 0 and "0" when attempting to define the "Total Maximum Bandwidth".

LDAP Domain Name not able to process Truncated TCP DNS response.

ICS on AWS crash after Disk usage increase.

Sign-in policy was not getting synched in config-group in pulse one.

namedusersrestserver.log is filling up causing the HDD 86% usage.

Intermittent resource access issue (RDP, SSH etc) through PSAM.

BeyondSSL (Advanced HTML5) logging improvement added like Basic HTML5.

Importing certificates with system config fails if special characters are part of the password.

Config option provided for User Record (State Storage) management.

Pulse One configuration in ICS shows 6 days "Credential Renegotiation Interval" but logs shows every 6 hours.

Public IP of user in the access logs change when changing password.

SNMPv3 Engineboots & EngineTime value as 0 with netSNMP lib 5.7.3.

Modifying IP config using console with VLAN interface fails.

Disk space getting full resulting in service restart on PSA-V.

Webpage not loading via ICS.

PCLS responding to heartbeat request with 404 error.

Release 9.1R14 PRs

Data is missing in XML export for Local user accounts in 9.1R13.

Telnet/SSH: If User localization is JAPANESE, the display screen is garbled.

Secondary RSA Authentication failing on PDC.

Super Admin Session is not working when HTTP Only Device Cookie is enabled.

Admin UI Unable to switch from ICT periodic scan to scheduled scan.

Core dump generated while rewriting html with xsl stylesheet.

Resource policy-based detailed rules failure user logs are flooding the User access logs.

Mac OS Catalina 10.15.7 is failing to pass the HC policy set for File Vault.

Difference in the GUI and XML export values for Integrity check specifications.

Radio button on changing the Periodic scan to every 2 hours is not saved.

User access log was being printed with default username as "System" instead actual username.

Activity dashboard shows incorrect number of active users over the PCS appliance.

Issue with high CPU utilization with rewrite-server process snapshot generation.

User access log prints default username as "System" instead of actual username.

The ifSpeed default value for physical interface of PSA7000 device is set to 10 Mbps.

SNMP output of signedinWebUsers, iveConcurrentUsers and clusterConcurrentUsers is returning same value.

Web Crash in 9.1R12 Version.

Rewriter URLs ending special characters like (# or | ) are not being redirected as the URLs will not be rewritten.

Session extension with Pre-HC function is enhanced to contain the realm details.

Background URL mentioned as style attribute not getting rewritten.

Process SAML-SERVER crash in 9.1R12.

PCS is not logging useragent string in logs for PDC clients.

Login issues seen during session extension or during network switching.

Program dsagentd failed after upgrading to 9.1R12.

Lockout enforcement not working on PDC when AD is used as authentication source.

Built in Integrity check scanner tool in PCS version 9.1R12 not accepting 0 in hour field for scheduled scan.

Issue with Integrity check tool in standalone PSA 300.

Users face permission denied while browsing file URLs.

iOS Pulse Mobile users unable to access intranet resources through Per-App VPN after upgrading PCS to 9.1R10 or above

Seamless Upgrade Helper prompt in Italian Browser does not work as expected.

System: watchdog restarts cgi-server for at least one hour after changing SSL cipher selection.

Throughput graph getting cleared on PCS Virtual Appliances.

Triple dot creates a syntax error while rewriting API.

A/A Nodes have user record differences.

Citrix JICA/WI through CTS fails application access after import XML of same resource profile, manually creating fixes issue.

Release 9.1R13.1 PRs

Advanced HTML5 SSH Sessions and do not support scroll bar

Advanced HTML5 Copy/Paste does not work for SSH

Suddenly new L3 ESP/SSL VPN connection request fails for users due to auto-generation of Dsagentd cores.

Release 9.1R13 PRs

Client certificate information (serial number and certificate) is not available in Ivanti Connect Secure user access logs.

Browser based end user UI error message for invalid credentials is not seen.

Warn customers to follow mandatory steps before upgrading Ivanti Connect Secure/Ivanti Policy Secure.

PDF files with streams having no Length attribute create segmentation fault causing rewriter server core.

Source IP restriction for IPV6 Subnet in Roles restriction is not working.

Core Access: SSO redirect with concur is not working

XML import fails when config with the connection set containing option "Connect to URL of this server only" is disabled. This is due to improper initialization

Improvements for ICT

Ivanti Connect Secure archiving is not happening on Azure server

DSDID length is not calculated properly causing Process web crash in FIPS mode.

ICT page is skewed to left in classic UI but OK in new UI

The image quality needs improvement for advanced HTML5 RDP.

"Bookmarks open in new window" option is not exported in XML Export.

While creating citrix profiles and change the options from java/html5/non-java, the auto policies created are not being handled as expected.

Display a log message when the Root Partition gets into Read/Write Mode

Unable to open Sharepoint documents using MS office native apps.

HTML5: Option needed to hide basic HTML5 bookmarks/RDP launcher

File download fail as file URL is getting truncated where newline exist in file name.

When launching the Citrix client, 60 seconds delay is seen with no UI feedback, before PSAL download link appears.

dsTermServ.exe crashes and unable to access terminal services with Applocker installed.

Import of configs from older software to 9.1R11.4 may generate some error logs along with 'import done' message.

REST API incorrectly responding to queries with ascii symbols

With Recursive DNS domain name resolution for LDAP server is not successful.

Process dswsd crashed during network fluctuation when some of the variable is not set correctly.

Enabling/Disabling ICE license on PSA7000 increases the CPU usage

On the IE browser for the advanced HTML5 intermediate, login page text displays “submit query” instead of submit.

In MAC Safari browser, Advanced HTML5 sessions clipboard is not available.

For Advanced HTML5 RDP sessions, video quality can be inconsistent at times.

Pulse One disconnected from Ivanti Connect Secure after Ivanti Connect Secure upgrade

Page rendering issue due to Cross-origin Object.

Release 9.1R12.1 PRs

Lost connections and dsagent process restarts due to a malformed IKEv2 packet.

Unable to assign NCIP from the static IP pool in Ivanti Connect Secure 9.1R12.

Release 9.1R12 PRs

Authentication fails with no authentication prompt even though “Allow Smartcard with Network Level Authentication” shows enabled in the UI. However, XML export shows it as "Disabled".

Due to Password Policy Control Changes introduced in 9.1R5, if we do not receive the proper response from LDAP server the authentication fails and associated process crashes.

Duplicated Named User Licenses as usernames are treated case sensitive.

Ivanti Connect Secure does not send DSID cookie to Pulse Client (SiteMinder authentication).

The default admin realm is enabled with source IP restriction which restricts the access from a public network..

Event log modification from “info to critical” for SYS30948 and from “critical to major” for SYS30912.

Log ERR32037 “Server name contains unsupported/unsfe characters”, is seen even if the server name is valid and spelling unsafe is corrected in 9.1R12.

Web crashes (restart) due to a problem in JSAM/WSAM data path leading to user disconnection and reconnection.

Multiple Syslog entries are seen under in A/A clusters having more than 2 nodes.

PSA7000 shows improper interface speeds when VLAN is configured.

Multiple monitors, sound does not work when HTML5 is configured with NLA and no SSO set.

Static IP via Radius Attributes not working as expected.

Static IP allocation fails when there are IP pools which overlap with other IP pools.

Windows Terminal Services client disconnects the sessions intermittently.

Windows Terminal Services client disconnects when copying the files.

Importing certificates from system config fails when there is no password set during config export.

AP cluster fail-over VIP is taking more time for Cluster VIP reachable.

Azure Ivanti Connect Secure instance goes unresponsive intermittently.

Added an event log to monitor internal shard usage.

VIP status change notification event sent by passive node on reboot is treated as VIP status change notification from Active node, and users notice VPN reconnection.

Session extension using PDC through SAML authentication server does not work.

Changes to entity ID and SAML auth server instances are not recorded in the admin access log.

Windows Pulse Client 9.1r11 with Avaya One-X causes BSOD.

when User role is duplicated, VPN tunneling option is reset to default options and not updated.

Impexserver crash is observed when importing Ivanti Connect Secure is having a duplicate certificate.

Yearly graph shows incorrect data for active user sessions.

After upgrade to 9.1R11, IP Assignments through LDAP/Radius Attributes is failing but Static Pool works fine.

PSA7000f server restarts unexpectedly and user connection fails. Additional logs added to determine the Root Cause.

Enabling “SNMP Diagnostic Logging On” is not working.

Static IP allocation issue when multi session is enabled.

Citrix VDI not working in the first attempt, Second attempt starts working and CTS launches and connects.

Admin URLs are not accessible if administrator logs in with IPv6 address of Ivanti Connect Secure. (PRS-397227 - Fixed in R12 via this PRS-399292.)

Only ntpd Client service runs going further (Previously both server and client services were run).

Failed to upload configuration on the newly registered PSA device on pulse one.

Redirected URLS encoded not passing properly.

When creating an admin role, User roles in the Users delegation displays incorrect number of selected roles.

Bandwidth management policy does not work in the SSL Mode.

guacd process protection mechanism where each instance of guacd instance is monitored and killed if the instance takes 100% CPU till the grace time.

Healthcheck.cgi does not work from F5 load balancer.

Named User Record/Database do not show up on license client.

VLAN details are not removed from VLAN page after removing VLAN ID from management port.

Ivanti Connect Secure device does not send the SNMPv3 trap out from the device.

HTML5 bookmarks will not be accessible.

Expired certificates alarms for deleted certificates.

Web process failures due to DSEvntTimer observed on Ivanti Connect Secure.

Limitation on number of realms in sign in URL while connecting through PDC client.

Compliance report for hostchecker policies mapped against realm/role is generated for user that does not belongs to that realm/role.

License server low-level protocol error,Code=[6]: Could not resolve host name through external port.

XML export of Admin/User realms shows the directory-server attribute same as authentication-server even though there is None in the UI.

With Pre Host checker configured, if the Pulse credentials prompt times out, the session is extended instead of resumption.

Basic HTML5 : Users not able to use mouse emulation with guacamole RDP sessions on iOS13 iPad.

Extra fields appear under Role > Web Bookmark for new or existing bookmark prior to upgrade.

User record synchronisation feature may not occur as-expected across all configured devices.

User Record Sync clients disconnecting from green to grey status.

Host Checker Re-Triggers with error message 'ESAP upgrade is needed or Patch Management policy configured' in event logs.

SAML Single logout is failing.

Admin URLs are not accessible if administrator logs in with IPv6 address of Ivanti Connect Secure. (Fixed in R12 via PRS-399292.)

MSSP: watermark does not get reset, even if license client is not leasing licenses from the license server.

AAA: X-forward-for IP is not evaluated/used when using geoLocationCountry rules.

One cluster node stops accepting new VPN connections post getting deactivate/activated in cluster.

Number of MC groups has been increased to 40 & 36 on Linux and Windows respectively.

Upgrade fails when data partition does not have enough space to hold system configurations.

Users unable to join hosted pulse collaboration meeting session through IE 11 browser.

Upgrade failing for one node In A/P cluster.

User gets disconnected when cert restriction policy is configured and SAML authentication server is used. This has been fixed as part of this PRS.

Incorrect Source IP address used when sending packets to secondary radius server (When using “Traffic Decoupling” at “Auth Server Level”).

Pulse Collaboration: Customer gets an error while scheduling the meeting if the localization set to French.

SNMP alerts shows abnormal increase in device temperature.

Manual failover takes time to resume user tunnel connections. This is now improved.

Terminal Session stops working after upgrade to 9.1R8. Adding logs to improve debug ability.

Failed to send API requests from Ivanti Connect Secure(MDM) to Microsoft Intune for device authorization.

Openstack KVM deployment - after reboot only local subnet can connect, Ivanti Connect Secure ignoring other packets.

Fed-Wide session sync delay between Replicas results in user session getting removed from Imported sessions within few minutes.

Incorrect Interface Status sent by the Ivanti Connect Secure appliance while performing SNMP Walk after upgrade to 9.1R1.

Sometimes end-user is unable to access backend resources.

Release 9.1R11.5 PRs

Pulse Upgrade Helper tool upgrades Pulse Desktop Client once and terminates IE processes during the process.

State Storage full and Program cache-server failed.

Unable to see the details of package uploaded into Staging Area in Admin UI

Improper titles for lines on HTML5 dashboard graph and some titles missing in Concurrent users graph.

PSAL fails to launch Java Applets.

In versions 9.1R11.4 and below, if the 'HTTP only cookie' option is enabled for admin role, the super admin session will not work.

Program web recently failed on 9.1R11.3

Users are not prompted to enter credentials as well as MFA on successful connection to VPN.

The localization support is not available for new options on user created advanced HTML5 bookmarks.

Host header Validation is failing for Virtual hostnames.

PSA 5000 crashes with no access to UI or Console.

GARP frames are not being sent under Default VLAN configured on an interface - VIP IP is not accessible after manual failover in A/P cluster.

Release 9.1R11.4 PRs

Web crash due to empty session IDs.

Warm restart of services is observed on two node PSA7K AA cluster when run continuously for multiple days causing L3 and L4 connection drops.

Error code 1326 displays on Pulse Client when username/password is saved on Client and expired on AD server.

Custom expression failure messages is flooding User Access Logs.

Release 9.1R11.3 PRs

Code signing certificate fails globally when launching HC using browser. The certificate issue is addressed. For information refer KB44781.

Release 9.1R11 PRs

During Kernel Panic (System stalls with no access to Admin UI), Ivanti Connect Secure/Ivanti Policy Secure devices will automatically reboot by default.

Process snapshot gets generated for dsagentd/Web processes in 9.1R10. This issue can happen rarely when Client closes PSAM session with Ivanti Connect Secure server immediately just after closing TCP application connection.

Dsagentd crashes when Ivanti Connect Secure System load average goes high.

Rename all the places that contain WSAM keyword on the Admin UI to PSAM.

Kernel panic is observed sometimes and Ivanti Connect Secure restarts.

Host Check fails on macOS 11.1 when the policy is enforced.

For more information, refer KB44663.

Background image and recaptcha is not loading through rewriter.

Supporting corner cases for jquery usage in client side rewriter handling.

WTS: End users unable to enable MIC on the user interface.

When a user access basic html5 bookmark, guacd process may restart.

PDC: Virtual adapter stops intercepting IPv6 packets on Mac/Windows/Linux platforms using PDC 9.1R9 build in ESP mix mode.

When advanced HTML5 connections are accessed first time, user may see “Failed to connect to gateway” message.

Host Checker fails after upgrading ESAP version to 3.7.1 or 3.7.2 or 3.7.4 from any previous ESAP version on macOS endpoints (KB44643).

For advanced HTML5 sessions, REST API count displays invalid values.

Fixed rewriting for other elements of div tag caused due to Data-srcset support.

For unsuccessful HTML5 connection, VDS page displays the entry for advanced bookmarks.

User is not able to configure Azure as backup server in China region.

Login button is not enabled when accessing web rewriter through IE browser.

NTP will not synchronize time when default VLAN ID is configured on the interface.

Browser-based Host checker fails to get launched in 64 Bit Internet Explorer.

Kernel panic “nf_udp_esp6” may be observed on PSA7000F.

Rename all the places that contain WSAM keyword on the Admin UI to PSAM.

User column for SNMP traps does not show the username.

Pulse Component Set is selected to NONE does not update the “connstore” in spite of changing the connection set. A warning message is displayed to guide configuring the “Connection Set”.

Disabled DMI Inbound connections setting is not retained after reboot.

SNMP query for “sysObjectID” is returning PSA7000F for PSA7000C platform.

Pulse One fails to sync files Windows ACL policies on Target Ivanti Connect Secure from Master Ivanti Connect Secure.

Handling rewriting of Data URLs at server side code to avoid rewriter crashes.

Invalid Admin log shows as “Unable to synchronize time, either NTP server(s) are unreachable or provided symmetric key(s) are incorrect.“ even though NTP servers are reachable and clock is syncing.

Pulse One disconnected from Ivanti Connect Secure after Ivanti Connect Secure upgrade.

TOTP Authentication fails for all users.

Aligned the latest MaxMind DB pointer with local DB for Ueba package upgrade.

Spikes are observed at regular intervals in the concurrent SSL connections graph.

Release 9.1R10 PRs

For advanced HTML5 bookmarks, when the target machine is configured with hostname resource, may not be available at times.

Web process crashes.

For Advanced HTML5 sessions, error messages are not displayed.

License client reports the excess allowed usage while sending the usage to server.

This issue is fixed to limit the reported count to maximum lease limit.

“Error updating data for chart hc_failure_reason/auth_mechanism” log on Ivanti Connect Secure is not seen.

The Exception that was causing this error is fixed.

Administrator can set a guaranteed minimum users on a realm to allow an user from that realm to log into the Ivanti Connect Secure/Ivanti Policy Secure when the licensed concurrent user limit is reached.

From Release 9.1R10, guaranteed minimum users is applicable when no ICE license is installed or ICE license is installed and enabled.

When the current MSP license expires, and customers installs a new MSP license, VLS needs to re-register with PCLS. This was not happening previously, and this resulted in billing against older authcode.

In 9.1R10, we have fixed this issue, so that VLS re-registers with the next active MSP license. Hence, the license usage is reported against the new authcode.

Certificate authentication fails when the option 'Trusted for Client Authentication' is disabled in client CA certificate hierarchy.

Added a new user access log and an Admin UI note to alert the Ivanti Connect Secure administrator in such cases.

Analytics Device OS graph does not show Windows 10 OS information.

This issue is fixed in 9.1R10 onwards.

Unable to publish config when trusted client CA cert (using CRL) is deleted on Master appliance.

This issue is fixed in 9.1R10 onwards.

Predefined Host Checker policy can now be configured with a ignore category based on the vendor.

End-Points connected through slow internet now will not hit the incomplete ESAP package download scenario.

Access to advanced HTML5 custom URL is not successful without user logging into Ivanti Connect Secure server.

The user is now prompted to log into Ivanti Connect Secure followed by log in prompt to target machine.

Remote-program, Multi Monitor, Session recording options are not working for end-user created bookmark.

Advanced HTML5 graph is not implemented.

Release 9.1R9.1 PRs

Web process restarts when Client Application profiles are configured under
SAM --> Resource Profiles.

For advanced HTML5 sessions, web process restarts if the FQDN is not resolved.

For advanced HTML5 sessions, login may fail if the target machine username or password contain special characters.

Release 9.1R9 PRs

“Failed file system integrity check” warning appears on Admin UI when the file “integrity_check” is either not created or deleted. This is addressed in 9.1R9.

DHCP Set option is added for AWS (If no DNS server configured in DHCP option set, it will take the second IP address as primary DNS server from the internal port subnet).

Agent Type in active users page on Ivanti Connect Secure fails to show Windows OS version with 9.1R8 PDC builds.

XML export shows virtual Platform for physical license clients. This is addressed in 9.1R9 release.

Ivanti Connect Secure is not responding to ping with payload size larger than the MTU size.

Rewriter client side parser issue fixed for DanaGetURLUnencoded API.

Performance tuning is incorporated for FQDN ACL feature.

Pulse Client version does not display under "Active Users" tab for mobile devices. The issue is addressed in 9.1R9.

Pulse Collaboration stops working after Setup Client download fails, after upgrading it to Ivanti Connect Secure 9.1R8.

Dssecidcheck program fails. This is addressed in 9.1R9.

If a session is no longer present in the system when the IP lease period is active, then the IP address is released back to the DHCP server.

Host Checker: Compliance check fails when using Sophos Cloud Endpoint 2.8.6.

SNMP polling on ifHighSpeed does not return the correct speed of a network interface, if default VLAN is enabled for that interface. This is resolved in 9.1R9.

File Share: When a big file is uncompressed, Ivanti Connect Secure will ensure that all the chunks are read properly from 9.1R9.

On the "Virtual Port" view page, if admin clicks "Cancel" button without saving any changes, then Network service is restarted. This is addressed in 9.1R9.

From 9.1R9, if Ivanti Connect Secure VA is hosted by VMware, then NTP setting at "Date and Time" page will have an extra note which informs admin that the Virtual appliance should have only one source of Time Sync (VMware ESXi or NTP Server, NOT both).

Web Process crash due to timer Library corruption is addressed in 9.1R9.

Ivanti Connect Secure was unable to handle "Unknown" OCSP Response. This is addressed in 9.1R9.

Sometimes, TCP Dump does not start. This is addressed in 9.1R9.

Host Checker process tncs crash.

Logical volume support is removed from KVM instances.

Ivanti Connect Secure does not restrict user logins, even though dsagentd crossed 80% CPU utilization.

Custom start page takes about a minute to show up when connected from IE with split tunnel and VPN auto-launch enabled. This is addressed in 9.1R9.

The default password length has been increased and the same has been updated in the Azure ARM Template.

In spite of installing the Meeting license on a virtual appliance running A/A cluster, the effective count of concurrent meeting users remain zero. This is addressed in 9.1R9.

PSAL Linux is unable to connect to Ivanti Connect Secure. This is addressed in 9.1R9.

During domain controller reachability test under LDAP Auth Server, Ivanti Connect Secure does not close the LDAP TCP socket connection with domain controller. This is addressed in 9.1R9.

When SAML config has both SLS and SSO service types using same Location URL, Import XML fails causing SAML metadata publish to go into loop. This is addressed in 9.1R9.

Ivanti Connect Secure appliance now sends IPv6 Neighbor Advertisement with correct VLAN tag for user roles mapped with sourceIP as VLAN interface.

dsagentd process crashes when handling multicast traffic. This is addressed in 9.1R9.

Session extension fails when custom sign-in page is configured for the sign-in policy. This is addressed in 9.1R9.

When default VLAN is enabled, virtual port is not considered for the user role while calculating the source IP. So, default IP was assigned as source IP. This is addressed in 9.1R9.

Release 9.1R8.2 PRs

A tactical fix was provided as part of 9.1R8.1 (PRS-393243). However, Custom Rule Expression evaluation is now made more robust with thread safety in 9.1R8.2.

Ivanti Connect Secure can parse and store up to 32 IP addresses returned by DNS server.

Running TCP Dumps can get the Disk Full as there is no Log Rotation in place. This is addressed in 9.1R8.2.

Application level integrity check was missing on Ivanti Connect Secure for Fragmented EAP-TLS packets. This is addressed in 9.1R8.2.

Host Checker fails with Error "Host checker did not get installed properly. Your computer does not meet requirements". This is addressed in 9.1R8.2.

The desktop settings configured under terminal services bookmarks will not apply if the resource's Operating System is Windows 8 or later. This issue is seen in Pulse Client 9.1R8.1 or earlier. The issue is resolved after implementing new interfaces of the Microsoft MsTscAx component.

Modified WebRequest code to prevent null pointer (Hprewrite-server) crashes.

DHCP options disappear upon clicking “Refresh Now” button under Connection Profiles > Proxy Server Settings. This is addressed in 9.1R8.2.

Duplicate syslog (SYS31407) messages appear in event logs. This is addressed in 9.1R8.2.

Large Username XML Import now logs proper error message.

Upgrade failure due to white spaces in the configuration is fixed in 9.1R8.2.

Release 9.1R8.1 PRs

Time drift is observed when NTP is configured on Virtual Appliances. This can affect authentication, cluster sync, and cause licensing issues. This is addressed in 9.1R8.1 (KB44558).

Host Checker policy evaluation fails very intermittently for some time if policy rules need to be evaluated based on Custom Rule expression. This is addressed in 9.1R8.1.

dsagentd crashes occasionally in load condition during initial data channel establishment. This is addressed in 9.1R8.1.

The Overview/cockpit graphs representation will now show data similar to the Classic UI (It will omit the duration for which the data is not available).

Restriction of REST API commands via the internal port is now fixed.

SNMP polling was not returning false Ivanti Connect Secure Model Number and device type. This is addressed in 9.1R8.1.

Session Server failures due to cluster instability is fixed in 9.1R8.1.

Winbindd crash seen due to an exception is fixed in 9.1R8.1.

SSH/Netconf clients should now be able to connect Ivanti Connect Secure DMI Agent successfully.

Quick navigation link added to Enable/Disable FQDN ACL. And the following warning message is also added:

“Ensure that there is no DNS latency/delay in the network to avoid performance issues”.

When a license client surrenders a license, the expiry date of that surrendered license keeps changing in license server to keep the expiry date always as 10 days (default) ahead of current date. The change is reflected in “License Summary” page of license server admin UI. But the change is not always reflected correctly at the “Pool of available licenses” section under the “Configure Clients” tab as there is a sync-up issue. This is addressed in 9.1R8.1.

When Pulse Desktop client is used, Ivanti Connect Secure server does not provide session ID in User Access log after a successful login. Here “session ID” denotes the last 8 characters of actual session ID in server, and it is used to differentiate a session from other sessions for one user. From 9.1R8.1, Ivanti Connect Secure server will provide this ID for all types of Pulse clients after successful logins.

From 9.1R8.1, Ivanti Connect Secure end user name will appear as client name (instead of Localhost) in HTML5 RDP session.

From 9.1R8.1, a warning message will be sent only when the lease request fails or no leasable license is left with the number of users reaching towards maximum concurrent users limit.

Frequent warning message about “number of concurrent users is nearing system limit” creates confusion about actual issue with concurrent users limit. Form 9.1R8.1, a warning message will be sent only when lease request fails or no leasable license is left and number of users are reaching towards maximum concurrent users.

Global session configuration values (Users > User Roles > Default Options) are used when individual user role is not configured with session options.

Release 9.1R8 PRs

Additional logging to debug web crashes.

Active users were not able to sync to the newly added node on a 3 node Active/Active cluster. This is addressed in 9.1R8.

Hyper-V 9.1R8 upgrade from earlier versions is not supported.

User sessions are not synced across the nodes in an Active/Passive cluster. This is addressed in 9.1R8.

Invalid packet processing in kernel is addressed in 9.1R8.

Intermittent audio disconnect issue with HTML5 RDP session is addressed in 9.1R8.

tncs process crash with Host Checker caching enabled is addressed in 9.1R8.

Upgrading Azure images from 9.1R5 to any later releases returns with error message if the factory reset version is 9.1R5.

The dsunitysamlhandler process crash is addressed in 9.1R8.

In 9.1R4 to 9.1R7, when multi monitor option is selected under the Terminal Services session/bookmark page as well as under Terminal Services Options page, XML config data shows incorrect value. This is addressed in 9.1R8.

Kernel panic during upgrade on PSA5000-V running 9.1R3 on Hyper-V. This is addressed in 9.1R8.

Log rollover is implemented for postgresd so that it does not cause the Disk to get full.

SAML authentication is now successful when signing is enabled for SAML requests/responses using certificates.

As dshealthstatsunity process was getting exited due to exceeding process size, data was not being sent to Pulse One for that particular interval and thus calculated cumulative count at Pulse One was incorrect. This issue is addressed in 9.1R8.

Kernel logging options are added by default for better debuggability.

As process was getting exited due to exceeding process size, data was not being sent to Pulse One for that particular interval. This issue is addressed in 9.1R8.

For config elements with unicode characters and having length exceeding 4096 bytes, the config import fails on Pulse One client. This issue is addressed in 9.1R8.

Tunnels get dropped during connection resumption due to a server error. This is addressed in 9.1R8.

Inconsistent upgrade issues seen while upgrading Hyper-V images in clustering and single node.

The TCPDump filter expression can now contain characters from the set "<>|;()[]?#$^&*=\'`"" .

Kernel Panic hrtimer_interrupt issue is fixed.

Multiple VIP fail over was seen on Virtual A/P cluster due to the time drift between system clock and hardware clock. This is addressed in 9.1R7 (KB44457).

The dsagentd process crash during assignment of IP address from DHCP server is addressed in 9.1R8.

Cluster VIP is not getting migrated to other node when active node's internal interface is not reachable and external port is reachable.

XML import is failing if configuration file has syslog IPv6 settings.

TCPDump fails to capture packets when multiple interfaces are selected.

With current OPSWAT library code, the verification of update functionality was not working. OPSWAT has fixed the issue and provided a new library.

The top-roles section displayed on dashboard was not showing the roles name in Japanese and other languages. This issue is fixed for both Classic UI and New UI in 9.1R8.

Whenever a user tries to access the VDI resource, a wrong error code for timeout was written in the logfile. The user sees the message "Missing host name/IP, Invalid host name/IP: "

To address the issue:

1. Timeout error ID is passed to write in logfile.

2. A proper validation has been done for the wrong false alarm.

Bandwidth Management policy not getting enforced for VPN tunneling users is fixed in 9.1R8 - https://forums.ivanti.com/s/article/KB44402/?kA13Z000000L3Dc.

Ivanti Connect Secure was returning "Incorrect ICE action" error message when trying to execute api/v1license/ice REST API to fetch the current status of ICE. This is addressed in 9.1R8.

Existing HTML5 active sessions are not displayed under "Active Virtual Desktop Sessions" tab.

Platform page shows hypervisor information as KVM instead of Alibaba-Cloud-KVM or OpenStack-KVM.

Release 9.1R7 PRs

Application access using Citrix Terminal Services through IE browser fails in 9.1R5-9.1R6 Ivanti Connect Secure versions. This is addressed in 9.1R7.

Host Checker support for OS version check is added for iOS versions 13.4 and 13.4.1.

Ivanti Connect Secure syslog forwarder does not work if connection to syslog server fails during startup of the syslog forwarder process. This is addressed in 9.1R7.

Enterprise user onboarding fails in Mac OS Catalina as the filename extension was not populated as '.mobileconfig'. This extension is added in 9.1R7.

Noticeable slowness was seen in several applications including Citrix HTML5 video rendering in 9.1R3-9.1R6 Ivanti Connect Secure versions. This is addressed in 9.1R7.

SNMP functionality was not working after cache sync. This is addressed in 9.1R7.

User access log now shows real-time active HTML5 sessions count.

In Ivanti Connect Secure A/P cluster split and joined scenario, lease license IDs are validated to reset the stale ID and license client will be able to lease licenses successfully.

Cloud Platforms: Improved SNAT performance by tuning kernel module parameters based on the memory available in the device.

With Ivanti Connect Secure 9.0R2-9.1R6 and Pulse 9.0R2-9.1R3, the client continues to send the CAV traffic to Ivanti Connect Secure every 300 seconds even when Cloud Secure license is not installed. From Ivanti Connect Secure 9.1R7 onwards, the PDC client (Pulse 9.0R2-9.1R3) will contact the Ivanti Connect Secure server only once per user session - KB44410.

From Ivanti Connect Secure 9.1R7, the "Synchronization of last access time in user sessions" option in A/A Cluster mode will be auto-enabled and grayed out when the "Synchronize user sessions" option is enabled (otherwise, it can affect session migration). Existing cluster configuration is not modified during upgrade, so we recommend admins to enable this option for existing configurations as well.

If epupdate_hist.xml is hosted internally with no authentication and if "Use Proxy Server" (With/without auth) is enabled with FQDN or IP Address, the first 3 characters are ignored thus causing it to fail. For example, proxy.domain.net is taken as xy.domain.net. This issue is now fixed for both Ivanti Connect Secure and Ivanti Policy Secure.

Client's original Source IP was not logged if Load Balancer is used. Client's Source IP is now retrieved from 'X-Forwarded-For' header and logged in user access logs.

Release 9.1R6 PRs

Java Script is displayed after the user scans the QR code only during the TOTP user registration.

Hostname resolution for an FQDN with up to 255 characters was not supported through the L3 tunnel in Ivanti Connect Secure 9.1R5.

Admin cannot download reports in PDF format for Ivanti Connect Secure.

HTML5 connections cause memory leak in Guacamole server and result in high memory usage and swap memory usage

CPU Allocation issue on PSA-7000 (all flavors/varieties) appliances in case of Single-Arm mode VA deployments is now resolved on PSA-7000 HW and ESXi (VMWare) solutions.

Refer KB44446 for more details.

Process snapshot for "dsserver-tasks" is generated while deleting meeting objects for corresponding users.

Some of the examples listed under "Split Tunneling Networks" policies are not supported.

External backend resource access using HTTP GET request with username in the URL for the file login.cgi fails through Rewriter.

Web server crashes and results in User disconnections due to webSocket upgrade related messages during Auth Only URL access.

User Accounts under TOTP Auth server Users section cannot be exported.

Delayed or no response from Ivanti Connect Secure for SNMP queries under load condition.

The corruption of blob during the epupdate results in Host Checker scan failure for users until the next successful epupdate.

Web process snapshot is generated while sending POST request by REST API with an empty body.

Garbled text in Citrix VDI profiles page when accessed using bookmark with the Japanese language.

The dsagentd process (client server process) crashes and frequently disconnects in 9.1R4 when there are more than 1024 tunnels including MobIKE IKEv2 tunnels.

After upgrading Ivanti Connect Secure/Ivanti Policy Secure to 9.1R3-9.1R5, slow Host Checker response is observed due to a very frequent re-evaluation of Cybereason Active Probe product.

Garbled text in file share page when accessed using bookmark with the Japanese language.

During system downtime activities such as an upgrade, Event IDs such as 20412/20413 are missing in the Syslog server.

Release 9.1R5 PRs

9.1R4.3 Radius crashing, unable to authenticate Pulse.

Intermittently, the system throughput falls drastically and user connections fail.

“500 Internal Error” is displayed when opening Authentication related pages.

Intuitive Customer friendly ways and relevant logs to avoid customers configuring single core.

Idle timeout session is not working, OWA 2016 keepalives not ignored through web-rewrite.

License Surrendering not happening due to the heartbeat not sent.

Host Checker :: OS Checks :: MAC :: Add support to configure Minimum Service Pack/Version for MAC Catalina(10.15).

PSA7000 at 30% total CPU due to two guacd processes at 100% CPU, planning pandemic and wanted to know root cause.

One node in Cluster is surrendering the licenses to the License server. However, the increment of the surrendered time is not happening.

PSA5000 : 9.1R4 : A/P Cluster : REST API calls are failing intermittently when they are executed in a loop continuously.

Text corrected under Log/Monitoring > Admin Access > Settings.

Ivanti Connect Secure 9.1R4 incorrectly reporting duplicate machine ID.

Unable to upload config to Pulse One: Configuration changed while preparing configuration to upload.

After upgrade VA-DTE & PSA-V to 9.1R4, nfqueue unable to create IPTables when VM is configured with 1 CPU core only.

FileShare:: Customer unable to download direct file from FileShare on 9.1R4 Ivanti Connect Secure version.

Rewrite: Web page of the maps web applications fails to load via rewrite.

Registered Ivanti Connect Secure Appliance failing with Pulse one communication after importing user config and shows registration expired error message.

"Sign Out message" does not properly display unicode text (Japanese, Korean, Chinese, etc.) with Sign-In Pages via browser.

Unable to authenticate user using certificate. Reason: Wrong Certificate::unsupported name constraint type.

System: Built-in Trusted Server CAs cannot be removed if they have subCAs.

PSAM sending unintended traffic via tunnel to VPN in 9.1R3.

User Sessions get disconnected after upgrading to 9.1R3HF1.

Program dsdashsummary failing continuously on Ivanti Connect Secure running on 9.0R4.1.

Sharepoint 2019 is not loading properly through web-rewrite.

VDI Bookmark would not establish connection to the VDI resource without host entry on the client machine.

XML Import of trusted server CAs generates a spurious admin log message for each unchanged CA.

System: Device does not boot up when upgrading from 8.3R7.1 to 9.0R5 with option DELETES all system and user configuration data before installing the service package is selected.

System : Licensing : "License server low-level protocol error, server=, Code = [6] :Could not resolve host name" populated in event logs of license server.

After upgrading to iOS 13, HTML5 Access users seems to have broken the on-screen mouse pointer.

AAA::Issues with host checker when user logs in to a different realm with TOTP auth server enabled.

Pulse One 2.0.1902: Certificate > Trusted Server CA changes not being distributed (deleted expired CA).

VIP became unreachable from enforcer when upgrading from 5.4R7 to 9.1R2.

Rewrite: Dynamic365 menu tabs do not render when on 9.1R1.

User access log indicates Login failed using auth server LDAP Server (Failed::unable to verify the first certificate) for wrong password.

"Program fqdnacl recently failed" event failure on Ivanti Connect Secure 9.0R4.

Reboot failed on PSA7000f.

Gliffy Plugin in Confluence does not work via Web Rewrite.

IPV4 Settings change in External or Internal port keeping Default VLAN ID same does not reflect under VLAN tab..

SNMP: ifAdEntAddr mapped to wrong ifAdEntIndex values.

License report did not show proper values for older dates (Dec month) after upgrading to 9.1R4 image.

Release 9.1R4.3 PRs

“500 Internal Error” is displayed when opening Authentication related pages.

Release 9.1R4.2 PRs

User Access log indicates “Login failed using Auth. server LDAP server (Failed: unable to verify the first certificate)” for wrong password.

Registered Ivanti Connect Secure Appliance fails with Pulse One communication after importing user config and shows “Registration Expired” error message.

Release 9.1R4.1 PRs

PDC throws Authentication rejected by server [Error : 1319] when using global Ivanti Connect Secure url.

PSAM sending unintended traffic via tunnel to VPN in 9.1R3.

Release 9.1R4 PRs

SNMP: ifAdEntAddr mapped to wrong ifAdEntIndex values.

Device locked up and dropped all connections due to Web process consuming CPU.

VLS does not throw any error if there is no response for Heartbeats sent to PCLS.

EasyPrint feature using the Premier Java RDP Applet not working.

Program dsagentd failed.

Ivanti Connect Secure not sending any Syslog traffic to configured Syslog servers.

Active Sync stopped working after upgrading the device to 9.0R4.

Dismiss until next upgrade option is not working for banner related to perpetual licensing.

During peak hours when multiple users try to do browser-based login on PSA5K, a few users might not be able to connect in the very first attempt.

Cluster communication and state storage problems on A/A cluster.

Program dsagentd recently failed after upgrading Ivanti Connect Secure from 9.0R3.2 to 9.0R4.

Ivanti Connect Secure-VA sending critical SNMP alerts while leasing license.

DFS: process snapshot generated by snmptrap process.

Program dsagentd recently failed while running Mixed [V4 and V6] 60K VPN Tunneling ACL's throughput test on PSA5k for secure cache build-3164.

Sometimes logs are not shown under Log/Monitoring page.

Multiple users getting disconnected from Pulse Client.

Sharing Feature is not working in macOS Catalina.

Sometimes empty logs are seen under "Log/Monitoring".

9.0R4 and 9.0R5 SPE (PSA-V) do not show the User Record Sync column in Admin UI > Auth Server page.

Host Checker checking for virus definition file based on Number of updates fails for Sophos Endpoint Security and Control 10.8.4.

After Upgrade from 8.3R7.1 to 9.1R1, error encountered while upgrading cache (in Host Checker).

[FQDN ACL / NFQUEUE] Request DEV help in determining why thousand of VPN Tunnels dropped traffic within.

Facing slowness when accessing web application through Authorization-only access post upgrading to Ivanti Connect Secure OS 9.0R5.

Group Names in the role mapping rule will get added with &, # and; special character if more than 5 groups are selected with AD as the auth server.

The cookie setting should be included in the resource profile.

UI: Description incorrect on default deny in 9.1R3 initial deployment.

Button to dismiss the banner on Ivanti Policy Secure/Ivanti Connect Secure Dashboard for not accepting Perpetual license is not working.

Need to replace VA-SPE|PSA-V in "Only EVAL licenses are allowed for manual installation in VA-SPE|PSA-V".

Proper logging for NFQUEUE full and drops needed, also consider this situation for cluster A/P failover or add to healthcheck.

Unable to ping the IPv6 VLAN-Gateway from the Ivanti Connect Secure device after changing the Gateway address.

User dropped from the VPN tunnel connection ##g_dhcp_proxy_wbuf is maxed!.

Unknown RAID status in PSA7000f due to no space left on device.

Active node went unresponsive in A/P cluster and generated multiple Watchdog snapshots.

“Invalid EKU text” error found while configuring "E-mail protection" under EKU text.

Host checker: After upgrading to 9.1R3, HC "Successfully loaded" message is garbled when it is initiated in browser with Japanese language.

healthcheck.api showing incorrect MAXIMUM-LICENSED-USER-COUNT in AA cluster.

Web Rewrite: Images not loading on the web page for a web resource configured via rewrite.

Access via SSH port forwarding fails.

Home page of eTime (Timesheet) Web application is not rendering properly via Rewrite in all web browsers.

Add iOS check for 13.2, 13.2.1, 13.2.2.

Adding default policy for Citrix resources.

VLS should use only MSP Authcode for registering with PCLS.

Add iOS Check for 13.2.3.

Users cannot see full display of shared screen, if the size of text, app and other items in the "Scale & layout" in Display settings is set to 150% (Recommended) on the client's machine.

Unable to restore Local User Accounts Backup on Ivanti Connect Secure 9.0R5.

DanaLoc appears to be missing when using IE11.

Web Rewrite: Drop-down menu, Refresh button, Change Password option and Login button not working on the login page.

Release 9.1R3 PRs

System| Temperature status value on SNMP server displaying wrong value.

Citrix sessions drop regularly causing various issues. These issues are observed in Ivanti Connect Secure 9.0 with Citrix port 2598 via JSAM. This issue is not found in 8.2R8.

Users unable to login as well as dropping users - LMDB full.

Realm level certificate restriction skipped with SAML Auth.

Host checker is failing for Host Checker (OS-Check only) for Chrome OS 71.0.3578.127 with Ivanti Connect Secure 9.0R1 firmware version.

Dropdown option misses internal menu while accessing via web rewrite.

VDI Session are not showing under Virtual Desktop Sessions.

UNC path is not handled properly by HOB Applet.

Ivanti Connect Secure deployed on the AWS Cloud showing speed 10 Mbps.

Last core dumps being generated at customer after 9.0R2.1HF6 with fixes.

Syslog missing event logging info when upgrading.

PSA7000f RAID failed after upgrading.

Login page is not rendering properly for a web resource configured through rewrite.

Ivanti Connect Secure using DUO as secondary authentication fails the first authentication attempt after installation.

CORE.fqdnacl crashes continues to occur even after 9.0R2.1HF6 (with fix).

None of the contents in the Azure web portal are loading through rewrite.

Unable to load a sign-in page getting stuck in loading the web page while accessing a web resource configured through the rewrite.

Ivanti Connect Secure evaluation of the custom expression "time.dayOfYear" is not working as expected.

Factory-reset does not work in 9.1R1 instead it boot up Ivanti Connect Secure with current image.

Logon page of SAP fiori portal displayed as blank in IE11 only via rewrite.

Mails are not getting synced in Native Email Client in iOS when using SA as ActiveSync Proxy due to stale records present and crash is happening in aseproxy-server service.

When extending Pulse Client sessions, it causes network drop.

JSAM stuck on loading forever on IE - Java.

HOB stuck on loading forever on IE - Java.

Azure 9.0R3.1 - postgresd service restarts constantly after deployment.

Host checker fails to detect FireEye Endpoint Agent 29.7.0.

Running Add command when the Disk is missing will cause a minor error message which requires a reboot.

Dns_cache process snapshots persist after upgrading to 9.0R4HF6.

Unable to view PDF files in the myDocuments application.

File Share accessing issue in 9.0R4.

HTML-5 -RDP requires additional authentication.

After upgrading to 9.1R1, host checker word is garbled when it is initiated in browser with Japanese language.

PSA7000f reports HDDs missing and inactive after upgrade to 9.1R1.

After upgrading to 9.1R1, the name of the user role displayed in submenu is broken if the language is in Korean.

When accessing the resources via bookmark, contents are not displayed correctly.

Failed filesystem integrity check message seen on PSA5K console after upgrading from 9.1R1 to 9.1R2-2119.

Periodic Snapshot settings via REST fails with error "Modification of Attribute not Allowed".

When the admin clicks on 'Agent', they receive an error "the page you requested could not be found".

Pulse One 2.0.1901: With Ivanti Connect Secure 9.0R5 (EA) having failure in target importing SAML using Artifact - empty "Source Artifact Resolution Service URL".

Chat option not working on the Medical application.

Syslog - If an appliance is rebooted, it cannot successfully reconnect to a P1 syslog server.

Critical Events do not get displayed in System > Overview Page.

REST API calls failing for RDWeb Profiles in Ivanti Connect Secure.

When syslog server's FQDN resolves to two IP addresses, one of which is reachable, Ivanti Connect Secure/Ivanti Policy Secure may fail to connect.

Delay during session failover of Ivanti Connect Secure in Active/Active cluster in AWS.

Japanese words are garbled when we click on the File share bookmark.

DMI get-config of RDWeb resource profile returns badly formed XML.

Release 9.1R2 PRs

FQDNST denied IP is going via tunnel.

Clear config on PSA 300 fails with unable to mount /webserver partition.

Post failover, session resumption delayed with Pulse Client.

Clear config on PSA 300 fails with unable to mount /webserver partition.

Radius OTP as Secondary authentication fails for the Pulse Client.

HOB failed to launch through Java in IE.

JSAM launch failing for IE -JAVA.

Factory reset from VMware VA console does not load the factory reset version and loads the current version.

VMWare View 5.1 client does not connect after upgrade.

Premier Java Applet for Terminal Service failed to download .jar file.

Publishing for certain block types causes many log messages and other side effects.

Release 9.1R1 PRs

Remove legacy mode from Active Directory auth. server.

JSAM Stats value (Bytes count) is not getting displayed in IE - Activex.

DNS resolution not working for alternate VPN connections.

The definition update is not listed for Sentinelone product in "epupdate_hist.xml" file.

Unable to add the resource <userAttr.Framed-Route> in IPV4 address under Split tunneling policy for Ivanti Connect Secure version 9.0Rx.

Rewrite: PSAL launching Citrix app multiple times in an infinite loop on all the browsers.

Contents of a web response are not getting compressed as content encoding header is missing in the response from Ivanti Connect Secure.

Host Checker IMC detects the Antivirus Change in the client PC and report it to IMV even when Perform Check every min is set to 0.

Split tunneling FQDN policy with special character, fails to save.

Unable to edit word documents hosted on SharePoint 2013 via PTP using MS Edge.

Resource access dropped (RDP, SSH etc.) intermittently on SAW environment.

Core Access: E-mail web page getting stuck on "login processing".

Core Access:Web page shows horizontal scrollbars at the bottom of screen.

DanaLoc fails in case of old window object reference from a new window object.

PSAM:Pulse SAM takes at least 40 seconds to open custom start up page in UI Options compared to WSAM.

AAA/Security/Pulse: SAML AuthnRequest leaks data across users with "Reuse NC/Pulse session" enabled.

User getting same IP address assigned from IP pool in few hours.

Pulse browser Toolbar is flickering when accessing OWA 2016 resource on iOS device through webrewrite.

PSA 7000f Frequently reports one of the power supplies is back up.

Unable to save Citrix listed application using Hostname with port number.

HC: Compliance fails using Pulse Desktop client 9.0.2 build 1151.

Users with username in UPN format in System Local Authserver are unable to log in using TOTP after upgrading to 9.0R3.

Killed user session admin log "ADM23534" does not display admin user but the actual user being terminated.

Ivanti Connect Secure device is unable to get the enrolled mobile device attribute from MDM server.

Setting the hash property of location object causes problem in IE, Edge and Firefox browsers because the URL is appended with fragment identifier. In chrome and Safari browsers things work fine.

Post upgrade to Ivanti Connect Secure 9.0R3, "License server low-level protocol error Code = [47]" error is triggered on license client.

Page does not load via IE browser.

"Auto populate domain information" behavior when unchecked: blank first then if wrong password, auto populates domain.

HTML5 RDP logging do not show realm and shows ().

Add iOS Check 12.1.1.

Menu is not loading when accessing the application through web-rewrite.

Ivanti Connect Secure 9.0 VA-DTE :: Nodes in cluster gets disabled automatically.

Multicast Traffic not working intermittently in the VPN Tunnel in 8.3R6 / 5.3R6 version and after restarting services, works fine for all users.

Wrong information in the log messages for Authorization Only Access when source ip restriction is configured on role.

Add support for adding parameters “client-name’ for HTML5 Access.

LDAP authorization does not work when using ikev2 tunnel (handle 10K tunnels+few hundred ikev2 clients).

Read-only admin sessions see an option as disabled that is actually enabled on user roles.

Page displayed while PSAL downloads to a Mac client shows instruction for Mac; but then references Windows System Tray.

Logs are not fully displayed if select the date as filter.

File browsing SSO is not working with user details are given in variable form as well when configured to use system credentials.

When a configuration object is renamed, not all of the resulting configuration changes are uploaded to Pulse One.

Web process crashes and logs "ERR31093: Program web recently failed." in the event logs.

Core Access: Unable to import or download the image using PTP.

DMI agent not responding to netconf commands as expected.

System| Active/Passive cluster responding to ICMP request even after shutdown.

Randomly users are not able to access IPv6 resources through VPN device via VPN tunneling.

PSA7000f interface status in Network Settings not working.

System| Temperature status value on SNMP server displaying wrong value.

Citrix sessions drop regularly causing various issues. These issues are observed in Ivanti Connect Secure 9.0 with Citrix port 2598 via JSAM. This issue is not found in 8.2R8.