Citrix Virtual Apps and Desktops 2402 CU2 expired certificate

Citrix Virtual Apps and Desktops 2402 CU2 expired certificate

book

Article ID: CTX692777

calendar_today

Updated On:

Description

Citrix Virtual Apps and Desktops (CVAD) 2402 LTSR Cumulative Update 2 (CU2) (2402.0.2100) contains installers and binaries signed with a now-expired code signing certificate. File signatures are considered valid if either:

  • A timestamp was included at the time of signing, or

  • The certificate used for signing has not expired.

In this release, the file signatures do not include a timestamp, causing the signatures to be considered invalid. This may result in Local Host Cache (LHC) configuration synchronization failures or trigger warnings related to invalid file signatures.   If an event triggers LHC activation for the site, these synchronization failures would result in LHC using out-of-date configuration data leading to unexpected user session launch behavior during LHC.

With the exception of LHC, initial reviews of the issue indicate that installations, upgrades, and core functionalities are operating as expected. However, service or software workflows (e.g. Windows Defender Access Control or WDAC policies) that enforce an active certificate check may fail.

Temporary Workaround for the Issue

To mitigate the LHC-related issues, replace the 2402 LTSR CU2 (2402.0.2100) LHC Config Sync script on the DDC with the 2402 LTSR CU1 (2402.0.1100) version.

  • Directory: C:\Program Files\Citrix\ConfigSync

  • File Name: ConfigSync.ps1

Environment

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.

Resolution

Solution

The new build with timestamped signatures is available in Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150) release. 

VDA:

While we have not observed any functional issues affecting existing Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2100) VDAs at this time,  we recommend upgrading them to Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150).

Delivery Controller:

Citrix requires upgrading Delivery Controllers to the new Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150). Until these upgrades are complete, you can use the mitigation steps provided above as a workaround.

 

The Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150) download can be found here:   https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/product-software/citrix-virtual-apps-and-desktops-2402ltsr-cu2-all-editions.html



Issue/Introduction

Citrix Virtual Apps and Desktops 2402 CU2 expired certificate

Additional Information

FAQ

  • Will existing DaaS customers running Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2100) VDA (Original) need to upgrade to Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150)

    • No. While we have not observed any functional issues affecting the existing Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2100.x) VDA at this time, Citrix recommends using the updated Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150.x) VDAs for any new installs or upgrades.

  • Will existing OnPrem customers running Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2100) VDA (Original) need to upgrade to Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150)

    • No. While we have not observed any functional issues affecting the existing Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2100) VDA at this time, Citrix recommends using the updated Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2150) VDAs for any new installs or upgrades.

  • Will existing OnPrem customers running Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2100) Delivery Controllers (Original) need to upgrade to Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150)

    • Yes. Citrix requires upgrading to the new Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150.x). The mitigation steps listed above can be used as an interim solution until upgrades to the Delivery Controllers are updated to Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150.x) have been completed. Refer to the ‘Temporary Workaround for the Issue’ section above.

  • Which Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2100) (Original) components are in scope for this recommendation to upgrade to  Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150)

    • Delivery Controller, Windows VDA, Federated Authentication Service, Director

  • What will the impact be to VDAs upgraded using VDA Upgrade Service (VUS) using Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2100) (Original)?

    • Citrix is working to update VUS with the updated Citrix Virtual Apps and Desktops 2402 LTSR CU2 VDA (2402.0.2150); additional updates to follow.

  • What changed from Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2100) (Original) to Citrix Virtual Apps and Desktops 2402 LTSR CU2 (2402.0.2150)?

    • Files signatures include timestamps 

    • Version updates:

      • 2402.0.2150.x / 7.41.2150.x

Powered by Wolken Software