Jump to content
Welcome to our new Citrix community!
  • 0

Push Notifications for Secure Mail with iOS 14 not working


Marc Kuhn

Question

Hi guys

we have a Citrix XenMobile with 10.12.0 Rolling Patch 4 and Exchange 2019 both On-Prem running. We discovered that the users with iOS 14.0.1 don't receive any push notifications anymore. Users with older firmwares like 12.1 are working fine.

 

Does anybody having the same issue?

 

Best regards,

Marc

Link to comment

15 answers to this question

Recommended Posts

  • 0

Hi @Marc Kuhn

Thank for reaching out. Could please share Securemail logs to xenmobile2@citrix.com with subject line " IOS 14.0.1 PUSH NOTIFICATIONS ISSUE"  ? Steps to collect Securemail logs are mentioned here https://tinyurl.com/yxhpdobe.  This will help in analyzing and root causing the problem.

Few Queries :

1. Is this issue seen only on iOS 14 devices or are all the devices impacted?
2. I believe this was working earlier. When did you notice this issue ?


In the meantime could please make sure the following are set correctly on Citrix Xen Mobile and Exchange 2019. 

1. Please ensure push notification is "On" and push notifications region is set to the desired region.

image.thumb.png.b9e77c441a38fed85f04793aa06d595b.png

2. Make sure TLS 1.2 is enabled for Client on the Exchange 2019 .

image.thumb.png.ca3d00080dbb61fa29cd5a972c05d524.png

To enable TLS1.2 on the Exchange 2019 please follow the steps mentioned at https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and/ba-p/607761

Regards,
Sherin

  • Like 1
Link to comment
  • 0

Hi all

 

we have also still that issue. In the meantime i received that message from Citrix:

 

------

As first mentioned in CTX276610, Apple has announced and recently extended the end of availability for the Apple Push Notification service legacy binary protocol to March 31, 2021. Apple has asked all customers to begin using the HTTP/2-based API in replacement for the legacy APNs protocol.

 

To fully support this update, on-premises customers must be on one of the following supported versions of Citrix Endpoint Management.

10.11 RP5 and above

10.12 RP2 and above

10.13 and above

On-premises customers on versions 10.11 RP5 and 10.12 RP2 and above are also required to add the following custom server property "apple.apns.http2" and modify its value to "True" to support the latest HTTP/2-based APNs provider API. The custom server property will be automatically set for customers using 10.13.

 

Along with both these changes, Apple requires customers to make several modifications to their current connectivity outbound to *.push.apple.com. See https://support.apple.com/en-us/HT203609 for more details.

 

Citrix Endpoint Management cloud customers, no action is required.

Frequently Asked Questions:

What is Citrix announcing with this email?

As a reminder to CTX276610, Apple has announced the end of availability for the Apple Push Notification service legacy binary protocol. On-premises customers should upgrade to the latest on-premises rolling patch or the latest on-premises version of Citrix Endpoint Management.

 

Citrix Endpoint Management cloud customers, no action is required. All Citrix Cloud customers have been migrated to the new HTTP/2-based API APNs service.

 

Are the legacy ports to Apple's APNs legacy binary protocol no longer required after the update?

We recommend leaving ports 2195/2196 outbound for *.push.apple.com to the 17.0.0.0/8 subnet block opened until adequate testing of the new HTTP/2-based APNs provider APIs is tested. Testing should be conducted by an administrator, ensuring all Apple devices are working as configured before the change and connectivity to the service have been established. See https://support.apple.com/en-us/HT203609 for more details on Apple's new connectivity requirements.

 

Will making the change from the APNs legacy binary protocol to the new HTTP/2-based APNs provider API affect my end-users?

No. The change is seamless to end-users.

 

What happens if I do not upgrade my current version of Citrix Endpoint Management on-premises to support the new HTTP/2-based APNs provider API?

Apple devices will no longer have the ability to communicate with the APNs service resulting in instability of your current Apple device deployment.

 

Thank you,

Citrix Endpoint Management team

-------

 

I tried that and configured this new property and restarted the server, but we still have that issue. By the way, on the Exchange Server we have the following configured:

 

image.thumb.png.ee0e7541423f169dfb6859e78a4ae376.png

 

I also updated my iPhone to 14.1, but the issue is still the same.

 

Best regards,
Marc

Link to comment
  • 0

Hi all

i hast just updated our XenMobile to 10.13.0.11 and restarted the server. As well i made sure that the port tcp/443 to Apple is open, following this article:

 

https://danielweppeler.de/index.php/2020/10/29/enable-apple-apns-http-2-for-citrix-xenmobile-server-xms-lower-than-10-13/

 

My tests are still not positiv, the push notifications are still not working. Didn't receive any feedback till now from Citrix Support.

 

Best regards,
Marc

 

Link to comment
  • 0

Hi @Marc Kuhn

We analyzed the Securemail logs you sent, along with Splunk logs in Listener Service. The following error is seen in Securemail logs:
error.domain=HttptStatusErrorDomain,error.code=500,error.userInfo={ NSLocalizedDescription = Http status 500"; }"
Post this we see device not found. 

In the splunk logs we see entry getting removed in the database  frequently. To investigate further could you please send the following in a Sharefile Link with Subject Line " iOS 14.0.1 Exchange/Wireshark Trace" to xenmobile2@citrix.com. 

1. Securemail logs from the device where push notification is already working.
2. Exchange Server logs
3. Wireshark Trace from the Exchange

Regards,
Sherin

Link to comment
  • 0

Hi guys

 

Sherin was able to help me with that issue. Is anyone still having an environment which isn't working? We could probably compare our settings then.

 

Just let me know. I had to open some additional firewall Ports from the Exchange and Netscaler.

 

Best regards,

Marc

Link to comment
  • 0

Hi Sherin

 

i have another new deployment, where i'm struggling with Push Notifications. I configured the following:

- Activated Push Notifications in Secure Mail App Settings

- Configured Firewall Port to Apple with tcp/443

- Configured Firewall Ports from Exchange & Netscaler to Citrix Push Notification Servers

- Installed 10.13

 

Everything is looking like the with the other server, except i receive also this error, when i try to browse the MDM Website:

 

image.thumb.png.854bdb0a332b7638160525b1200fb011.png

 

I'm not sure if that is causing this issue, but except of the Push Notifications i don't see anything which is not working.

 

Do you know, what could cause that issue?

 

Many thanks for your help.

 

Best regards,

Marc

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...