Archive for April, 2014

Release: IGEL Universal Desktop LX / OS 5.03.100

Wednesday, April 30th, 2014

IGEL Universal Desktop OS 2
===========================
Version 5.03.100
Apr 30 2014

====================
Notes:
====================
IMPORTANT:
Dual monitor configuration for “unsupported hardware” works only if “native
driver support” works properly. It is a prerequisite to assure that the
native driver is really working, as the fallback VESA driver does not provide
any dual monitor configuration. Have a look at Application Launcher’s
About tab->Hardware-Graphics Chipset. If VESA is listed there the native
driver does not work and dual monitor configuration is not functional.
Versions
========
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.0.2.265571
– Citrix HDX Realtime Media Engine 1.4.0-902
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– FabulaTech USB for Remote Desktop 5.0.0
– VMware View client 2.3.0-1551379
– Quest vWorkspace Client 7.6
– Leostream Java Connect 2.4.57.0
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– IBM iSeriesAccess 7.1.0-1.0
– Firefox 17.0.11
– Totem Media Player 2.30.2
– Voip Client Ekiga 3.2.7
– Thinlinc Client 3.2.0
– NX Client 3.5.0-7
– Cisco VPN Client 4.8.02.0030-k9
– NCP Secure Client (Enterprise) 3.25-rev15580-i686
– ThinPrint Client 7.0.59
– Xorg X11 Server 1.11.4
– Xorg Xephyr 1.7.6
– PC/SC Lite 1.8.9
– MUSCLE CCID Driver 1.4.13
– Omnikey CCID Driver legacy-3.6.0
– Omnikey RFID Driver legacy-2.7.2
– HID Global Omnikey CCID Driver 4.0.5.1
– REINER SCT cyberJack Driver 3.99.5final.SP03
– SCM Microsystems CCID Driver 5.0.27
– Safenet / Aladdin eToken Driver 8.1.0-4
– ACS CCID Driver 1.0.5
– A.E.T SafeSign PKCS#11 Library 3.0.3665
– Gemalto IDPrime PKCS#11 Library 1.1.0
– Athena IDProtect PKCS#11 Library 623.07
– SecMaker NetID PKCS#11 Library 6.1.1.21
– Philips Speech Driver 12.0.9
– Legacy Philips Speech Driver 5.0.10
– Client 0.8.3 for RedHat Enterprise Virtualization Desktops 3
– INTEL Graphics Driver 2.17.0
– ATI Graphics Driver 6.14.99_git20111219
– VIA Graphics Driver 5.76.52.92-126076
– NVIDIA Graphics Driver 304.60
– 2X Client 10.1-1263
– Imprivata OneSign ProveID Embedded

 

====================
Information:
====================
IMPORTANT: This releases integrates two Citrix Receiver versions 12 and 13.
You can only choose to run either of the versions.
The old 12 Citrix Receiver is still available for compatibility reasons and
activated by default. Version 13 of the Citrix Receiver can be activated at
the local setup of the device or through a UMS profile configuration.
Please check in this readme which restrictions apply and how to switch the
versions.

====================
Known issues:
====================
[ICA/Citrix Receiver 13]
– Currently Kerberos is not supported, so Kerberos passthrough will not work
with ICA sessions and Citrix XenApp/StoreFront.
Workaround: configure “Passthrough authentication”
– Smartcard authentication is supported for ICA sessions created on the IGEL
device (supported with Citrix servers up to version 6.5). Kerberos
passthrough and Citrix XenApp/StoreFront login are not supported.
– Only the “User name and password” StoreFront authentication method is supported.
– During Citrix XenApp/StoreFront logoff the logoff for running desktop sessions
does not work.
– Com-port redirection is not supported.
– Webcam redirection is not supported with H.264 hardware and software encoding,
still legacy theora encoding is supported.

[RDP]
– Fabulatech USB Redirection is not supported with IGEL Legacy RDP Client 1.0.
Please use IGEL RDP Client 2 – RDP legacy mode can be deactivated at
IGEL Setup -> Sessions -> RDP -> RDP Global -> Options page

[Quest vWorkspace]
– Multimedia Redirection:
Sound redirection is not working with WMV/WMA streams
– USB Redirection does not work reliable

[NVIDIA graphics support]
– In dual screen configurations DPMS monitor saving mode creates
display content corruptions on secondary VGA display after resume
====================
New features:
====================
[ICA/Citrix Receiver 13]
– Added Citrix Receiver 13.0.2
– Added support for StoreFront

Hints (It is IMPORTANT to read this, if you plan to use Citrix Receiver 13
instead of 12 and/or want to connect to a Citrix server version 7.x):
– This firmware contains two Citrix Receivers, but only one of them can be
active at a time. Default is Citrix Receiver 12. The version can be
switched by the new parameter “Use Citrix Receiver version 13” in the
IGEL setup at “Sessions->Citrix->Citrix Receiver Selection” (registry:
ica.useversion13). For Citrix Receiver 13 configuration setting the new
parameter “Citrix server version” is mandatory (see below).
– The new parameter “Citrix server version” on IGEL setup page
“Sessions->Citrix->Citrix XenApp/StoreFront->Server” (registry key:
ica.pnlogin.serverversion) defines the capabilities of the Receiver
accroding to the used Citrix server versions (default is “XenApp 6.x or
older”):
IMPORTANT FOR SERVER URL CONFIGURATION in the IGEL registry (With local
IGEL Setup or UMS 4.07.100 the server url is automatically stored at the
correct keys, if you use the provided setup page at
“Sessions->Citrix->Citrix XenApp/StoreFront->Server”):
Depending on the Citrix server version you have configured, different
sets of server url configurations apply:
* XenApp/XenDesktop 7.x Store:
For access to a Citrix Storefront:
registry keys ica.pnlogin.browseraddress_store<NR>.*
(optional: ica.pnlogin.browseraddress_store<NR>.farm)
* XenApp/XenDesktop 7.x Legacy Mode
For access to the legacy mode of a Citrix Storefront:
registry keys ica.pnlogin.browseraddress_store_legacy<NR>.*
(optional: ica.pnlogin.browseraddress_store_legacy<NR>.farm)
* XenApp 6.x or older:
For access to a XenApp Server:
registry keys ica.pnlogin.browseraddress<NR>.*
(optional: ica.pnlogin.browseraddress<NR>.farm)

– For Citrix StoreFront access with Citrix Receiver 13 only https web interfaces
are supported. If the SSL certificate of your Citrix server is not signed
by a trusted certificate authority (like Verigsign, Thawte etc.), you have to
install the root certificate of your own certificate authority on each Thin
Client.
Please use http://edocs.igel.com/index.htm#10200413.htm to access the document
on how to install SSL certificate.
– With Citrix Receiver 13 it is not possible to connect to a Citrix server
with other methods than the web interface (this affects the parameter
“Use Citrix XenApp Services Site” registry key: ica.pnlogin.useserversettings).
Due to that it is not possible to select another password change method than
“Citrix XenApp Services Site”.
– ICA sessions created on the IGEL device only work with Citrix XenApp servers up
to version 6.5.
– The parameter “Deferred update mode” has no effect anymore.
– The window options on IGEL setup page
“Sessions->Citrix->Citrix XenApp/StoreFront->Options” are not supported anymore.

Hints for the configuration on server side (for Citrix servers version 7.x):
– After installation and basic configuration of Machine Catalogs and Delivery
Groups, you end up with a store that uses http only. But the Citrix Receiver
13 for Linux supports stores with https only (the Windows version of Citrix
Receiver has this limitation, too; but it is possible to change some
registry keys on the client side to enable http support; unfortunately
this is not possible with the Linux version of Citrix Receiver).
– To switch the store to https, change the base URL on page “Server Group”
in the Citrix StoreFront Management Console.
– Then adjust the “Transport Type” in the “Manage Delivery Controllers”
dialog of the “Store” page in Citrix StoreFront Management Console.
– Then add a https binding for the website in the IIS Management Console
(you have to choose an SSL certificate in the corresponding dialog).
– Password change is disabled by default on a Citrix server 7.x. To enable it,
open the Citrix StoreFront Management Console and go to page
“Authentication”. Click on the authentication method “User name and
password” and then on “Manage Password Options” on the right pane.
– The error messages of Citrix servers 7.x and Citrix Receiver 13 are terribly
misleading. When you are using Citrix servers 7.x and you experience
problems with the connection itself or login, please double check
that everything is ok on the server side. It is a good thing to check the
overview page for a target machine in Citrix Studio. To get there, choose
“View Machines” in the context menu of a Delivery Group.
Then check for each machine:
– that the “Registration State” of the machine is “Registered”
– that the “Maintenance Mode” of the machine is “Off”
– that the “Power State” of the machine is “On”
– that you are using the correct user if there is a user
mentioned in the column “User”.
Also, if something does not work (although it really should), try to reboot
the Citrix server. In our tests this helped sometimes when we experienced
strange problems.

– With Citrix Receiver 13 there is support for new graphics codec parameters:
– H264 deep compression codec registry keys:
* ica.wfclient.h264enabled (disabled by default)
* ica.wfclient.texttrackingenabled
* ica.wfclient.smallframesenabled
The H264 codec is only usable if the multimedia codec pack is installed.
– JPEG codec registry keys:
* ica.wfclient.directdecode
* ica.wfclient.batchdecode (enabled by default)

Detailed description of the parameters are available at:
http://support.citrix.com/proddocs/topic/receiver-linux-13-0/receiver-linux-13-0.html and
https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/citrix-receiver/Linux-OEM-Guide-13.0-12-13-13.pdf

[ICA/Citrix Receiver 12]
– Improved ICA sessions with Kerberos Passthrough: it is now possible to choose
the Kerberos implementation(s) which are used with Citrix via parameter
ica.module.virtualdriver.sspi.kerberosselection.

[RDP]
– Changed default authentication mode to support NLA authentication aside local logon
for automatic access to Windows Server 2008, 2008 R2, 2012 and 2012 R2.
You can disable local logon and network authentication at IGEL setup page
“Sessions->RDP->RDP Global->Local Logon”
(registry: rdp.login.use_rdplogin and rdp.login.enable-network-authentication)
– IGEL RDP 2 only:
– Improved RDP remote apps
– correct positioning of drop down windows
– improved window maximizing and minimizing
– fixed display errors
– Added support for audio recording capability
– Improved RD Web Access:
Added support for the following options at IGEL setup page “Sessions->RDP->RDP Global”:
– Mapping (everything)
– Performance (RemoteFX only)
– Options (Inverted cursor color only)
– Native USB Redirection
– Multimedia Redirection .
– Added RDP session resolution with random settings.
– Added a “RDP connection bar” in a fullscreen RDP sessions, to minimize and quit the session.
The feature can be enabled at IGEL setup page “Sessions->RDP->RDP Global->Window->Enable toolbar”
(registry key: rdp.winconnect.enable-toolbar)

[ICA/RDP]
– Added new method to define multiple USB serial devices:
“Sessions->Citrix->ICA Global->Mapping->COM Ports->COM Port Devices”
(registry: ica.wfclient.comport<NR>)
“Sessions->RDP->RDP Global->Mapping->COM Ports->COM Port Devices”
(registry: rdp.winconnect.comport<NR>)
“Devices->Printer->CUPS->Printers->Printers”
(registry: print.cups.printer<NR>.serial_device)
For RDP and ICA COM Port Mapping, serial printers, USB serial devices
can be defined through USB vendor and device ID. This is done in the format
/dev/usbserial/ttyUSB_Vxxxx_Pyyyy, where xxxx and yyyy are the USB vendor
and product IDs in lower case hexadecimal digits (4 digits each).
In the IGEL Setup running on the thin client currently available devices
will be shown when pressing the “Detect Devices…” button.
– Updated Philips Speech Drivers to version 12.0.9

[VMware Horizon View]
– Updated VMware Horizon View to version 2.3.0-1551379
– Added Realtime Audio Video (RTAV) support. Can be activated in IGEL setup at
“Sessions->Horizon View Client Global->Real Time Audio Video”
– Added switch for “Ctrl+Alt+Insert” redirection to VM. Depending on server
configuration either “Ctrl+Alt+Insert”, “Ctrl+Alt+Delete” or no action can be triggered.
The registry key is located at “vmware.view.sendctrlaltinstovm” (default is false).
– For passthrough authentication added possibility to use the shortened domain name
instead of the fully qualified domain name, like “EXAMPLE” instead of “EXAMPLE.COM”.
Enable shortened domain name for a particular session with registry key
sessions.vdm_client<NR>.options.passthrough_shortdomain

[VPN]
– Added NCP Secure Enterprise client version 3.25-rev15580-i686

[WiFi]
– Updated all WiFi drivers backported from 3.13.2 Linux kernel,
new support for dual Band 2.4GHz/5Ghz wireless USB adapters
based on Ralink RT3572 chipset.
For other new supported devices, please check 3rd party hardware database.
– Added support for self service WiFi connections (Cafe Wireless):
The user can manage and select WiFi connections via the WiFi tray icon’s context menu.
This feature is disabled by default. It can be enabled at IGEL setup page
“Network->LAN Interfaces->Wireless->Enable wireless manager” (registry:
network.applet.wireless.enable_connection_editor)
– Added new parameters for better control of WiFi roaming capabilities with access
points that share the same SSID:
* network.interfaces.wirelesslan.device0.lock_initial: Default: false
If true the device will stick to the access point it is connected to
even if candidates with better signal quality are present.
Setting this parameter to true is a last resort for problems that are caused by
too much roaming.
* network.interfaces.wirelesslan.device0.bgscan.module: Default: “none”
These settings should be changed by experts only.
Selection of the bgscan (“background scan”) module used by wpa_supplicant
in the cases of WPA Enterprise and WPA2 Enterprise.
If the parameter “lock_initial” is set to true, it is recommended that this be “none”.
Possible values:
– “none”:
No background scanning is done.
– “simple”:
The WiFi module tries to scan for a potentially better fitting AP in the background.
The simple module has the following parameters (default values are those
hardcoded in NetworkManager 0.9.4.0):
* network.interfaces.wirelesslan.device0.bgscan.simple.signal_strength: (default: -45)
This defines a threshold that determines which of the following two parameters
shall be effective.
A signal level (dBm) is expected.
* network.interfaces.wirelesslan.device0.bgscan.simple.short_interval: (default: 30)
Interval between background scans in seconds if the actual signal level
of the currently connected access point is worse than
network.interfaces.wirelesslan.device0.bgscan.simple.signal_strength.
* network.interfaces.wirelesslan.device0.bgscan.simple.long_interval: (default: 300)
Interval between background scans in seconds if the actual signal level
of the currently connected access point is better than
network.interfaces.wirelesslan.device0.bgscan.simple.signal_strength.
– Added new parameters that control WiFi roaming between WiFi networks with different SSIDs:
* network.interfaces.wirelesslan.device0.mssid_check_interval: (default: 10)
The interval in seconds between checking if automatic roaming might be neccessary.
This includes detecting that a connection has been lost and a new one should be
established..
* network.interfaces.wirelesslan.device0.mssid_quality_threshold: (default: 20)
If the current connection’s quality percentage is below this value
scanning will be performed to find a potentially better network.
* network.interfaces.wirelesslan.device0.mssid_quality_difference_threshold: (default: 40)
A candidate for automatic roaming is only considered if its quality percentage
is this much better than the current connection’s quality.
* network.interfaces.wirelesslan.device0.mssid_previously_used_threshold: (default: 55)
During boot: If the previously used SSID’s quality percentage is above this threshold
it is preferred.
* network.interfaces.wirelesslan.device0.mssid_user_selection: Default: false
If true, the user can initiate roaming to a network via the WiFi tray icon’s context menu.
(The context menu must be enabled.).
If automatic roaming shall not interfere with the user’s choice, the following
values are appropriate:
network.interfaces.wirelesslan.device0.mssid_quality_threshold=0
network.interfaces.wirelesslan.device0.mssid_quality_difference_threshold=101
network.interfaces.wirelesslan.device0.mssid_previously_used_threshold=0

[Network]
– Added network-related system tray icons, one per device and VPN controlled with
the following settings:
Wired:
* IGEL setup “Network/Lan Interfaces->Interface[1,2]->Enable tray icon”
(registry: network.applet.lan[1,2].enable_trayicon):
Defines whether the tray icon is shown or not (default: enabled)
* IGEL setup “Network/Lan Interfaces->Interface[1,2]->Enable context menu”
(registry: network.applet.lan[1,2].enable_context_menu):
Switches the the context menu on or off (default: enabled)
* IGEL setup “Network/Lan Interfaces->Interface[1,2]->Enable network info dialog”
(registry: network.applet.lan[1,2].enable_network_info_dialog):
Switches access to the info dialog on or off (i.e. IP address) (default: enabled)
Wifi:
* IGEL setup “Network/LAN Interfaces/Wireless->Enable tray icon”
(registry: network.applet.wireless.enable_trayicon):
Defines whether the tray icon is shown or not (default: enabled)
* IGEL setup “Network/LAN Interfaces/Wireless->Enable context menu”
(registry: network.applet.wireless.enable_context_menu):
Switches the the context menu on or off (default: enabled)
* IGEL setup “Network/LAN Interfaces/Wireless->Enable network info dialog”
(registry: network.applet.wireless.enable_network_info_dialog):
Switches access to the info dialog on or off (i.e. IP address) (default: enabled)
* IGEL setup “Network/LAN Interfaces/Wireless->Enable wireless manager”
(registry: network.applet.wireless.enable_connection_editor):
Switch access to the self service wireless manager on or off (default: disabled)
VPN:
* IGEL setup “Network->VPN->Enable tray icon”
(registry: network.applet.vpn.enable_trayicon):
Defines whether the tray icon is shown or not (default: enabled)
* IGEL setup “Network->VPN->Enable context menu”
(registry; network.applet.vpn.enable_context_menu):
Switches the the context menu on or off (default: enabled)
* IGEL setup “Network->VPN->Enable network info dialog”
(regsitry: network.applet.vpn.enable_network_info_dialog):
Switches access to the info dialog on or off (i.e. IP address) (default: enabled)
[PowerTerm]
– Improved PowerTerm Interconnect IBM 5250 Emulation:
Added new parameters KBDTYPE and CHARSET at IGEL Setup page
“Sessions->PowerTerm Terminal Emulation->[Session Name]->General”.

[Java]
– Updated Java Runtime Environment to 1.7.0 U55.
– Added exception sites list to allow Java applications to be run after
the appropriate security prompts (according to Oracle’s JRE security
policy).
Exception sites (=URL) can be added at IGEL’s registry parameter
“java.deployment.exception_site%”. There you have to add a new instance for
each site.
Example: Use a self-signed Java webstart application.
– Added possibility to set the JRE security level by changing the registry
key “java.deployment.security_level”.

[base system]
– Updated FabulaTech USB for Remote Desktop to version 5.0
– Updated StepOver serversonet to version 0.7.16
– Updated Adobe Flash Player download url to version 11.2.202.356
– New TC Setup version 4.6.13
– Improved Active Directory/Kerberos Logon to specify the default lifetime and renewal
lifetime of Kerberos tickets through registry parameters:
– “auth.krb5.libdefaults.ticket_lifetime” (default: 10 hours)
– “auth.krb5.libdefaults.renew_lifetime” (default: 7 days)
– Changed the hotkey to hide all windows and show the desktop to be active by default.
The default hotkey is “Ctrl + Windows-Key + ‘d'”. You can disable the hotkey at IGEL setup:
“User Interface->Hotkeys->Commands->Hide all windows and show desktop”
– Updated Chinese, Dutch, French and German userinterface translations.
– Added an webcam test application. The application can be started from
“Application Launcher->System tab->Webcam Information”.
For scripting access use the command “webcam-info”:
* option “-l”:
retrieve a list containing all possible frame resolutions and frame rates.
– Fixed tray-manager regarding missing system tray icons in some cases.

[Smartcard]
– Added new smart card PKCS#11 library Athena IDProtect version 623.07.
– Added new SecMaker Net iD PKCS#11 library 6.1.1.21,
the SecMaker Net iD Browser Plugin has been removed.
– Added new version 1.1.0 of Gemalto IDPrime PKCS#11 Library with support for
all new IDPrime cards.
– Added new HID Global Omnikey smart card reader driver version 4.0.5.1
IMPORTANT:Some applications (e.g. A.E.T. SafeSign) require the following parameter
to be set in the registry: scard.pcscd.omnikey_tpdu_t1mode
Support for the following new driver models is added:
VendorID ProductID Name in Driver
0x076B 0x0596 OMNIKEY CardMan (076B:0596) 2020
0x076B 0x3020 OMNIKEY CardMan (076B:3020) 3020
0x076B 0x3022 OMNIKEY CardMan (076B:3022) 3021
0x076B 0x3620 OMNIKEY CardMan (076B:3620) 3620
0x076B 0x7021 OMNIKEY CardMan (076B:7021) 3121
0x076B 0x3623 OMNIKEY CardMan (076B:3623) 3621
0x076B 0x3822 OMNIKEY CardMan (076B:3822) 3821
0x076B 0x3823 OMNIKEY CardMan (076B:3823) 3821
0x076B 0x5820 OMNIKEY CardMan (076B:5820) 4121 CL
0x076B 0x512D OMNIKEY CardMan (076B:512D) 5025 PROX CL
0x076B 0x502A OMNIKEY CardMan (076B:502A) 5025 PROX CL
0x076B 0xC001 OMNIKEY CardMan (076B:C001) 5121
0x076B 0xC100 OMNIKEY CardMan (076B:C100) 5121
0x076B 0xC101 OMNIKEY CardMan (076B:C101) 5121
0x076B 0xC104 OMNIKEY CardMan (076B:C104) 5125 CL
0x076B 0xC105 OMNIKEY CardMan (076B:C105) 5125
0x076B 0x5127 OMNIKEY CardMan (076B:5127) 5127 CK
0x076B 0x5220 OMNIKEY CardMan (076B:5220) 5220 Pay CL
0x076B 0x5221 OMNIKEY CardMan (076B:5221) 5221 Pay
0x076B 0x5311 OMNIKEY CardMan (076B:5311) 5321
0x076B 0x532B OMNIKEY CardMan (076B:532B) 5321 Pay
0x076B 0xA521 OMNIKEY CardMan (076B:A521) 5321
0x076B 0x5326 OMNIKEY CardMan (076B:5326) 5326 DFR
0x076B 0x5421 OMNIKEY CardMan (076B:5421) 5421
0x076B 0x1784 OMNIKEY CardMan (076B:1784) 6020
0x076B 0x6623 OMNIKEY CardMan (076B:6623) 6121
0x076B 0x6310 OMNIKEY CardMan (076B:6310) 6311 CL
0x076B 0x1BD0 OMNIKEY CardMan (076B:1BD0) 7120
0x076B 0x1BD1 OMNIKEY CardMan (076B:1BD1) 7121
0x076B 0x8630 OMNIKEY CardMan (076B:8630) 8630
0x076B 0x9621 OMNIKEY CardMan (076B:9621) 9621
0x076B 0xA023 CCID SC Reader (076B:A023)
0x076B 0xA024 CCID SC Reader (076B:A024)
0x076B 0xA111 CCID SC Reader (076B:A111) Keyboard
0x076B 0xA112 CCID SC Reader (076B:A112) Keyboard
0x076B 0xA721 CCID SC Reader (076B:A721)
0x076B 0xB000 CCID SC Reader (076B:B000) HID identiCLASS
0x076B 0xB001 CCID SC Reader (076B:B001) iCLASS Smart@Link
0x076B 0xC000 CCID SC Reader (076B:C000)
0x076B 0xC200 CCID SC Reader (076B:C200)
0x076B 0xC300 CCID SC Reader (076B:C300)
0x046A 0x007B Cherry SmartTerminal XX44 (046A:007B)
0x046A 0x0090 Cherry SC Reader (046A:0090)
0x046A 0x0091 Cherry SC Reader (046A:0091)
0x046A 0x0092 Cherry SC Reader (046A:0092)
0x0BF8 0x101B CCID SC Reader (0BF8:101B) Fujitsu D321
====================
Fixed bugs:
====================
[ICA/Citrix Receiver 12]
– Fixed Citrix XenApp matching of application names in ICA autostart list
– Fixed Citrix XenApp refresh command.
– Fixed display of user name in screen lock/unlock dialog,
if Citrix XenApp password is synchronized with screen lock password.

[ICA/Citrix Receiver 13]
– Added support for “BypassSetLED” parameter:
registry key ica.wfclient.bypasssetled, Fixed issue with enabled key:
when a published application is configured to run a macro on one of the LED keys
(Caps Lock, Num Lock, or Scroll Lock), pressing the key can cause the macro to
run multiple times.

[XenDesktop Appliance]
– Fixed a minor bug with german keyboard layout and numblock DEL key.

[RDP]
– Fixed RDP native USB redirection device rules:
Product and vendor IDs need to be entered in hexadecimal now (decimal is not
supported anymore).
Streamlined with all other USB redirection rules.
– Fixed RemoteFX codec if “Legacy mode” is enabled:
– crash of RDP sessions to Windows 8 RDVH
– wrong rendering in RDP sessions with Server 2012
– Fixed logon with Gemalto .net cards and Windows Server 2008

[VMware Horizon View]
– Fixed smart card redirection in Horizon View with RDP protocol

[Quest vWorkspace]
– Fixed fullscreen sessions started from web interface.
Additional screen dimensions defined in the websession config are ignored.
– Fixed bug for SSL secured gateway/nat/proxy settings

[PowerTerm]
– Fixed setting “Autosave Size and Position” to not send thin client settings
to UMS at termination of session any more. Instead keep size and position
stored locally on thin client.

[Imprivata]
– Fixed imprivata appliance mode to work with dual screen settings in Citrix,
if the setting “ICA->ICA Global->Window->Multi Monitor Fullscreen Mode” is enabled.

[WiFi]
– Fixed support for PCI WLAN adapter based on Ralink RT3091.

[Network]
– Fixed wrong netmask in the network information dialog of the network tray icon.

[Smartcard]
– Fixed bug in smart card service pcsc-lite: When entering the smart card PIN
with certain PIN pad readers inside an ICA session, the PIN input window was
not displayed correctly.
– Fixed SCM Microsystems/Identive smart card readers: handle older reader models
with driver version 5.0.21, only new ones with 5.0.27.
This fixes problems with old readers in driver version 5.0.27.
– Implemented SCARD_ATTR_CURRENT_PROTOCOL_TYPE in pcsc-lite;
this helps smart card log on with SafeSign minidriver

[ThinPrint]
– improved the “default” mark of a printer configured in IGEL Setup
“Devices->Printer->Thinprint->Printer”.

[base system]
– Fixed OpenSSL Heartbleed bug: CVE-2014-0160,
security patches for CVE-2014-0092,CVE-2014-1959,CVE-2013-4242.
– Fixed system suspend/resume caps-lock/scroll-lock modifiers reset.
– Fixed Kerberos authentication:
when typing a wrong password at log on or screen saver unlock, badPwdCount in
Active Directory was incremented by 2 instead of 1 and thus the account was
locked too soon.
– Fixed smart card logon to a Windows 2003 Server based Active Directory.
In this case the parameter “auth.krb5.realms.pkinit.pkinit_win2k” has to be set.
– Fixed non native resolutions with VIA VX800/VX855 graphic chipsets:
the desktop is expanded over the whole screen again.
– Fixed custom partition: For downloading via FTP over SSL use explicit FTPS
instead of implicit FTPS.
– Fixed disappearing of network connection dialog, if no pointer device is connected.
– Fixed VIA graphics chipsets for dual monitor configuration with autodetected
resolutions and manual connector assignment
– Fixed SW cursor support with VIA graphics chips
– Fixed special character % in desktop folder names
– Improved handling of Lock keys in VNC Server. All modifiers will be cleared by default
when shadowing is started. Lock keys are handled on client side only by default.
(registry: network.vncserver.clear_all and network.vncserver.skip_lockkeys)

[Java]
– Fixed smartcard access used in java webstart UMS.

Updated: cloud-client.info IGEL Hardware overview Whitepaper

Wednesday, April 30th, 2014

Hello Folks,

the cloud-client.info IGEL Hardware overview Whitepaper has been updated and contains now also the latest devices and some other small modifications.

The Whitepaper is available here: Download

Cheers

Michael

Tip: Hidden Citrix Receiver failback switch in the IGEL Linux

Wednesday, April 30th, 2014

Hello Folks,

iam not sure how long this feature already exists but i should mention it here….

IGEL has included in all current LX/OS Firmware Versions (V4.13.x or V5.01.x to < 5.03.100) a hidden “failback” Switch which can help to bypass issues with the latest included Citrix Receiver Version.

In the current IGEL Firmware 5.02.100 you are able to switch between Citrix Receiver 12.1.8.250715 (default, mentioned in the release notes) and Citrix Receiver 12.1.6.231670 (mentioned nowhere… 🙁 ). I do not unterstand why this is included as a hidden feature because it’s a clear benefit to have this option available.

Switching between these Versions is quite simple, you only need to execute the command /services/ica/bin/switch_ica_fallback. This can be done from a command line/terminal session for tests / troubleshooting or you can execute it during boottime for production. If you want to switch back to the “default” version just execute the command again… Funny right?

If you want to perform the last option open a profile or the local IGEL Setup and browse to System – Firmware Customization – Custom Commands – Desktop Commands and enter the command in the Custom Command Desktop Final field. After this change is done the setting will be active after the next reboot.

Update: This solution is not available in the Firmware 5.03.100, use here the switch in the gui or the registry setting System->Registry->ICA and enable useversion13.

Cheers

Michael

P.S.: It might be that this switch will be removed in later firmware releases..

Release: IGEL Universal Desktop LX Version 4.13.180

Tuesday, April 29th, 2014

IGEL Universal Desktop LX
=========================
Version 4.13.180
Apr 17 2014
Versions
========
– Citrix Receiver 12.1.8.250715
– Citrix HDX Realtime Media Engine 1.4.0-902
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– IGEL RDP Client 1.0
– FabulaTech USB for Remote Desktop 3.1.2
– VMware View client 2.3.0-1551379
– Quest vWorkspace Client 7.6
– Leostream Java Connect 2.4.57.0
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– IBM iSeriesAccess 7.1.0-1.0
– Firefox 17.0.11
– Totem Media Player 2.30.2
– Voip Client Ekiga 3.2.7
– Thinlinc Client 3.2.0
– NX Client 3.5.0-7
– Cisco VPN Client 4.8.02.0030-k9
– NCP Secure Client (Enterprise) 323_038.i686
– ThinPrint Client 7.0.59
– Xorg X11 Server 1.11.4
– Xorg Xephyr 1.7.6
– PC/SC Lite 1.8.9
– MUSCLE CCID Driver 1.4.13
– Omnikey CCID Driver 3.6.0
– Omnikey RFID Driver 2.7.2
– REINER SCT cyberJack Driver 3.99.5final.SP03
– SCM Microsystems CCID Driver 5.0.27
– Safenet / Aladdin eToken Driver 8.1.0-4
– ACS CCID Driver 1.0.5
– A.E.T SafeSign PKCS#11 Library 3.0.3665
– Gemalto .NET PKCS#11 Library 2.1.0
– SecMaker NetID PKCS#11 Library 6.0.1.44
– Philips Speech Driver 12.0.8
– Legacy Philips Speech Driver 5.0.10
– Client 0.8.3 for RedHat Enterprise Virtualization Desktops 3
– INTEL Graphics Driver 2.17.0
– ATI Graphics Driver 6.14.99_git20111219
– VIA Graphics Driver 5.75.32.87a-59172
– VIA Legacy Graphics Driver 4.1.83
– SAP GUI java710rev6
– 2X Client 10.1-1263
– Imprivata OneSign ProveID Embedded
================
Known issues:
================
[Quest vWorkspace]
– Multimedia Redirection:
Sound redirection is not working with WMV/WMA streams
– USB Redirection does not work reliable
================
IGEL Universal Desktop LX 4.13.180 (stable build based on 4.13.170)
================
Fixed bugs:

[base system]
Fixed tray-manager regarding missing tray icons in some cases.
================
IGEL Universal Desktop LX 4.13.170 (stable build based on 4.13.140)
================
New features:
================

[VMware Horizon View]
– For passthrough authentication added possibility to use the shortened domain
name instead of the fully-qualified domain name, like
“EXAMPLE” instead of “EXAMPLE.COM”.

To enable shortened domain name for a particular session,
go in the IGEL Registry and set the key
sessions.vdm_client%.options.passthrough_shortdomain
to true.

================
Fixed bugs:

[base system]
Security patches: CVE-2014-0160,CVE-2014-0092,CVE-2013-4242

================
IGEL Universal Desktop LX 4.13.140 (stable build based on 4.13.110)
================
New features:
================

[VMware Horizon View]
– Updated VMware Horizon View to version 2.3.0-1551379
– Added Realtime Audio Video (RTAV) support. Can be activated in setup at
“Sessions->Horizon View Client Global->Real Time Audio Video”
– Added switch for “Ctrl+Alt+Insert” redirection to VM. Depending on server
configuration either “Ctrl+Alt+Insert”, “Ctrl+Alt+Delete” or no action
can be triggered. The registry key is located at
“vmware.view.sendctrlaltinstovm” (default is false)

[Java Runtime Environment]
– Updated Java Runtime Environment to 1.7.0 U51.
– Added exception sites list to allow Java applications to be run after
the appropriate security prompts (according to Oracle’s JRE security
policy).
Exception sites (=URL) can be added at IGEL’s registry parameter
“java.deployment.exception_site%”. There you have to add a new instance for
each site.
Example: Use a self-signed Java webstart application.
– Added possibility to set the JRE security level by changing the registry
key “java.deployment.security_level”.
================
Fixed bugs:
================
[Smartcard]
– Fixed SCM Microsystems/Identive smart card readers: handle older readers
with driver version 5.0.21 and only new ones with 5.0.27.

[VMware Horizon View]
– Fix smart card redirection in Horizon View with RDP protocol

[ICA]
– Fixed Citrix XenApp/Programm Neighborhood refresh command
– Fixed matching of application names in ICA autostart list
– User name is shown again in screen lock unlock dialog, when
Citrix XenApp password is synchronized with screen lock password

[Wifi]
– Fixed support for PCI Wifi adapter based on Ralink RT3091.
================
IGEL Universal Desktop LX 4.13.110 (stable build) based on 4.13.100
================
Fixed bugs:
================
[ICA]
– Fixed missing desktop/menu icons with Citrix XenApp/Program Neighborhood.

[X11 system]
– UMD: Restored possiblity to update / downgrade if a satellite is not compatible with IGEL Linux v5

Info (Updated): USB 3.0 Memory – Same device with different results or what vendors doesn’t tell you.

Monday, April 28th, 2014

Hi Folks,

did you already got an USB 3.0 Memory or maybe two or more of them for you company? Your Users complain different write/read performance results? Why?
Reason is quite simple, it seams to be a big fun for some vendors to sale “different” devices providing different results with the same device name/part number. My negative sample for today is the Memory Vendor PNY and the Product USB-Stick 128 GB PNY Wave Attache™ USB 3.0 – Part Number FD128GBWAVE30-EF.

I got two of these devices for tests with the IGEL UD5 USB 3.0 Ports and the user was complaining different results with similar USB memory devices, so of course the different result must came from the Thin Client… 🙁 …but this is not the case. 🙂

I was able to reproduce these different results with PC’s, Tablet computer or any other device coming with a USB 3.0 port and the issue was not the thin client; it is the memory device.

The difference was “huge”, the first USB Memory provides a write speed of 60-80 mb/s which is good for a USB Memory but the second one provides only 25mb/s as max. write speed? What? It’s not much faster than a USB 2.0 device…

128 GB PNY Wave Attache, same but different

128 GB PNY Wave Attache, same but different

So i went to a electronic store close by that offers these USB Memory devices and both versions are offered here at the same time, funny but you can see the difference for this product quite simple if you know where to look (expand the upper picture).

Iam sorry to say: For me it’s a little bit “cheating” to work in this way… Provide the fast version for tests and sale “mixed” versions of the same product at the same time and i don’t believe that the production costs are equal. The slow PNY memory seams to be a “better refurbished” USB 2.0 memory and the results are not even close to the results mentioned in public available tests which can be found at Google or what PNY mentions on the package as max. speed.

So i only can recommend to test this in advance! If you buy a bigger amount force the reseller to provide you a “specification” guarantee and as end customer try to replace the device if possible, last one could be hard because the speed for the device is mentioned only “very” flexible by PNY and of course it’s a “low budget” device but a extreme result difference like this should also not happen for a “low budget” device with a brand on it from my point of view.

By this way, PNY is not the only vendor working in this way but regarding the fact that this device is “sold” and “announced” in a massive way at the moment you should have an eye on this.

I also wait for a statement from PNY and how this can be fixed, i will update this article if i got a statement from PNY and the marketing slogan “Make Life Simple” from PNY sounds like a bad joke for me at the moment but maybe there are people who like to play a device “lottery”.

 Update:

I found a 3rd Version and after this test results the best indicator to detect the fast Version is the engraved CE symbol, see picture below. The Version without the CE Mark provides a 3x faster write speed than the one with the engraved CE Mark during my tests. I’ve tested now 7 of these sticks (4 with engraved CE Mark and 3 without the engraved CE Mark), thanks also for the feedback provided by other users confirming these results! Also the slow one has a red LED, the fast one during my test always comes with an orange LED which shows Disk activity.

PNYUSB3SF

 

Cheers

Michael

P.S.: I will keep my two same but different PNY memory devices to have it as negative sample how “Same but not similar device” can look like.

P.S.2: I do not know how much versions are sold by PNY and this is only my personal result, so iam not responsible if there are also other versions with other visible indicators available. Test! Test! Test!

P.S.3: I got already similar results with display vendors (very common) and other devices like smart card readers but in these cases there was always a different revision number available (printed on the packaging and/or device) which clearly mentioned a difference.. This is not the case for the PNY memory device and i really try to find one.

Tip: Where are my Windows Store Apps and Data located on my local Harddisk

Saturday, April 12th, 2014

Hello Folks,

a few times i’ve been asked where the Windows Store Apps located incl. the data for Apps (Savegames, configuration files and so on).

So here are the locations for these files:

Binary Application Data: C:\Program Files\WindowsApps
Configuration Data: C:\Users\*User Name*\AppData\Local\Packages

Check the subfolder names in these directories, it should be easy to identify the App folder that you are looking for.

If you want to backup your configuration data or maybe save games just backup the configuration data folder, you can also copy this folder to an other device, i never got an issue by doing this and I’ve done this a few times for Apps which don’t offer a “Sync” option thru Microsoft One Drive.

Please note: These folders are hidden and you need Administrator permissions to modify these folders. Do also note that you never remove an Windows App by deleting just the folder in C:\Program Files\WindowsApps, this will never be enough and can create major issues for this App.

Cheers

Michael

Tip: How to get free space for your Windows Tablet SSD / Moving Windows Applications to a SD-Card

Saturday, April 12th, 2014

Hello Folks,

maybe you sometimes need some space for your Windows Tablet SSD to install new Apps or whatever but without loosing any other Application. One way is to move an Application to the SD-Card but how?

First of all this will not work for Application installed thru the Windows App Store! So don’t touch the “WindowsApps” folder in the C:\Program Files directory, do also not touch C:\Windows folder or the folder where your Windows OS files are located. Second: I will not take any warranty if you damage you system, you do this modification on your own risk!

Steps (Administrator rights are required!):

1) Create a folder on the SD-Card where you want to move the applications, i’ve used “d:\Program Files (x86)” to identify the location in a simple way.
2) Move the application folder from the “Program Files” directory located on drive C: to the new created folder on D:, in advance make sure that no component from this folder is already running! I recommend to do this directly after a reboot.
3) After you have done this start a Windows command line with Administrator permissions (Important!).
4) Now create a Link with the commandline tool “mklink”, don’t use the “normal” way thru Windows Explorer to create the Link: This way fails during all my tests!. The mklink commandline should look like this “mklink /J “c:\Program Files (x86)\*foldername here* “d:\Program Files (x86)\*foldername here*”, replace *foldername here* with the Program folder name you have moved.
5) Verify that a link for the folder is created in c:\Program Files (x86) and start the Application thru the Start Menu do verify it’s working as it should be.

That’s it, repeat this for Applications you want to move too. If you want to move an application back to c: delete the “linked” folder in c:\program files and move the folder back from the SD-Card to the SSD/HDD drive.

I’ve tested this with VLC Media Player, Mozilla Firefox, Microsoft Office 2013, Microsoft MapPoint Europe 2013 and Microsoft Visual Studio 2013, in all cases i did not discover any issues incl. the deployment of updates. Moving Apps installed thru the Windows App Store is not possible, once the folder is moved and the link is created the Apps will not start anymore, i’ve tested this a few times and always with the same negative result; no need to waste your time with this.

Cheers

Michael

P.S.: As said… Anything you’re doing in this way is without any warranty!

P.S.: It would be great if Microsoft could add a feature in the Windows App Store to move applications quite simple and without any issues like now.

Tip: Fixing Microsoft Remote Desktop Services issue with IGEL Linux 5.02.100 and Windows Server 2008 R2 SP1

Friday, April 11th, 2014

Hello Folks,

if you have discovered issues with the Microsoft Remote Desktop Services (RDS) client coming with the latest IGEL Linux V5.02.100 Firmware you should try the following setting:

If using the IGEL Universal Management Suite (UMS) make sure the profile is optimzed for a Firmware 5.x.x.

In the setup browse to Sessions-RDP-RDP Global-Options and enable the RDP Legacy Mode, if you are using an older UMS Version and the setting is not shown in the GUI browse to System-Registry-RDP and enable RDP Legacy Mode here.

Assign the profile and restart the RDS Session, issues shown on the server (like not working RDS Services) should be gone now.

Cheers

Michael

Info: Is the IGEL UMS affected by the OpenSSL Heartbleed (CVE-2014-0160) issue?

Thursday, April 10th, 2014

Hello Folks,

i just made some tests but it doesn’t look like the IGEL Universal Management Suite is affected by the Heartbleed issue.

You can test against our public UMS Server if you like but here is the result:

UMS Console Port Default 8443 on our Server 443

UMS Console Port Default 8443 on our Server 443

 

I’ve tested the console port 8443 and the client connection port 30001, in both cases the results are ok and did not show up any Heartbleed related issue.

 

Cheers

Michael

P.S.: Please note that I run only a test for the last Version 4.06.100 of the IGEL Universal Management Suite and that my test is not an official statement from IGEL Technology!

Info: OpenSSL Heartbleed (CVE-2014-0160) issue doesn’t have an effect for Citrix Netscaler but..

Thursday, April 10th, 2014

Hello Folks,

all people talking about the OpenSSL Hearbeat/Heartbleed issue and how bad it is… Remembers me a little bit like the Sasser/MSBlast wave a couple of years ago.

heartbleed

At all, if you’re currently using Citrix Netscaler to protect your environment you should get a look at CTX140605.

In general the Citrix Netscaler is not affected by the Heartbleed issue but please note: This do not count for the internal Website running behind the Netscaler on your server by design, for example if you use Apache based Webserver, so in this case you should verify this and upgrade the Webserver. The Netscaler itself is safe at the moment, also the external access to websites hosted in your fabric should be save if the external connection run thru the Netscaler; primary risk are internal sites in your company where the Netscaler can/would be bypassed for internal access/users and if the affected OpenSSL Version 1.01 is used.

So the “but…” in the headline points to the fact that mostly attacks are coming from internal sources/users and here the Netscaler will not help you depending on your network setup if the OpenSSL Version 1.01 is used.

Iam quite sure a few web based companies are now feeling sad that they have not used the Netscaler in the past. 🙂

Cheers

Michael

P.S.: If you want to check your site visit http://filippo.io/Heartbleed/, if your site is “unsercure” you should to the following steps asap.

1) Upgrade your webserver to a secure OpenSSL Version
2) Change all used SSL certificates to new ones.
3) Notify all users to renew there passwords (force them)

There are already a lot articles covering this in more detail, so no more need to repeat this… I hope…

P.S.2: Details about the OpenSSL issue can be found here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Tip: Disable the Last Logon User shown in the Windows ES W7 Logon screen

Tuesday, April 8th, 2014

Hello Folks,

sometimes you don’t need the Auto Logon feature coming with the Windows based IGEL Thin Clients, for example if the device is joined in a domain and you don’t want to see the local Administrator and User account in the Windows Logon Page to make the handling simple for the user.

You can download a new Partial Update for Windows based IGEL Thin Clients here: Download

This Partial Update will disable the Last User Logon Informations in the Windows Logon Screen, the result will look like the screenshot below.

withdisabledlastusername

You can also use this as sample how to deal with a Partial Update for a Windows based IGEL Thin Client. The archive contains the package, a manual as PDF, the required UMS Profile and the project file to edit the Partial Update together with our DATI tool.

Cheers

Michael

Info: DynDns discontinue the free DNS Host Service

Monday, April 7th, 2014

Hello Folks,

not IGEL related but maybe it’s useful for you, DynDns will stop there free DNS name service in the beginning of may. If you’re looking for a free alternative, maybe to access labs try no-ip or similar.

Cheers
Michael

Tip: Troubleshoot Certificate issues with Citrix Receiver and Apple IOS / MacOSX / Android / Linux

Friday, April 4th, 2014

Hello Folks,

if you are using the Citrix Receiver together with Apple devices you may have discovered some certificate issues in the last weeks or months.

This means, you have imported a “valid” Certificate but the user is still not able to connect to your Citrix environment. Very common for this issue is the public CA GoDaddy and there are a couple of Admins running into this issue in the last weeks.

The reason for this issue is quite simple, a few CA’s now create all certificates valid after the 01-01-2017 as a SHA2 certificate, this SHA2 certificate is not supported by the Citrix Receiver for Apple OS’s in the moment. See also http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

Only way to fix this at moment is to use an other certificate type or to wait until Citrix adds the SHA2 support for the Apple/Android/Linux receiver versions.

Cheers
Michael

P.S.: Please refer also to the Citrix Client Feature Matrix mentioned in the previous post.

Tip: What are the differences in the Citrix Receiver by OS?

Friday, April 4th, 2014

Hello Folks,

you want to know what is the difference in the Citrix Receiver Versions for MacOSX, Android, Windows 8 or Linux, have a look in the new Citrix Receiver Feature Matrix which is available here: Citrix Receiver Feature Matrix

Cheers
Michael

Release: Windows 8.1 / Server 2012 R2, Windows RT 8.1 Update and SQL Server 2014 are now available in the MSDN

Thursday, April 3rd, 2014

Hello Folks,

you can now download the Update for Windows 8.1 / Server 2012 R2 and Windows RT 8.1 in the Microsoft MSDN (MSDN Account required), also SQL Server 2014 RTM is available now in the MSDN.

Cheers

Michael

P.S.: It’s named as Update and not Update 1 🙂