On systems running macOS 10.14.4, Mobility clients can terminate and restart when roaming between networks (for example: wired to wireless network, different wireless networks, LAN to WAN, and so on). The Mobility client mitigates this by automatically reconnecting (if configured), but you may notice a service interruption while roaming. This issue does not occur on macOS 10.14.3 and earlier. Administrators should thoroughly test and carefully consider whether to upgrade to macOS 10.14.4. Please contact support for more information.
Upgrading to the Windows 10 Fall 2018 release requires that you also upgrade to the Mobility v11.43 client. Microsoft is releasing their Fall update to Windows 10 (v1809). The Mobility v11.43 client for Windows fixes compatibility issues with the Windows 10 network location awareness (NLA) feature in Windows 10 v1809. Without the updated Mobility client, any application that uses this feature will malfunction, including the Edge browser and many Windows system apps. Windows 10 devices running Microsoft’s fall release must install Mobility v11.43 to avoid these issues. See Known and Resolved Issues for details. Failure to upgrade to the Mobility v11.43 client when running Windows 10 Fall 2018 release will result in elevated CPU utilization associated with NLA, and malfunctions in the Windows Edge browser and other apps which rely on NLA to function.
Summary: As is true of many other software companies NetMotion has discovered all current versions of the Mobility client are incompatible with some upcoming updates to Windows. Though not part of the initial Spectre and Meltdown updates, when these Windows updates are applied, systems running any Mobility client for Windows prior to 11.32 will not operate as expected. You MUST upgrade to Mobility v11.32 before applying them. Do not delay. Advisory: Current versions of Mobility are fully compatible with the initial round of Microsoft’s Spectre and Meltdown updates. We expect that Microsoft will release more patches addressing these vulnerabilities; we will keep you informed as to whether they will affect your NetMotion deployment. In the wake of the initial round of patches, we learned that Microsoft’s Windows 10 Spring release is incompatible with all current versions of the Mobility client; In the past the Spring release has been available in the March timeframe but with the current situation involving Spectre and Meltdown, we cannot be sure these releases will not happen sooner. We also expect updates to Windows 8 and 7 will also be incompatible. We are releasing v11.32 clients for all Windows platforms to address the incompatibility If you apply the upcoming Windows update, systems running any Mobility client for Windows prior to 11.32 will not operate as expected. Because we don’t know precisely when Microsoft will release the updates, you must upgrade your Windows systems to Mobility v11.32 as soon as possible. Do not delay.
FAQ Q: Does this issue have anything to do with the Spectre and Meltdown vulnerabilities? A: Shipping Mobility clients are fully compatible with the Microsoft updates published on January third and ninth, 2018 in response to the Spectre and Meltdown vulnerabilities. Microsoft has not made public their motivation for the changes causing the incompatibility with Mobility clients. Q: Will these new clients work with my existing server? A: These clients are compatible with all currently supported Mobility servers (Mobility v10x and v11x). There is no need to upgrade your server to run the 11.32 clients. Q: How did you discover the incompatibility? A: We participate in the Windows Insider program, and we saw the issue in a preview build. Q: What are the KB article numbers for the updates you are concerned about? A: Microsoft has not released the KB numbers yet. Q: When will Microsoft release their update? A: Changes like this are usually in the Spring and Fall releases, but given all the other work being done in response to Spectre and Meltdown we can’t be sure of the timing. That’s why it’s urgent to prepare now. Q: Which client operating systems are affected? A: We have released new clients for Windows 10, Windows 8, and Windows 7. Q: How do I get the updated clients? A: The v11.32 clients are available on the NetMotion software download portal. Q: What if I no longer have a current maintenance contract? A: Contact us via email or phone and we’ll work with you to get the updated clients. Q: Does this affect the iOS, macOS and Android clients, or the Mobility server? A: Our release is only for Windows clients. Q: Do you have any advice on how to deploy the new clients? A: In Mobility 10.51 we added an easy to use over-the-air update feature. If your Mobility server and clients are at version 10.51 or greater, review the help to craft an upgrade deployment that suits your needs. Q: Is there anything else I can do to mitigate this situation? A: We recommend that you thoroughly test all changes to your production environment before pushing them live. Q: What if I still have questions? A: If there’s something we haven’t answered here, please contact our support team: Click here to submit a request online, else give us a call at (888) 723-2662.
After June 30, 2017, Diagnostics servers prior to version 4.10 may not correctly display coverage maps, device maps, and client report mini-maps. Earlier Diagnostics server versions will continue collect and store location data and display reports, but due to changes with Microsoft Bing Maps, maps may not display properly after June 30, 2017. If you encounter problems where maps do not display after that date, upgrade to Diagnostics version 4.10. Technical Support can assist customers who want to upgrade their Diagnostics systems. For assistance planning your upgrade, or for any further questions, please contact us.
After December 31, 2017, NetMotion Software will no longer provide support for Diagnostics version 2.x servers and clients. Customers running Diagnostics 2.x systems should upgrade to Diagnostics version 4.10 or later. For a current list of supported operating systems and versions, see the Product Lifecycle and Supported Operating systems page on our corporate web site: netmotionsoftware.com/support/supported-systems For further information or if you need to speak with our sales and tech support representatives, please contact us.
Effective March 2017, NetMotion Software has stopped developing and testing its software products on the following platforms:
NetMotion Products that support these operating systems continue to be supported until the product’s published end-of-life, but maintenance releases, feature releases, and major versions of NetMotion Software will not support them.
NetMotion Software is providing customers with advance notice of the end of life (EOL) for the following:
Note: EOL for Windows Vista and Windows XP was announced in 2014 NetMotion Software recommends that customers running Mobility 9.x begin to plan their migration to the latest version of Mobility. We will no longer provide support for version 9.x servers and Windows 7 client after January 1, 2018. For a current list of supported operating systems and versions, see the Product Lifecycle and Supported Operating systems page on our corporate web site. http://netmotionwireless.com/support#fndtn-Supported-Systems Thank you for being a NetMotion customer. We look forward to helping you with your migration to the latest version of Mobility. For further information or if you need to speak with our sales and tech support representatives, visit our website https://www.netmotionsoftware.com/ or call us directly at 206-691-5555. The NetMotion Team
On October 3, 2016, Microsoft released updates to Windows Defender, its anti-malware product for Windows 8.x and 10. The updated version of Windows Defender is incompatible with Mobility v10.7x and v11 clients. As a result, Windows Defender cannot properly update its malware signatures. NetMotion has released new versions of the affected Mobility clients, resolving the incompatibility. Customers who are running Windows Defender should update to the latest version of Mobility of Mobility 10.7x or 11.0x. Contact Support If you have any further questions, contact NetMotion Technical Support: www.netmotionsoftware.com/support
Mobility 10.72 for iPhone and iPad is supported on both iOS 9 and 10. Administrators should upgrade to Mobility 10.72 before October 10, 2016. This is when NetMotion plans to release Mobility 11 for iPhone and iPad, which supports only iOS 10 and later. Most upgrades from Mobility 10.72 to Mobility 11 are expected to be trouble-free. Administrators should be aware of important issues surrounding licensing, certificate handling, and support for iOS 9 that may arise with the release of Mobility 11, and take appropriate steps to prepare for the transition. Full details of the issues and procedures for managing the upgrade process are described here. Administrators who want to preview the upgrade process to the version 11 iOS client can sign up for the closed beta. Please contact firstname.lastname@example.org for more information.
The Mobility 10.72 clients are immediately available on our download site and through the NetMotion Wireless deployment server. Administrators are encouraged to upgrade their Windows 10 Mobility clients and then install the Microsoft update as soon as is practical. On January 12, 2016, Microsoft released a cumulative update to Windows 10 that prevents users running Mobility from logging on to the Windows desktop. NetMotion has identified the problem and is in the process of implementing a solution. We will update the NetMotion support advisory page in the coming week with information on timing and availability of a fix. Until a fix is available, the two options for addressing the issue are to uninstall the update or uninstall Mobility. Administrators with Windows 10 devices can stop the installation of the patch by excluding the following packages from their regular system updates:
If the Windows 10 update has been installed unintentionally, Administrators can uninstall it by following these steps:
Contact Support Customers with any further questions can call our support team at (888) 723-2662.
A new Mobility client (v10.71) that supports iOS 9 is available on the Apple App Store. Apple device users should update their Mobility client to v10.71 BEFORE they upgrade to iOS 9 to ensure uninterrupted access. This newest version of Mobility also supports devices running iOS 7.1 and above. Mobility client versions prior to 10.71 are not supported on iOS 9. It is not necessary to update the Mobility server to run this client. If you any other questions or would like assistance, please contact email@example.com
The Mobility Windows 7 client does not run on Windows 10. Upgrading directly from Windows 7 to Windows 10 with Mobility installed is not supported. If you choose to upgrade any of your Windows 7 devices, please uninstall the Windows 7 client, upgrade the operating system, and then install the Mobility 10.71 beta client for Windows 10.
By the end of 2015, NetMotion Wireless will stop developing and testing the Mobility and Diagnostics servers for Microsoft Windows Server 2008 R2. Solutions shipped with support for Windows Server 2008 R2 will continue to be supported, but maintenance releases, feature releases, and major versions of NetMotion Mobility and Diagnostics server software will not be released for Windows Server 2008 R2 after 2015. Customers running a NetMotion server on Windows Server 2008 R2 who have a current maintenance agreement will continue to receive full support until the product version they are running has reached end-of-life. We encourage customers running our solutions on Windows Server 2008 R2 to make plans for upgrading their platform as soon as reasonably possible. Technical Support can assist customers who want to upgrade their current Windows Server 2008 R2 deployment to a newer supported Microsoft server operating system. For assistance planning your migration, or for any further questions, please contact them at +1 888 723 2662.
Summary On March 10, 2015, Microsoft released a security bulletin describing a vulnerability in Windows, and a patch to remedy the vulnerability. Since then, there have been many reports in the media describing conflicts between that patch and other security products. Mobility customers should exercise caution when applying Microsoft’s fix to their authentication server if both of the following are true:
Applying Microsoft’s fix will keep Mobility client versions 10.52 or below from properly authenticating. This issue has no impact on the operation of the Mobility server, just client authentication. No other Mobility components are affected by this conflict. Mobility deployments configured to use other RADIUS servers, or RSA authentication are not affected by this bulletin. What to Do There are three basic ways to mitigate the impact of Mobility client and the Microsoft patch.
If you choose not to install the patch from Microsoft at this time, we strongly recommend that you isolate your authentication server on a trusted network. Contact Support Customers with any further questions can call our support team at (888) 723-2662. References
Summary On November 11, 2014, Microsoft released a security bulletin describing a vulnerability in the Microsoft Secure Channel security package in Windows, and a patch to remedy the vulnerability. The patch kept Mobility clients version 10.50 and earlier from connecting to Microsoft NPS and IAS authentication servers. A week later, on November 18, Microsoft re-released the patch, rolling back the changes that kept Mobility client versions 10.50 and below from connecting to NPS and IAS servers. NetMotion Wireless has tested the updated MS14-066 patch and found that the original conflict between the patch and the earlier Mobility clients is no longer present. In light of this, we recommend that Mobility administrators:
Summary On November 11, 2014, Microsoft released a security bulletin describing a vulnerability in the Microsoft Secure Channel security package in Windows, and a patch to remedy the vulnerability. Mobility customers should exercise caution when applying Microsoft’s fix to their authentication server if both of the following are true:
Applying Microsoft’s fix will keep Mobility client versions 10.50 or below from properly authenticating to either NPS or IAS. The conflict that keeps Mobility clients from authenticating is not present in Mobility client versions 10.51 or greater (released August 5, 2014). This issue has no impact on the operation of the Mobility server, just client authentication. No other Mobility components are affected by this conflict. Mobility deployments configured to use other RADIUS servers, NTLM, or RSA authentication are not affected by this bulletin. What to Do There are two basic ways to mitigate the impact of the conflict between older versions of the Mobility client and the Microsoft patch.
If you choose not to install the patch from Microsoft at this time, we strongly recommend that you isolate your NPS or IAS server on a trusted network. Contact Support Customers running supported versions of Mobility for Windows Mobile or Windows CE should contact support for an update to their client software. Information on installing the Mobility client on all operating systems can be found here: System Administrators Guide > Mobility client installation. References
In mid-October, 2014, multiple media outlets reported a serious vulnerability in the SSL v3.0 encryption protocol (POODLE, CVE-2014-3566). SSL v3.0 an older and less secure option for encrypting data sent between web servers and browsers still supported by servers and browsers for the purposes of backward compatibility. By exploiting this vulnerability, an attacker can read information encrypted with this protocol. Mobility is not vulnerable to the POODLE attack, neither are communications between Locality agents and the Locality server. Locality relies on Windows to determine what type of cryptography to use for securing connections to the management interface. Since many of Microsoft’s server operating systems are vulnerable, it may be possible for an attacker to read the contents of those browser sessions if all of the other conditions of the attack are met. Microsoft has published an advisory that addresses the POODLE attack. As a precaution, we recommend that administrators follow Microsoft’s recommendations for disabling the SSL v3.0 encryption algorithm on their Windows server. Doing so will not impair Locality in any way. As always, we encourage our customers to audit their entire infrastructure to determine if any other components require software updates. Many vendors are already providing patches to vulnerable systems.
On September 24, 2014, multiple media outlets reported a serious vulnerability in the Bash shell, a utility commonly found on Linux, UNIX, and Mac OS devices (CVE-2014-6271). By exploiting this vulnerability, an attacker can take control of a susceptible device. Neither Mobility nor Locality is vulnerable to this issue since we have never shipped any software that contains the Bash shell. There is no need to patch or update the client or server for any of our products. As always, we encourage our customers to audit their entire infrastructure to determine if any other components require software updates. Many vendors are already providing patches to vulnerable systems. References
We will release an update to the NetMotion Mobility client that supports iOS 8 soon. NetMotion strongly recommends that all users of the Mobility client for iPhone, iPad and iPod touch remain on iOS 7.1x in order to continue to use their Mobility client, which currently supports only iOS 7.1x. The App Store application on your Apple devices will automatically notify users when the updated Mobility client is available for iOS 8. We will also notify customers via email and on our website.
After March 2012, resolution of the most severe issues in versions of Mobility running on Microsoft Server 2003 will be available on an “as-needed” basis. Click here to access Knowledge Base Support for further details on technical support and timelines >>
On June 5, 2014, new vulnerabilities were reported in OpenSSL. Exploitation of these vulnerabilities could allow an attacker to decrypt intercepted traffic. Mobility 10.11 and earlier versions are only affected by CVE-2014-0224 when configured to use RADIUS authentication with a vulnerable RADIUS server. The advisory contains details on six vulnerabilities – Mobility is not affected by the other five advisories because it does not use the affected components. Mobility deployments configured to use NTLMv2, LEAP, or RSA SecurID authentication can safely disregard this advisory. Details If an attacker can intercept the authentication session between two vulnerable systems, it is possible to fool the systems into using keys based only on public information. Only if all of the following conditions are true is it possible to decrypt Mobility traffic using this exploit:
What to Do
On January 1, 2015, NetMotion Wireless will discontinue support for Locality Server 1.x and Locality Agent 1.x. For customers with these products, we offer assistance in migrating to the latest version of Locality. After January 1, 2015, we will continue to offer assistance, but we will no longer test interoperability with newer versions of our products, future operating systems (on client or server platforms), or resolve defects associated with them. Customers running Locality v1.x are highly encouraged to upgrade to the latest software as soon as reasonably possible. For assistance planning your migration, or for any further questions, please contact technical support at (888) 723-2662.
On April 7, 2014 multiple media outlets reported a vulnerability in OpenSSL (CVE-2014-0160) related to Heartbeat Extension packets (the Heartbleed bug) that can lead to data exploitation. Neither of our products, Mobility or Locality, has ever included a version of the OpenSSL library with this vulnerability. There is no need to patch or update the client or server for any of our products. However, we strongly encourage our customers to audit their entire infrastructure to determine if any other components require software updates, for example:
According to OpenVPN, the access server accessible from your Mobility console may be vulnerable. We’ve shipped support for two versions:
We have validated the least intrusive fix for v1.8.4 as recommended by OpenVPN. Since the vulnerability is remotely exploitable, we recommend that customers take the OpenVPN Server off line until they have installed the fix. Learn how to Patch OpenVPN, Visit Our KnowledgeBase Article >>
Microsoft is discontinuing support for Windows XP on April 8, 2014. After that, no further updates to Windows XP will be provided to address defects or security vulnerabilities and they will no longer provide technical support. In light of Microsoft’s decision, on January 1, 2015, NetMotion Wireless will discontinue support for the Mobility and Locality clients that run on Windows XP, allowing NetMotion users an extra 8 months to complete their migration. Additionally, after that date we will no longer offer support for Mobility clients running on Windows Vista, or for Mobility XE versions 8.0 to 8.51. After January 1, 2015, customers with these products can receive assistance with migrating to new versions and platforms, but we will no longer test interoperability with newer versions of our products, future client operating systems, or resolve bugs associated with them.
Mobility version v10.10 is fully supported on Android 4.0 – 4.3x, but not Android 4.4.x (Kit Kat). Additionally, we are aware of several bugs in Kit Kat that adversely affect VPN functionality. Google is in the process of fixing them and we will release a Mobility client that is fully Kit Kat-compatible after the bugs have been addressed. NetMotion Wireless customers running Mobility v10.10 and earlier for Android should NOT update to Kit Kat, even if an update is offered by their carrier. Kit Kat is only supported on Mobility v10.51 and above. For more information on v10.51, review What’s New in NetMotion Mobility and Known and Resolved Issues.
Mobility version 10.0 is supported on Windows 8.0, but not on Windows 8.1. For any computers running Windows 8.0 with Mobility installed, do not attempt to upgrade the operating system to version 8.1. The upgrade will fail and (in some cases) reverting to Windows 8.0 will also fail. A Windows 8.1-compatible Mobility client is scheduled for release in fourth quarter 2013.
Customers running NetMotion Mobility® v9.50 and v9.51 and FIPS 140-2 libraries, or NSA Suite B may experience a disconnect from the Mobility server, or a significant delay when installing the most recent Microsoft CNG.sys cryptographic library update. There are simple steps to remedy this. Click here to access the Knowledge Base Support article addressing this issue >>
In the next release of NetMotion Mobility, the database technology used with the Analytics module will move from Microsoft SQL to MySQL. Installing the Analytics module will now always put the reporting server and reporting database together on the same machine. Click here to access Knowledge Base Support for further details >>