Jump to content
Welcome to our new Citrix community!
  • 1

WorkSpace App & iOS Issues with DUO


NICKY CRANCHER

Question

Last week Citrix released Citrix Workspace App which replaced Citrix Receiver.  Our clients have started experiencing issues launching applications since the upgrade which was working fine on Receiver. Creating a new account and signing into first time works fine, however, once the user logs off and attempts to sign in again receives an Error message: CAMAuthManErrorNoSuitableLogon-Protocol. DUO is a third party 2 factor authentication service that sends a push notification to the mobile device.

WorkSpace App Version: iOS 18.8.0.9 (1808)

 

Why is this happening:

One the first attempt the WorkSpace App prompts for the Username & password and the user can see and launch applications seamlessly without issue. However after the user logs out, quits the application and opens it again, the icons are still present but the user is prompted with Username & Passcode. Entering a password in this field still pushes a DUO request to the mobile device but the displays the error message.

 

Troubleshooting: I’ve checked and adjusted the session policies on the Netscaler, removed the iPAD_iOS session policy leaving just Citrix Web & Citrix Receiver session policies as well as adjusted priority but this made no difference. I have collected logs and traces and raised a Citrix case for further review. I will provide an update on a resolution when I have one.

The issue doesn’t appear on Android devices.

Workaround: Users are being asked to browse to the Citrix site via a browser Safari which will launch in the WorkSpace App.

IMG_9301.PNG

Link to comment

10 answers to this question

Recommended Posts

  • 1

Yes, I spoke with Citrix, and they advised me to disregard the option within the CTX article that says to disable 'Require token consistency'. So I tested with both the 'Domain' and 'Require Token Consistency' options enabled and had no issues after testing. It has since been put into Production and I have had no issues.

 

I wanted to follow up with Citrix to get clarification as to why it was necessary to disable 'Require token Consistency' when using the 'Domain' option, but I never had a chance to call.

 

 

 

 

 

  • Like 2
Link to comment
  • 0
3 minutes ago, NICKY CRANCHER said:

Citrix called to confirm this is a known issue with the WorkSpace App and working on a fix, but there is no date for release as of yet. I'm monitoring new releases as they come out. I'll keep this discussion updated when I find a fix.

Thanks, I will look forward to your reply. 

Link to comment
  • 0

Update. Enabling 'Domain' within the Netscaler Gateway and disabling 'Require token consistency' resolves the issue we were seeing. Which is, when using RSA Push Authentication, we can only login from a iOS device one time. Subsequent login attempts fail with the error 'CAMAuthManErrorNoSuitableLogon-Protocol. However, this configuration breaks Smart Access, which is needed. I have a ticket open with Citrix regarding this.

 

Link to comment
  • 0
On 8/21/2019 at 6:41 PM, Frank Mazzucco said:

Update. Enabling 'Domain' within the Netscaler Gateway and disabling 'Require token consistency' resolves the issue we were seeing. Which is, when using RSA Push Authentication, we can only login from a iOS device one time. Subsequent login attempts fail with the error 'CAMAuthManErrorNoSuitableLogon-Protocol. However, this configuration breaks Smart Access, which is needed. I have a ticket open with Citrix regarding this.

 

Hi Frank, I have the same problem. Have you managed to solve it? thanks

Link to comment
  • 0
On 11/5/2019 at 3:09 PM, Frank Mazzucco said:

Yes, I spoke with Citrix, and they advised me to disregard the option within the CTX article that says to disable 'Require token consistency'. So I tested with both the 'Domain' and 'Require Token Consistency' options enabled and had no issues after testing. It has since been put into Production and I have had no issues.

 

I wanted to follow up with Citrix to get clarification as to why it was necessary to disable 'Require token Consistency' when using the 'Domain' option, but I never had a chance to call.

 

 

 

 

 

What steps/article did you use to get this working ? 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...