NetScaler Gateway first ensures secure remote access by using secure Citrix ICA® proxy technology to encrypt data without the need to establish a full VPN tunnel from remote devices. Once connected, NetScaler Gateway uses Citrix HDX™ SmartAccess technology to perform pre-authentication endpoint analysis to ensure that the user’s. The endpoint analysis software downloads session policies defined on the Netscaler that can perform various types of scans on your computer. Depending on how the administrator sets up the policies he can scan for the name of a service or application that must be running, a registry key that must be present, the version of a specific file, or even a combination of these. We would like to show you a description here but the site won’t allow us. NetScaler Gateway is a secure application, desktop and data access solution that gives IT administrators granular application-level and device-level policy and action controls over access to corporate content, while allowing users to work from anywhere using SmartAccess and the XenMobile Micro VPN technologies. Endpoint Analysis. Important: In case of Pre-Authentication Endpoint Analysis, if a user does not install the Endpoint Analysis Plug-in on the user device or chooses to skip the scan, the user cannot log on with the NetScaler Gateway Plug-in. In case of Post-Authentication Endpoint Analysis, the user can access resources for which a scan is not required by using.
When using End Point Analysis (EPA), the plug-in fails to start or fails to scan after starting on MAC. Using a web browser does not initiate the scan, even when using ICA-Proxy for EPA.
The following errors are displayed:
Cannot connect to NetScaler Gateway. Contact your help desk with following information: Endpoint analysis process failed.
3006: The plug-in failed to start. Contact your help desk or system administrator.
Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.
To resolve this issue ensure that the preauthentication policy and NetScaler Gateway plug-in are correctly configured.
In this article a File Exist Policy for preauthentication is used to illustrate the correct configuration.
Create the preauthentication policy and bind it to the NetScaler Gateway virtual server.
For more information refer to Citrix Documentation - Configuring Preauthentication Policies and Profiles.
Note: Ensure that you enable Smart Access Mode.
Download and install the Citrix NetScaler Gateway Plug-in for MAC OS X.
Create a file on the MAC OS X. Currently, the only supported directory is the /Library directory.
In this example /Library/test.txt is created.
Run Citrix NetScaler Gateway Plug-in.
Select EditConnections.
Enter a name for this connection in the Connections tab.
Note: This need not be an FQDN. The FQDN is added as a placeholder for reference.
Specify the FQDN for the NetScaler Gateway virtual server in the Connections tab.
Note: Do not use http or https when specifying the FQDN.
If two-factor authentication is used, select Show secondary password field check-box.
Close the Preferences Window and select the new site to start the log on process.
If you are using a preauthentication policy, then the following screen appears for logon:
This error is usually observed when preauthentication policy or NetScaler Gateway plug-in is in correctly configured.
In the NetScaler command line interface, you can run the following command to view the failed EPA scans:
tail -f /var/log/ns.log | grep EVAL
The EPA scans that pass will not show in this log.
For more information about EPA, refer to Citrix Documentation - Configuring Endpoint Polices.