Jamf Nation Community

@bentoms Do you mean the PKG that came from Citrix or the PKG from the picture above?

@mpermann

For some reason, when I try to deploy this, it doesn't work. I always have to compose it out.

huh..

--TJ

Erm. The original PKG, I meant.

No need to repackage.

Good to know. Thanks guys.

--TJ

I am able to deploy the package as is but on in place upgrades I do kill all the citrix services first. This seems to work well.

sudo killall -kill "Citrix Receiver"
sudo killall -kill "ReceiverHelper"
sudo killall -kill "Citrix Receiver Helper"
sudo killall -kill "Citrix Receiver Authentication"
sudo killall -kill "Citrix Receiver Helper"

You may want to look at the post install in the citrix package. Its, ahem, interesting.

Also 12.1 introduces new security settings specifically around checking certs via CRL and OCSP
If you use an authenticated proxy, this will fail

SSLCertificateRevocationCheckPolicy. This feature improves the cryptographic authentication of the Citrix server and improves the overall security of the SSL/TLS connections between a client and a server. This setting governs how a given trusted root certificate authority is treated during an attempt to open a remote session through SSL when using the client for OS X. When you enable this setting, the client checks whether or not the server’s certificate is revoked. There are several levels of certificate revocation list checking. For example, the client can be configured to check only its local certificate list, or to check the local and network certificate lists. In addition, certificate checking can be configured to allow users to log on only if all Certificate Revocation lists are verified. Certificate Revocation List (CRL) checking is an advanced feature supported by some certificate issuers. It allows an administrator to revoke security certificates (invalidated before their expiry date) in the case of cryptographic compromise of the certificate private key, or simply an unexpected change in DNS name. Applicable values for this setting include: NoCheck. No Certificate Revocation List check is performed. CheckWithNoNetworkAccess. Certificate revocation list check is performed. Only local certificate revocation list stores are used. All distribution points are ignored. Finding a Certificate Revocation List is not critical for verification of the server certificate presented by the target SSL Relay/Secure Gateway server. FullAccessCheck. Certificate Revocation List check is performed. Local Certificate Revocation List stores and all distribution points are used. Finding a Certificate Revocation List is not critical for verification of the server certificate presented by the target SSL Relay/Secure Gateway server. FullAccessCheckAndCRLRequired. Certificate Revocation List check is performed, excluding the root CA. Local Certificate Revocation List stores and all distribution points are used. Finding all required Certificate Revocation Lists is critical for verification. FullAccessCheckAndCRLRequiredAll. Certificate Revocation List check is performed, including the root CA. Local Certificate Revocation List stores and all distribution points are used. Finding all required Certificate Revocation Lists is critical for verification. Note If you don’t set SSLCertificateRevocationCheckPolicy, FullAccessCheck is used as the default value.

more info here: https://docs.citrix.com/en-us/receiver/mac/12/mac-secure-wrapper.html#par_anchortitle_9

can be disabled with

defaults write com.citrix.receiver.nomas SSLCertificateRevocationCheckPolicy NoCheck

You can deploy a profile to do that as well

Strange issue here...

When I put the policy to Self Service and install, then original PKG downloaded from Citrix works:

Downloading Install Citrix Receiver.pkg...
Downloading http://.../CasperShare/Packages/Install%20Citrix%20Receiver.pkg...
Installing Install Citrix Receiver.pkg...
Successfully installed Install Citrix Receiver.pkg.
Inventory will be updated when all queued actions in Self Service are complete.

But when I am trying to push the installation then policy shows "Failed" status:

Downloading Install Citrix Receiver.pkg...
Downloading http://.../CasperShare/Packages/Install%20Citrix%20Receiver.pkg...
Installing Install Citrix Receiver.pkg...
Installation failed. The installer reported: installer: Package name is Citrix Receiver
installer: Upgrading at base path /
installer: The upgrade failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)

I tried to do "sudo killall -kill", but it does not help

I get that same "failure" as well, but I verify that everything really was installed and is fully functional. I just ignore the "failure" and move on. It does suck that there's no way to change it from a failure to completed.

Thanks, Clint! The same here, even push policy shows "Failed" status, Citrix is installed and is fully functional

I got this as well. On machines with a earlier version installed i see Failed and then check and the applications folder and the and Receiver is there. Checked the /Library/Internet Plugins and the citrix plug in is there. However, when i go to our citrix site and launch an app Citrix Viewer does not start. Another tab opens up in Safari and tries to connect, ends up just spinning and spinning. Anyone else seen this?

I would check the Security settings:
Safari - Preferences - Security - Plug-in Settings
Make sure Citrix Online Web Plugin and Citrix Receiver are there and checked, and have "Allow Always" status

@Kaltsas been using @mm2270's script to kill processes, and we add a line or three to remove the app(s) to avoid possibility of merges. Their PKG should be fine for distribution as is.

Well...unless you count very early versions, like this one from early 2000's. This happened when we were updating the Polo Ralph Lauren environment from OS 9 to OS X. :)