Archive for the ‘Firmware / UMS Releases’ Category

Release: IGEL Universal Management Server

Thursday, April 21st, 2016

====================
IGEL Universal Management Suite
====================
Version 5.02.100
Release date: 2016-04-20

HTML version of this readme is available at http://edocs.igel.com/index.htm#10205028.htm

NOTE:
– New key attribute ‘Unit ID’ added to thin clients; the unit ID is a unique
identifier for a thin client. It is set to the MAC address for all
currently supported devices
– Apache Derby Driver updated to version 10.12.1.1
– DB schema change: Table ADDITIONAL_SYSTEM_INFORMATION replaced by HARDWARE_INFORMATION
– tested lx versions

====================
Known Issues:
====================

[High Availability Feature]

– Load balancers fail to upload the log files to UMS if support info is created.
This effects high availability networks only.

====================
New features:
====================

[UMS common]

– Added automatic UDC license deployment;
configure an IGEL Thin Client (UD LX / UDC v5.09 or higher) to be a
‘UDC automatic license deployment server’ on setup page
IGEL Setup -> System -> Remote management -> UDC automatic license deployment server
(Device registry key: system.remotemanager.wol_proxy.enabled; Type: bool; default: false)
and activate the automatic license deployment in
UMS console -> UMS Administration -> Global Configuration -> Automatic UDC License Deployment -> Enable Automatic UDC License Deployment.
Any new UDC device registering to UMS will get a license automatically.
See http://edocs.igel.com/index.htm#10204964.htm for details.

– Enhanced support information: all assigned profiles of a selected thin client
are added to the support information file

– Added feature for sending Wake on LAN broadcasts via ‘Wake on LAN Proxies’.
These proxies are standard IGEL thin clients (UD LX / UDC v5.09.100 or higher)
and can be defined in UMS Console -> UMS Administration -> Global Configuration -> Wake On LAN -> Wake On LAN Proxies.
There is no configuration required on the thin client side.
Wake on LAN proxies are designed to send wake up broadcasts into network
segments that cannot be reached from UMS server directly.
See http://edocs.igel.com/index.htm#10205070.htm for details.
[Console, common]

– Enhanced mail feature:
* Added option to mail results of administrative tasks
* Added direct mailing of support information via UMS internal mail client

– Enhanced user login history for thin client logins:
* Added AD login and logoff to logging in UMS (up to now only Shared
Workplace logins were logged).
* Added quick search support for currently logged in users
(must be activated in UMS Console -> UMS Administration -> Global Configuration -> Misc Settings -> User Login History)

– Enhanced user experience in UMS console: window pane sizings are now restart
safe stored.

– Added: User Manual is available offline in UMS Console Menu -> Help -> User Manual (offline)
[Thin clients]

– Added new asset information field to thin clients: custom firmware name
(supported in W7 /W7+ devices since version 3.11.100 while creating a snapshot)
[Profiles]

– Enhanced usability in profile import
* select best match firmware automatically if original firmware is not available
* by default file chooser lists xml and zip files only
* when importing a profile archive, all profiles are selected for import by default
[Views]

– Added functionality to assign profiles to the current result of a view
or search. Assignment is made once for all element currently in the view,
this is not a dynamic assignment process!
The available options are
* UMS Console -> View context menu -> Assign profiles to the thin clients of the view
* UMS Console -> View context menu -> Detach profiles from the thin clients of the view
* UMS Console -> Search entry context menu -> Assign profiles to the thin clients of the search
* UMS Console -> Search entry context menu -> Detach profiles from the thin clients of the search
[Configuration Dialog]

– Added support to copy a complete session in configuration dialog;
* functionality is available for all session types (e.g. RDP, Citrix, ..)
* executed via context menu in Configuration dialog -> Sessions -> [any session] -> Session instance context menu -> Copy
[VNC]

– Enhanced VNC configuration: VNC settings for integrated VNC Viewer
can be configured globally and take effect with every VNC mirroring session
(UMS Console -> Aministration section -> Global Configuration -> VNC).
[Admin tasks]

– Added new administrative task: export job executions and delete exported job executions;
* Name of administrative task: Delete job execution data
* Delete rules are configured in UMS Console -> UMS Administration -> Global Configuration -> Job Protocol
[High Availability Feature]

– Enhanced HA network stability: HA network refuses connection of processes
that have been installed with a different network token.

– Added automatic database configuration for new server processes
in an HA environment. It’s no longer necessary to configure the
HA database manually when an additional server is added to the network.
[Installer (linux)]

– Added installer option to create menu items for “UMS Console” and “UMS Administrator”
on Linux operating systems.
[IGEL Management Interface (IMI)]

Detailed documentation for IMI is available at http://edocs.igel.com/index.htm#10204968.htm

– Added support for IGEL Secure VNC. IMI provides methods to get thin client certificate
and the one-time password to forward the credentials to any VNC client you want to use.

– Added profile and master profile support.
* Provides functionality to edit/move/remove profiles and masterprofiles
* NOT supported: create profile/masterprofile or configuration change

– Added assignment support for profiles/masterprofiles
* Assing/detach profiles to/from thin clients and thin client folders

– Added use of alias ‘latest’ instead of IMI version (/v1, /v2) in
REST urls. /latest represents the newest IMI version.
====================
Resolved issues:
====================

[UMS common]

– Fixed UMS server logging issue: daily file for catalina log is created again;
– IMI got separate log file ‘api.log’.
[Console, common]

– Fixed ‘User manual’ link in help menu; link points to UMS 5 manual now

– Fixed crash in Log and Event Messages dialog with large databases: dialog would not open
in environments with more than about 1000 thin clients.

– Fixed: The UMS database administrator was not allowed to manage the
public holidays (UMS console->Misc->Manage public Holidays)

– Enhanced thin client panel layout: assignment panel width is preserved
if thin client selection changes

– Fixed: assigned thin clients on firmware updates dissapear if a firmware update
is selected and F5 is pressed

– Fixed: license creation from smartcard fails if the license contains
Addon Multimedia Codecs 2 or Addon Multimedia Codec AAC
[Thin clients]

– Fixed: Asset id field showed the same value as the serial number field.

– Fixed: Sending settings to a thin client fails if a file is assigned
to the tc several times.
[Profiles]

– Fixed: Some settings could not be saved on setup pages
‘System/Power Options/Display’ and ‘System/Power Options/System’

– Fixed bug in permission management of profile assignments: assignment panel
did not display assigned thin clients

– Changed: double click action on directories in profile assignment dialog
does no longer assign the folder, but expands the folder instead.
[Views]

– Fixed issues of view with ‘Flashplayer’ criterion and operator ‘not like’: view did
not return any thin clients

– Fixed: Views with online criterion can’t be assigned to a scheduled job.

– Fixed: Bug in “Send View Result as Mail”, which exported some incorrect columns
[Jobs]

– Changed name of Job “Update next Reboot” to “Update on Boot”
[‘Files’]

– Fixed: use ip address of server in file transfer URLs to avoid problems resolving FQDN

– Fixed: A file which is assigned to a parent directory of a thin client
is sent to the tc even if the file is in the recycle bin.

– Fixed file deleting issue: If a file is deleted in UMS the corresponding ‘real’ file
in the WebDAV directory is not deleted as long as other UMS files refer to it.
[Configuration Dialog]

– Fixed thin client configuration issue: thin client settings for profile instances are not saved.

– Fixed: Empty error message while opening Browser Session via Session Summary in configuration dialog

– Fixed configuration dialog issue with PostreSQL database: configuration could not
be saved, if values of fix instances were changed.

– Fixed permission issue for display page: page permission for display page
did not take effekt on UD LX / UDC devices prior to 5.08.
This problem exists since UMS version 5.01.

– Fixed: Adding Browser Session with legacy LX Firmwares

– Fixed time zone configuration issue: It’s possible to use template keys
in WES profiles for timezone parameter on page Sytem -> Date and Time

– Fixed: Path to some parameters were highlightet in green even if there was
no template pattern set for the parameter.
[Console, administration section]

– Fixed server actions in administration section, UMS Networt, Server: stop service and start service actions
in context menue of the UMS server are available in an HA environment only.

– Fixed ‘test’ button in email configuration: now a test mail is sent to verify the connection.
[Admin tasks]

– Enhanced job execution history for administrative tasks: an additional column shows
the server which executed the task (relevant mainly for HA environments)
[AD / LDAP integration]

– Fixed AD configuration test button issue: If an AD configuration is defined
with an user but without a password, the test button now asks for
valid credentials before the connection to the Active Directory is tested
[Console, web start]

– Fixed: License creation from smartcard doesn’t work on Linux systems.
[Server, common]

– Removed weak SSL ciphers in UMS server: RC4_128_SHA and RC4_128_MD5 removed.

– Updated: Apache Derby Driver version 10.8.3.0 to version 10.12.1.1

– Changed: Increased the maximum memory usage of UMS Console (512mb -> 768mb)
and UMS Server (768mb -> 1024mb)
[Administrator application]

– Fixed wrong state of SQL console button in UMS Administrator: button was active
even if no data source was activated.
[Installer (windows)]

– Fixed Innosetup script recording for silent installation: silent installation
did always perform a full installation, even if individual component selections
were made during script recording.

– Fixed windows installer issue: missing embedded database configuration
if standard server WITHOUT console is installed

– Enhanced installation process: installer keeps running until UMS server
has started completely and database update is done.
This may take some minutes, but prevents database update problems
[Installer (linux)]

– Enhanced installation process: installer keeps running until UMS server
has started completely and database update is done.
This may take some minutes, but prevents database update problems
[IGEL look and feel]

– Fixed various Issues with the new UMS 5 Look and Feels
(icons, date picker layout, check box representation in tables, ..).
[IGEL Management Interface (IMI)]

– Changed: IMI performance enhancements for finding all thin clients or thin client directories

– Fixed: IMI license can now contain more than one cluster id

Release: IGEL Universal Desktop W7/W7+ Version 3.11.100

Thursday, February 4th, 2016

IGEL Universal Desktop W7+
=========================
Version 3.11.100
Release date 2016-02-01

Supported devices:
UD3-W7+, UD5-W7+, UD6-W7+, UD9-W7+, UD9-W7+ Touch, UD10-W7+, UD10-W7+ Touch
====================
Notes:
====================

====================
Drivers:
====================
– D-LINK DWA-131 Nano: 1085.7.0815.2009
– D-LINK DWA-131 REVB Nano: 1015.6.0210.2012
– eGalax xTouch: 5.11.0.9020
– FTDI UsbToSerial: 2.02.04
– Gemalto Minidriver for .NET Smart Card: (WES7: 8.3.1.3)
– Intel 945 Express: 8.15.10.1930
– Intel AHCI: 11.2.0.1006
– Intel Centrino WIFI N-1000: 15.1.0.18
– Intel HD Graphics: 36.15.0.1073
– Intel HD Graphics: 9.17.10.2875
– Intel PCI Communication Controller: 8.0.0.1262
– OmniKey Cardman 3×21: 1.2.15.0
– Prolific PL-2303 USBtoSerial: 2.0.2.8
– Qualcom Atheros WIFI: 10.0.0.285
– Ralink RT309x/2860: 3.02.01.0
– Ralink WIFI RT357x 5.1.7.0
– Realtek 8168: 7.61.612.2012
– Realtek HD Audio: 2.63
– Realtek RTL8169 Version: 7.43.321.2011
– RTL8168C: 7.018.0322.2010
– VIA Chrome9 VX855: 8.14.14.0141
– VIA Chrome9 VX900 for UD10: 8.14.14.0231
– VIA Chrome9 VX900: 8.14.14.0181
– VIA HD Audio VT1708B: 6.0.01.8700
– VIA WIFI VT6656: 1.1.0.2
– AMD USB 3.0 hub driver: 1.1.0.0167
– AMD PSP Device driver: 2.12.0.0002
– AMD Radeon Graphics driver: 15.101.1007.0000
– AMD SMBus driver: 5.12.0.0015
– AMD USB 3.0 host controller: 1.1.0.0167
====================
Applications:
====================
– .NET: 3.5 SP1
– Citrix Receiver: 4.4
– Client for RedHat RHEV-D: 3.0-26
– Ekiga VOIP Client: 3.2.6
– Ericom PowerTerm: 9.2.0.0
– Ericom WebConnect: 5.6.1.1000
– Fabulatech USB for Remote Desktop: 5.0.2
– Internet Explorer: 11
– Leostream Connect Client: 2.7.129.0
– Microsoft RDP Client : 8.1
– NCP Enterprise Client: 9.30
– NX Client: 3.4.0.7
– Dell vWorkspace Client: 8.5
– Sumatra PDF Reader: 2.1.1
– Sun JAVA RE: 1.8 Update 40
– ThinPrint: 8.6
– Tight VNC Server: 2.7.10
– USB Redirection for RedHat RHEV-D: 3.0-26
– VMware Horizon Client Version: 3.5.2
– Windows Media Player: 12
====================
Bug fixes:
====================
[TCSetup]
– Fixed TCSetup is not accessible by user.

[Browser]
– Fixed IE session does not autostart in kiosk mode.
– Fixed enable/disable protected mode does not work for restricted sites zone.

[Powerterm]
– Fixed Powerterm session does not start.

[ICA]
– Fixed passthrough authentication does not work if Citrix Selfservice
session is started automatically.

[System]
– Fixed settings are not configured if user information dialog is disabled.
– Fixed standby/wakeup on UD5/UD6 does only work once.
– Fixed settings are not configured if UMS could not be reached.
– Fixed enabling the Microsoft Keyboard Filter results in a reboot loop.
– Fixed Microsoft Standard VGA driver is loaded after snapshot upload.

====================
New features:
====================
[System]
– Updated OpenSSL library to version 1.0.2d.
– Added UMS auto registration via DHCP structure tag.
– Added Italian, Spanish and Japanese as IGEL user interface language
– Added enable/disable IGEL configuration.
On IGEL setup page “Sessions->Citrix”
(registry key: ica.use_igel_setup, default: true)
On IGEL setup page “Sessions->RDP”
(registry key: rdp.use_igel_setup, default: true)
On IGEL setup page “Sessions->Windows Media Player”
(registry key: sessions.wmplayer.use_igel_setup, default: true)
On IGEL setup page “Sessions->Horizon Client”
(registry key: vmware.view.use_igel_setup, default: true)
On IGEL setup page “Accessories->Windows Services”
(registry key: system.winservices.use_igel_setup, default: true)
On IGEL setup page “Userinterface->Desktop”
(registry key: userinterface.desktop.use_igel_setup, default: true)
On IGEL setup page “Userinterface->Input->Keyboard”
(registry key: userinterface.keyboard.use_igel_setup, default: true)
On IGEL setup page “Userinterface->Input->Mouse”
(registry key: userinterface.mouse.use_igel_setup, default: true)
On IGEL setup page “Userinterface->Shell”
(registry key: userinterface.shell.use_igel_setup, default: true)
On IGEL setup page “Userinterface->Start Menu”
(registry key: userinterface.startmenu.use_igel_setup, default: true)
On IGEL setup page “Network->Routing”
(registry key: network.routing.use_igel_setup, default: true)
On IGEL setup page “Network->LAN Interface”
(registry key: network.use_igel_setup, default: true)
On IGEL setup page “Devices->Printer->Printer”
(registry key: print.use_igel_setup, default: true)
In IGEL Registry
(registry key: devices.hotplug.use_igel_setup, default: true)
On IGEL setup page “Security->Password”
(registry key: system.auto_logon.use_igel_setup, default: true)
On IGEL setup page “Security->Active Directory”
(registry key: system.domainparticipation.use_igel_setup, default: true)
On IGEL setup page “Security->Network”
(registry key: system.network.use_igel_setup_security_network, default: true)
On IGEL setup page “System->Date and Time”
(registry key: system.time.use_igel_setup, default: true)

– Added configuration of installation directory for clients
On IGEL setup page “Sessions->Citrix”
(registry key: ica.selfservice.installdir, default: C:\Program Files\Citrix\ICA Client\SelfServicePlugin)
(registry key: ica.wfclient.citrixinstalldir, default: C:\Program Files\Citrix\ICA Client)
On IGEL setup page “Sessions->Horizon Client”
(registry key: vmware.view.installdir, default: C:\Program Files\VMware\VMware Horizon View Client\vmware-view.exe)

[Dell vWorkspace]
– Updated Dell vWorkspace to version 8.5.

[VMware]
– Updated VMware Horizon Client to version 3.5.2.
On IGEL setup page “Sessions->Horizon Client->Horizon Client Sessions->Connection settings”
(registry key: sessions.vdm_client%.options.novmwareaddins, default: desktop)
(registry key: sessions.vdm_client%.options.singleautoconnect, default: desktop)
In IGEL Registry
(registry key: vmware.view.pcoip.enable-fips-mode, default: false)

– Added redirection of “Ctrl,Alt,Del” to session.
On IGEL setup page “Sessions->Horizon Client->Horizon Client Global->Keyboard”
(registry key: vmware.view.redirect_ctrl_alt_del, default: false)

[RDP]
– Added redirection of “Ctrl,Alt,Del” to session.
On IGEL setup page “Sessions->RDP->RDP->Keyboard”
(registry key: rdp.winconnect.redirect_ctrl_alt_del, default: false)

[ICA]
– Updated Citrix Receiver to version 4.4.
In IGEL Registry
(registry key: ica.selfservice.show_tray_icon, default: false)
(registry key: ica.hdx.serversidecontentfetching, default: false)
– Added redirection of “Ctrl,Alt,Del” to session.
On IGEL setup page “Sessions->Citrix->ICA Global->Keyboard”
(registry key: ica.wfclient.redirect_ctrl_alt_del, default: false)

[Browser]
– Added enable/disable of message “New addons can be activated” for IE session.
On IGEL setup page “Sessions->Browser Sessions->Advanced”
(registry key: sessions.web.websettings.iesecurity_activenewaddons, default: false)
====================
Known Issues:
====================
[System]
– Deactivating WIFI devices is not working.
– Deactivating Bluetooth devices is not working.

[FABULATECH]
– Fabulatech USB for Remote Desktop is currently
not working with Citrix XenDesktop.

[VMware]
– USB redirection: devices connected to a USB 3.0 Port will not be redirected.
– USB redirection is currently not working if vWorkspace USB
redirection service is enabled.

Release: IGEL Universal Desktop OS/LX 5.08.100

Monday, December 14th, 2015

IGEL Universal Desktop OS 2
===========================
Version 5.08.100
Release date 2015-12-11
Last update of this document 2015-12-11

The online Release Notes can be found at http://edocs.igel.com/index.htm#10204110.htm
Registry Keys of parameters are listed there.

==========================
Versions:
==========================
Clients:
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.8.0-258
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.1.4.322630
– Citrix Receiver 13.2.1.328635
– Dell vWorkspace Connector for Linux 8.5.0
– Ericom PowerTerm 10.2.0.0.20150802.1-_dev_-34574
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– Evidian AuthMgr 1.3.5696
– FabulaTech USB for Remote Desktop 5.1.0_20151106
– Firefox 38.4.0
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.2
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– NCP Secure Client (Enterprise) 3.25-rev23310-i686
– NX Client 4.6.16
– Open VPN 2.3.2
– Oracle JRE 1.8.0_66
– Parallels 2X Client 14.1.3452
– Remote Viewer 2.0 for RedHat Enterprise Virtualization Desktops
– Systancia AppliDis 4.0.0.14
– Thinlinc Client 4.4.0-4775
– ThinPrint Client 7.0.65
– Totem Media Player 2.30.2
– Nimboxx VERDE Client 8.0.0-rel.25568
– VMware Horizon client 3.5.0-2999900
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Nuance Audio Extensions for dictation 7.47.0
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.3.10

Signature:
– signotec VCOM Daemon 1.0.11
– Softpro/Kofax Citrix Virtual Channel 3.1.33.2
– StepOver TCP Client 1.0.0

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.93
– PKCS#11 Library Athena IDProtect 623.07
– PKCS#11 Library Gemalto IDPrime 1.2.1
– PKCS#11 Library SecMaker NetID 6.3.0.50
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.5
– Reader Driver MUSCLE CCID 1.4.19
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems SDI011 5.0.18
– Reader Driver Identive / SCM Microsystems CCID 5.0.33
– Resource Manager PC/SC Lite 1.8.12

System Components:
– Graphics Driver ATI 7.3.0
– Graphics Driver NVIDIA 304.128
– Graphics Driver INTEL 2.99.914
– Graphics Driver VIA 5.76.52.92-151843
– Kernel 3.13.11-ckt27 #67.109-udos-r1368
– Xorg X11 Server 1.15.1
– Xorg Xephyr 1.15.1

==========================
Information:
==========================

IMPORTANT:
This release integrates three Citrix Receiver versions: 12.1.8, 13.1.4 and 13.2.1.
Only one of these versions can be active at a time.
You can change the Receiver version in IGEL Setup/UMS on page
“Sessions->Citrix XenDesktop / XenApp->Citrix Receiver Selection”.
Citrix Receiver version 13.2.1 is used by default.

IMPORTANT:
Dual monitor configuration for “unsupported hardware” works only if “native
driver support” works properly. It is a prerequisite to assure that the
native driver is really working, as the fallback VESA driver does not provide
any dual monitor configuration. Have a look at Application Launcher’s
“About tab->Hardware-Graphics Chipset”. If VESA is listed there the native
driver does not work and dual monitor configuration is not functional.
==========================
Known issues:
==========================

[Citrix Receiver 13]
– Randomly seamless application windows are displayed twice in a dual monitor setup.

[Citrix]
– It can happen that the window of a published Firefox can get unusable when the window is maximized,
then minimized and maximized again. This can also happen to other applications, too
Workaround: enable registry key ica.wfclient.twisetfocusbeforerestore with Citrix Receiver 13.2.1

[Firefox]
– If you have socks- and http/ssl proxy defined in the system wide setup,
the browser uses the socks proxy. In contrast in session specific setup,
the browser prefers http/ssl proxy.

[VMware Horizon]
– Remote Applications are not seamless in the strict sense.
These are rather displayed in an extra window decorated by the TC’s window manager.
– If more applications defined and started in the same session, all are displayed inside this window.
The default size of this window can be defined in the Window section of the Horizon session.
– PCoIP user input language synchronization is currently broken.

[Dell vWorkspace Connector]
– Seamless applications exported from Win8/8.1 desktops show display errors when
dragged to the screen edges.
– With a dual monitor configuration flash redirected windows can appear on wrong screen.
– After the start of a seamless session the window is initially maximized before being
resized to the correct size.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection may not work reliable.
– Session starts only if RDP Local Logon Window
(IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active.

[Genucard VPN]
– Network loss, network reconfiguration or dis- and reconnecting genucard requires session restarts

[Evidian AuthMgr]
– Active Directory users with a password containing special characters may have problems to
authenticate with the configured session.
Known special characters which results in errors are:
` (grave accent, ASCII code 96)
ยด (acute accent, ASCII code 239)
==========================
IGEL Universal Desktop OS 2 5.08.100
==========================
New Features:
==========================

[Citrix Receiver 13]
– Updated Citrix Receiver to version 13.2.1 (additionally to 12.1.8 and 13.1.4)
Receiver 13.0.4 was removed.
Citrix Receiver version 13.2.1 is used by default now.

[Citrix]
– Added new Citrix Virtual Channel for Dictation with Nuance devices and software.
Activate in IGEL Setup on page Sessions->Citrix XenDesktop / XenApp->
HDX / ICA Global->Mapping Device Support, parameter “Nuance Channel for Dictation”
default: disabled.
– Added a parameter to disable “Ctrl+Alt+Del” hotkey for login data input in the
Smartcard login window. Only Smartcard login is available then. The new paramater
is available in the registry:
“ica.login.smartcard_only” (default: disabled)
– Added username and password authentication support for the System-wide proxy
located at setup page Network->Proxy. The primary intention of use is for
Citrix Sessions with Flash redirection.
The local Firefox browser can also levarage these settings, if a proxy realm is defined.

– Citrix StoreFront/Web Interface:
– Added a filter for the applications appearance on start menu, desktop
and application launcher at IGEL Setup
Sessions -> Citrix XenDesktop / XenApp ->
Citrix StoreFront / Web Interface -> Appearance:
“Apply display filter to start menu entries”, (default: disabled)
“Apply display filter to Application Launcher entries”, (default: disabled)
“Apply display filter to desktop icons”, (default: disabled)
– Added numeration for identical session names by activating the parameter in the
registry: “ica.pnlogin.unique_names” (default: false)
[RDP/IGEL RDP Client 2]
– Updated IGEL RDP Client 2 to version 2.2
(based on FreeRDP 1.2.4 git version Sep 21 23:42:32 2015
commit 62da9d28c674814c81c245c1c7882eb0da7be76b)
– Added automatic reconnect if network connection is lost. Reconnect can be aborted
manually. This feature only works with Desktop Sessions. Gateway Sessions
and Remote Apps are not supported.
– Added playback of MPEG-2 and MPEG-1 videos in RDP multimedia redirection.
– Added Dynamic Client Drive Mapping functionality.
You can enable this feature at Setup -> Devices -> Storage Devices ->
Storage Hotplug -> Enable dynamic client drive mapping (default: disabled)
– Added automatic Windows desktop resizing (resolution of desktop) if size of
the RDP window is changed. It can be enabled at:
Sessions -> RDP -> RDP Global -> Window -> Enable Display Control (default: enabled)
– Improved server certificate handling. If the certificate was already accepted once
no certificate dialogue will popup as long as the session is running.

[RD Web Access]
– Added support to use a filter for the applications shown on start menu, desktop
and application launcher at IGEL Setup
Sessions -> RDP -> Remote Desktop Web Access -> Appearance:
“Apply display filter to start menu entries”, (default: disabled)
“Apply display filter to Application Launcher entries”, (default: disabled)
“Apply display filter to desktop icons”, (default: disabled)

[vWorkspace AppPortal]
– Added support to use a filter for the applications shown on start menu, desktop
and application launcher at IGEL Setup
Sessions -> vWorkspace Client -> vWorkspace AppPortal -> Appearance:
“Apply display filter to start menu entries”, (default: disabled)
“Apply display filter to Application Launcher entries”, (default: disabled)
“Apply display filter to desktop icons”, (default: disabled)

[VMware Horizon]
– Updated VMware Horizon client to version 3.5.0-2999900.
– Added Network Level Authentication (NLA) for RDP based sessions.
If NLA support is switched on, IGEL’s local logon dialog is enabled automatically.
NLA can be enabled at IGEL setup:
Sessions -> Horizon Client Sessions -> <session name> -> Options -> Network Level Authentification
For VMware Horizon Appliance Mode, the configuration as located at:
IGEL Setup: Sessions -> Appliance Mode -> VMware Horizon -> Network Level Authentification
– Added drive mappings, defined at Setup -> Sessions -> RDP -> RDP Global
to be used in PCoIP sessions, too.
[Appliance Modes]
– Added battery level notifications and battery level actions for Appliance Mode setups.

– XenDesktop Appliance:
– Added Quick Settings (located at IGEL Setup->Accessories->Quick Settings) availability
through the defined hotkey
– Changed parameters for the on-screen keyboard:
New parameter in IGEL Setup: Setup -> Sessions -> Appliance Mode -> Citrix XenDesktop
“Enable on-screen keyboard”, (default: disabled)
“Width of on-screen keyboard in pixels”, (default: 0)
“Height of on-screen keyboard in pixels”, (default: 300)
These parameters specify the width and height of the on-screen keyboard if it is enabled
for the Citrix XenDesktop appliance mode. If exactly one of them is greater than 0 the
others will be calculated so that the on-screen keyboard has its preferred aspect ratio.

Removed:
* xen.xenapp-morph.touchscreen.softkeyboard_size (Specify width or height instead)
In order to preserve the old size calculate the height like this:
softkeyboard_h = 2 x (old softkeyboard_size) x (number of key rows on the on-screen keyboard)

New parameter in IGEL Setup for x,y position:
“x coordinate of on-screen keyboard”, (default: 0)
“y coordinate of on-screen keyboard”, (default: 0)
These parameters may now have negative values. It allows to specify the location of
the on-screen keyboard relative to the right and to the bottom of the screen. E.g. setting both to -1
makes the on-screen keyboard appear at the bottom right corner of the screen.

Activating the “Enable on-screen keyboard” parameter is now necessary and sufficient
to make the on-screen keyboard appear.
The activation of a touchscreen driver is not required anymore.

– New on-screen keyboard configuration in VMware Horizon, RHEV/Spice and Imprivata Appliance
at IGEL Setup Sessions -> Appliance Mode:
“Enable on-screen keyboard”, (default: disabled)
“Width of on-screen keyboard in pixels”
“Height of on-screen keyboard in pixels”
“x coordinate of on-screen keyboard”
“y coordinate of on-screen keyboard”
Negativ values of the x,y coordinate are handled in the same way as described for Citrix XenDesktop

In Horizon Applicance Mode an on-screen keyboard is visible only during the logon.
With enabled on-screen keyboard Local Logon is automatically used.

Further configuration of the on-screen keyboard, like whether the function keys, the navigation
keys or the numpad should be visible, has to be set up at Setup -> Accessories -> On-screen keyboard.
[NX client]
– Updated NoMachine NX Client to version 4.6.16
– Added NoMachine NX Client multimonitor support with parameter:
“Multimonitor Fullscreen” at:
Setup -> Sessions -> NX -> NX Sessions -> <session name> -> Unix-Display -> Resolution
[Verde]
– Updated Verde Client to version 8.0
Added new parameters in IGEL Setup:
Setup -> Sessions -> VERDE Sessions -> <session name> -> Connection:
– “Command line mode” (default: false)
– “Desktop name”, (default: empty)
– “Desktop display protocol”, (default: empty)
This will allow to start a Verde session without using the default Verde client.
When “Command line mode” is activated the “Desktop name” and “Desktop display protocol”
parameters are modifiable.

Setup -> Sessions -> VERDE Sessions -> <session name> -> Options ->
“Custom options for Remote Viewer client”, (default: empty)
This will allow to add custom parameters to the remote-viewer client when
executed by Verde.
[Firefox]
– Added multiple startup pages in tabs support.
To do this, seperate the URLs by a pipe symbol “|”. The first page in the list will be the
active page. Note that if the tab panel is hidden, all additional startup pages are ignored.
The startup page can be defined in IGEL setup:
Sessions->Browser->Browser Global->Startuppage and
Sessions->Browser->Browser Sessions-><session name>->Settings->Startuppage
[WiFi]
– Updated Wireless Regulatory database to the latest release.
– Added support for the Wireless LAN Chipset Realtek RTL8188EE.
[Network]
– New parameters added for preventing Network Manager from abandoning device configuration.
By default Network Manager abandons device configuration at some point, when problems occur.
This is usually reasonable but sometimes it is preferable that Network Manager does not give up.
Particularly under these circumstances the new parameters may be beneficial:
* Cisco switch in use
* 802.1X authentication enabled
* network.interfaces.ethernet.deviceX.ieee8021x.secure_only=true
* Reauthentication fails when the switch is power-cycled.
These boolean parameters can be accessed via the registry:
* network.interfaces.ethernet.device0.insistence
* network.interfaces.ethernet.device1.insistence
(default: false)
They refer to the first and second wired device respectively.
The default value false preserves the behaviour of former firmware versions,
i.e. Network Manager is allowed to abandon device configuration.
If the parameter is set to true the device configuration will be retried
until it is successful.
– Added option to convert all host names to upper case by default.
This can be controlled by the new registry key:
network.dns.hostname_conversion
display name: Conversion of Terminal Name
(default: to upper case)
range: none, to upper case, to lower case
[Remote Management]
– Added the option “New Hostname” to the UMS registration tool to set a new hostname
during registration.
You can find the tool at Start Menu -> System -> UMS Registering
[Genucard VPN]
– Added more detailed error and warning messages.
[Open VPN]
– Added DNS and routing parameters to be configurable at:
Setup -> Network -> VPN -> Open VPN -> <connection name> -> IPv4
Here you can decide to use the DNS and/or routing settings you get from
the OpenVPN Server by switching on or of
“Automatic DNS” or “Automatic Routes”, respectively.
You can also specify extra name servers and search domains
and decide whether VPN should be the default route.

– Added routing parameters to be configurable at:
Setup -> Network -> VPN -> Open VPN -> <connection name> -> Route 0/1/2

[Smartcard]
– Added command line tool scardserial to read serial number (UID) of DESFire EV1 smart cards.
– Added support for card reader Elatec TWN4 CCID (09D8:0425).
– Updated PKCS#11 Library Gemalto IDPrime to version 1.2.1:
Added support for the following cards:
– IDPrime MD 840
– IDPrime MD 3840
– IDPrime MD 830 – ICP
– IDPrime MD 3810 – Rev B
– Optelio / Desineo D72
[CUPS Printing]
– Removed application xfprint4-manager for handling of print jobs. It is not supported any more.
[base system]
– Updated Kernel to Ubuntu Trusty version 3.13-67.109
– Added Japanese User Interface translation.
Added three different Japanese input methods (Nippon, Hiragana, Katakana), which can be further
customized in the IGEL Setup at Setup -> User Interface -> Input -> SCIM Input Methods Platform ->
Generic Table -> Table Administration.
– Added Product Id extension “a” when AAC Multimedia Codec is licensed.
– Added “userinterface.keyboard.extraoptions” and “userinterface.keyboard.add_layout%.extraoptions”
parameters to allow additional keyboard options being enabled.
Supported extraoptions are:
* “caps:stickycapslock”
Use “caps:stickycapslock” when you want capslock being released only by pressing and
releasing one of the shift keys but not when capslock is pressed again.
* “caps:stickyshiftlock”
For some keyboard layouts “caps:stickyshiftlock” might affect additional keys that are
not affected by “caps:stickycapslock”.
* “shift:breaks_caps”
Use “shift:breaks_caps” when you want capslock being released when one of the shift keys
is being pressed and released or when capslock is being pressed again.
– Improved the setup page “Setup -> Devices -> Storage Devices -> Storage Hotplug”.
It is not restricted to USB devices anymore.
The reason for this generalization is support for MMC card readers, that are not connected to USB but
directly to the PCI bus. These are also affected by the settings on that setup page.
– Added new parameter to configure the default access permission for mountable volumes on hotplug storage devices:
at Setup -> Devices -> Storage Devices -> Storage Hotplug -> Default permission
Range: Read/Write, Read Only, (default: Read/Write)
For USB devices it is possible to specify exceptions from the default access permission
at Setup -> Devices -> USB access control -> Device Rules -> <rule name> -> Permission
Range: Global Default, Read/Write, Read Only, (default: Global Default)
USB access control must be enabled for this to work.
The exception can be bound to the Vendor/Product ID and UUID of the USB storage device.
– Updated several packages from Ubuntu lucid to current trusty versions
– Updated IGEL Setup to version 5.1.15
[Driver]
– Added support for signotec signature pads. Enable it at
“Setup -> User Interface -> Input -> Signature Pad -> Enable signotec VCOM Daemon”
Then the virtual serial device (/dev/ttyVST0, /dev/ttyVST1) can be mapped via Citrix and
RDP COM Port Mapping.
– Added support for JMicron JMC250 Gigabit Ethernet Controller
– Updated INTEL graphics driver from version 2.99.910 to 2.99.914
– Updated Philips Speech Driver to version 12.3.10:
– Fixed problems with sliding switch of LFH3510:
switching from REC to STOP in some cases was not recognised correctly.
– Updated Grundig Dictation Driver to version 30.07.2015.
– Added Support for SonicMic 3
*** Important ***: not supported anymore: SonicMic I and SoundBox 820
[Shared Workplace]
– Use display switcher settings for shared workplace also, which could be
overruled with a user profile assigned to the logged in user.
[Desktop]
– Added display zoom support to display switcher (use a virtual resolution, higher as
the monitor resolution also known as spanning).
– Added the resolution 1280×1080 at 60Hz and 75Hz for LG29UB55-B in split-screen mode.
Unfortunately, the monitor doesn’t support this resolution, so the picture
may be distorted. As a workaround, you may switch the monitor on/off until
the monitor accepted the resolution.
– Added Screenshot Tool (see Setup -> Accessories -> Screenshot Tool) to take pictures of
the entire screen or an active window.
Added hotkey configuration for:
– Screenshot of active window, default CTRL+ALT+Print, (default: disabled)
– Screenshot of entire screen, default CTRL+SHIFT+Print, (default: disabled)
configurable at Setup -> User Interface -> Hotkeys -> Commands
– Added Taskmanager (see Setup -> Accessories -> Taskmanager) to view running processes,
CPU usage and memory information.

– Added a new category at Setup -> System -> Firmware Customization -> Corporate Design.
Bootsplash, Background Wallpaper and Company Logos for Start Menu and Screen Saver can be
costomized.
– Moved Setup pages from “User Interface->Display->Desktop” to “User Interface->Desktop”
– Updated the XFCE desktop environment to version 4.12.3
– Added parameter “Single Click Mode” at “Setup -> User Interface -> Desktop”
In this mode, icons on the Desktop are activated with a single click instead of the usual
double click. This is recommended when using a touchscreen monitor.
– Added parameter “Auto Hide Behavior” at “Setup -> User Interface -> Desktop -> Taskbar”
to configure the auto hide behavior of the taskbar.
The taskbar autohide feature now has another mode called “Intelligently”, which activates
the taskbar as long as no window occupies space at the taskbar position. If a window is moved
onto the taskbar or if it gets maximized, the taskbar autohide feature is activated automatically.
This autohide mode is used by default. Configure “Auto Hide Behavior” to “Always” if you
want the behaviour of firmware before 5.08.100.
Additionally there are new parameters:
– “Taskbar Show Delay”: to set the delay the mouse has to touch the screen edge
until the taskbar is shown.
– “Taskbar Hide Delay” to set the delay the mouse has to reside outside of the taskbar area to hide the taskbar again.

– Added parameter “Vertical Taskbar Mode” at “User Interface -> Desktop -> Taskbar”
configure the mode of the taskbar if it is aligned to the left or right. The default value
is “Deskbar”. In this mode, the window buttons in the taskbar are displayed as square tiles,
i.e. without the particular text label of the window. Moreover, the title of the start button
(if activated) is represented horizontally. In the “Vertical” mode, the window buttons are
shown together with their text label, written from top to bottom. Equally, the title of the
start button is represented vertically.
– Added parameter “Number of rows/columns in taskbar” at “Setup -> User Interface -> Desktop
-> Taskbar”. Note that the height/width of the taskbar is split equally among the configured
amount of rows/columns. In “Automatic” mode, the number of rows is one if the width/height
of the taskbar is between 1 and 55, two if the width/height is between 56 and 110, three
if the width/height is between 111 and 165, and so on.
default: Automatic
range: Automatic,1,2,3,4,5,6
– Added new page “Taskbar Background” at “Setup -> User Interface -> Desktop” to further
customize the look of the taskbar. The possible values of the taskbar “Background Style” parameter
are System Preset, Solid Color, Color Gradient and Background Image.
The Setup parameter windowmanager.wm0.variables.taskbargradient.solid is not supported anymore.
To set the background of the taskbar to a solid color, please set the “Background Style”
to “Solid Color”.
. Note that if a selected Background Image is smaller than the size of the taskbar, the image will
be repeated in both directions.
– Added new page “Taskbar Items” at “Setup -> User Interface -> Desktop” to configure
the taskbar plugins
– Added disable “Taskbar Clock” at “Setup -> User Interface -> Desktop -> Taskbar Items”
The clock in the taskbar now shows the current date in a tooltip.
– Configure window button list at “Setup -> User Interface -> Desktop -> Taskbar Items”
“Sorting order in window button list”, default: Timestamp
“Maximum number of rows/columns in window button list”, default: Automatic
range: Automatic,1,2,3
“Show labels in window button list”, default: enabled
– Added parameter “Taskbar System Tray” at “Setup -> User Interface -> Desktop -> Taskbar Items”
to enable or disable the system tray.
– Added parameter “Size of icons in System Tray” at “Setup -> User Interface -> Desktop ->
Taskbar Items” to configure the size of the icons in the system tray.
default: Automatic
range: Automatic,Small,Medium,Large
– The following registry keys are not supported anymore and have been removed:
windowmanager.wm0.variables.taskbarfullwidth
windowmanager.wm0.variables.taskbarhandlestyle
windowmanager.wm0.variables.startbuttonmessage
windowmanager.wm0.variables.startmenumoremessage
windowmanager.wm0.variables.smartplacement
windowmanager.wm0.variables.windowlist_showicons
windowmanager.wm0.variables.imagepath
windowmanager.wm0.variables.soundpath
windowmanager.wm0.variables.defaulticon
windowmanager.wm0.variables.defaultshortcuticon
windowmanager.wm0.variables.tooltipdisplaytime
windowmanager.wm0.variables.tooltipdelaytime

– The following registry keys has been fixed and is now working as intended:
windowmanager.wm0.variables.buttonlayout
With this parameter the Button layout in the window titlebar is configured:
O = menu,
T = stick,
| = title,
S = shade,
H = hide,
M = miximize,
C = close
default: |HMC
– The following registry keys have been replaced:
windowmanager.wm0.variables.taskbaractivtrans replaced by:
windowmanager.wm0.variables.taskbaropacity.enter
windowmanager.wm0.variables.taskbartransparency replaced by:
windowmanager.wm0.variables.taskbaropacity.leave
You can now set the transparency level of the taskbar while active/hovered or
inactive/left as percentage value between 0 and 100. Note that this feature needs
a running composite manager. (see Setup -> User Interface -> Display -> Options)

windowmanager.wm0.variables.usewindowlist replaced by:
windowmanager.wm0.variables.usetasklist
You can now completely disable the window button list in the taskbar by
unchecking this parameter.

– The following Setup parameter has been modified:
Removed value [Shade window] from windowmanager.wm0.variables.dblclickaction range.
The “Shade window” action is not supported.

– Added parameter windowmanager.wm0.variables.notifications.opacity to set the transparency
of notifications. This parameter can take values from 0 to 100. A lower value makes the
notifications more transparent. This feature needs a running compositor.
(see Setup -> User Interface -> Display -> Options)

– The content of folders within the advanced start menu now expands as a tree instead of
being displayed in a new subpage.
– Show battery level notifications or run battery level actions:
– as soon as a power plug is unplugged
– in the initial logon screen if kerberos or smartcard logon is enabled
– Upgraded Truetype Fonts: DejaVu and Liberation.
[Multimedia]
– Upgraded Fluendo Gstreamer 0.10 Plugins:
– Fluendo ASF Demuxer 0.10.79
– Fluendo MPEG Demuxer 0.10.85
– Fluendo H264 Video Decoder 0.10.44
– Fluendo WMV Video Decoder 0.10.60
– Fluendo MPEG-4 ASP Video Decoder 0.10.38
– Fluendo MP3 Audio Decoder 0.10.32
– Fluendo WMA Audio Decoder 0.10.59
[Evidian AuthMgr]
– Updated Evidian AuthMgr to version 1.3.5696.
Evidian AuthMgr sessions can be configured at
Setup -> Evidian AuthMgr -> Evidian AuthMgr Sessions

– Changed defaults:
– An Evidian AuthMgr session starts automatically by default now
sessions.rsuserauth<NR>.autostart, (default: enabled)
– No session icon will appear on the desktop by default now
sessions.rsuserauth<NR>.desktop, (default: disabled)
[Hardware]
– Added UDC2 support for:
– Fujitsu Futro S450-2, Futro X913 and Futro X923
– Stone N130 Laptop
– ONYX Healthcare Inc. Venus-222
– Wyse Z90Q7
– ‘System Suspend ‘ whould freeze the Futro X923 and Wyse Z90Q7 under certain
circumstances, so it has been disabled.
[Java]
– Updated Java Runtime Environment to 1.8.0_66.
[2X Client]
– Parallels 2X Client updated to version 14.1.3452
[PowerTerm]
– Updated Ericom PowerTerm 10 version to 10.2.0.0.20150802.1-_dev_-34574
[Firefox]
– Updated Firefox to version 38.4.0 ESR.
– Updated Flash Player download URL to version 11.2.202.548
[Fabulatech]
– Upgraded Fabulatech USB for Remote Desktop to 5.1_20151106
==========================
Resolved Issues:
==========================

[Citrix Receiver 13]
– With Citrix Receiver 13.2.1:
Fixed focus issues with IBM Lotus Notes application
– Fixed “Multi Monitor Fullscreen Mode” and “XenApp/StoreFront Start Monitor”
configuration: With Kerberos Passthrough authentication or after running
the refresh command both parameters were ignored.
[Citrix]
– Citrix StoreFront/XenApp fixes:
– Fixed long startup time when starting the first application
– During refresh command do not start any application automatically. The
auto start applications are handled only during the initial logon.
– Fixed sporadic freezes of the session
– Fixed secure connection problem in Citrix XenDesktop Appliance Mode. This resolves Firefox
rejecting a secure connection with warning ‘ssl_error_unsupported_version’.
– Fixed seamless application windows that did not appear in the taskbar from time to time.
– If you have problems with minimizing/restoring a maximized Firefox application, enable
registry key: ica.wfclient.twisetfocusbeforerestore and use the default Citrix Receiver 13.2.1.
– Fixed auto/restart configuration of Legacy ICA sessions
– Citrix session reconnect now works correctly.
– Fixed typo in default value of hotkey for “Toggle SpeedScreen” in Citrix sessions.
[Imprivata]
– Added parameter imprivata.xen_new_session (xenapp-try-to-launch-new-session).
This parameter enables an internal Imprivata client parameter, which fixes
problems with double-reconnects with XenApp 6.5.
[RDP/IGEL RDP Client 2]
– Fixed sporadic freezes of the session
– Fixed a problem of accessing the smart card after session redirection. Before in some cases a
smart card wasn’t accessible after session was redirected to another server.
– Fixed RD-Gateway functionality. Previously some sessions to a gateway server froze and
were not recoverable.
– Fixed problem which prevented connection to Windows XP VDIs.
– Sporadic small vertical glitches in fast moving PowerPoint presentations fixed.
– Fixed random RDP drawing issue.
– The sent client hostname is now configurable. The used hostname can be selected at:
Setup -> RDP -> RDP Global -> Options -> Client Name (default: empty)
– Fixed Local Logon Window. If all fields except the password field is prefilled and you
enter the password and press RETURN, the session starts immediately.
Before you had to press RETURN twice to start the session.
– Fixed splash screen positioning in multi monitor setups. Now the splash screen should always
be positioned in the center of the monitor, on which the session will appear.
– Fixed RDP clipboard issues. Copying plain text, HTML and bitmaps is supported now.
– Added a new error message to inform the user, that the server requires network authentication but
network authentication is not enabled for the session.
– Fixed password change dialog in a session. The dialog tells you
to press CTRL+ALT+END, but the Windows Server expects CTRL+ALT+DEL. Now you can press
CTRL+ALT+END as mentioned in the Windows dialog, and the client sends CTRL+ALT+DEL.
[RD Web Access]
– Fixed several RDP remote app issues:
– Window drawing issues have been fixed.
– Maximized window handling has been fixed.
– Fullscreen window handling has been fixed.
– Window positioning issues have been fixed
[VMware Horizon]
– Fixed a problem which prevented connection to Windows XP VDIs
– Fixed log file for Horizon View Client not being saved to /var/log/vmware-view/vmviewsessX.debug
if sessions.vdm_client0.options.debug is active.
– Fixed crash which prevented start of VMware Horizon Client in certain cases
– Fixed issues with loging of virtual channels which leads to shortage of memory when the
client runs a long time.
– Fixed bug in starter utility for VMware Horizon Client which resulted in omission of RDP options
in some cases.
– Fixed Local Logon Window. If all fields except the password field is prefilled
and you enter the password and press RETURN, the session starts immediately.
Before you had to press RETURN twice to start the session.
– Removed inoperative registry key vmware.view.savelastlog
[2X Client]
– Parallels 2X Client updated to version 14.1.3452
This version fixes an issue with minimization of Internet Explorer windows.
[PowerTerm]
– Updated Ericom PowerTerm 10 version to 10.2.0.0.20150802.1-_dev_-34574:
Fixed display problem in VT420 emulation concerning character attributes in origin mode.
[X session (Xephyr)]
– Fixed long start delay of XDMCP chooser and wrong background image with
“indirect over localhost” XDMCP method.
– Fixed quit hotkey
[Firefox]
– Fixed Local Browser not being able to play .swf-files.
– Fixed secure connection problem in Citrix XenDesktop Appliance Mode. This resolves Firefox
rejecting a secure connection with warning ‘ssl_error_unsupported_version’.
– Fixed parameter Setup -> Browser -> Browser Sessions -> <session name> -> Hotkeys ->
Disable Hotkeys for Caret Browsing having no effect.
– Fixed flashplayer not installable/updateable while the client is in a firefox-based appliance
mode (i.e. Citrix XenDesktop and RHEV/Spice).
– Fixed browser certificate deployment in cases when an additional browser profile got created
and did not get the already deployed browser certificates.
[Network]
– Fixed client trying to transfer configuration to UMS even though remote management is disabled.
– Fixed bind9 security issues: CVE-2015-5722, CVE-2015-5477, CVE-2015-4620, CVE-2015-1349,
CVE-2014-8500, CVE-2014-0591, CVE-2013-4854, CVE-2012-5689, CVE-2013-2266, CVE-2012-4244,
CVE-2012-5688, CVE-2012-4244, CVE-2012-5166, CVE-2012-3817, CVE-2012-1033, CVE-2012-1667,
CVE-2011-2464, CVE-2011-1910, CVE-2010-3613, CVE-2010-3614 and CVE-2010-3615
– Fixed iputils security issue: CVE-2010-2529
– Fixed xinetd security issue: CVE-2012-0862
– Fixed host name / network name: previously it could happen that the hostname is a fully
qualified domain name. Furthermore now all host names are converted to upper case by default.
This can be controlled by the new registry key:
network.dns.hostname_conversion
display name: Conversion of Terminal Name
(default: to upper case)
range: none, to upper case, to lower case
[Genucard VPN]
– Fixed update second stage problems. No timeout is reached anymore
[Evidian AuthMgr]
– Fixed credential problem with password containing $ (dollar sign, ASCII code 36).
[Smartcard]
– Fixed HP USB Smartcard CCID Keyboard to work with SecMaker Net iD PKCS11 library.
– Fixed smart card PIN input in server side Nexus Personal software with readers without PIN pad,
handled by Open Source CCID driver, e.g. Gemalto PC Twin Reader.
[CUPS Printing]
– Fixed functionality to set the CUPS print job user name to the name of the logged in Active
Directory user name (controlled by parameters print.cups.use_krbuser and print.cups.krbuser_format).
– Fixed printing via TCP/IP USBLP when a Elo Multitouch (USB) or a Elo Singletouch (USB) is connected.
[Desktop]
– Fixed desktop icons with very long labels overlapping adjacent icons.
– Fixed desktop icons and menus not getting refreshed correctly in certain circumstances
– Fixed a rare problem with the background of systray icons, which should now always correspond
to the background of the taskbar.
– Fixed the resize window issue while using ELO serial/USB touchscreens
– Disabled possibility to drag and drop desktop icons onto each other.
[base system]
– Firmware update process and creating of Custom Partition, Custom CI Partition
(Custom Wallpaper or Custom Bootscreen) or Firefox Profile Partition run now exclusively,
to avoid damages in the firmware.
– Fixed sessions not restarting if the restart parameter was switched from deactivated
to activated during runtime.
– Fixed Kerberos configuration in case “Default Domain” parameter is left empty.
– On-screen keyboard fixes:
– A reasonable size is ensured on the lock/login screen
– Visual feedback is reduced (ordinary keys are not highlighted) when shadowing is active.
– Fixed SMB-Mount not mounting share folders if user password contains the comma char “,”.
– Fixed bug: A system booted from USB memory stick crashed when USB access rules were modified.
– Custom wallpapers can now be downloaded over untrusted SSL connections.
– Fixed noise in sound output if the ‘Mic Playback Volume’ and ‘Mic Boost’ are set to
maximal value on the IGEL H830.
– Fixed passthrough authentication failing after changing password.
– Fixed a problem with IGEL on-screen keyboard and ICA/RDP session in full screen.
The Igel on-screen keyboard and taskbar were not visible in a full screen session.
Important: The virtual keyboard in the ICA/RDP full screen session should be activate.
– Fixed firmware update from a USB stick if Active Directory login is active.
– Replaced ntpdate with sntp + wrapper script to speed up time synchronisation.
– Fixed icu security issues: CVE-2015-2632, CVE-2015-4760, CVE-2013-1569, CVE-2013-2383,
CVE-2013-2384, CVE-2013-2419, CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926,
CVE-2014-7940 and CVE-2014-9654
– Fixed hplip security issue: CVE-2015-0839
– Fixed expat security issue: CVE-2015-1283
– Fixed some security issues in freetype (no CVE numbers)
– Fixed gdk-pixbuf security issues: CVE-2015-7673, CVE-2015-767 and CVE-2015-4491
– Fixed nss security issues: CVE-2015-2721 and CVE-2015-2730
– Fixed pcre3 security issues: CVE-2014-8964, CVE-2015-2325, CVE-2015-2326 and CVE-2015-5073
– Fixed net-snmp security issues: CVE-2014-3565 and CVE-2015-5621
– Fixed libvdpau security issues: CVE-2015-5198, CVE-2015-5199 and CVE-2015-5200
– Fixed libwmf security issues: CVE-2015-0848, CVE-2015-4588, CVE-2015-4685 and CVE-2015-4696
– Fixed openssh security issues: CVE-2015-5600 and CVE-2015-5352
– Fixed nvidia-graphic-driver-304 security issue: CVE-2015-5950
– Fixed cups-filter security issues: CVE-2015-3258 and CVE-2015-3279
– Fixed gcc-4.8 security issue: CVE-2014-5044
– Fixed samba security issues: CVE-2015-0240, CVE-2014-8143, CVE-2014-3560, CVE-2014-0178,
CVE-2014-0239, CVE-2014-0244, CVE-2014-3493, CVE-2013-4496, CVE-2013-6442, CVE-2013-4124,
CVE-2013-0172, CVE-2013-0213 and CVE-2013-0214
– Fixed sqlite3 security issues: CVE-2013-7443, CVE-2015-3414 and CVE-2015-3416
– Fixed tiff security issues: CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130,
CVE-2014-9330, CVE-2014-9655, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243 and CVE-2013-4244
– Fixed rpcbind security issue: CVE-2015-7236
– Fixed unzip security issues: CVE-2015-7696, CVE-2015-7697, CVE-2015-1315, CVE-2014-9636,
CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141
– Updated several packages from trusty to current versions
– Fixed handling of failed firmware update from a USB storage.
– Fixed libaudio2 security issues: CVE-2013-4258, CVE-2013-4257 and CVE-2013-4256
– Fixed libexif security issues: CVE-2012-2814, CVE-2012-2840, CVE-2012-2813, CVE-2012-2812,
CVE-2012-2841, CVE-2012-2836 and CVE-2012-2837
– Fixed lzo security issue: CVE-2014-4607
– Fixed bash security issues: CVE-2014-6271, CVE-2014-7169, CVE-2014-7187, CVE-2014-7186,
CVE-2014-6278 and CVE-2014-6277
– Fixed libvte security issues: CVE-2012-2738 and CVE-2012-2738
– Fixed rsyslog security issues: CVE-2014-3634, CVE-2014-3683 and CVE-2011-3200
[Storage Devices]
– Fixed problems with USB storage hotplug after removal of an IGEL smartcard.
[X server]
– Updated INTEL xorg driver from 2.99.910 to 2.99.914
– Fixed some backlight control issues with Intel Notebooks with using intel_backlight
instead of acpi_video0 as backlight control.
The corresponding switch is in the IGEL Registry:
x.drivers.intel.backlight_control
default: “Default” (which uses the INTEL control)
range: Default,INTEL,ACPI
To get back old behaviour switch x.drivers.intel.backlight_control to ACPI.
[Audio]
– Added the following parameter in registry:
multimedia.pulseaudio.daemon.load-module-switch-on-connect (default: true)
This parameter controls if hotplugged USB audio devices will be set as default device.
Disabling the parameter fixes the following problem:
– Dictation with Philips Speech driver can fail with error message
“no audio device available” when a different application is playing audio.
[Multimedia]
– Fixed video redirection of H264 videos in RDP and ICA sessions.
[Printing]
– TCP/IP Print: added DSR output flow control feature to serial port devices. Activate with
parameter “Use DSR Flow Control” on pages: Setup -> Devices -> Printer -> TCP/IP ->COM X
and Setup -> Devices -> Printer -> TCP/IP -> Additional Serial Ports
[Hardware]
– Fixed non working VGA on Futro S700
[Remote Management]
– Fixed visibility of Smartcard, Touchscreen and Dictation related parameters in UMS
– Fixed automatic firmware update that under certain conditions could be invoked while other
settings are being applied and collides with running configuration scripts.
– File transfer mechanism now sends more verbose error messages to UMS.
– Fixed check of the exit status of file transfer between UMS and TC.

Release: IGEL Universal Management Suite 4.09.120

Thursday, August 20th, 2015

Hi Folks,

there is a “new” Universal Management Suite release available, iam sorry for the delay but currently i don’t spend much time into the blog.

 

=====================
IGEL Universal Management Suite
=====================
Version 4.09.120
Release date: 17.07.2015

=====================
Notes
=====================

Windows Server 2003 is no longer supported by the IGEL UMS (Java 8 does not
support Server 2003).

The option to accept UMS server certificate temporary when connecting with
UMS console was removed due to incompatibility with security enhancements.

The linux installer is tested with
– Ubuntu 12.04 (x86, 32bit) and Ubuntu 14.04 (x86, 32bit and 64bit)

For further compatibility information check the Universal Management Suite
data sheet at www.igel.com.

*****************************************************************************
UMS 4.09.120 (stable build based on version 4.09.110)
*****************************************************************************
=====================
New features
=====================
[Configuration Dialog]
– Updated configuration dialog to provide setup pages of upcoming LX
release v5.07.100

=====================
Fixed bugs
=====================
[Console, common]
– Fixed: A bug whereby the user got “SSL error: Unrecognized SSL message,
plaintext connection?” after updating from UMS version 4.01.100 to 4.09.100
(4.09.110) at logon.
– Fixed: Objects could not be renamed from within the content area; renaming
in the management tree worked without problems
[Profiles]
– Fixed: A profile could not be created if the UMS works with a PostgreSQL
database.
– Fixed configuration dialog issue: display page was not displayed if feature
‘Multi monitor support’ was disabled in a profile
[Thin clients]
– Fixed thin client import issue: during thin client import with long format
the fields ‘comment’ and ‘last known ip’ were mixed up
– Fixed profile assignment issue: indirect assigned profiles might have no
effect if there are directories without assignments between thin client and
directory with assignment
[Views]
– Fixed delete view issue: deleting two or more views at once (multi selection)
failed; applied to UMS on oracle and SQL Server database only
[Universal Firmware Update]
– Fixed: Deleting a universal firmware update in the UMS caused the deletion of
the whole WebDav folder. This bug occurs for universal firmware updates
(created by “Snapshot -> Universal Firmware Update”) which are stored directly
in one of the WebDav folder.
[Configuration Dialog]
– Fixed problems with blue colored tree nodes in setup tree.
[Server, common]
– Fixed: ums startup failed after update installations (4.09.100 to 4.09.110)
in rare cases
[Administrator application]
– Fixed administrator application issue: administrator application won’t start
if there is no data source defined

Release: IGEL Universal Desktop LX/OS 5.07.100

Tuesday, August 4th, 2015

IGEL Linux
==========
Version 5.07.100
Release date 2015-07-31
Last update of this document 2015-07-20

Supported devices:
IZ2-RFX, IZ2-HDX, IZ2-HORIZON
IZ3-RFX, IZ3-HDX, IZ3-HORIZON
UD2-LX 40, UD2-LX 31, UD2-LX 30
UD3-LX 42, UD3-LX 41, UD3-LX 40, UD3-LX 31
UD5-LX 50, UD5-LX 40, UD5-LX 30
UD6-LX 51
UD9-LX Touch 31, UD9-LX 30
UD10-LX Touch 10, UD10-LX 10

The online Release Notes can be found at http://edocs.igel.com/index.htm#10203510.htm
Registry Keys of parameters are listed there.

==============
Versions:
==============
Clients:
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.8.0-258
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.0.4.281908
– Citrix Receiver 13.1.4.322630
– Dell vWorkspace Connector for Linux 8.5.0
– Ericom PowerTerm 10.1.0.0.20140313.1-_dev_-31580
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– Evidian AuthMgr 1.3.5664
– FabulaTech USB for Remote Desktop 5.1.0
– Firefox 38.1.0
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– NCP Secure Client (Enterprise) 3.25-rev23310-i686
– Open VPN 2.3.2
– NX Client 4.6.3
– Oracle JRE 1.8.0_51
– Parallels 2X Client 14.1.3414
– Remote Viewer 2.0 for RedHat Enterprise Virtualization Desktops
– Systancia AppliDis 4.0.0.14
– Thinlinc Client 4.4.0-4775
– ThinPrint Client 7.0.65
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon client 3.4.0-2769709
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.3.5

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.93
– PKCS#11 Library Athena IDProtect 623.07
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.3.0.50
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.5
– Reader Driver MUSCLE CCID 1.4.19
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems SDI011 5.0.18
– Reader Driver Identive / SCM Microsystems CCID 5.0.33
– Resource Manager PC/SC Lite 1.8.12

System Components:
– Graphics Driver ATI 7.3.0
– Graphics Driver INTEL 2.99.910
– Graphics Driver VIA 5.76.52.92-151843
– Kernel 3.13.11-ckt20 #54.91-ud-r1292
– Xorg X11 Server 1.15.1
– Xorg Xephyr 1.15.1

==============
Information:
==============

IMPORTANT:
This release integrates three Citrix Receiver versions: 12.1.8, 13.0.4 and 13.1.4.
Only one of these versions can be active at a time.
You can change the Receiver version in IGEL Setup/UMS on page
“Sessions->Citrix XenDesktop / XenApp->Citrix Receiver Selection”
==============
Known issues:
==============

[Citrix]
– It can happen that the window of a published Firefox can get unusable when the window is maximized,
then minimized and maximized again. This can also happen to other applications, too.

[Citrix Receiver 13]
– Randomly seamless application window are displayed twice in a dual monitor setup.

[VMware Horizon]
– Remote Applications are not seamless in the strict sense.
These are rather displayed in an extra window decorated by the TC’s window manager.
– If more applications defined and started in the same session, all are displayed inside this window.
The default size of this window can be defined in the Window section of the Horizon session.
– PCoIP user input language synchronization is currently broken.

[Dell vWorkspace Connector]
– Seamless applications exported from Win8/8.1 desktops show display errors when
dragged to the screen edges.
– With a dual monitor configuration flash redirected windows can appear on wrong screen.
– After the start of a seamless session the window is initially maximized before being
resized to the correct size.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection may not work reliable.
– Session starts only if RDP Local Logon Window
(IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active.

[Genucard VPN]
– Network loss, network reconfiguration or dis- and reconnecting genucard requires session restarts

[Evidian AuthMgr]
– Active Directory users with a password containing special characters may have problems to
authenticate with the configured session.
Known special characters which results in errors are:
$ (dollar sign, ASCII code 36)
` (grave accent, ASCII code 96)
ยด (acute accent, ASCII code 239)

[Universal MultiDisplay]
– X-Sessions don’t work with UMD currently.
– Java TC Setup can show display corruptions.

==============
IGEL Linux 5.07.100
==============
New Features:
==============

[Citrix]
– Updated Citrix Receiver 13.1 to new version 13.1.4.322630
– Added a host name length check: If a host name has more than 20 characters it might cause problems under
some server configurations, therefore StoreFront/XenApp Login displays a warning notification.
Registry key:
“Check hostname length” ica.pnlogin.check_hostname (default: enabled / disabled).
– Upgraded Citrix Lync RTME to 1.8.0-258. The new version supports both Lync 2010 Client and
Lync 2013 Client in a virtual desktop or a seamless application.
– StoreFront/XenApp Login uses predefined user and domain also without autologon function.
– Improved the visual feedback of starting Citrix sessions with the browser. Now there will be displayed a popup notification
with application name.

[RDP/IGEL RDP Client 2]
– Added RD Web Access server e-mail discovery. Configurable at:
“IGEL Setup->Sessions->RDP->Remote Desktop Web Access->Server”
By setting “Server configuration” to “Ask user”, the user gets a dialog
either to enter his e-mail for e-mail discovery or to enter the hole Server URL to the Web Access Server.
– Added MultiPoint Server support as an IGEL appliance mode.
The appliance can be enabled at:
IGEL Setup->Sessions->Appliance Mode
Set the “Appliance mode” to “RDP MultiPoint Server”. The server will be automatically detected.
A target server could be predefined by “Connect to server once it has been found” parameter.
If this server has been found, a RDP connection will be established immediately.
– Implemented support for Hardware Video Acceleration in RDP-EVOR Video Redirection.

[VMware Horizon]
– Update VMware Horizon client to version 3.4.0-2769709
– Added Local Logon for Horizon Sessions:
IGEL Setup->Sessions->Horizion Client->Horizont Client Global->Local Logon
Registry keys: vmware.login.*
This new feature allows customization of the login mask for VMWare Horizon Sessions, predefinition of the
user, password and/or domain field and storing of the last login credentials.
Moreover, the new local logon can be used for both, session and appliance mode.
Additional possibilities of customization (i.e. height/width of login mask, custom logo, custom title) can be
found in the registry under: vmware.login.*

[2X Client]
– Updated 2X Client to Parallels 2X Client 14.1.3414
Added new “RemoteFX” option
IGEL Setup->Sessions->Parallels 2X Client->Parallels 2X Sessions->[session name]->Experience
Registry key: sessions.twox<NR>.experience.remotefx (defaut: enabled / disabled)

[NX client]
– Updated NoMachine NX Client to version 4.6.3

[ThinLinc]
– Updated ThinLinc client to version 4.4.0-4775
– Added Multi Monitor configuration with parameter “Full screen all monitor”:
IGEL Setup->Sessions->ThinLinc->ThinLinc Global->Window
thinlinc.full_screen_all_monitors; default: enabled / disabled
IGEL Setup->Sessions->ThinLinc->ThinLinc Sessions->[session name]->Window
sessions.thinlinc<NR>.config.full_screen_all_monitors; default: enabled / disabled

[Firefox]
– Updated Firefox to version 38.1.0 ESR
– Updated Flash Player download URL to version 11.2.202.491
– Added possibility to preset proxy connection for Browser Session with username, password and realm
IGEL Setup->Sessions->Browser->Browser Global->Proxy:
“Proxy Realm” browserglobal.app.conv_proxy_preset_cred.realm
“Username” browserglobal.app.conv_proxy_preset_cred.username
“Password” browserglobal.app.conv_proxy_preset_cred.crypt_password

– Added parameters to change the behaviour of URL bar suggestions:
IGEL Setup->Sessions->Browser->Browser Global->Privacy:
“Suggest visited sites in URL bar” browserglobal.app.browser_urlbar_suggest_history; default: enabled / disabled
“Suggest only typed visited sites” browserglobal.app.browser_urlbar_suggest_history_onlyTyped; default: disabled / enabled
“Suggest bookmarked sites in URL bar” browserglobal.app.browser_urlbar_suggest_bookmark; default: enabled / disabled
“Suggest open pages in URL bar” browserglobal.app.browser_urlbar_suggest_openpage; default: enabled / disabled

IGEL Setup->Sessions->Browser->[session name]->Privacy:
“Suggest visited sites in URL bar” sessions.browser<NR>.app.browser_urlbar_suggest_history; default: Global Setting;
range: Global Setting, disabled, enabled
“Suggest only typed visited sites” sessions.browser<NR>.app.browser_urlbar_suggest_history_onlyTyped; default: Global Setting;
range: Global Setting, disabled, enabled
“Suggest bookmarked sites in URL bar” sessions.browser<NR>.app.browser_urlbar_suggest_bookmark; default: Global Setting;
range: Global Setting, disabled, enabled
“Suggest open pages in URL bar” sessions.browser<NR>.app.browser_urlbar_suggest_openpage; default: Global Setting;
range: Global Setting, disabled, enabled

– Added parameter to enable built-in tracking protection:
Enable built-in tracking protectionIGEL Setup->Sessions->Browser->Browser Global->Privacy
“Enable built-in tracking protection” browserglobal.app.privacy_trackingprotection; default: enabled / disabled

IGEL Setup->Sessions->Browser->[session name]->Privacy
“Enable built-in tracking protection” sessions.browser<NR>.app.privacy_trackingprotection; default: Global Setting; range: Global Setting, enabled, disabled

– Added Italian and Japanese Firefox UI translation
– Added Italian dictionary for spell checking
– Renamed Setup->Sessions->Browser->[session name]->Toolbars to
Setup->Sessions->Browser->[session name]->Menus & Toolbars
– Integrated Setup->Sessions->Browser->[session name]->Toolbar Items and Setup->Sessions->Browser->[session name]->Toolbarconfig
into Setup->Sessions->Browser->[session name]->Menus & Toolbars
– Added the following buttons to the list of configurable toolbar elements:
IGEL Setup->Sessions->Browser->[session name]->Menus & Toolbars
“Navigation Toolbar” and “Application Menu”
New elements: social-share-button, loop-button, panic-button,
new-window-button, fullscreen-button, tabview-button, web-apps-button
Note that the webrtc-status-button has been replaced by loop-button!

– Added parameter “Enable Firefox Hello”
Registry: browserglobal.app.loop_enabled; default: disabled / enabled
– Added parameter “Enable Reader Mode”
Registry: browserglobal.app.readermode_enabled; default: disabled / enabled
– Added parameter “Enable Social Integration”
Registry: browserglobal.app.social_enabled; default: disabled / enabled
– Added parameter “Enable Firefox Heartbeat”
Registry: browserglobal.app.heartbeat_enabled; default: disabled / enabled

– Added parameter “Disable navigation elements in context menu”
IGEL Setup->Sessions->Browser->[session name]->Context
Registry: sessions.browser<NR>.app.disable_contextnavigation; default: disabled / enabled

– Added parameter “Use old searchbar” to enable the old searchbar prior to Firefox 38 ESR
IGEL Setup->Sessions->Browser->Browser Global->Advanced
Registry: browserglobal.app.oldsearchbar; default: disabled / enabled
IGEL Setup->Sessions->Browser->[session name]->Advanced
Registry sessions.browser<NR>.app.oldsearchbar; default: Global Setting; Range: Global Setting, enabled, disabled

– Added parameter “Disable GStreamer in Browser”
IGEL Setup->Sessions->Browser->Browser Global->Advanced
Registry: browserglobal.app.disablegstreamer; default: disabled / enabled
IGEL Setup->Sessions->Browser->[session name]->Advanced
Registry sessions.browser<NR>.app.disablegstreamer; default: Global Setting; Range: Global Setting, enabled, disabled

– Added parameter “Disable OpenGL acceleration” to IGEL Setup->Sessions->Browser->Browser Global->Advanced page

– Moved parameter “Languages for Web Pages” from
IGEL Setup->Sessions->Browser->Browser Global->Advanced to IGEL Setup->Sessions->Browser->Browser Global->Content
and from IGEL Setup->Sessions->Browser->[session name]->Advanced to IGEL Setup->Sessions->Browser->[session name]->Content, respectively.

[Network]
– Added NCP VPN Support again:
Upgraded NCP Enterprise VPN Client to version 3.25-rev23310.
– Added support for DHCP provided NTP servers.
Enable use of DHCP provided NTP servers: system.time.ntp_use_dhcp_timeservers, default: enabled
– Upgraded WPA Supplicant to version 2.1
– Upgraded Network-Manager to version 0.9.8.8
– Added possibility to set private key file for TSIG based DDNS Registration.
Setup->Network->LAN Interfaces->Key file for additional DNS authentication
– New IPv6 parameter “IPv6-Configuration” added at
IGEL Setup->Network->LAN Interfaces->Interface1
IGEL Setup->Network->LAN Interfaces->Interface2
IGEL Setup->Network->LAN Interfaces->Wireless
New registry keys:
network.interfaces.ethernet.device0.ipv6_configuration
network.interfaces.ethernet.device1.ipv6_configuration
network.interfaces.wirelesslan.device0.ipv6_configuration
Range: Compatibility mode, Disabled, Automatic, DHCPv6
Default: Compatibility mode
These specify the type of IPv6 configuration for the first and second ethernet device and the WiFi device respectively.
– “Compatibility mode” is equivalent to the behaviour of former versions of the firmware.
NetworkManager ignores the device, but the kernel does some basic configuration, particularly it assigns
a link-local address to the device.
– When “Disabled” is selected IPv6 is disabled completely.
– In the case of “Automatic” the device tries to perform an IPv6 stateless or stateful autoconfiguration
based on router advertisements. Depending on the router advertisements this involves DHCPv6 (see RFC 4861).
– “DHCPv6” is offered as an option, because it is supported by NetworkManager.
It might be used when a DHCPv6 server is available but no router advertisements. Routing has to be
configured by other means then. In practise “automatic” will normally be preferable.
In all cases IPv4 is configured in the usual way.

New registry keys:
network.interfaces.ethernet.device0.dual_stack_timeout
network.interfaces.ethernet.device1.dual_stack_timeout
network.interfaces.wirelesslan.device0.dual_stack_timeout
Type: integer
Default: 15
In the case where “IPv6-Configuration” is set to “Automatic” or “DHCPv6” this is the time in seconds that will be
waited for the other configuration, IPv4 or IPv6, to complete after the first one is done (before running the
scripts that depend on the network being up).

NOTE:
IGEL devices so far cannot communicate with the UMS via IPv6.
Therefore the major application scenario for IPv6 is the following:
– Devices still receive their IPv4 configuration and potentially IGEL-specific
DHCP options from a DHCPv4 server.
– The major part of the settings is received from the UMS via IPv4.
– Currently just the default options are requested from the DHCPv6 server.
So this is limited to receiving the IPv6 address, nameservers and the
DNS search list.
– Regarding DNS only IPv6 nameserver addresses should be delivered (in router
advertisements or DHCPv6 options). The resolver should be able to use those
for retrieving AAAA records and also A records if need be.
– Where clients and servers are prepared to use IPv6 they then will do so.
Examples: An NTP-server (“System->Time and date->NTP time server”) can be
specified as an IPv6 address or a name for which the DNS has only
an AAAA record available. Similarly in a web-browser session IPv6 will be
used when the DNS has AAAA records available for servers.

– Added configuration parameters for handling old IPv4 DHCP leases, when there is no answer from any DHCP server:
network.interfaces.ethernet.device0.dhcp_timeout_lease_handling
network.interfaces.ethernet.device1.dhcp_timeout_lease_handling
network.interfaces.wirelesslan.device0.dhcp_timeout_lease_handling
These specify the behaviour for the first and second ethernet device and the WiFi device respectively.
Range: Reject all old leases, Check leases, Accept any old lease; default: Reject all old leases
“Reject all old leases” is equivalent to the behaviour of former Linux5 systems and means that no old leases are used.
In the case of “Check leases” an old lease is considered ok if the first router answers to a ping.
“Accept any old lease” blindly accepts the first old lease offered by the DHCP client. This is dangerous and it is
reasonable only under extraordinary circumstances.

[WiFi]
– Added configuration for BSSID (MAC address) of a certain Access Point to associate with it. If the BSSID is configured,
then the WPA supplicant is restricted to associate only with this Access Point. The BSSID parameter can be set to the
string value “bestsignal”, then the BSSID of the Access Point with the best signal level is selected. The detection of
the Access Point providing best signal level is executed once during network configuration. The parameters are accessible
only by Registry in IGEL Setup:
For the first configured SSID:
“BSSID” network.interfaces.wirelesslan.device0.bssid (default: not set)
For additional SSIDs:
“BSSID” network.interfaces.wirelesslan.device0.alt_ssid<NR>.bssid (default: not set)
NOTE: Detection of the AP providing best signal level isn’t supported for VIA VNT VT6656.

[Genucard VPN]
– Added change of smartcard PIN
– Added support to rekey genucard
– Added key file extensions .key and .KEY for machine authentication private keys, to bind the Genucard
to a specific thin client.
– Added more detailed error messages
– Added logging mechanism in UI
– Updated Look & Feel

[Open VPN]
– Added Open VPN client support version 2.3.2
– Added new VPN session type OpenVPN at:
IGEL Setup->Network->VPN->Open VPN
Registry keys:
sessions.openvpn<NR>.*
For autostart:
“Enable Autostart During Boot” network.interfaces.openvpn.autostart_enabled (default: disabled / enabled)
“Autostart Session ID” network.interfaces.openvpn.autostart_session_id (default: not set)
– Supported are Open VPN client sessions using different authentication modes
– TLS
– Username/password
– Static key
Accordingly deployment (using eg. UMS or USB storage) of TLS certificate(s) onto the TC is needed.
Default directory for persistent storage of certificates is /wfs/OpenVPN.

[Smartcard]
– Added driver for smartcard reader SCM Microsystems SDI011 Contactless Reader with USB Id 0x04E6:0x512B
– Updated Identive/SCM Microsystems smartcard reader driver scmccid to version 5.0.33.
New supported readers:
USB Id Name
0x04E6:0x5816 SCT3512 Token
0x04E6:0x5817 SCT3522CC Token
0x04E6:0x581A SCT3522DI Token
0x04E6:0x5724 CLOUD 4701 F Smart Card Reader
0x04E6:0x5790 CLOUD 3700 F Contactless Reader
0x04E6:0x5791 CLOUD 3701 F Contactless Reader
0x04E6:0x5713 uTrust 2980 F Smart Card Reader
– Updated open source CCID smart card reader driver to version 1.4.19.
The following readers are newly supported:

USB Vend. USB Prod. Name
0x03EB 0x9324 IIT E.Key Almaz-1C
0x03F0 0x1024 Hewlett-Packard Company HP USB Smart Card Keyboard
0x03F0 0x104A Hewlett Packard HP USB Smartcard CCID Keyboard
0x03F0 0x581D Hewlett-Packard HP lt4112 Gobi 4G Module
0x0403 0xC587 SecuTech SecuTech Token
0x0424 0x1104 Microchip SEC1110
0x0424 0x1202 Microchip SEC1210
0x046A 0x00A1 Cherry KC 1000 SC
0x046A 0x00A2 Cherry KC 1000 SC/DI
0x046A 0x00A4 Cherry KC 1000 SC Z
0x046A 0x00A5 Cherry KC 1000 SC/DI Z
0x04E6 0x5291 SCM Microsystems Inc. SCL010 Contactless Reader
0x04F2 0x0967 Chicony USB Smart Card Keyboard
0x058F 0x9522 Alcor Micro AU9522
0x062D 0x0001 THRC Smart Card Reader
0x076B 0x5400 HID Global veriCLASS Reader
0x076B 0x5427 HID OMNIKEY 5427 CK
0x079B 0x0026 Morpho MSO350/MSO351 Fingerprint Sensor & SmartCard Reader
0x079B 0x0052 Morpho MSO1350 Fingerprint Sensor & SmartCard Reader
0x08AE 0x0BDF Macally NFC CCID eNetPad
0x08E6 0x34C5 Gemalto Ezio Shield Branch Reader
0x08E6 0x8141 Gemalto IDBridge K3000
0x096E 0x0603 PIVKey T800
0x096E 0x0608 Feitian 502-CL
0x096E 0x060D Feitian R502
0x096E 0x061A Feitian bR301
0x096E 0x080F Feitian eJAVA Token
0x09D8 0x0427 Elatec TWN4 SmartCard NFC
0x0A5C 0x5804 Broadcom Corp 5880
0x0A89 0x0080 Aktiv PINPad Ex
0x0A89 0x0081 Aktiv PINPad In
0x0BF8 0x1005 Fujitsu Siemens Computers SmartCard Keyboard USB 2A
0x0BF8 0x1006 Fujitsu Siemens Computers SmartCard USB 2A
0x0BF8 0x1022 FujitsuTechnologySolutions GmbH Keyboard KB100 SCR
0x0BF8 0x1023 FujitsuTechnologySolutions GmbH Keyboard KB100 SCR eSIG
0x0C4B 0x0504 REINER SCT cyberJack go
0x0C4B 0x0520 REINER SCT tanJack Bluetooth
0x0CA6 0x00A0 CASTLES EZCCID Smart Card Reader
0x0D46 0x301D KOBIL Systems IDToken
0x0DB5 0x0138 Access IS ePassport Reader
0x0F14 0x003D Ingenico WITEO USB Smart Card Reader
0x0F1A 0x0002 GIS Ltd SmartMouse USB
0x1050 0x0111 Yubico Yubikey NEO OTP+CCID
0x1050 0x0112 Yubico Yubikey NEO CCID
0x1050 0x0115 Yubico Yubikey NEO U2F+CCID
0x1050 0x0116 Yubico Yubikey NEO OTP+U2F+CCID
0x1059 0x0017 Giesecke & Devrient GmbH StarSign Crypto USB Token
0x15CF 0x0019 Avtor SecureToken
0x15CF 0x001D Avtor SC Reader 371
0x163C 0x0407 Watchdata USB Key
0x163C 0x0A03 Watchdata W5181
0x17EF 0x6007 Lenovo Lenovo USB Smartcard Keyboard
0x17EF 0x6055 Lenovo Lenovo USB Smartcard Keyboard
0x1862 0x0000 Teridian Semiconductors TSC12xxFV.09
0x1A44 0x0101 VASCO DIGIPASS KEY 101
0x1A44 0x0120 VASCO DIGIPASS KEY 202
0x1A44 0x0122 VASCO DIGIPASS KEY 202
0x1C34 0x8141 SpringCard NFC’Roll
0x1C34 0x91B1 SpringCard H663 Series
0x1C34 0xA1A1 SpringCard H512 Series
0x1DB2 0x088B DUALi DRAGON NFC READER
0x1FC9 0x010B NXP PR533
0x1FFA 0x000C Identive Technologies Multi-ISO HF Reader – USB
0x2021 0x0001 AK910 CKey
0x2021 0x0011 AK910 CKey
0x2021 0x0101 AK910 IDONE
0x20A0 0x4108 Crypto Stick Crypto Stick v1.4
0x20A0 0x4109 German Privacy Foundation Crypto Stick v2.0
0x20A0 0x4211 Free Software Initiative of Japan Gnuk Token
0x21AB 0x0010 Planeta RC700-NFC CCID
0x2406 0x6200 IID AT90S064 CCID READER
0x2406 0x6300 Inside Secure VaultIC 420 Smart Object
0x2406 0x6301 Inside Secure VaultIC 440 Smart Object
0x2406 0x6302 Inside Secure VaultIC 460 Smart Object
0x2406 0x6303 INSIDE Secure VaultIC 405 Smart Object
0x2406 0x6305 INSIDE Secure VaultIC 441 Smart Object
0x2406 0x6403 Inside Secure AT90SCR100
0x2406 0x6404 Inside Secure AT90SCR050
0x2406 0x6407 Inside Secure AT90SCR200
0x24A2 0x0102 SafeTech SafeTouch
0x257B 0xD205 eID_R6 001 X8
0x25DD 0x1101 Bit4id miniLector-s
0x25DD 0x1201 Bit4id cryptokey
0x25DD 0x2221 Bit4id iAM
0x25DD 0x2321 Bit4id CKey4
0x25DD 0x3111 Bit4id miniLector
0x2A17 0x0001 udea MILKO V1.
0x8829 0xCCB2 CCB eSafeLD

– Added functionality to execute commands when smartcards are inserted and removed.
The following parameters are added:
“Enable Smartcard Insert and Removal Actions” scard.scwatchd.enable (default: disabled / enabled)
“Smartcard Insert Action” scard.scwatchd.insert_action (default: not set)
command which is executed when smartcard is inserted
“Smartcard Removal Action” scard.scwatchd.removal_action (default: not set)
command which is executed when smartcard is removed

[Driver]
– Updated Philips Dictation Driver to version 12.3.5

[base system]
– Updated Fabulatech USB for Remote Desktop to version 5.1.0
– Updated Kernel to Ubuntu Trusty version 3.13-54.91
– Added Italian GUI translation.
– Added Spanish GUI translation.
– Updated TC Setup to version 4.9.13
– Reworked Power Options:
– Added new XFCE Power Manager daemon 1.4.3
– Added new battery tray icon with:
– new battery information dialog
– new brightness adjustment
– new “Presentation mode” activation, which disables DPMS and screen saver
– more reliable remaining charge and discharge time information
– Renamed IGEL Setup->System->Energy to IGEL Setup->System->Power Options
– System Suspend and CPU Power Plan options now on IGEL Setup->System->Power Options->System
– Battery options now on IGEL Setup->System->Power Options->Battery:
Removed tray icon parameters from setup page, because they are not supported anymore
by the new battery tray icon:
“Display power” windowmanager.wm0.variables.battery_indicator.display_power
“Display percentage in tooltip” windowmanager.wm0.variables.battery_indicator.tooltip_display_percentage
“Display time in tooltip” windowmanager.wm0.variables.battery_indicator.tooltip_display_time

– DPMS options at IGEL Setup->System->Power Options->Display and
IGEL Setup->User Interface->Display->Power Options: It’s possible now
to set different timeout values for battery and AC mode.
“Standby Time” (Plugged in) x.xserver0.standbytime, default: 10 Minutes
“Standby Time” (On battery) x.xserver0.standbytime_bat, default: 6 Minutes
“Suspend Time” (Plugged in) x.xserver0.suspendtime, default: 12 Minutes
“Suspend Time” (On battery) x.xserver0.suspendtime_bat, default: 8 Minutes
“Off Time” (Plugged in) x.xserver0.offtime, default: 15 Minutes
“Off Time” (On battery) x.xserver0.offtime_bat, default: 10 Minutes
From now on only certain timeout values can be set with a drop down box:
Range: Never, 1 Minute, 2 Minutes, 3 Minutes, 4 Minutes, 5 Minutes
6 Minutes, 8 Minutes, 10 Minutes, 12 Minutes
15 Minutes, 20 Minutes, 25 Minutes, 30 Minutes, 45 Minutes
1 Hour, 2 Hours, 3 Hours, 4 Hours, 5 Hours

– New display brightness configuration at IGEL Setup->System->Power Options->Display and
IGEL Setup->User Interface->Display->Power Options for battery and AC mode:
The display brightness can be automatically reduced after a configured idle time.
“Reduce after” (Plugged in) x.xserver0.brightness_on_ac; default: 9 (Never)
Range: 10 – 120 seconds, value 9 is never
“Reduce after” (On battery) x.xserver0.brightness_on_battery; default: 9 (Never)
Range: 10 – 120 seconds, value 9 is never
“On inactivity reduce to” (Plugged in) x.xserver0.brightness_level_ac; default: 80%
Value of the display brightness: 1% – 100%
“On inactivity reduce to” (On battery) x.xserver0.brightness_level_bat; default: 20%
Value of the display brightness: 1% – 100%

– Shutdown options now on IGEL Setup->System->Power Options->Shutdown

[Desktop]
– Added the possibility to define the sorting order of the buttons for application windows in the taskbar. The new
parameter is called “windowmanager.wm0.variables.tasklist_sort_order”. By default the buttons are sorted by
timestamp, just like in previous firmwares. Other sorting types like drag ‘n’ drop, sorting by window title and
grouping are available now.
– Added possibility to store custom files, e.g. documents, pictures or videos on the Desktop. In order to do this,
distribute the respective files via UMS to the location /wfs/user/Desktop on the thin client.
After the next reboot, these files can be accessed through the Desktop. The supported file types and
their associated software can be looked up at: http://edocs.igel.com/index.htm#10203086.htm

[VNC Viewer]
– Added the ability to specify the color depth, which is useful for slow connections:
IGEL Setup->Sessions->VNC Viewer Sessions->[session name]->Misc
“Color Level” sessions.vncviewer<NR>.option.color_depth; default: Default
Range: Default, Very Low (8 colors), Low (64 colors), Medium (256 colors)
Note: With “Default” setting the highest possible color depth is used.

[Evidian AuthMgr]
– Updated Evidian AuthMgr to version 1.3.5664.
Evidian AuthMgr sessions can be configured at
IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Sessions
Registry keys: sessions.rsuserauth<NR>.*
Setup page IGEL Setup->Evidian was renamed to IGEL Setup->Evidian AuthMgr
– Added IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Global and
IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Sessions
setup sections

– Changed defaults:
– An Evidian AuthMgr session starts automatically by default now
sessions.rsuserauth<NR>.autostart, default: enabled / disabled
– No session icon will appear on the desktop by default now
sessions.rsuserauth<NR>.desktop, default: disabled / enabled

– Added support for HTTPS connections
A CA certificate must be configured at
IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Sessions->Evidian AuthMgr Session->Connections
Registry key:
“CA Certificate” sessions.rsuserauth<NR>.parameters.cacert_path, default: not set
– Integrated Restart session to restart all running Evidian AuthMgr sessions.
Restart session can be configured at
IGEL Setup->Evidian AuthMgr->Evidian AuthMgr Global
registry keys: session.rsuserauthrestart0.*
– Added a new parameter to enable the usage of an Evidian Authentication configuration file and
a parameter to define the path to that configuration file.
The feature is not supported by IGEL, but provides the possiblity
to use an Evidian pkcs#11 library via custom partition.
registry keys:
“Use Smartcard Authentication configuration file” sessions.rsuserauth<NR>.parameters.authconf, default: disabled
“Smartcard Authentication configuration file” sessions.rsuserauth<NR>.parameters.authconf_path,
default: /etc/rsUserAuth/authConf.txt
[Java]
– Updated Java Runtime Environment to 1.8.0_51
– see http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
for a detailed list of fixed issues.

[PowerTerm]
– Updated Ericom PowerTerm InterConnect LTC to version 10.1.0.0.20140313.1-_dev_-31580.

[VoIP]
– Added configuration of some video settings for VoIP client Ekiga. In the Registry the following parameters can be set:
“Maximum video bitrate (in kbits/s)” voip.ekiga.codecs.video.maximum_video_tx_bitrate
default: 64; valid range: 16 – 10240

“Video Codecs” voip.ekiga.codecs.video.media_list, default: [theora*90000*0*SIP*1,h261*90000*0*H.323 SIP*1]
Note: Prioritized list of “theora*90000*0*SIP*1” and “h261*90000*0*H.323 SIP*1” codecs, separated by “,” and
enclosed by “[” and “]”

“Picture Quality – Frame Rate Tradeoff” voip.ekiga.codecs.video.temporal_spatial_tradeoff, default: 31
valid range: 0(maximum quality) – 31(maximum frame rate)

“Video Input Device” voip.ekiga.devices.video.input_device, default: Default
Range: Default, Moving Logo (Moving Logo/Moving Logo)
Note: it’s possible to enter other input devices

“Video Size” voip.ekiga.devices.video.size, default: 176×144
Range: 176×144,320×240,352×288,640×480,704×576
Note: it’s possible to enter a custom size

==============
Resolved issues:
==============

[Citrix]
– Fixed refreshing of Citrix StoreFront/XenApp sessions
– Added windowmanager.tweaks.SKIP_NAMELESS_ICA_WINDOWS registry key to skip
ICA seamless windows that have an empty name.
This is to avoid an issue with drop-down boxes in Lotus Notes and potentially in other applications.
– Fixed a focus problem in the IBM/Lotus Notes email search dialog.
Added windowmanager.tweaks.dont_focus_transient_ica_windows registry key for that.
– Removed windowmanager.tweaks.SKIP_WM_FLAG_INPUT_WINDOWS from the settings and from the window manager binary.
[Citrix Receiver 13]
– Fixes with Citrix Receiver 13.1.4:
– Fixed fullscreen sessions with dual screen configurations, if the session window is restricted to one monitor.
– Fixed systray icons: menu from puplished applications lead to a session disconnect.
– Fixed sticky windows keys in Citrix sessions.
– Fixed session disconnects when transferring data continuously
through the Citrix Generic USB or Client drive redirection.

[RDP/IGEL RDP Client 2]
– Fixed session termination on System suspend or after changes in Setup.
– Fixed wrong authentication failed messages if round robin and local logon with network authentication (NTLM) are used.
– Fixed NLA authentication.
– Fixed serial port redirection: implemented DSR handshaking output flow control preventing data loss.
– Fixed application start mechanism. Now you can use the “start application after login” feature again.
– Fixed log on with SafeNet smart card or token.
– Fixed using different gateway credentials if local logon is enabled.
– Fixed reading smart cards with Cherry G80-1502 keyboard integrated serial reader via RDP with COM Port Redirection.

[RD Web Access]
– Fixed drop down lists in Microsoft Dynamics in RDP remote app sessions.

[VMware Horizon]
– Fixed RDP connection problems to Windows XP machines
– Fixed serial port redirection: implemented DSR handshaking output flow control preventing data loss.

[PowerTerm]
– Updated Ericom PowerTerm InterConnect LTC to version 10.1.0.0.20140313.1-_dev_-31580: With this version
the PowerTerm fonts are working again.

[2X Client]
– Fixed the maximize and minimize issue of published application window in multi monitor configuration

[Firefox]
– Added parameter to completely disable the mozplugger plugin in Firefox.
Registry: browser_plugin.mozplugger.disable; default: disabled / enabled
With disabled mozplugger the display of certain documents can be fixed. (PDF, DVI, PS)
– Fixed App Menu button not being hidden if either sessions.browser<NR>.app.main_menubar_hidden or
sessions.browser<NR>.app.use_menubar is active
– Fixed Bookmarks Menu not being hidden in the App Menu and Toolbar if sessions.browser<NR>.app.bookmmenu_hidden is active
– Fixed Home Button not being hidden in the App Menu if sessions.browser<NR>.app.home_button_hidden is active
– Fixed Print Button not being hidden in the App Menu if sessions.browser<NR>.app.print_button_hidden is active
– Fixed Developer Tools button not being hidden in the App Menu if sessions.browser<NR>.app.tools_hidden is active

[Network]
– Fixed deadlock in PPTP VPN which occurs on some devices while a VPN connection is being configurated.
– Upgraded NCP Enterprise VPN Client to version 3.25-rev23310: This version fixes problem leading to system freeze in 5.05.100.
– In connection with 802.1X/WPA Enterprise authentication RSA private key files can now be used unencrypted.
The private key password has to be empty then. PKCS12 files are not affected by the change.
– Improved CA certificate fingerprint check in connection with SCEP. The CA certificate is checked after receiving it and
it is discarded if it fails the test. The check is not done, if the fingerprint in the setup is left empty.
– Fixed SCEP CA Identifier usage. The CA identifier (option -i) is now passed to sscep’s getca method (only).
– If SCEP data shall be used for 802.1X autentication with Ethernet device ethX and the client certificate is
still missing, there is now another attempt at configuring the device without authentication. This depends on
network.interfaces.ethernet.deviceX.ieee8021x.secure_only ,default: disabled
– Improved reaction to changes in SCEP settings.
If there are changes in IGEL Setup->Network->SCEP Client->Certificate any old client private key and
client certificate are discarded.
Changes in Network->SCEP Client->Certification Authority result in a complete reset, i.e. any old CA and RA certificates
as well as any old client certificate and client private key are discarded.

[Imprivata]
– Fixed Imprivata Appliance with Citrix Receiver 13.1 connections.

[Smartcard]
– Fixed Smartcard Reader detection after suspend, in appliance mode.
– Fixed hanging AD / Kerberos Logon: when log on with A.E.T. SafeSign smart card was active, the log on screen
sporadically was freezing. This was occurring only with IGEL UD3-LX 41 and IGEL UD3-LX 42 so far.

[CUPS Printing]
– Fixed not working hpijs printer filter.
– Fixed printing of files with filename which contains special chars (like umlaut or other language specific characters)
via LPD print

[base system]
– Fixed serial port redirection: implemented DSR handshaking output flow control preventing data loss.
– Fixed curl security issues: CVE-2015-3143, CVE-2015-3145 and CVE-2015-3148
– Fixed gstreamer0.10-plugins-bad security issues: CVE-2015-0797
– Fixed CVE-2013-7439 security issue in libxext, libxfixes, libxi and libxrender
– Fixed mime-support security issue: CVE-2014-7209
– Fixed ntpdate security issues: CVE-2015-1798 and CVE-2015-1799
– Fixed nvidia-graphic-drivers-304 security issues: CVE-2014-8091, CVE-2014-8098 and CVE-2014-8298
– Fixed ppp security issues: CVE-2014-3158 and CVE-2015-3310
– Fixed tcpdump security issues: CVE-2015-0261, CVE-2015-2153, CVE-2015-2154 and CVE-2015-2155
– Fixed virtualbox security issues: CVE-2014-6595, CVE-2014-6590, CVE-2014-6589, CVE-2014-6588,
CVE-2015-0427 and CVE-2015-3456 (a.k.a. VENOM)
– Fixed isc-dhcp security issues: CVE-2011-2749, CVE-2012-3954, CVE-2012-3571, CVE-2012-3570, CVE-2012-3955,
CVE-2012-2248 and CVE-2013-2494
– Fixed fuse security issue: CVE-2015-3202
– Fixed libtasn1-6 security issue: CVE-2015-3622
– Fixed xerces-c security issue: CVE-2015-0252
– Fixed libnm security issue: CVE-2015-1322
– Fixed policykit security issue: CVE-2013-4288
– Fixed system upgrade on a device which is configured to be a firmware update buddy. Some partitions can
have same content in a system 4 and in a system 5 firmware but these partitions still keeping the old
firmware magic number. Thus a client can’t update these partitions from such a buddy, because the update process
refuses to use partition’s images containing other magic number then the running firmware. Now the update process
checks magic number of each partition and updates partitions if the magic number mismatches.
– Updated some more base libraries and binaries to Ubuntu Trusty version 14.04.2
– Fixed update of disabled partitions on buddy update server: If buddy device will be rebooted by
the update process, then disabled partitions will be now updated.
– Fixed custom timezone configuration. Custom timezone files must be located at /wfs/zoneinfo/ directory to be considered.
– Firmware update mechanism now calculates available size on the storage taking into account non-auto partitions,
which are created by the firmware at runtime (e.g. Firefox profile partition).
– Fixed execution of initialization action of the custom partition if custom partiton is reconfigured
(e.g. disabled and then enabled again without reboot).
– Improved security with openssl with disabling export ciphers by default and reject dh keys smaller
than 768 bits (fixes LOGJAM vulnerability CVE-2015-4000)
– Fixed openssl security issues: CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792
– Fixed openssl0.9.8 issues: CVE-2014-3508, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3569,
CVE-2014-3568, CVE-2014-3567, CVE-2014-3571, CVE-2014-3570, CVE-2015-0204, CVE-2014-3572, CVE-2014-8275, CVE-2015-0288,
CVE-2015-0209, CVE-2015-0293, CVE-2015-0292, CVE-2015-0289, CVE-2015-0287, CVE-2015-0286, CVE-2015-1791, CVE-2015-1792,
CVE-2015-1790, CVE-2015-1789, CVE-2015-4000 and CVE-2014-8176

[Storage Devices]
– Fixed listing of USB external harddisks in the eject tool (only when dynamic client drive mapping is
enabled) and in the disk utility.
– The Common Toolbar at User Interface -> Display -> Desktop -> Common Toolbar now fully supports the Imprivata appliance mode.

[X server]
– Fixed XC Font Service: connection to remote font server is working again.
– Fixed support for pivot mode with display switcher (advanced configuration)
– Fixed screen remains black in dual screen config after short disconnect.
– Fixed memory leak in VIA graphic driver:
Also fixes issues with UMD hangs or restarts which were caused by the memory leak.

[Desktop]
– Fixed taskbar positioning for certain multimonitor configurations with different screen sizes.

[Universal MultiDisplay]
– Fixed a text rendering issue on the second screen of the Master.
– Fixed not recognized keyboard input on UMD monitor number 2
– Fixed UMD JWS-session X-server crash.

[Printing]
– Fixed TCP/IP printing to USB connected printer. Before it only was working if a CUPS USB printer was configured.
– Increased stability of printing with USB connected printers.

Release: IGEL Universal Desktop W7 and W7+ 3.10.100

Wednesday, June 10th, 2015

IGEL Universal Desktop W7
=========================
Version 3.10.100
08. June 2015

Supported devices:
UD3-W7, UD5-W7, UD6-W7, UD9-W7, UD9-W7 Touch, UD10-W7, UD10-W7 Touch,
UD3-730 W7, UD3-740 W7, UD5-730 W7, UD5-740 W7, UD9-730 W7, UD9-731 W7

====================
Notes:
====================

====================
Drivers:
====================
– D-LINK DWA-131 Nano: 1085.7.0815.2009
– D-LINK DWA-131 REVB Nano: 1015.6.0210.2012
– eGalax xTouch: 5.11.0.9020
– FTDI UsbToSerial: 2.02.04
– Gemalto Minidriver for .NET Smart Card: (WES7: 8.3.1.3)
– Intel 945 Express: 8.15.10.1930
– Intel AHCI : 11.2.0.1006
– Intel Centrino WIFI N-1000: 15.1.0.18
– Intel HD Graphics: 36.15.0.1073
– Intel HD Graphics: 9.17.10.2875
– Intel PCI Communication Controller : 8.0.0.1262
– OmniKey Cardman 3×21: 1.2.15.0
– Prolific PL-2303 USBtoSerial: 2.0.2.8
– Qualcom Atheros WIFI: 10.0.0.285
– Ralink RT309x/2860: 3.02.01.0
– Ralink WIFI RT357x 5.1.7.0
– Realtek 8168: 7.61.612.2012
– Realtek HD Audio: 2.63
– Realtek RTL8169 Version: 7.43.321.2011
– RTL8168C: 7.018.0322.2010
– VIA Chrome 9 VX855: 8.14.14.0141
– VIA Chrome9 VX900 for UD10: 8.14.14.0231
– VIA Chrome9 VX900: 8.14.14.0181
– VIA HD Audio VT1708B: 6.0.01.8700
– VIA WIFI VT6656: 1.1.0.2

====================
Applications:
====================
– .NET: 3.5 Sp1
– Citrix Receiver: 4.2 (14.2.100.14)
– Client for RedHat RHEV-D: 3.0-26
– Ekiga VOIP Client: 3.2.6
– Ericom PowerTerm: 9.2.0.0
– Ericom WebConnect: 5.6.1.1000
– Fabulatech USB for Remote Desktop: 5.0.2
– Internet Explorer: 11
– Leostream Connect Client: 2.7.129.0
– Microsoft RDP Client : 8.1
– NCP Enterprise Client: 9.30
– NXClient: 3.4.0.7
– Quest vWorkspace Client: 8.0.3
– Sumatra PDF Reader: 2.1.1
– Sun JAVA RE: 1.8 Update 40
– Thin Print: 8.6
– Tight VNC Server: 2.7.10
– USB Redirection for RedHat RHEV-D: 3.0-26
– VMware Horizon Client Version: 3.1.0 build-2085634
– Windows Media Player: 12

====================
New features:
====================
[Browser]
– Updated Internet Explorer to version 11
In IGEL registry

*** reduced to improve view by cloud-client.info, see firmware readme for more information’s ***

[RDP]
– Updated Microsoft RDP client to version 8.1

[JAVA]
– Updated Sun Java Runtime to version 1.8 Update 40

[ICA]
– Updated Citrix Receiver to version 4.2.100
On IGEL setup page “Sessions->Citrix->Self-Service Plug-In->Appearance”
(registry key: ica.selfservice.desktopdisplayrootfolder, default: “”)
On IGEL setup page “Sessions->Citrix->Self-Service Plug-In->Desktop integration”
(registry key: sessions.selfservice%.desktop, default: false)
(registry key: sessions.selfservice%.startmenu, default: true)
In IGEL Registry
(registry key: ica.selfservice.enable_selfservice_mode, default: false)
(registry key: ica.selfservice.show_add_store_nss_mode, default: false)

====================
Bug fixes:
====================
[System]
– Fixed connection to hidden SSID WIFI
– Fixed that “Userinterface->Desktop->Disable Lock Workstation” shows no effect
On IGEL setup page “Userinterface->Desktop->Administrators”
(registry key: userinterface.desktop.user0.disable_lock_workstation, default: false)
On IGEL setup page “Userinterface->Desktop->Users”
(registry key: userinterface.desktop.user1.disable_lock_workstation, default: false)

[RDP]
– Fixed a bug that rdp autostart session looses focus
In IGEL Registry
(registry key: sessions.autostart_delay, default: 5)
– Fixed that rdp dual view session appears only on one screen

[ICA]
– Fixed that “Add account” window appears while starting ICA session as user

====================
Known Issues:
====================
-[System]
– Deactivating WIFI devices is not working
– Deactivating Bluetooth devices is not working

-[FABULATECH]
– Fabulatech USB for Remote Desktop is currently
not working with Citrix XenDesktop.

-[VMware]
– USB Redirection: Devices connected to a USB 3.0 Port will not be redirected.
– USB redirection is currently not working if vWorkspace USB
redirection service is enabled.

Release: IGEL Universal Management Suite Version 4.09.110

Thursday, May 21st, 2015

Hi Folks,

there is a new IGEL UMS Version 4.09.110 available at www.myigel.biz.

Fixed configuration of Citrix XenDesktop/XenApp sessions in a profile with Firmware LX 5.06.100.
* The parameter “Authentication type” on page Sessions->Citrix XenDesktop/XenApp->Citrix StoreFront/WebInterface->Logon was not handled correctly.

Cheers

Michael

Info: Improved Microsoft Lync support with latest IGEL LX/OS V5 Firmwares

Monday, May 18th, 2015

Hi Folks,

maybe you noticed already that IGEL has now released two new releases for the OS and LX Firmwares.

Here is the difference:

5.06.100 has integrated Citrix HDX Realtime Media Engine 1.6.0-6
for support of the Lync 2010 Client (Lync 2010 and 2013 Server).
5.06.101 has integrated Citrix HDX Realtime Media Engine 1.7.0-56
for support of the Lync 2013 Client (Lync 2013 Server).

Cheers

Michael

Release: IGEL Universal Desktop LX/OS 5.06.10x

Monday, May 18th, 2015

IGEL Linux
==========
Version 5.06.101
Release date 2015-05-11
Last update of this document 2015-05-13

Supported devices:
IZ2-RFX, IZ2-HDX, IZ2-HORIZON
IZ3-RFX, IZ3-HDX, IZ3-HORIZON
UD2-LX 40, UD2-LX 31, UD2-LX 30
UD3-LX 42, UD3-LX 41, UD3-LX 40, UD3-LX 31
UD5-LX 50, UD5-LX 40, UD5-LX 30
UD6-LX 51
UD9-LX Touch 11, UD9-LX 10
UD10-LX Touch 10, UD10-LX 10
===================
Versions:
===================
Clients:
– 2X Client 12.0.0-2270
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.7.0-56
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.0.4.281908
– Citrix Receiver 13.1.3.305346
– Dell vWorkspace Connector for Linux 8.5.0
– Ericom PowerTerm 10.1.0.0.20130211.2-_rc_-31580
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– Evidian AuthMgr 1.2.5447
– FabulaTech USB for Remote Desktop 5.1.0
– Firefox 31.6.0
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– NX Client 4.2.27
– Oracle JRE 1.8.0_45
– Remote Viewer 2.0 for RedHat Enterprise Virtualization Desktops
– Systancia AppliDis 4.0.0.14
– Thinlinc Client 4.3.0-4538
– ThinPrint Client 7.0.63
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon client 3.2.0-2331566
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.2.7

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.93
– PKCS#11 Library Athena IDProtect 623.07
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.1.1.21
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.5
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems CCID 5.0.27
– Resource Manager PC/SC Lite 1.8.12

System Components:
– Graphics Driver ATI 7.3.0
– Graphics Driver INTEL 2.99.910
– Graphics Driver VIA 5.76.52.92-151843
– Kernel 3.13.11-ckt16 #48.80-ud-r1268
– Xorg X11 Server 1.15.1
– Xorg Xephyr 1.15.1

===================
Information:
===================

IMPORTANT:
This release integrates three Citrix Receiver versions: 12.1.8, 13.0.4 and 13.1.3.
Only one of these versions can be active at a time.
In prior firmwares the default Citrix Receiver version was 12.1.8, but now it
is 13.1.3 instead. You can change the Receiver version in IGEL Setup/UMS on page
“Sessions -> Citrix XenDesktop / XenApp -> Citrix Receiver Selection”

Please be aware that the mechanism to change the Citrix Receiver version has
changed, so any existing UMS profiles, which set the version to 13 by activating
the parameter “ica.useversion13”, won’t take effect anymore
(in regard to the Citrix Receiver version).

===================
Known issues:
===================

[Citrix]
– Citrix Receiver 13.1.3 with dual screen configuration:
– Fullscreen sessions are not working when restricted to 1 monitor
Workaround: configure Citrix Receiver 13.0.4 or 12.1.8 on setup page
Sessions > Citrix XenDesktop > Citrix Receiver Selection

[VMware Horizon]
– Remote Applications are not seamless in the strict sense.
These are rather displayed in an extra window decorated by the TC’s window manager.
– If more applications defined and started in the same session, all are displayed inside this window.
The default size of this window can be defined in the Window section of the Horizon session.
– PCoIP user input language synchronization is currently broken.

[Dell vWorkspace Connector]
– Seamless applications exported from Win8/8.1 desktops show display errors when
dragged to the screen edges.
– At dual view configuration flash redirected windows can appear on wrong screen.
– After the start of a seamless session the window is initially maximized before being
resized to the correct size.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection may not work reliable.
– Session starts only if RDP Local Logon Window
(IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active.

[Evidian AuthMgr]
– Active directory users with a password containing escape characters have problems
to authenticate with the configured session.

[X session (Xephyr)]
– X-Sessions don’t work with UMD currently.

[X11 system]
– XC font services not supported

[VPN]
– NCP Secure Client temporarely removed from firmware due to incompatibility with new Linux Kernel.

===================
IGEL Linux 5.06.101 (stable build based on 5.06.100)
===================
New Features:
===================
[Citrix]
– Updated Citrix HDX Realtime Media Engine to version 1.7.0-56.
Citrix HDX RTME is used for Lync optimization.
This version supports Microsoft Lync 2013 clients only.
===================
IGEL Linux 5.06.100

The online Release Notes can be found at http://edocs.igel.com/#10202978.htm
Registry Keys of parameters are listed there.
===================
New Features:
===================

[Citrix]
– Removed parameter “ica.useversion13”. Parameter was replaced by ica.activeversion
– Added parameter “ica.activeversion”, which is available in the registry and on page “Citrix > Citrix Receiver Selection”
in setup/UMS. This parameter is set to “Default” by default, which means that the used Citrix Receiver version is
the recommended version for the particular firmware version (in this firmware it is Receiver 13.1.3).
It is possible to change this behavior by pinpointing a specific Receiver version here, but if a later firmware
version does not contain the chosen version, the default version of this later firmware will be used instead.
CAUTION: Please note that the default version up to this firmware was 12.1.8 for a long time now.
With this firmware release, it switches to 13.1.3. You have to change “ica.activeversion” if you insist on
continuing to use Receiver 12.1.8.

– Redesigned setup page “Citrix > StoreFront/Web Interface > Logon” to make the configuration of
authentication methods less prone to mistakes and to make it more clear which combinations are possible
and which are not.

– Updated Citrix HDX Realtime Media Engine to version 1.6.0-6.
Citrix HDX RTME is used for Lync optimization.

– Added Dynamic Client Drive Mapping support for Citrix (ICA)

– Removed support for Softpro VirtualSerialSignpad. Please see next line for replacement mechanism.

– Added Citrix Virtual Channel SPVC for Softpro signature pad support. Activate “Softpro SPVC Signature Pad Channel” on
setup page Sessions->Citrix XenDesktop / XenApp ->HDX / ICA Global->Mapping->Device Support
Registry: ica.module.virtualdriver.spvc.enable
Default: disabled

– Improved the synchronization of starting Citrix sessions to avoid opening
multiple ICA channels, if possible. For fine-tuning, it is possible to
configure the maximum waiting time till a session starts, regardless of
the status of a previous started session. The parameter is available in
the registry: “ica.pnlogin.app_start_max_delay” (default: 30)
Note: This also applies to sessions which are autostarted after a
StoreFront/Web Interface login.

– Added window manager tweak configuration for debugging Citrix ICA seamless window oddities:

windowmanager.tweaks.mode = “All” or “None” or “Custom”. (default: All)
– All = All tweaks are enabled in the window manager
– None = None of the tweaks are enabled in the window manager
– When the tweak mode is set to “Custom” the following registry keys can be used to
enable/disable tweaks separately:

windowmanager.tweaks.DONT_REPARENT_ICA_SEAMLESS_WINDOWS
– Fixes flash redirection window positioning

windowmanager.tweaks.WFICA_REPAINT_TRIGGER
– Fixes drawing issues when windows change state (iconic, maximized, normal …) or when they have
been obscured by sending a sequence of repaint (expose) events to the ICA window

windowmanager.tweaks.PREVENT_TOOLTIPS_IN_TASKBAR
– Avoid ICA tooltip windows to appear in the local taskbar

windowmanager.tweaks.FOLLOW_ORIGINAL_POSITION
– Use the window position as requested by the ICA client instead of letting the window manager
calculate its own window placement

windowmanager.tweaks.EXPOSE_WFICA_SEAMLESS_WITH_COMPOSITOR
– Fixes redraw issues with ICA seamless windows if the compton composite manager is enabled

windowmanager.tweaks.DONT_SET_LEGACY_FULLSCREEN_PROPERTY
– Don’t do the window manager internal legacy fullscreen handling for ICA seamless windows
to avoid problems when maximizing

windowmanager.tweaks.MOVE_ICA_AUTH
– Make sure the ICA authentication dialogs are of a proper size and positioned correctly

windowmanager.tweaks.SKIP_FULLSCREEN_WM_NORMAL_HINTS
– Ignore the window positioning hints for reconnected ICA desktop sessions to keep them fullscreen when
the local resolution has changed meanwhile

windowmanager.tweaks.SKIP_WM_FLAG_INPUT_WINDOWS
– Force all ICA seamless windows to accept keyboard input

windowmanager.tweaks.UNFRAME_REPARENTED_WINDOWS
– Fix for Flash redirection windows in ICA seamless applications

windowmanager.tweaks.AVOID_FOCUS_LOSS
– Support application driven focus change

windowmanager.tweaks.RESTORE_MAXIMIZED_FROM_FULLSCREEN
– Make sure we return to maximized state when a maximized window was set to fullscreen for a while

windowmanager.tweaks.RESTORE_FULLSCREEN_OLD_LAYER
– Go back to the original window manager window stack layer when leaving fullscreen mode
[Citrix Receiver 13]
– Integrated Citrix Receiver version 13.1.3 (additionally to 12.1.8 and 13.0.4)

– Added support for Smartcard authentication at Citrix StoreFront.
To enable usage of Smartcard authentication it is necessary to choose Smartcard logon on the redesigned setup page
Citrix > Citrix StoreFront / Web Interface > Logon
and to choose the correct smart card on page
Citrix > Citrix StoreFront / Web Interface > Logon > Smartcard.
Passthrough authentication with smart card is only possible with StoreFront version 2.x and above.

– If passthrough is enabled and if there are no stored credentials for some reason (e.g. when the system is not configured
to ask for a login in the first place), the user is asked to enter his credentials when he tries to connect to
StoreFront/WebInterface. This behavior can be changed by disabling parameter
“ica.pnlogin.passthrough_fallback_user_pass” in the registry of Setup/UMS. In this case the user is not asked
for credentials and the login fails with an error message instead.

– Removed parameter ica.wfclient.h264enabled. Please see next lines for details about the replacement mechanism.

– Added an automatic mode for usage of the H.264 Deep Compression Codec, dependent on the hardware capabilities
of the device. Devices with more than one CPU core or with a CPU frequency of at least 1300 MHz will use the
H.264 codec instead of the JPEG codec automatically. It is possible to adjust this, along with some parameters for
each codec on the new setup/UMS page:
Citrix > HDX / ICA Global > Codec
Detailed description of the parameters are available at:
http://support.citrix.com/proddocs/topic/receiver-linux-13-1/receiver-linux-13-1.html and

Click to access linux-oem-guide-13-1.pdf

– Added new parameters which can be set via registry ica.wfclient.[Parametername]

Parameter: SSLCertificateRevocationCheckPolicy
States:
– NoCheck (A CRL check is not performed.)
– CheckWithNoNetworkAccess (If a valid CRL file is present, it is used
to check if the certificate is revoked. If the CRL file is not present or
expired, no attempts are made to download one.)
– FullAccessCheck (If a valid CRL file is present, it checks if the certificate
is revoked. If the CRL file is not present or expired, an attempt is made
to download one. If the download fails, the connection is still allowed.)
– FullAccessCheckAndCRLRequired (If a valid CRL file is present, it
checks if the certificate is revoked. If the CRL file is not present or
expired, an attempt is made to download one. If the download fails, then
the connection is not allowed.)
Default: Off

Parameter: TWIRedrawAfterMove,
When moving a seamless window, the window might not be redrawn correctly in certain scenarios.
Fix this issue by activating TWIRedrawAfterMove parameter.
States: True, False
Default: False

Parameter: TWICoordinateWinPosition,
If you move a published application window launched in a seamless mode, the contents of the window
might be corrupted. To fix this issue, do the following:
– On the server, set the policy “View window contents while dragging” to “Prohibited.”
– On the user device activate TWICoordinateWinPosition and TWIRedrawAfterMove.
States: True, False
Default: False

Parameter: LogoffDesktopThroTWI,
Sometimes the StoreFront logoff command fails to end a desktop session.The issue can be fixed by
activating the LogoffDesktopThroTWI parameter.
States: True, False
Default: False

– Added the parameters TWISetFocusBeforeRestore and ApplySucConnTimeoutToDesktops.
Both parameters can be set by registry keys:
ica.wfclient.twisetfocusbeforerestore and
ica.wfclient.applysucconntimeouttodesktops.

– TWISetFocusBeforeRestore:
Sets the focus on server-side windows before restoring them. This is a workaround for an issue with virtual
Java applications, like jEdit, which were not redrawn correctly if the application was moved, or restored.
(Default: Disabled)

– ApplySucConnTimeoutToDesktops:
Works with the SucConnTimeout setting. Ensures that the setting SucConnTimeout is honored by virtual desktops
as well as virtual applications. When ApplySucConnTimeoutToDesktops is applied to desktops, repeated clicks
launch multiple sessions, but you can set SucConnTimeout to a suitable timeout and run a custom script in
between the desktop launches. (Default: Disabled).

– Added support for FlowControl. This feature is separate to the flow control feature for HDX MediaStream
Windows Media Redirection. Since XenDesktop 7.1 server this feature is enabled by default.
Now, the feature has to be activated in our Registry:
ica.wfclient.flowcontrolenabled. Default: false
[RDP/IGEL RDP Client 2]
– Added the Toolbar to Workarea mode. This Feature is restricted to single monitor setup.
– Better performance when RemoteFX is not used, but when compression is enabled.
– Added support for different multi-monitor configurations for each RDP session. This could be configured by
the global value on the window page of the RDP global section, or on the window page of a RDP session, or by
modifiying the registry key sessions.winconnectX.option.usemonitorfullscreen (X is the session number).
– Added support for UPN Suffixes to IGEL RDP Client 2.
– Added support for custom static virtual channels. The channels can be configured by creating a new instance of
rdp.winconnect.custom-static-channel% in the registry.
– Optimized the Local Logon Window. If you configure a RDP session with RD Gateway and select
“Use other credentials for RD-Gateway authentication” and enter the username and password for the Gateway connection,
you will no longer see the section Gateway in the Local Logon Window. This is especially helpful if
the user should not know the Gateway credentials, but should logon with his credentials in the Local Logon Window.
If the username field or password field of the Gateway credentials is empty, you will still see the Gateway section
in the Local Logon window.

[RD Web Access]
– Added support for RD Web Access started directly out of the browser. Works only with Windows Server 2012 and
Windows Server 2012 R2.
Known Issues:
– You have to enter credentials everytime you start a Remote App.

[VMware Horizon]
– Updated VMware Horizon Client to version 3.2.0-23315666

[Quest vWorkspace]
– Updated Dell Wyse vWorkspace to version 8.5.0
[PowerTerm]
– Added PowerTerm InterConnect LTC terminal emulation version 10.1.0.0.20130211.2-_rc_-31580. The previous version
9.2.0.6.20091224.1-_rc_-25848 still is available in the firmware and is active by default.
In IGEL setup on page Sessions->PowerTerm Terminal Emulation->PowerTerm Selection the version can be specified
with parameter PowerTerm Version.
The possible values are:
– default (version 9.2.0.6.20091224.1-_rc_-25848 in this release)
– 9.2.0.6.20091224.1-_rc_-25848
– 10.1.0.0.20130211.2-_rc_-31580
Default: default

Version 10.1.0.0.20130211.2-_rc_-31580 has fixes for the following issues:
– sometimes characters are dropped when using bar code scanners
– character ย not working in swedish code page with IBM 5250 emulation
[2X Client]
– Updated 2X Client to version 12.0.0-2270
New parameters:
– TLS Authentication (boolean): sessions.twox<NR>.local_resources.windows_key_combinations
Default: false
– Network Level Authentication (boolean): sessions.twox<NR>.advanced.network_level_authentication
Default: true
– Pre-Windows 200 Login Format (boolean): sessions.twox<NR>.advanced.oldwindows_login_format
Default: true
– Windows key combinations (string): sessions.twox<NR>.local_resources.windows_key_combinations
Default: Local

[Shared Workplace]
– In shared workplace mode (SWP) user specific screen configurations are now supported. Note that the total
screen size (framebuffer size) of a user specific configuration cannot exceed the total screen size of
the base profile. So the base profile should have the maximum screen resolutions in order not to restrict
the user specific profile.

[ThinLinc]
– ThinLinc client updated to version 4.3.0-4538.
New parameters:
– Multi monitor option: sessions.thinlinc<NR>.config.full_screen_all_monitors
(boolean, default: true)
– Resize remote desktop session: sessions.thinlinc<NR>.config.remote_resize
(boolean, default: true)
– Send system keys: sessions.thinlinc<NR>.config.send_syskeys
(boolean, default: true)
– SmartCard redirection: sessions.thinlinc<NR>.config.smartcard_export_enabled
(boolean: default: false)
– Lockdown Local device tab: sessions.thinlinc<NR>.options.locklocaldevices
(boolean, default: true)
– Lockdown Security tab: sessions.thinlinc<NR>.options.locksecurity
(boolean, default: true)
[RedHat Enterprise Virtualization client]
– Updated virt-viewer client to version 2.0 (Red Hat Enterprise Virtualization)
Added new parameters:
– browser_plugin.redhat_spice.audio_enabled Default: true
– browser_plugin.redhat_spice.usb_sharing_enabled Default: true
– browser_plugin.redhat_spice.smartcard_redirection_enabled Default: false
– browser_plugin.redhat_spice.fullscreen Default: true
[Firefox]
– Updated Firefox to 31.6.0 ESR
– Updated Flash Player download URL to version 11.2.202.457
– TIFF files are now openend directly in the document viewer.

– Added support to configure buttons in the browser’s new Application Menu, if user customization of
the toolbars is disabled. In the Setup look for:
Sessions -> Browser -> Browser Sessions -> Browser (#NR) -> Toolbarconfig -> Application Menu
In the registry:
sessions.browser<NR>.app.custom_toolbar.applicationmenu
Only Navigation Bar and Application Menu remain changeable.
The elements (=buttons) which can be chosen for the configuration are specified
in the respective tooltip.

If you leave these settings empty, the default set of buttons is used.
Default set for the Navigation Bar:
urlbar-container, search-container, webrtc-status-button, bookmarks-menu-button, downloads-button, home-button
Default set for the Application Menu:
zoom-controls, edit-controls, history-panelmenu, privatebrowsing-button, save-page-button, find-button,
open-file-button, developer-button, sidebar-button, feed-button, print-button, characterencoding-button

Mind, that a button can only be used in either the Navigation Bar or the Application Menu.
If it is included in both, the Navigation Bar will take precedence.
The urlbar-container is always shown in the Navigation Bar.
– The firefox profile partition is now formated as ext4 to avoid data loss. The particular partition has been enlarged to 50MB.
– Added parameter to enable Google Safe Browsing and Malware Protection:
IGEL Setup -> Sessions -> Browser -> Browser Global -> Security:
Registry: browserglobal.app.browser_safebrowsing_enabled; default: On; range: On, Off
Registry: browserglobal.app.browser_safebrowsing_malware_enabled; default: On; range: On, Off

IGEL Setup -> Sessions -> Browser -> [session name] -> Security:
Registry: sessions.browser<NR>.app.browser_safebrowsing_enabled; default: Global Setting;
range: Global Setting, On, Off
Registry: sessions.browser<NR>.app.browser_safebrowsing_malware_enabled; default: Global Setting;
range: Global Setting, On, Off

– Added parameter to always start in private browsing mode:
IGEL Setup -> Sessions -> Browser -> Browser Global -> Privacy:
Registry: browserglobal.app.autostart_privatebrowsing; default: Off; range: On, Off

IGEL Setup -> Sessions -> Browser -> [session name] -> Privacy:
Registry: sessions.browser<NR>.app.autostart_privatebrowsing; default: Global Setting; range: Global Setting, On, Off

– Added parameters to change the behaviour of the mousehweel while the shift, control, win or alt key is pressed:

browserglobal.app.mousewheel_with_shift_action; default: Go back or forward in the history;
range: Do nothing, Scroll through content, Go back or forward in history, Zoom the content in or out
browserglobal.app.mousewheel_with_shift_multiplier; default: 100
browserglobal.app.mousewheel_with_control_action; default: Zoom the content in or out;
range: Do nothing, Scroll through content, Go back or forward in history, Zoom the content in or out
browserglobal.app.mousewheel_with_control_multiplier; default: 100
browserglobal.app.mousewheel_with_win_action; default: Scroll through content;
range: Do nothing, Scroll through content, Go back or forward in history, Zoom the content in or out
browserglobal.app.mousewheel_with_win_multiplier; default: 100
browserglobal.app.mousewheel_with_alt_action; default: Scroll through content;
range: Do nothing, Scroll through content, Go back or forward in history, Zoom the content in or out
browserglobal.app.mousewheel_with_alt_multiplier; default: 100

sessions.browser<NR>.app.mousewheel_with_shift_action; default: Global Setting;
range: Global Setting, Do nothing, Scroll through content, Go back or forward in history,
Zoom the content in or out
sessions.browser<NR>.app.mousewheel_with_shift_multiplier; default: Global Setting
sessions.browser<NR>.app.mousewheel_with_control_action; default: Global Setting;
range: Global Setting, Do nothing, Scroll through content, Go back or forward in history,
Zoom the content in or out
sessions.browser<NR>.app.mousewheel_with_control_multiplier; default: Global Setting
sessions.browser<NR>.app.mousewheel_with_win_action; default: Global Setting;
range: Global Setting, Do nothing, Scroll through content,
Go back or forward in history, Zoom the content in or out
sessions.browser<NR>.app.mousewheel_with_win_multiplier; default: Global Setting
sessions.browser<NR>.app.mousewheel_with_alt_action; default: Global Setting;
range: Global Setting, Do nothing, Scroll through content, Go back or forward in history,
Zoom the content in or out
sessions.browser<NR>.app.mousewheel_with_alt_multiplier; default: Global Setting

Note that for the particular multiplier a value of 100 means 1.0. For instance, if one wants to scroll
20 lines per mousehweel click while the control key is held, the parameter mousewheel_with_control_multiplier
needs to be set to 2000.
– Removed deprecated parameters browserglobal.app.security_enable_ssl3, browserglobal.app.security_enable_tls and
sessions.browser<NR>.app.security_enable_ssl3, sessions.browser<NR>.app.security_enable_tls since they
are deprecated in Firefox 31.

– Added parameter to set minimum required encryption protocol and maximum supported encryption protocol to
initiate an encrypted connection.
IGEL Setup -> Sessions -> Browser -> Browser Global -> Encryption:
Registry: browserglobal.app.security_tls_version_min; default: 0; range: 0, 1, 2, 3
Registry: browserglobal.app.security_tls_version_max; default: 0; range: 0, 1, 2, 3
IGEL Setup -> Sessions -> Browser -> [session name] -> Encryption:
Registry: sessions.browser<NR>.app.security_tls_version_min; default: Global Setting;
range: Global Setting, 0, 1, 2, 3
Registry: sessions.browser<NR>.app.security_tls_version_max; default: Global Setting;
range: Global Setting, 0, 1, 2, 3

Info: The values for minimum/maximum encrpytion protocol are
– 0 – SSL3
– 1 – TLS 1.0
– 2 – TLS 1.1
– 3 – TLS 1.2

– Added parameter to enable or disable installation of webapps:
Registry: browserglobal.app.webapps_enabled; default: Off; range: On, Off

– Java (webstart) applications can now launch the local browser by using the desktop’s url-handler
– Removed parameter browserglobal.app.layout_spellcheckDefault and sessions.browser<NR>.app.layout_spellcheckDefault

– Added parameter to enable or disable spell checking in the browser:
Registry: browserglobal.app.layout_spellcheck; default: On for multi-line controls;
range: Off, On for multi-line controls, On for multi- and single-line controls
Registry: sessions.browser<NR>.app.layout_spellcheck; default: Global Setting;
range: Global Setting, Off, On for multi-line controls, On for multi- and single-line controls

The included dictionaries for spell checking are: de-DE, en-GB, en-US, fr-FR, nl and es-ES

– Added new parameter to disable OpenGL acceleration in the browser:
Registry: browserglobal.app.disableopengl; default: Off, range: On, Off

– Added parameter to enable built-in ‘Do Not Track’ feature.
Registry: browserglobal.app.privacy_donottrack; default: On; range: On, Off
Registry: sessions.browser<NR>.app.privacy_donottrack; default: Global Setting; range: Global Setting, On, Off

– Added parameter to block redirection and autorefresh of websites.
Registry: browserglobal.app.accessibility_blockautorefresh; default: Off; range: On, Off
Registry: sessions.browser<NR>.app.accessibility_blockautorefresh; default: Global Setting;
range: Global Setting, On, Off
[WiFi]
– Added boolean parameter network.interfaces.wirelesslan.device0.hide_network_details Default: true
If set to false the SSID will be shown in notifications regarding the WiFi connection. Furthermore the SSID and
the authentication method will be shown in the tooltip of the WiFi tray icon.

– Added support for Realtek RTL8192SE mini-PCI wireless adapter
[Smartcard]
– Added driver for HID Global Omnikey smart card reader OMNIKEY 5021 CL (076B:5340) by new driver version 4.0.5.5.
– Added support for smart card reader VASCO DIGIPASS 870
[base system]
– Added support for automatic firmware update over all supported transfer protocols used by update mechanism.

– New battery power management configuration at setup page System > Energy > Power Management
– Added the ability to apply setup-defined CPU power plans depending on the devices power supply on
setup page System > Energy > Power Management.
For AC mode the registry key is “system.power_management.cpu_gov_ac” with a default of “High Performance” and
for battery mode it’s “system.power_management.cpu_gov_bat” with the default of “Balanced (recommended)”.
For both parameters the range of possible values is High Performance, Balanced (smooth),
Balanced (recommended), Power Saver.
– Added an tray icon to allow the user to change the CPU power plan.
You can turn it on/off at the setup at
System->Energy->Power Management
or by the registry key
“system.power_management.cpu_scaler”, default: disabled

– Updated Kernel to Ubuntu Trusty version 3.13-48.80

– Updated ca-certificates to version “ca-certificates_20141019ubuntu0.14.04.1”

– Added support for Arabic Keyboard Layout.
– Added new locales for:
United Arab Emirates (ar_AE)
Bahrain (ar_BH)
Algeria (ar_DZ)
Egypt (ar_EG)
India (ar_IN)
Iraq (ar_IQ)
Jordan (ar_JO)
Kuwait (ar_KW)
Lebanon (ar_LB)
Libyan Arab Jamahiriya (ar_LY)
Morocco (ar_MA)
Oman (ar_OM)
Qatar (ar_QA)
Saudi Arabia (ar_SA)
Sudan (ar_SD)
Syrian Arab Republic (ar_SY)
Tunisia (ar_TN)
Yemen (ar_YE)

– Added MIME type handling to Browser. For more information visit http://edocs.igel.com/index.htm#10203086.htm.
– Added image viewer to view images downloaded by Browser.
– Changed english label of start button on Application Launcher’s Applications page from “Start” to “Execute”.
A custom label for the button can be defined with parameter userinterface.launcher.displaynames.startbuttonname.
– Updated CUPS to lastest Ubuntu Trusty release 1.7.2-0ubuntu1.5
– Updated the devices driver list

– Updated base libraries and binaries to Ubuntu Trusty version 14.04.2
– Updated name service cache daemon
– Updated timezone information
– Added new parameter: network.smbmount<NR>.security_mode
Possible values: NTLM, NTLMSSP, NTLMi, NTLMSSPi, LanMan
Default value: NTLM
This will allow to specify a security protocol mode for connecting to Windows share

– Added script hooks to run before a certain session is started and after the session has closed.
This feature is only accessible through the System->Registry in the IGEL setup.

The registry keys are:

for VNCviewer:
sessions.vncviewer*.init_action
sessions.vncviewer*.final_action

for RDP:
sessions.winconnect*.init_action
sessions.winconnect*.final_action

for Citrix/ICA:
sessions.ica*.init_action
sessions.ica*.final_action

(where * means the related session number, i.e. 0,1,2,3,…)

NOTE: If you’ve created a new session, you need to close and restart the IGEL setup before you actually
can see the registry keys mentioned above.

– Updated TC Setup to version 4.9.3
[Storage Devices]
– Dynamic Client Drive Mapping added.
– To enable it in the IGEL setup go to:
Devices -> Storage Devices -> USB Storage Hotplug -> Enable dynamic client drive mapping
Registry: devices.autofs.dcdm_enable (default: disabled)
* IMPORTANT NOTE: If dynamic client drive mapping is enabled it is necessary to “safely remove” all
USB storage devices manually by using the eject button in the task bar tray icon area to prevent data loss.
The eject button appears in the tray icon area of the taskbar as soon as a removable USB storage
device was detected.

– To configure the desktop integration go to: Accessories -> Disk Removal
* NOTE: Dynamic client drive mapping is currently only supported for Citrix XenDesktop / XenApp sessions and is
globally enabled by the above setup switch. For other session types you may benefit from enabling the
dynamic client drive mapping in terms of more control of when a devices is actually unmounted and
getting an error message in case the device is still in use. This probably reduces the risk of data loss in
your case of application.

– Added Dynamic Client Drive Mapping support for Citrix (ICA)

– Added a common toolbar that shows up automatically for Citrix and X11 desktop sessions when enabled
(User Interface -> Display -> Desktop -> Common Toolbar). It allows to minimize or close the active session and
allows to eject removable devices like USB memory sticks in case dynamic client drive mapping is enabled
(Devices -> Storage Devices -> USB Storage Hotplug -> Enable dynamic client drive mapping).
[Driver]
– Added StepOver TCP Client for StepOver signature pad support. In setup on page User Interface->Input->Signature Pad
click “Enable StepOver TCP Client” to activate. Specify the port on which the service is listening with
parameter “Listening TCP Port”.
StepOver TCP Client is different to the StepOver serversonet (padserver) functionality.
* NOTE: Only one of these two can be used at a time.

– Updated ELO Single Touch (ST) USB touchscreen driver to v4.0.1:
Select Touch Screen Type “Elo Singletouch (USB)” at setup page User Interface > Input > Touch Screen.
Supported touch monitors and Elo touchscreen controllers:
– Elo Smartset USB Controllers
– (IntelliTouch(R) 2701, 2700, 2600, 2500U,
– CarrollTouch(R) 4500U, 4000U,
– Accutouch(R) 2216, 3000U, 2218,
– Surface Capacitive 5020, 5010, 5000,
– Accoustic Pulse Recognition(APR) Smartset 7010
and other Elo Smartset USB controllers)
Known-Issue: hold-to-right-click feature is not working.

– Updated “Elographics (serial)” touchscreen driver to ELO Single Touch Serial touchscreen driver to v3.4.0.
Supported touch monitors and Elo touchscreen controllers:
– All Elo Entuitive brand touchmonitors with an internal serial controller
– Elo Serial Controllers (IntelliTouch(R) 2500S, 2310B, 2310, 2300, 2701S
CarrollTouch(R) 4000S, 4500S
AccuTouch(R) 2210, 2216, 2218)
Known-Issue: hold-to-right-click feature is not working.
[X11 system]
– Added possibilty to change display configuration on the fly via the “Display Switch” application.
Configurable at setup page Accessories -> Display Switch -> Options:
– Configure new Displays when connected:
sessions.user_display0.options.notify default: disabled
if enabled monitor unplug and replug behaviour is improved
– Preserve settings over reboot:
sessions.user_display0.options.preserve_settings default: disabled
– Dialog Type:
sessions.user_display0.options.dialog_type default: Minimal Dialog, range: Minimal Dialog, Advanced Dialog
– Buttons in Minimal Dialog:
Advanced button -> Button to switch from Minimal Dialog to Advanced Dialog
sessions.user_display0.options.show_advanced default: enabled

Reset button -> Button to reset the Display configuration to the Setup defaults
sessions.user_display0.options.show_reset default: enabled

– Added a new Touchpad section in “User Interface” -> “Input” -> “Touchpad”
This will allow to modify the Touchpad configuration options.
Note that the options listed below also requires hardware support from the touchpad.
The new Touchpad section is composed by three pages:
(Where not specified, the default value of a parameter is taken directly from the touchpad internal configuration)
“General” with the following parameters:
-Touchpad custom configuration: userinterface.touchpad.general.TouchpadConfiguration (boolean)
this parameter will enable the customization of the Touchpad configuration
Default: false
– Disable Touchpad: userinterface.touchpad.general.TouchpadOff (string)
Possible values: Touchpad Enable, Touchpad Disable, Turn off tapping and scrolling
Default: Touchpad Enable
– Min Speed: userinterface.touchpad.general.MinSpeed (integer)
Possible values range from 0.1 to 3
– Max Speed: userinterface.touchpad.general.MaxSpeed (integer)
Possible values range from 1 to 5
– Acceleration: userinterface.touchpad.general.AccelFactor (integer)
Possible values range from 0 to 0.5
– Left-Top corner button: userinterface.touchpad.general.RTCornerButton (string)
Possible values: Disable, Left Mouse Button, Right Mouse Button, Middle Mouse Button
– Left-Bottom corner button: userinterface.touchpad.general.RBCornerButton (string)
Possible values: Disable, Left Mouse Button, Right Mouse Button, Middle Mouse Button
– Right-Top corner button: userinterface.touchpad.general.LTCornerButton (string)
Possible values: Disable, Left Mouse Button, Right Mouse Button, Middle Mouse Button
– Right-Bottom corner button: userinterface.touchpad.general.LBCornerButton (string)
Possible values: Disable, Left Mouse Button, Right Mouse Button, Middle Mouse Button
“Scrolling” with the following parameters:
– Vertical scroll: userinterface.touchpad.scrolling.VertEdgeScroll (boolean)
– Vertical scroll speed: userinterface.touchpad.scrolling.VertScrollDelta (integer)
Possible values range from 1 to 100
– Two finger vertical scroll: userinterface.touchpad.scrolling.VertTwoFingerScroll (boolean)
– Horizontal scroll: userinterface.touchpad.scrolling.HorizEdgeScroll (boolean)
– Horizontal scroll speed: userinterface.touchpad.scrolling.HorizScrollDelta (integer)
Possible values range from 1 to 100
– Two finger horizontal scroll: userinterface.touchpad.scrolling.HorizTwoFingerScroll (boolean)
“Advanced” with the following parameters:
– Corner Coasting: userinterface.touchpad.scrolling.CornerCoasting (boolean)
– Circular scrolling: userinterface.touchpad.scrolling.CircularScrolling (boolean)
– Circular scroll trigger: userinterface.touchpad.scrolling.CircScrollTrigger (string)
Possible values: All Edges, Top Edge, Top Right Corner, Right Edge, Bottom Right Corner,
Bottom Edge, Bottom Left Corner, Left Edge, Top Left Corner
– Tap and drag gesture: userinterface.touchpad.general.TapAndDragGesture (boolean)
– Locked drags: userinterface.touchpad.general.LockedDrags (boolean)
– Palm detect: userinterface.touchpad.general.PalmDetect (boolean)
– ClickPad userinterface.touchpad.general.ClickPad (boolean)

In addition to the parameters included in the pages above, in the registry there is other advanced
options for Touchpad fine tuning:
– Right-Button Area Left: userinterface.touchpad.advanced.rightbuttonarealeft (integer)
– Right-Button Area Right: userinterface.touchpad.advanced.rightbuttonarearight (integer)
– Right-Button Area Top: userinterface.touchpad.advanced.rightbuttonareatop (integer)
– Right-Button Area Bottom: userinterface.touchpad.advanced.rightbuttonareabottom (integer)
– Middle-Button Area Left: userinterface.touchpad.advanced.middlebuttonarealeft (integer)
– Middle-Button Area Right: userinterface.touchpad.advanced.middlebuttonarearight (integer)
– Middle-Button Area Top: userinterface.touchpad.advanced.middlebuttonareatop (integer)
– Middle-Button Area Bottom: userinterface.touchpad.advanced.middlebuttonareabottom (integer)
– Locked Drag Timeout: userinterface.touchpad.general.lockeddragtimeout (integer)
– Palm Min Width: userinterface.touchpad.general.palmminwidth (integer)
– Palm Min Z: userinterface.touchpad.general.palmminz (integer)
– Circular Scroll Delta: userinterface.touchpad.scrolling.circscrolldelta (integer)
– Max Tap Time: userinterface.touchpad.tapping.maxtaptime (integer)
– Max Tap Move: userinterface.touchpad.tapping.maxtapmove (integer)
– Max DoubleTap Time: userinterface.touchpad.tapping.maxdoubletaptime (integer)
– SingleTap Timeout: userinterface.touchpad.tapping.singletaptimeout (integer)
– Click Time: userinterface.touchpad.tapping.clicktime (integer)
– Tap Button 1: userinterface.touchpad.tapping.tapbutton1 (integer)
– Tap Button 2: userinterface.touchpad.tapping.tapbutton2 (integer)
– Tap Button 3: userinterface.touchpad.tapping.tapbutton3 (integer)
– Click Finger 1: userinterface.touchpad.tapping.clickfinger1 (integer)
– Click Finger 2: userinterface.touchpad.tapping.clickfinger2 (integer)
– Click Finger 3: userinterface.touchpad.tapping.clickfinger3 (integer)
– Added support for Touchscreen monitor with DUS Series controller, for example EIZO T2381W.
Multifinger gesture are supported, 2 finger for right-click, 3 finger for middle click.
Known Issue: Scrolling with two fingers doesn’t work.
– Added the following font families as X fonts:
liberation mono
liberation sans
liberation serif
ubuntu mono
century schoolbook l
dingbats-medium
nimbus mono l
nimbus roman no9 l
nimbus sans l
standard symbols l
urw bookman l
urw chancery l
urw gothic l
urw palladio l

The fonts can be controlled via the following parameters:
x.fontpath.gsfonts.enabled
century schoolbook l
dingbats-medium
nimbus mono l
nimbus roman no9 l
nimbus sans l
standard symbols l
urw bookman l
urw chancery l
urw gothic l
urw palladio l
x.fontpath.ttf-liberation.enabled
liberation mono
liberation sans
liberation serif
x.fontpath.ubuntu-font-family.enabled
ubuntu mono
[VNC / Shadowing]
– added possibility to change VNC port. Does not affect secure VNC.
new setup parameter: network.vnc.port. Default is 5900
[Audio]
– Volume for sound input is now configurable in IGEL Setup: Accessories > Sound Preferences > Options
[Multimedia]
– Added hardware video acceleration for the following video codecs:
H.264, MPEG-2 and VC1/WMV3. The video acceleration is supported on:
UD2-LX 40, UD3-LX 42, UD3-LX 41, UD3-LX 40, UD5-LX 50, UD5-LX 40, UD6-LX 51, UD10-LX Touch 10, UD10-LX 10,
IZ2-RFX 40, IZ2-HDX 40, IZ2-HORIZON 40, IZ3-RFX 42/41/40, IZ3-HDX 42/41/40, IZ3-HORIZON 42/41/40

Additionally MPEG-4/DivX is supported on:
UD3-LX 42, UD3-LX 41, UD3-LX 40, UD10-LX Touch 10, UD10-LX 10,
IZ3-RFX 42/41/40, IZ3-HDX 42/41/40, IZ3-HORIZON 42/41/40

The feature is deactivated by default and must be activated in the IGEL Setup at:
IGEL Setup -> System -> Firmware Customization -> Features -> Hardware Video Acceleration

For more information visit http://edocs.igel.com/index.htm#10201440.htm.

– Added support for playback of RTP/IPTV streams. Stream sources can be configured in “Media Player Sessions” with
the “Medium / Filename” option by a URI beginning with rtp:// like rtp://IPADDR:PORT
[VirtualBox Guest Additions]
– Integrated VirtualBox Guest Additions 4.3.10 (OS only).
[Evidian AuthMgr]
– Ingrated Evidian AuthMgr version 1.2.5447.
Evidian AuthMgr sessions can be configured at
IGEL Setup -> Evidian
(registry keys: sessions.rsuserauth%)

New registry keys:
– sessions.rsuserauth<NR>.parameters.crypt_password, default: empty
– sessions.rsuserauth<NR>.parameters.custom.start_exec, default: empty
– sessions.rsuserauth<NR>.parameters.custom.stop_exec, default: empty
– sessions.rsuserauth<NR>.parameters.debug, default: false
– sessions.rsuserauth<NR>.parameters.debug_level, default: none
– sessions.rsuserauth<NR>.parameters.ini, default: false
– sessions.rsuserauth<NR>.parameters.ini_path, default: /etc/rsUserAuth/rsUserAuth.ini
– sessions.rsuserauth<NR>.parameters.message, default: false
– sessions.rsuserauth<NR>.parameters.sessiontype, default: None
– sessions.rsuserauth<NR>.parameters.tapping, default: false
– sessions.rsuserauth<NR>.parameters.url, default: empty

An Evidian AuthMgr session starts automatically by default and a session icon will not appear on the desktop
– sessions.rsuserauth<NR>.autostart, default: true
– sessions.rsuserauth<NR>.desktop, default: false

– Added support for Citrix XenDesktop/XenApp
A Citrix server must be configured at
“IGEL Setup->Sessions->Citrix XenDesktop/XenApp->Citrix Storefront/Web Interface->Server”
– Added support for RDP
A RDP session must be configured at “IGEL Setup->RDP Sessions”
IMPORTANT: The first configured RDP session will be used.
– Added support for VMware Horizon
A VMware Horizon Client session must be configured at “IGEL Setup->Horizon->Horizon Client Sessions”
IMPORTANT: The first configured Horizon Client session will be used.
[Hardware]
– Added support for new product UD2-LX 40 based on hardware IGEL-D220.
– Added support for Wacom CTH-30x Pad
– Added support for Wacom Bamboo Pad CTH-300 and CTH-301

[Java]
– Updated Java Runtime Environment to version 8 Update 45
Changes:
Decision to run applets or java webstart apps once the jvm becomes outdated is made persistent.
===================
Resolved issues:
===================

[CUPS Printing]
– Fixed the non-printing issue when a USB printer is redirected to a session.
– Update the USB printer queue system:
– If the USB printer is offline on thinclient startup and a user send a job
to the printer, job(s) go in queue and a printed when the right printer is
back online.
– If the USB printer is disconnected or powered off after the thinclient
startup and a user sends a job to the printer, job(s) go in queue and
printed when the right printer is online. With some printers this
operation return an “Unable to send data to the printer”, new queue system
will retry automatically after 5mins to print the job.

[Citrix Receiver 13]
– Improved handling of desktop icons with Citrix XenApp when “Follow server settings” is activated.
This applies to connections to a Web Interface and to a StoreFront server in Legacy Mode.
It does _not_ work with a normal StoreFront server (because the current version of the Citrix tool “storebrowse”
does not fetch the necessary information from the server).
– Fixed switching between Citrix windows with hotkeys ctrl+alt+tab, ctrl+alt+cursorup, ctrl+alt+cursordown
with Citrix Receiver 13. Before ctrl and alt remained “pressed” inside the window after switching.
– Fixed non reliable redirect from USB Devices into XenDektop (5.5 & 5.6) sessions (mainly affected single core devices)
– Added parameter “Force NumLock On” (x.global.forcenumlock) in Registry to force NumLock state always on.
This might be a workaround for problems with NumLock state.

– It is now possible to use an IP address to access a Citrix server with Citrix Receiver 13.
Note: Please be aware that you need an appropriate web server certificate issued to the IP address instead of a
host name if you want to connect via SSL.
– The extended ICA application start mechanism is a central application launcher for Citrix sessions.
It also affects the autostart mechanism. The launch mechanism starts only one session at a time,
while all other sessions have to wait till the currently starting session has established the connection.
The max waiting time can be set via the setup parameter ica.pnlogin.app_start_max_delay.
The default value for this parameter is 30 seconds.

– Added parameter windowmanager.wm0.variables.igelicaallowminimize in the registry to circumvent problems with
java-based windows over ICA with a popup window. If set to false, ICA windows with a popup can not be
minimized anymore.
– Fixed the handling of the “Path to Store” part of the URL of a Citrix Store, which was
ignored under some circumstances.
Hint: If necessary for some reason, it is possible to get the previous behavior by emptying the
“Path to Store” entry field in the Citrix Store configuration in setup and UMS.
– Fixed a bug that caused a crash during login sometimes.
– Disabled session reliability by default as it causes problems under some circumstances.
To activate it, go to setup/UMS page:
“Citrix > HDX / ICA Global > Options”.

[RDP/IGEL RDP Client 2]
– Fixed problems with not working performance flag “Don’t show contents of window while dragging”
– Added detection for connection loss via TCP Keep-Alive packages to our Igel RDP Client 2.
Now the session will not longer freeze if connection is lost. Instead the session will be terminated.
You can configure the global timeout via registry parameter:
– sessions.winconnect%.option.connection-timeout (default: 30s)
This registry key is also avialable for each session:
– sessions.winconnectX.option.connection-timeout (default: 30s)
– Fixed periodic mouse release if RemoteFX is enabled.
– Added a message to inform the customer about SSL-Errors and Connection-Errors.
Previously the session just dissapered without informing the customer.
– Fixed disabling of the multimedia redirection in RDP sessions.
– Fixed drawing issues for non-RemoteFX connections.
– Fixed behaviour when using a RDP Session from smartcard and pull out the smartcard while the session is avctive.
Now you won’t get bogus error messages anymore.
– Fixed a bug which randomly aborted a file transfer to a mapped USB pendrive if the filesize was greater than 2GB.
– Fixed potential client crash regarding offscreen pixmaps.
– Enhanced TS Gateway functionality. Now you can connect to a Server which is behind
a Session Broker, which is behind a TS Gateway by itself.
– Fixed a problem with TS Gateway connections and true multimonitor support. Now you can use true multimonitor
support with TS Gateway, if the server behind the Gateway announces true multimonitor support.
– Fixed COM port redirection to work with ORGA 930M eGK/KVK health card reader
– Fixed COM port redirection: writing a large amount of data to serial port was failing
[RD Web Access]
– Fixed bug for disabling features like RemoteFX or sound while using RD Web Access.
– Fixed authentication problem with enterprise domain user names while using RD Web Access.
– Close all active remote app connections on “RD Web Access Logout”.
– Fixed problems with not working performance flag settings in RD Web Access sessions.
[VMware Horizon]
– Fixed Horizon Client not closing when IGEL Smartcard is removed.
– Workaround for sound recording in a PCOIP session using the internal microphone
on a Lenovo B50 notebook. The workaround must be activated by the following custom
command:
cp /usr/share/pulseaudio/alsa-mixer/paths/analog-input-internal-mic-ign-boost.conf \
/usr/share/pulseaudio/alsa-mixer/paths/analog-input-internal-mic.conf; \
amixer sset ‘Internal Mic Boost’ 0,1; su user -c “sound store”
The custom command must be set in
“Firmware Customization/Custom Commands/Base Commands/Initialization”

– Fixed a focus problem of the thin client’s lock screen dialog in connection with PCOIP sessions.
– Fixed COM port redirection: writing a large amount of data to serial port was failing for RDP.
[PowerTerm]
– Fixed printer list display dialog, now the “Setup Printer” window in Powerterm show correctly the printer list
[2X Client]
– Fixed parameter handling with IGEL Smartcard: parameter names ending with digits were not handled
correctly and the values were not set. This e.g. affected 2X sessions.
– Fixed bug: Running multiple 2X sessions in parallel did not work.
[IBM_5250]
– enable registry key “iseriesaccessglobal.iso8859_2_fix”, to fix keyboard input of eastern european
characters (czech, slovak, etc.)
default: disabled
[ThinLinc]
– Fixed Thinlinc login window on suspend resume.
– Fixed mapping of compose key on Sun Type 6 Keyboards
[X session (Xephyr)]
– Fixed X Session not overlapping taskbar in fullscreen mode if taskbar position is top or left.
– Fixed X Session not opening if either fullscreen or workarea mode is active and the start
monitor is set to “No configuration”.
– Fixed the keyboard layout in Xephyr session login screen.
The keyboard layout used is the current keyboard layout selected by the user.
[Network]
– Fixed managing of certificate with SCEP: expired certificates weren’t renewed automatically.
[WiFi]
– Fixed support for intel Dualband-Wireless-AC 7265 based devices
[VPN]
– Fixed Genucard DHCP IP retrieval bug for newer Genucard versions.
– Added support for Genucard firmware version 4 and 5
– Added machine authentication. A private key file is needed if machine authentication is activated,
otherwise VPN connection is not possible. The private key file path can be set by the new setup parameter:
sessions.genucard_vpn_connection%.options.machine_auth_keyfile
default value: <empty>

– Upgraded IPTABLES tools up to v1.4.21 (Ubuntu Trusty)
[Imprivata]
– fixed availability of VMware Horizon USB-Redirection in Imprivata sessions
[Smartcard]
– Fixed detection of IGEL Smartcards in mode “Enable IGEL Smartcard without Locking Desktop”.
Previously the insertion of any type of smartcard caused the PIN entry window to show up.
– Fixed log off with IGEL Smartcard: when additional smart card readers were added or removed during a session,
removing the smart card did not trigger log off any more.
– Fixed personalization of IGEL Smartcards: when writing sessions to the smart card which were assigned via a profile,
only write parameters whose value differs from the default value. This helps reducing the data to write,
and a bigger amount of sessions can be written to the smart card.
– Fixed redirection of Cherry G87-1504 and Cherry ST-1503 eGK smart card readers via Citrix and RDP.
[CUPS Printing]
– Solved the problem with the USB to TCP/IP port redirection in the new CUPS system.
– Added timing to CUPS USB backend to avoid soft-reset to be sent during printing.
– Fixed sharing local printers with IPP Printer Sharing
– Fixed the non-printing issue when a USB printer is redirected to a session.
– Updated the USB printer queue system:
– If the USB printer is offline on thinclient startup and a user send a job
to the printer, job(s) go in queue and a printed when the right printer is
back online.
– If the USB printer is disconnected or powered off after the thinclient
startup and a user sends a job to the printer, job(s) go in queue and
printed when the right printer is online. With some printers this
operation return an “Unable to send data to the printer”, new queue system
will retry automatically after 5mins to print the job.
[base system]
– Security upgrade of libflac8 (CVE-2014-8962, CVE-2014-9028): arbitrary code execution via crafted .flac file.
– Fixed OpenSSL 1.0.1 security issues: CVE-2014-3513, CVE-2014-3567, CVE-2014-3567, CVE-2014-3568, CVE-2014-3568,
CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205,
CVE-2015-0206, CVE-2015-0293, CVE-2015-0292, CVE-2015-0289, CVE-2015-0288, CVE-2015-0287,
CVE-2015-0286 and CVE-2015-0209 fixed.
– Improved OpenSSL 1.0.1 security: Added support to mitigate a protocol downgrade attack to
SSLv3 that exposes the POODLE attack.
Fixed libgcrypt11 security issues: CVE-2014-5270, CVE-2015-0837 and CVE-2014-3591
Fixed libgnutls26 security issues: CVE-2015-0294 and CVE-2015-0282
Fixed libnspr4 security issues: CVE-2013-5607 and CVE-2014-1545
Fixed libnss3 security issues: CVE-2013-5606, CVE-2013-5605, CVE-2013-1741, CVE-2013-1739, CVE-2014-1492,
CVE-2014-1544 and CVE-2014-1569
Fixed libc6 security issues: CVE-2014-4043, CVE-2014-0475, CVE-2014-7817, CVE-2014-6040, CVE-2015-1472,
CVE-2015-1473, CVE-2014-9402 and CVE-2013-7423
– Improved FAT USB Stick write performance with using flush,dirsync mount option instead of sync.
The corresponding switch is in the IGEL Registry:
– devices.autofs.automount%.sync_option, default: Disabled (default was changed)
– devices.autofs.automount%.flush_option, default: Enabled (new registry entry)
To get back old behaviour switch devices.autofs.automount%.sync_option to enabled.
– Show a message dialog and reboot device after an IGEL license has been successfuly assigned over UMS.
– Fixed a crash of the disk utility when switching between entries in the left pane too quickly.
– Improved behaviour of the lock screen / log-on screen in connection with notifications and prompts for network credentials.
Fixed focus issues concerning the associated dialogs.
– Do not interrupt boot process if some optional partitions couldn’t be updated because firmware updated
wasn’t started during boot. This can occur if network connection couldn’t be established
(e.g misconfigured VPN or unplugged network cable).
– Fixed a problem of the screensaver, that prevented it from loading images from a mounted Windows share.
– Fixed a problem with IGEL soft keyboard and ICA/RDP session in full screen.
– Fixed display stays black after unplug and plug again monitor from a IGEL UD 3 42/41 (M330C)
– Fixed desktop panel freezes.
– Fixed SANE scanner support (updated to Ubuntu Trusty)
– Fixed non reliable redirect from USB Devices into XenDektop (5.5 & 5.6) sessions (mainly affected single core devices)
– Fixed “Elographics (serial)” Touch Screen Type (setup page User Interface > Input > Touch Screen).
– Fixed issue with resetted keyboard delay/rate options after reboot.
– Fixed Custom Partition configuration while running a firmware update.
– Fixed applying of rules based on USB Class ID.
– Fixed Document/PDF Viewer not opening hyperlinks.
– Fixed start of the stage 2 of the firmware update on devices without active or configured networking
(i.e. update from a USB stick).
– Added hold-to-right-click function for “Elo Multitouch(USB)” and “TSharc (serial)” touchscreens type.
Enable “Emulate right button” on setup page User Interface > Input > Touch Screen.

[X11 system]
– Fixed keyboard layout setting of hotplugged keyboards
– Fixed the “Hide Cursor” feature
– Fixed “Disable NumLock” and “Disable ScrollLock” (parameters x.global.disablenumlock and
x.global.disablescrolllock in Setup Registry)
[X-Server]
– Added additional default graphic modes to the IGEL UD10 TC236 integrated display to allow resolution
changes to different modes.
– Improved radeon display hotplug
– Fixed manual setting of display resolution on UD10
– Fixed display stays black after unplug and plug again monitor from a IGEL UD 3 42/41 (M330C)
– Fixed right mouseclick emulation for multitouch devices
[Universal MultiDisplay]
– Fixed UMD eternal waiting loop bug after update
[Windowmanager]
– The system sets the focus correctly on desktop after system start, if registry key
userinterface.desktop.focusable is enabled, default: disabled
– Fixed taskbar overlapping windows if it is expanded onto all monitors and a second screen is present
at the same direction as the panel.
– Fixed window focus freeze when hotkeys are used with modifiers set to “None”
– Window focus hotkeys now work even when no modifier keys are defined.
[Shadowing/VNC]
– Fixed bugs with certain special characters
– enable registry key “iseriesaccessglobal.iso8859_2_fix”, to fix
keyboard input of eastern european characters (czech, slovak, etc.)
default: disabled
[Audio]
– Fixed autostart of the sound control dialog.
– Fixed whining of front audio port of IGEL UD3 42/41 (M330C)
[Hardware]
– Fixed usage of intel turbo boost on newer intel CPUs (sandybridge and newer)
– Fixed right mouseclick emulation for multitouch devices
– Fixed Display Port/HDMI Audio with Intel Haswell chipsets, that need power well support
– Fixed display stays black after unplug and plug again monitor from a IGEL UD 3 42/41 (M330C)
[Java]
– Java (webstart) applications can now launch the local browser by using the desktop’s url-handler
[TC Setup]
– Added hint in setup tooltips that suspend option isn’t available with Universal MultiDisplay.
– Fixed license SecMaker EULA dialog in setup when activating SecMaker Net iD PKCS#11
module: in some cases the dialog had to be accepted twice.
– Fixed german translation in IGEL Setup: Zubehโ€r->Systemprotokolle->Optionen
[Remote Management]
– Enhanced UMS structure tag mechanism. When manually registering Thin Clients from UMS, the structure tag
is taken into account now.

Release: IGEL Universal Management Suite 4.09.100

Tuesday, April 21st, 2015

=================
IGEL Universal Management Suite
=================
Version 4.09.100
Release date: 20.04.2015
=================
Notes
=================

Windows Server 2003 is no longer supported by the IGEL UMS (Java 8 does not
support Server 2003).

The option to accept UMS server certificate temporary when connecting with
UMS console was removed due to incompatiblity with security enhancements.

The linux installer is tested with
– Ubuntu 12.04 (32bit) and Ubuntu 14.04 (32bit and 64bit)

For further compatibility information check the Universal Management Suite
Data Sheet at www.igel.com.
*********************
UMS 4.09.100
*********************
=================
New features
=================

[UMS common]
– Updated java environment to Java 8 Update 40
– Added ability to disable the UMS server http connector. If disabled, secure connections are allowed only (https). Http connector can be disabled in UMS Administrator->Ports/Timeouts->’Allow SSL connections only’
– Added support for Oracle 12c database
[Console, common]
– Added link to user manual on edocs.igel.com (Menu Misc->User manual); User manual in pdf format is no longer included in UMS installations
– Added “configuration changed flag” after assigning/releasing a profile to/from thin clients/ thin client directories.
[Profiles]
– Added new profile type: Master-profile
* master-profiles allow a priorised profile assignment which cannot be overwritten by standard-profiles (priority of master-profiles is always higher than priority of standard-profiles)
* master-profiles are organized in a separate root node in the navigation tree (for access control reasons)
* assignment priority of master-profiles is inverse to standard-profiles: profile closest to TC has lowest priorits, indirect assignments with largest distance have highest priority)
* Use master-profiles to force thin client settings which must not be overwritten by standard-profiles (e.g. session profiles or desktop configuration profiles managed by department administrators or helpdesk)
– Enhanced template profile health check: list empty template values in health check result
[Views]
Added view export feature: send view result by mail (via SMTP).
Exports can be triggered manually via view context menu action or scheduled as administrative task.
Initial configuration of mail server, security settings and user credentials has to be defined in the UMS console administration tree ‘Global Configuration-> Email Settings’. Available parameters are:
* SMTP Host
* Reply Address
* SMTP User
* SMPT Password
* SMTP Port
* Available authentication methods: simple, SSL/TLS, Start TLS
[Universal Firmware Update]
– Added release notes in html format (available with the latest firmware versions only)

=================
Resolved Issues
=================
[UMS common]
– Fixed several security issues: the UMS server is now based on Tomcat 8.0.14. Please refer to http://tomcat.apache.org/tomcat-8.0-doc/changelog.html for details
– Fixed: Directory rules with a product name criterion had no effect on reboot or register.
[Console, common]
– Fixed problem with Recycle Bin: objects would randomly reappear if you put them in the Recycle Bin, clear the Recycle Bin and refresh the tree (F5)
– Fixed minor issue in log level configuration (administration tree): log level labels are now translated
– Fixed some template key issues:
* assignment inconsistency after restoring template keys from the recycle bin
* renaming issue on template values
– Fixed issue with views containing the online criterion: they are now assignable to jobs
[Profiles]
– Fixed: profiles with “overwrite” – flag are now effective again.
[Thin clients]
– Fixed “export Thin Clients” action for Thin Clients and Thin Client directories. Now this action is available in the context menu of content tables too.
– Improved performance in ums console for thinclient-directories with a lot of profile assignments.
[Shared Workplace Feature]
– Fixed shared workplace profile assignment inconsistency: assignments to AD groups now have less priority than direct assignments to a AD user
[Views]
– Fixed issue with missing thin clients in views with ‘assigned profiles’ criterion
– Fixed: a view with “profile assigned” criterion now shows all thinclients with the chosen (direct and indirect) assigned profile.
[Jobs]
– Fixed date picker issue: wrong week day abbreviations (e.g. in ‘Edit Job’ dialog) for german language replaced by proper ones
[Files (URLFiles)]
– Fixed file transfer via context menu ‘File UMS->TC’ on thin client directories
[Universal Firmware Update]
– Changed ums firmware update authentication. All firmware update user entries will be updated to user ‘IGEL_INTERNAL_FIRMWAREUPDATE_USER’ and will get a generated password. It is no longer necessary to manage the users in firmware updates manually (e.g. on password changes).
– Fixed universal firmware update registration issue: when registering a firmware update from zip file, direct assignments to thin clients are not possible.
– Fixed: Disabled the ftp/WebDAV buttons, if no row is selected (in “Check for Firmware Updates”)
– Fixed: ums firmware updates can be created out of windows 7+ snapshots.
– Fixed HTTP response code 500 when proxy configuration of universal firmware update is used.
[Configuration Dialog]
– Fixed coloring issue with nodes Userinterface -> Display -> Desktop -> Background: path is now marked blue, if paramters are activated.
Additional: Pages which contains template keys are now displayed green.
[Console, administration tree]
– Fixed issue in ‘Wake on LAN’ configuration: add/remove/change subnet or netmask configurations sometimes generated ‘Index: 0, Size: 0’ errors
[AD / LDAP integration]
– fixed a bug occurred by deleting AD/LDAP configurations
[Console, webstart]
– Added full support for Java 8 RIA (Java Web Start) security features. Application and web start configuration (jnlp) are signed. Starting UMS Console via web start will produce no security warnings.
[Database schema]
– Fixed: The search results in oracle databases can now be deleted
[Universal Customization Builder (UCB)]
– Fixed minor internatialization issues in UCB (some labels had wrong language)

Tip: Having trouble with Remote Desktop Gateway and IGEL Linux V5.. Ask for a trial firmware.

Tuesday, March 24th, 2015

Hi Folks,

a User reported that IGEL has a none public Firmware Version 5.05.250 for the LX based devices available which fixes a few issues with the Remote Desktop Gateway access. We got this asย email regarding the fact that some of our FAQ’s did not solve an issue for a user and i believe this do may apply also for other users.

This beta Firmware comes also with an updated Citrix Receiver 13.1.2.295815 but from the release notes it doesn’t support the new UD6 Hardware (iam not sure if this is a mistake).

To get the firmware you should get in contact with the IGEL Support but please note that this is not an official release.

Cheers

Michael

New Release: IGEL Linux for ARM (UD2 Multimedia/IZ1) based devices Version 1.09.100

Tuesday, March 10th, 2015

IGEL Linux SoC
==============
Version 1.09.100
Release date 2015-03-09
Last update of this document 2015-03-09

Supported devices: IZ1-RFX, IZ1-HDX, UD2-LX MultiMedia

The online Release Notes can be found at http://edocs.igel.com/#10202674.htm
Registry Keys of parameters are listed there.

====================
Versions:
====================
Clients:
– Citrix Receiver 12.5.1
– Citrix Receiver 13.1.2.295815
– Firefox 20.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– Oracle JRE 1.7.0_60
– VMware Horizon client 2.0.0-1049726

Smartcard:
– Reader Driver ACS CCID 1.0.5
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Resource Manager PC/SC Lite 1.8.9

System Components:
– Xorg X11 Server 1.10.4
– Xorg Xephyr 1.10.4
====================
Information:
====================
IMPORTANT: Depending on your board, you may not be able to downgrade to
versions earlier than 1.08.300. Check the Application Launcher
at the “About” Tab. If you have a board with a so called SPI-Flash
attached, you can read its type at the “Hardware” section.
If your type is “w25q80”, the lowest version to downgrade to is
1.08.300. If you don’t have a SPI-Flash, the lowest version to
downgrade to is 1.07.100

IMPORTANT: This releases integrates two Citrix Receiver versions 12 and 13.
You can only choose to run either of the versions.
The old 12 Citrix Receiver is still available for compatibility
reasons and activated by default. Version 13 of the Citrix Receiver
can be activated at the local setup of the device or through a UMS
profile configuration.
====================
Removed features:
====================

[Java]
– Removed java webstart session type and webbrowser support
====================
Known issues:
====================

[ICA/Citrix Receiver 12 and 13]
– Currently Kerberos is not supported, so Kerberos passthrough will not work
with Legacy ICA sessions and Citrix StoreFront/Web Interface.
Workaround: configure “Passthrough authentication”

[RDP/IGEL RDP Client 2]
– RDP sessions freeze sporadically, if RD Gateway support is enabled.
====================
New features:
====================

[ICA/Citrix Receiver 13]
– Updated Citrix Receiver to version 13.1.2
– Added “CGP Address” parameter to support the session reliability feature on page:
Citrix > HDX / ICA Global > Options
(Please note that this parameter might be overwritten by the Citrix server.)
– Added parameter “ica.wfclient.twiavoidfullscreenwhenmaximized” to enable
a bug fix from Citrix regarding maximization of windows in a multi-monitor
setup with different resolutions (default: disabled).
– Added parameter “ica.wfclient.twisetfocusbeforerestore” to enable a
workaround from Citrix to set the focus on windows before restoring them
to avoid issues with Java applications.(default: disabled)
– Added parameter “ica.wfclient.applysucconntimeouttodesktops” to let the
session sharing timout option “SucConnTimeout” be applied to desktops
as well (default: disabled)
– Added registry parameter “ica.pnlogin.use_ctx_auth_mgmt”, that
enforces usage of the built-in authentication management of the
Citrix Receiver 13 instead of the IGEL mechanism. This disables credential
related features like passthrough, auto-logon etc.

[ICA/Citrix Receiver 12 and 13]
– Added registry parameter “ica.pnlogin.debug” to enable debug output of
pnlogin on stderr console.
– Added parameter windowmanager.wm0.variables.igelicaallowminimize in the
registry to circumvent problems java-based windows over ICA with a popup
window. If set to false, ICA windows with a popup can not be minimized
anymore.
– Improved the synchronization of starting Citrix sessions to avoid opening
multiple ICA channels, if possible. For fine-tuning, it is possible to
configure the maximum waiting time until a session starts, regardless of
the status of a previous started session. The parameter is available in
the registry: “ica.pnlogin.app_start_max_delay” (default: 30)
– The new synchronization mechanism mentioned above applies also for
autostarted published applications, configurable on
setup page Citrix > Citrix StoreFront / Web Interface > Logon.

[RDP/IGEL RDP Client 2]
– Added RD Gateway support for RDP sessions and RD Web Access:
configurable at “IGEL Setup->Sessions->RDP->RDP Global->Gateway”,
“IGEL Setup->Sessions->RDP->RDP Sessions->[session name]->Gateway” and
“IGEL Setup->Sessions->RDP->Remote Desktop Web Access->Server location”
– Improved RDP Remote Apps: Tray icons and tooltips can be used.
– Added workarea mode support at “IGEL Setup->Sessions->
RDP->RDP Global->Window->Window Size” as a global setting.
You can also configure workarea mode session-specific at “IGEL Setup->Sessions->
RDP->RDP Sessions->[session name]->Window->Window Size”.
Please note that either workarea mode or the toolbar can be used.
Workarea mode superseeds toolbar configuration.
– Added a startup splash screen that is shown while connecting to a RDP server.

[Java]
– Added Oracle JRE Version 1.7.0 update 60

[base system]
– If you have a device with SPI-Flash, you’ll now see the type in the
Application Launcher at ‘About -> Hardware’
– If you have a device with a SPI-Flash, the type of the Flash
is now visible within UMS
– Updated IGEL Setup to version 4.8.18:
Added a quick link bar on many setup pages to find and get to related
configuration pages directly. Increased the default size of the setup window
to retain the readability of the affected setup pages (only when the setup
is started for the first time).
– Added possibility to add custom timezone files to /wfs/zoneinfo/ directory.
====================
Resolved issues:
====================

[ICA/Citrix Receiver 13]
– It is now possible to use an IP address to access a Citrix server

[ICA/Citrix Receiver 12 and 13]
– ICA sessions are not closed anymore, when a USB headset is plugged in or out
– Fixed StoreFront instability
– Added a registry key to disable the DSP acceleration ica.disable_dsp_accel,
default: disabled
– Fixed ICA session handling with applications from more than three server.
– Fixed missing desktop/menu icons with Citrix StoreFront/Web Interface
– Fixed matching of application names in ICA autostart list
– Fixed Citrix StoreFront/Web Interface refresh command
– Fixed problems with vanishing systray icons.
– Fixed window focus after closing a dialog. The focus will be set correctly.
– Added a workaround to deal with windows of a very low height, that show up.
in the taskbar although they shouldn’t (e.g. some tooltip windows in seamless
Citrix sessions). To use this, adjust the parameter
“windowmanager.wm0.variables.tooltipsize” in the registry. A useful value for
single-lined tooltip windows would be 20.

[RDP/IGEL RDP Client 2]
– Fix for published applications which alias name is like “NAME (1)”.
– Improved RDP Network authentication support (NLA) if Local Logon is used.
Previously Network authentication support (NLA) wasn’t reliable.
– Fixed synchronization of lock keys (like num lock, caps lock and so on).
– Added support for various multimedia keys within RDP sessions, e.g on
keyboard Logitech MK270.
– Improved handling of server redirection. There was a bug which randomly
crashed the client application once it got redirected by the server.
– Improved RD Web Access logout mechanism. The started applications will be closed
if we perform a logout.
– Fixed bug in RD Web Access to utilize global settings.

[base system]
– updated libssl0.9.8; this fixes:
– CVE-2013-0166
– CVE-2013-0169
– updated libssl1.0.0; this fixes:
– CVE-2014-3571
– CVE-2015-0206
– CVE-2014-3569
– CVE-2014-3572
– CVE-2015-0204
– CVE-2015-0205
– CVE-2014-8275
– CVE-2014-3570
– Fixed glibc 2.13 security issues: CVE-2015-0235 (GHOST), CVE-2009-5029,
CVE-2011-1658, CVE-2011-4609, CVE-2012-3405, CVE-2012-3480, CVE-2013-4788,
CVE-2013-4458, CVE-2013-4332, CVE-2013-4237, CVE-2013-1914, CVE-2013-0242,
CVE-2012-4424, CVE-2013-4458, CVE-2014-0475, CVE-2014-5119, CVE-2014-0475,
CVE-2013-4357, CVS-2014-7817, CVE-2014-6040 and CVE-2012-6656
– Fixed the “Hide Cursor” feature
– The system sets the focus correctly on desktop after system start, if
registry key userinterface.desktop.focusable is enabled, default: disabled

Release: IGEL Universal Desktop LX/OS Firmware 4.14.100

Tuesday, February 24th, 2015

IGEL Universal Desktop LX
=========================
Version 4.14.100
Release date 2015-02-23
Last update of this document 2015-02-23

Supported devices:
UD2-x31 LX, UD2-x30 LX, UD2-x21 LX, UD2-x20 LX
UD3-x40 LX, UD3-x31 LX, UD3-x30 LX, UD3-x21 LX, UD3-x20 LX
UD5-x40 LX, UD5-x30 LX, UD5-x20 LX
UD9-x31 LX, UD9-x30 LX
The online Release Notes can be found at http://edocs.igel.com/index.htm#10202439.htm
Registry Keys of parameters are listed there.

====================
Versions:
====================
Clients:
– 2X Client 12.0.0-2270
– Cisco VPN Client 4.8.02.0030-k9
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.6.0-6
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.1.2.295815
– Client for RedHat Enterprise Virtualization Desktops 3
– Dell vWorkspace Connector for Linux 7.7.3
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– FabulaTech USB for Remote Desktop 5.0.4
– Firefox 17.0.11
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– NCP Secure Client (Enterprise) 3.25-rev15580-i686
– NX Client 4.2.27
– Oracle JRE 1.7.0_76
– SAP GUI java710rev6
– Thinlinc Client 4.3.0-4538
– ThinPrint Client 7.0.63
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon client 3.2.0-2331566
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.2.7

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.3665
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.1.1.21
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.5
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems CCID 5.0.27
– Resource Manager PC/SC Lite 1.8.9

System Components:
– Graphics Driver INTEL 2.17.0
– Graphics Driver VIA 5.75.32.87a-59172
– Graphics Driver VIA Legacy 4.1.83
– Xorg X11 Server 1.11.4
– Xorg Xephyr 1.7.6
====================
Information:
====================
IMPORTANT:
This release contains Citrix Receiver versions 12 and 13.
The Citrix Receiver 12 is still available for compatibility reasons and
activated by default. Version 13 of the Citrix Receiver can be activated at
the local setup of the device or through a UMS profile configuration.
Only one version can be used.
====================
Known issues:
====================

[Dell vWorkspace Connector]
– Seamless applications exported from Win8/8.1 desktops show display errors when
dragged to the screen edges.
– At dual view configuration flash redirected windows can appear on wrong screen.
– After the start of a seamless session the window is initially maximized before being
resized to the correct size.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection may not work reliable.
– Session starts only if RDP Local Logon Window
(IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active.

[VMware Horizon]
– Remote Applications are not seamless in the strict sense.
These are rather displayed in an extra window decorated by the TC’s window manager.
– If more applications defined and started in the same session, all are displayed inside this window.
The default size of this window can be defined in the Window section of the Horizon session.
– PCoIP user input language synchronization is currently broken.

[StepOver]
– StepOver serversonet does not work with natureSign signature pad.

[Genucard]
– Genucard versions 4 or greater currently cannot retrieve an IP adress.

[Smartcard]
– In mode “IGEL Smart Card without Locking Desktop”: when a Horizon session is running
and the smart card is removed , the Horizon desktop and application chooser window stays open.
– In mode “IGEL Smart Card without Locking Desktop”: when a RDP session is running
and the smart card is removed, a bogus warning window is shown.
– Running 2X sessions from IGEL Smart Card fails with error “server name missing”.
====================
New features:
====================

[Citrix Receiver 13]
– Integrated Citrix Receiver 13.1.2
– Added support for StoreFront
Hints (It is IMPORTANT to read this, if you plan to use Citrix Receiver 13
instead of 12 and/or want to connect to a Citrix StoreFront server):
– This firmware contains two Citrix Receivers, but only one of them can be
active at a time. Default is Citrix Receiver 12. The version can be
switched by the new parameter “Use Citrix Receiver version 13” in the
IGEL setup at “Sessions->Citrix->Citrix Receiver Selection”
– The new parameter “Citrix server type” on IGEL setup page
“Sessions->Citrix->Citrix StoreFront / Web Interface ->Server” defines the
capabilities of the Receiver
according to the used Citrix server versions (default is “Web Interface”).
– For Citrix StoreFront only access via https is supported. If the SSL certificate
of your Citrix server is not signed by a trusted certificate authority
(like Verigsign, Thawte etc.), you have to install the root certificate of your
own certificate authority on each Thin Client.
Please use http://edocs.igel.com/index.htm#10200413.htm to access the
document on how to install SSL certificate.
– Legacy ICA sessions only work with Citrix XenApp servers up to version 6.5.
– The parameter “Deferred update mode” has no effect anymore.
– Added support for SHA-2 based certificates.
– Kerberos is only supported with Legacy ICA Sessions and Web Interface,
not with StoreFront.
– To enable usage of Smartcard authentication it is necessary
to choose Smartcard logon on the redesigned setup page
Citrix > Citrix StoreFront / Web Interface > Logon
and to choose the correct smart card on page
Citrix > Citrix StoreFront / Web Interface > Logon > Smartcard.
Passthrough authentication with smart card is only possible with StoreFront.
– Added “CGP Address” parameter to support the session reliability feature on page:
Citrix > HDX / ICA Global > Options
(Please note that this parameter might be overwritten by the
Citrix server.)
– Added parameter “ica.wfclient.twiavoidfullscreenwhenmaximized” to enable
a bug fix from Citrix regarding maximization of windows in a multi-monitor
setup with different resolutions (default: Disabled).
– Added parameter “ica.wfclient.twisetfocusbeforerestore” to enable a
workaround from Citrix to set the focus on windows before restoring them
to avoid issues with Java applications.(default: Disabled)
– Added parameter “ica.wfclient.applysucconntimeouttodesktops” to let the
session sharing timout option “SucConnTimeout” be applied to desktops
as well (default: Disabled)
– Added registry parameter “ica.pnlogin.use_ctx_auth_mgmt”, that
enforces usage of the built-in authentication management of the
Citrix Receiver 13 instead of the IGEL mechanism. This disables credential
related features like passthrough, auto-logon etc.
– With Citrix Receiver 13 there is support for new graphics codec parameters:
– H264 deep compression codec registry keys:
* ica.wfclient.h264enabled (disabled by default)
* ica.wfclient.texttrackingenabled
* ica.wfclient.smallframesenabled
The H264 codec is only usable if the multimedia codec pack is installed.
Detailed description of the parameters are available at:
http://support.citrix.com/proddocs/topic/receiver-linux-13-1/receiver-linux-13-1.html and

Click to access linux-oem-guide-13-1.pdf

– JPEG codec registry keys:
* ica.wfclient.directdecode
* ica.wfclient.batchdecode (enabled by default)
Detailed description of the parameters are available at:
http://support.citrix.com/proddocs/topic/receiver-linux-13-1/receiver-linux-13-1.html and

Click to access linux-oem-guide-13-1.pdf

[ICA]
– Updated Philips Speech drivers to version 12.2.7
– New Grundig dictation driver: increased stability of audio channel.
Grundig SoundBox 820, DigtaSonic Mic I and ProMic 840 are not supported any more
– Updated driver for dictation with Olympus devices
– Added Citrix HDX RTME 1.6.0-6 used for Lync optimization.
– ICA sessions with Kerberos Passthrough: it is now possible to choose the Kerberos
implementation(s) which are used with Citrix via parameter
ica.module.virtualdriver.sspi.kerberosselection default: Heimdal,MIT
– Added parameter windowmanager.wm0.variables.igelicaallowminimize in the
registry to circumvent problems java-based windows over ICA with a popup
window. If set to false, ICA windows with a popup can not be minimized
anymore.
– Added support to restrict Legacy ICA sessions with workarea window mode to
a single monitor at
“IGEL Setup->Sessions->Citrix-> Legacy ICA Sessions->[session name]->
Window->Start Monitor”.
The value “No Configuration” expands the windows over all monitors without
hiding the taskbar.
– Improved the synchronization of starting Citrix sessions to avoid opening
multiple ICA channels, if possible. For fine-tuning, it is possible to
configure the maximum waiting time till a session starts, regardless of
the status of a previous started session. The parameter is available in
the registry: “ica.pnlogin.app_start_max_delay” (default: 30)
– Added a mechanism to autostart published applications, configurable on
setup page Citrix > Citrix StoreFront / Web Interface > Logon.
The new synchronization mechanism mentioned above is applied for
autostarts as well.

[RDP]
– Integrated IGEL RDP Client 2:
– New workarea window mode
– New Audio-In support
– Improved RemoteApp support
– Fixes for drive mapping
– Without Gateway Support
– Without RDP 8 based RemoteFX support (EGFX)
– Without Video Optimized Redirection (EVOR)
– IGEL Legacy RDP Client 1.0 can be enabled at setup page:
IGEL Setup -> Sessions -> RDP -> RDP Global -> Options
– Updated Philips Speech drivers to version 12.2.7
– New Grundig dictation driver: increased stability of audio channel.
Grundig SoundBox 820, DigtaSonic Mic I and ProMic 840 are not supported any more
– Updated driver for dictation with Olympus devices

[VMware Horizon]
– Updated VMware Horizon Client to version 3.2.0-23315666
– Added support to start a specific application published by a Horizon 6 server.
In the IGEL Setup go to Sessions->Horizon Client->Horizon Client Sessions
choose a session or create one and specify under Connection Settings
the application name to start and set the session
type to “Application”. (the checkbox “Autoconnect” should also be enabled).
In the IGEL setup registry the new keys can be found in each view session:
– sessions.vdm_client%.options.appname
– sessions.vdm_client%.options.sessiontype (default: “Desktop”)
– RDP sessions are using the standard IGEL RDP Client 2 client now
instead of the legacy rdesktop variant.
– The Ctrl+Alt+Delete behavior (for PCoIP sessions) has three options now:
* show Horizon Client’s chooser dialog to either send the key combo to the
host/VM or disconnect from the session
* send Ctrl-Alt+Delete directly to the host/VM
* do nothing
The corrosponding key in the IGEL registry is found in:
– vmware.view.handle-ctrl-alt-del (default is “Show chooser”)
For sessions connected via Microsoft RDP the chooser dialog is the only option.
– Added switch for “Ctrl+Alt+Insert” redirection to VM.
Depending on server configuration either “Ctrl+Alt+Insert”,
“Ctrl+Alt+Delete” or no action can be triggered.
The registry key is located at “vmware.view.sendctrlaltinstovm” (default: Disabled)

[Dell vWorkspace Connector]
– Updated Dell vWorkspace Connector for Linux to version 7.7.3
– Added switch to enable bidirectional audio at
“IGEL Setup->Sessions-> RDP->RDP Global->Sound->Audio capture”
for global configuration, or session-specific at
“IGEL Setup->Sessions-> vWorkspace Client Sessions->[session name]->Mapping->Enable Microphone mapping”
– Added switch for font-smoothing at
“IGEL Setup->Sessions-> RDP->RDP Global->Performance->Enable Font smoothing”
for global configuration or session-specific at
“IGEL Setup->Sessions-> vWorkspace Client Sessions->[session name]->Performance->Enable font smoothing”.
– Added switch for vWorkspace connection bar at
“IGEL Setup->Sessions ->RDP->RDP Global->Enable Toolbar”
for global configuration, or session-specific at
“IGEL Setup->Sessions->vWorkspace Client Sessions-> [session name]->Window->Display the
connection bar when in full screen mode”.

[NX-Client]
– Updated NX Client to version 4.2.27:
New parameters:
– Connection service: sessions.nxclient<NR>.general.connection_service (Possible values: SSH, NX. Default: SSH)
– Logon method: sessions.nxclient<NR>.login.login_method (Possible values: Password, Private key. Default: password)

[2X Client]
– Updated 2X Client to version 12.0.0-2270
New parameters:
– TLS Authentication: sessions.twox<NR>.local_resources.windows_key_combinations Default: Disabled
– Network Level Authentication: sessions.twox<NR>.advanced.network_level_authentication Default: Enabled
– Pre-Windows 2000 Login Format: sessions.twox<NR>.advanced.oldwindows_login_format Default: Enabled
– Windows key combinations: sessions.twox<NR>.local_resources.windows_key_combinations Default: Local

[Shared Workplace]
– Shared workplace (SWP) now supports user display configurations
(including resolution, orientation, layout, refresh rates).

[ThinLinc]
– Updated ThinLinc client to version 4.3.0-4538.
New parameters:
– Multi monitor option: sessions.thinlinc<NR>.config.full_screen_all_monitors (default: Enabled)
– Resize remote desktop session: sessions.thinlinc<NR>.config.remote_resize (default: Enabled)
– Send system keys: sessions.thinlinc<NR>.config.send_syskeys (default: Enabled)
– SmartCard redirection: sessions.thinlinc<NR>.config.smartcard_export_enabled (default: Disabled)
– Lockdown Local device tab: sessions.thinlinc<NR>.options.locklocaldevices (default: Enabled)
– Lockdown Security tab: sessions.thinlinc<NR>.options.locksecurity (default: Enabled)

[Leostream Java Connect]
– Updated Leostream Connect_Java Client to Version 3.0.57

[Shadowing/VNC]
– Changed VNC version to 0.9.13
– Added VNC secure mode, based on a SSL-encrypted VNC connection. The SSL
connection uses a special certificate located in the directory /wfs/ca-certs.
This feature requires the Universal Management Suite (UMS) to be involved,
to handle the shadowing permissions and double check whether the connection
is allowed or not. In addition the UMS is used to assure a secure credential
exchange between the TC and the UMS console.
IMPORTANT: The UMS must have the version 4.07.100 or higher!
The feature can be enabled in IGEL setup at “System->Shadow->Secure Mode”

[Smartcard]
– Upgraded HID Global Omnikey smart card reader driver to version 4.0.5.5.
The following new readers are supported:
OMNIKEY CardMan (076B:0596) 2020
OMNIKEY CardMan (076B:3020) 3020
OMNIKEY CardMan (076B:3022) 3021
OMNIKEY CardMan (076B:3620) 3620
OMNIKEY CardMan (076B:7021) 3121
OMNIKEY CardMan (076B:3623) 3621
OMNIKEY CardMan (076B:3822) 3821
OMNIKEY CardMan (076B:3823) 3821
OMNIKEY CardMan (076B:5820) 4121 CL
OMNIKEY CardMan (076B:512D) 5025 PROX CL
OMNIKEY CardMan (076B:502A) 5025 PROX CL
OMNIKEY CardMan (076B:C001) 5121
OMNIKEY CardMan (076B:C100) 5121
OMNIKEY CardMan (076B:C101) 5121
OMNIKEY CardMan (076B:C104) 5125 CL
OMNIKEY CardMan (076B:C105) 5125
OMNIKEY CardMan (076B:5127) 5127 CK
OMNIKEY CardMan (076B:5220) 5220 Pay CL
OMNIKEY CardMan (076B:5221) 5221 Pay
OMNIKEY CardMan (076B:5311) 5321
OMNIKEY CardMan (076B:532B) 5321 Pay
OMNIKEY CardMan (076B:5340) 5021 CL
OMNIKEY CardMan (076B:A521) 5321
OMNIKEY CardMan (076B:5326) 5326 DFR
OMNIKEY CardMan (076B:5421) 5421
OMNIKEY CardMan (076B:1784) 6020
OMNIKEY CardMan (076B:6623) 6121
OMNIKEY CardMan (076B:6310) 6311 CL
OMNIKEY CardMan (076B:1BD0) 7120
OMNIKEY CardMan (076B:1BD1) 7121
OMNIKEY CardMan (076B:8630) 8630
OMNIKEY CardMan (076B:9621) 9621
CCID SC Reader (076B:A023)
CCID SC Reader (076B:A024)
CCID SC Reader (076B:A111) Keyboard
CCID SC Reader (076B:A112) Keyboard
CCID SC Reader (076B:A721)
CCID SC Reader (076B:B000) HID identiCLASS
CCID SC Reader (076B:B001) iCLASS Smart@Link
CCID SC Reader (076B:C000)
CCID SC Reader (076B:C200)
CCID SC Reader (076B:C300)
CCID SC Reader (0BF8:101B)
Fujitsu D321 (0BF8:1021)
Fujitsu G87 SC Contact Keyboard Cherry SmartTerminal XX44 (046A:007B)
Cherry SC Reader (046A:0090)
Cherry SC Reader (046A:0091)
Cherry SC Reader (046A:0092)
Cherry SC Reader (046A:00A3)

[Driver]
– Updated Softpro VirtualSerialSignpad driver to version 1.4.6.0

[USB Redirection]
– Upgraded Fabulatech USB for Remote Desktop up to 5.0.4

[Java]
– Updated JRE to version 1.7.0 update 76

[StepOver]
– Updated StepOver serversonet to version 0.7.16

[Network]
– Added parameter for DHCP user class option (see RFC 3004): * network.dhcp.user_class The default value is
empty and means that the option is not used. Non-printable bytes can be specified as \ooo, where each o is
an octal digit, or \xhh, where each h is a hexadecimal digit. ‘\’ and ‘”‘ must be escaped by prepending ‘\’.
– Added parameters for DHCP client identifier options (see RFC 2132):
– network.interfaces.ethernet.device0.dhcp_client_id
– network.interfaces.ethernet.device1.dhcp_client_id
– network.interfaces.wirelesslan.device0.dhcp_client_id
Example values: \x00host.example.org (a FQDN with type byte 0 prepended),
\x01\x00\x11\x22\x33\x44\x55 (the MAC address 00:11:22:33:44:55 with type byte 1 prepended)

[VPN]
– Upgraded NCP Enterprise VPN client up to 3.25-rev15580

[base system]
– Active Directory/Kerberos Logon: it is now possible to specify the default lifetime
and renewal lifetime of Kerberos tickets with parameters auth.krb5.libdefaults.ticket_lifetime
and auth.krb5.libdefaults.renew_lifetime in setup registry.
The default values are 10 hours and 7 days respectively.
– New TC Setup 4.8.18:
Added a quick link bar on many setup pages to find and get to related
configuration pages directly. Increased the default size of the setup window
to retain the readability of the affected setup pages (only when the setup
is started for the first time).
– Updated Chinese, Dutch, French and German userinterface translations
– Changed english label of start button on Application Launcher’s Applications
page from “Start” to “Execute”. A custom label for the button can be defined with parameter:
– userinterface.launcher.displaynames.startbuttonname.
– Added possibility to add custom timezone files to /wfs/zoneinfo/ directory.
– Increased the default taskbar height to 40.

====================
Resolved issues:
====================

[ICA]
– Fixed missing desktop/menu icons with Citrix XenApp/Program Neighborhood
– Fixed matching of application names in ICA autostart list
– Fixed Citrix XenApp/Programm Neighborhood refresh command
– Fixed problems with vanishing systray icons.
– Fixed: ICA sessions are not closed anymore, when a USB headset is plugged in or out.
– Fixed window focus after closing a dialog. The focus will be set correctly.
– Added a workaround to deal with windows of a very low height, that show up.
in the taskbar although they shouldn’t (e.g. some tooltip windows in seamless
Citrix sessions). To use this, adjust the parameter
“windowmanager.wm0.variables.tooltipsize” in the registry. A useful value for
single-lined tooltip windows would be 20.

[XEN]
– Fixed a minor bug in xen appliance mode with german keyboard layout and numblock DEL key.

[RDP]
– Fixed log on with Gemalto .net cards to Windows Server 2008
– Fixed execution problems of RemoteApps with short names.

[VMware Horizon]
– Added for passthrough authentication the possibility to use the shortened
domain name instead of the fully qualified domain name, like “EXAMPLE” instead of “EXAMPLE.COM”.
To enable shortened domain name for a particular session, go in the IGEL Registry and set the key
sessions.vdm_client%.options.passthrough_shortdomain to true.
– Fixed bug regarding Horizon/RDP sessions, where session restart was not possible after closing via menu bar
(Disconnect desktop and quit).

[Dell vWorkspace Connector]
– Fixed USB Redirection issues
– Fixed hotkey handling

[IBM_5250]
– Fixed system language detection in IBM iSeriesAccess sessions.
– fixed keyboard input of eastern european characters (czech, slovak, etc.)
enable registry key “iseriesaccessglobal.iso8859_2_fix”, default: Disabled

[ThinPrint]
– Handling of the “default” mark of a printer configured under Devices/Printer/Thinprint/Printer has been improved.

[Shadowing/VNC]
– Improved handling of Lock keys in VNC Server. All modifiers will be cleared
by default when shadowing is started. Lock keys are handled on client side
only by default.
(registry: network.vncserver.clear_all (default: Enabled) and
network.vncserver.skip_lockkeys (default: Enabled))

[XDMCP]
– Fixed X server restart.

[Universal MultiDisplay]
– Fixed UMD screen arrangement

[Smartcard]
– Implemented SCARD_ATTR_CURRENT_PROTOCOL_TYPE in pcsc-lite; this helps smart card log on with
SafeSign minidriver
– Fixed log off with IGEL Smartcard: when additional smart card readers were added or removed during
a session, removing the smart card did not trigger log off any more.

[base system]
– Updated ca-certificates to ubuntus utopic version
The list of integrated certificates is available at:
http://myigel.biz/index.php?dir=IGEL_UNIVERSAL_DESKTOP_FIRMWARE/LX/V4/
– Fixed CVE-2014-6271 (ShellShock Bug)
– Applied bash security patches for CVE-2014-6277, CVE-2014-6278
– Fixed OpenSSL 1.0.1 security issues:
CVE-2014-0160 (heartbleed bug), CVE-2014-0076, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470,
CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-5139, CVE-2014-3512, CVE-2014-3511,
CVE-2014-3510, CVE-2014-3509, CVE-2014-3508, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505,
CVE-2014-3568, CVE-2014-3567, CVE-2014-3513, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571,
CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205 and CVE-2015-0206 fixed.
– Improved OpenSSL 1.0.1 security: Added support to mitigate a protocol downgrade attack
to SSLv3 that exposes the POODLE attack.
– Fixed OpenSSL 0.9.8 security issues: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195,
CVE-2013-0169, CVE-2013-0166, CVE-2012-2333 and CVE-2012-0884 fixed.
– Fixed gnuTLS security issues: CVE-2014-0092, CVE-2011-4128, CVE-2012-1573, CVE-2013-1619,
CVE-2013-2116, CVE-2014-1959, CVE-2014-0092 and CVE-2014-3466 fixed.
– Fixed libtasn1-3 security issues: CVE-2012-1569, CVE-2014-3469, CVE-2014-3468 and CVE-2014-3467 fixed.
– Fixed libgcrypt11 security issues: CVE-2013-4242 and CVE-2014-5270 fixed.
– Fixed libkrb5 security issues: CVE-2010-1321, CVE-2010-1322, CVE-2010-4020, CVE-2010-1323,
CVE-2010-1324, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0284, CVE-2011-1530,
CVE-2012-1012, CVE-2012-1013, CVE-2012-1015, CVE-2012-1014, CVE-2014-4345, CVE-2014-4344,
CVE-2014-4343, CVE-2014-4342, CVE-2014-4341, CVE-2013-6800, CVE-2013-1418, CVE-2013-1416,
CVE-2013-1415 and CVE-2012-1016 fixed.
– Fixed: With Kerberos authentication, when typing a wrong password at log on or screen saver unlock,
badPwdCount in Active Directory was incremented by 2 instead of 1 and thus the
account was locked too soon.
– Added security patch to fix CVE-2014-0196
– Fix for identical custom CAs.
– Fixed CVE-2014-6271 (ShellShock Bug)
– Fixed Active Directory domain logon with user principal names (UPN): Before logon was only working
if the first part of the UPN was the same as the sAMAccountName of the user.
– Improved FAT USB Stick write performance with using flush,dirsync mount option instead of sync.
The corresponding switch is in the IGEL Registry:
– devices.autofs.automount%.sync_option, default: Disabled (default was changed)
– devices.autofs.automount%.flush_option, default: Enabled (new registry entry)
To get back old behaviour switch devices.autofs.automount%.sync_option to enabled.
– Fixed glibc 2.15 security issues: CVE-2015-0235 (GHOST), CVE-2012-6656, CVE-2014-6040,
CVE-2014-7817, CVE-2014-5119, CVE-2014-0475, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043,
CVE-2013-4332, CVE-2012-4412, CVE-2012-4424, CVE-2013-0242, CVE-2013-1914, CVE-2013-4237
and CVE-2013-4332
– Fixed english label in application launcher: renamed “Start …” in context menu of
applications to “Execute …”
– On resume caps-lock/scroll-lock modifiers are reset
– Updated timezone information

[TC Setup (Java)]
– Added hint in setup tooltips that suspend option isn’t available with Universal MultiDisplay.
– Fixed alphabetical sorting of keyboard layout list on IGEL Setup page User Interface->Language.
Previously the sorting was not correct in some languages like German.

[Desktop]
– Fixed the “Hide Cursor” feature
– Added support for DisplayPort Resolution 2560×1080
– Fixed display gamma correction setting on UD2 and UD3
– Fixed wrong background of taskbar separators after screen lock
– The System set the focus correctly on desktop after system start.
Registryparameter: userinterface.desktop.focusable must be activate.

[VPN]
– Fixed Genucard DHCP IP retrieval

Release: IGEL Universal Desktop W7 3.09.200

Tuesday, January 20th, 2015

Hi Folks,

already 10 days ago IGEL has released a new WES Firmware 3.09.200 for W7 and W7+ devices.

There is only one change in the firmware:

- Fixed USB driver problem on UD9 (Device hangs on "Applying snapshot... Do not turn off!" while updating)

So this release is only important if you are using the UD9 Thin Client and want to update to the latest 3.09.x release.

Cheers

Michael

Firmware Release: Universal Deskop W7 and W7+ 3.09.100

Wednesday, December 17th, 2014

IGEL Universal Desktop W7
=========================
Version 3.09.100
17. December 2014

Supported devices:
UD3-W7, UD5-W7, UD6-W7, UD9-W7, UD9-W7 Touch, UD10-W7, UD10-W7 Touch,
UD3-730 W7, UD3-740 W7, UD5-730 W7, UD5-740 W7, UD9-730 W7, UD9-731 W7
===============
Notes:
===============

===============
Drivers:
===============
– Realtek RTL8169 Version: 7.43.321.2011
– VIA HD Audio VT1708B: 6.0.01.8700
– Prolific PL-2303 USBtoSerial: 2.0.2.8
– FTDI UsbToSerial: 2.02.04
– OmniKey Cardman 3×21: 1.2.15.0
– Intel HD Graphics: 9.17.10.2875
– Intel PCI Communication Controller : 8.0.0.1262
– Realtek 8168: 7.61.612.2012
– Intel AHCI : 11.2.0.1006
– Gemalto Minidriver for .NET Smart Card: (WES7: 8.3.1.3)
– VIA WLAN VT6656: 1.1.0.2
– Intel Centrino WLAN N-1000: 15.1.0.18
– Qualcom Atheros WLAN: 10.0.0.285
– VIA Chrome 9 VX855: 8.14.14.0141
– D-LINK DWA-131 Nano: 1085.7.0815.2009
– D-LINK DWA-131 REVB Nano: 1015.6.0210.2012
– VIA Chrome9 VX900: 8.14.14.0181
– VIA Chrome9 VX900 for UD10: 8.14.14.0231
– Ralink RT309x/2860: 3.02.01.0
– Ralink WLAN RT357x 5.1.7.0
– Intel 945 Express: 8.15.10.1930
– eGalax xTouch: 5.11.0.9020
– RTL8168C: 7.018.0322.2010
– Realtek HD Audio: 2.63
– Intel HD Graphics: 36.15.0.1073
===============
Applications:
===============
– .NET: 3.5 Sp1
– Microsoft RDP Client : 8
– Internet Explorer: 8
– Windows Media Player: 12
– Sun JAVA RE: 1.7 Update 17
– Ericom WebConnect: 5.6.1.1000
– Ericom PowerTerm: 9.2.0.0
– NXClient: 3.4.0.7
– Quest vWorkspace Client: 8.0.3
– Ekiga VOIP Client: 3.2.6
– Tight VNC Server: 2.7.10
– Citrix Receiver: 4.1 (14.1.0.0)
– Thin Print: 8.6
– VMware Horizon Client Version: 3.1.0 build-2085634
– Fabulatech USB for Remote Desktop: 5.0.2
– NCP Enterprise Client: 9.30
– Leostream Connect Client: 2.7.129.0
– Client for RedHat RHEV-D: 3.0-26
– USB Redirection for RedHat RHEV-D: 3.0-26
– Sumatra PDF Reader: 2.1.1

===============
New features:
===============
-[System]:
– Added configuration of screen resolution 1280×720
– Added IGEL secure vnc mode
On IGEL setup page “System->Shadow”
(registry key: network.vncserver.secure_mode, default: false)
– Added Microsoft Windows Embedded Standard 7 keyboard filter
– Added Qualcom Atheros wlan driver version 10.0.0.285
– Updated Internet Explorer security sites configuration
Possibility of setting require server verification (https) of “local intranet zone”
and “trusted zone”.
On IGEL setup page: “Sessions->Browser Sessions>Security->Sites”
(registry key: sessions->web->websettings->localintranetzone->requirehttps, default: false)
(registry key: sessions->web->websettings->trustedzone->requirehttps, default: true)
– Added support for UD5-W7 50 and UD6-W7 51
– Added possibility of snapshot updates via https protocol
On IGEL setup page: “System->Update->Snapshots”
– Added usergroup (administrators, users) specific userinterface configuration
On IGEL setup page “User Interface->Desktop->Administrators”
(registry key: userinterface.desktop.user0.autocheckselect, default: false)
(registry key: userinterface.desktop.user0.cddriveautorun, default: false)
(registry key: userinterface.desktop.user0.configure_domain_users, default: false)
(registry key: userinterface.desktop.user0.disablechangepasssword, default: false)
(registry key: userinterface.desktop.user0.disablepreviewdesktop, default: true)
(registry key: userinterface.desktop.user0.disableregistrytools, default: false)
(registry key: userinterface.desktop.user0.disabletaskmgr, default: false)
(registry key: userinterface.desktop.user0.dontprettypath, default: false)
(registry key: userinterface.desktop.user0.filter, default: false)
(registry key: userinterface.desktop.user0.foldercontentsinfotip, default: true)
(registry key: userinterface.desktop.user0.forceclassicontrolpanel, default: true)
(registry key: userinterface.desktop.user0.hddriveautorun, default: false)
(registry key: userinterface.desktop.user0.hidden, default: true)
(registry key: userinterface.desktop.user0.hidefileext, default: false)
(registry key: userinterface.desktop.user0.hideicons, default: false)
(registry key: userinterface.desktop.user0.iconsonly, default: false)
(registry key: userinterface.desktop.user0.listviewalphaselect, default: true)
(registry key: userinterface.desktop.user0.listviewshadow, default: true)
(registry key: userinterface.desktop.user0.mapnetdrvbtn, default: false)
(registry key: userinterface.desktop.user0.navpaneexpandtocurrentfolder, default: false)
(registry key: userinterface.desktop.user0.navpaneshowallfolders, default: true)
(registry key: userinterface.desktop.user0.networkdriveautorun, default: true)
(registry key: userinterface.desktop.user0.nobandcustomize, default: true)
(registry key: userinterface.desktop.user0.nochangestartmenu, default: false)
(registry key: userinterface.desktop.user0.noclose, default: false)
(registry key: userinterface.desktop.user0.nocommongroups, default: false)
(registry key: userinterface.desktop.user0.nocontrolpanel, default: false)
(registry key: userinterface.desktop.user0.nodispcpl, default: false)
(registry key: userinterface.desktop.user0.nodrivea, default: false)
(registry key: userinterface.desktop.user0.nodriveautorun, default: false)
(registry key: userinterface.desktop.user0.nodriveb, default: true)
(registry key: userinterface.desktop.user0.nodrivec, default: false)
(registry key: userinterface.desktop.user0.nodrivee, default: false)
(registry key: userinterface.desktop.user0.nodrivez, default: false)
(registry key: userinterface.desktop.user0.noentirenetwork, default: false)
(registry key: userinterface.desktop.user0.nofavoritesmenu, default: true)
(registry key: userinterface.desktop.user0.nofilemenu, default: false)
(registry key: userinterface.desktop.user0.nofind, default: false)
(registry key: userinterface.desktop.user0.nofolderoptions, default: false)
(registry key: userinterface.desktop.user0.nologoff, default: false)
(registry key: userinterface.desktop.user0.nonetconnectdisconnect, default: false)
(registry key: userinterface.desktop.user0.norun, default: true)
(registry key: userinterface.desktop.user0.nosavesettings, default: false)
(registry key: userinterface.desktop.user0.nosetfolders, default: false)
(registry key: userinterface.desktop.user0.nosettaskbar, default: false)
(registry key: userinterface.desktop.user0.nosimplestartmenu, default: false)
(registry key: userinterface.desktop.user0.nostartmenumoreprograms, default: false)
(registry key: userinterface.desktop.user0.nostartmenusubfolders, default: false)
(registry key: userinterface.desktop.user0.notoolbarcustomize, default: true)
(registry key: userinterface.desktop.user0.notraycontextmenu, default: false)
(registry key: userinterface.desktop.user0.noviewcontextmenu, default: false)
(registry key: userinterface.desktop.user0.nowindowsupdate, default: false)
(registry key: userinterface.desktop.user0.nowinkeys, default: false)
(registry key: userinterface.desktop.user0.ramdriveautorun, default: false)
(registry key: userinterface.desktop.user0.separateprocess, default: false)
(registry key: userinterface.desktop.user0.serveradminui, default: false)
(registry key: userinterface.desktop.user0.showcompcolor, default: true)
(registry key: userinterface.desktop.user0.showinfotip, default: true)
(registry key: userinterface.desktop.user0.showsuperhidden, default: false)
(registry key: userinterface.desktop.user0.showtypeoverlay, default: false)
(registry key: userinterface.desktop.user0.smalliconscontrolpanel, default: true)
(registry key: userinterface.desktop.user0.specifydefaultbuttons, default: false)
(registry key: userinterface.desktop.user0.superhidden, default: true)
(registry key: userinterface.desktop.user0.swappabledriveautorun, default: false)
(registry key: userinterface.desktop.user0.taskbaranimations, default: true)
(registry key: userinterface.desktop.user0.taskbarglomlevel, default: false)
(registry key: userinterface.desktop.user0.taskbarsizemove, default: false)
(registry key: userinterface.desktop.user0.taskbarsmallicons, default: false)
(registry key: userinterface.desktop.user0.unknowndriveautorun, default: true)
(registry key: userinterface.desktop.user0.webview, default: true)
On IGEL setup page “User Interface->Desktop->Users”
(registry key: userinterface.desktop.user1.autocheckselect, default: false)
(registry key: userinterface.desktop.user1.cddriveautorun, default: false)
(registry key: userinterface.desktop.user1.configure_domain_users, default: false)
(registry key: userinterface.desktop.user1.disablechangepasssword, default: true)
(registry key: userinterface.desktop.user1.disablepreviewdesktop, default: true)
(registry key: userinterface.desktop.user1.disableregistrytools, default: true)
(registry key: userinterface.desktop.user1.disabletaskmgr, default: true)
(registry key: userinterface.desktop.user1.dontprettypath, default: false)
(registry key: userinterface.desktop.user1.filter, default: false)
(registry key: userinterface.desktop.user1.foldercontentsinfotip, default: true)
(registry key: userinterface.desktop.user1.forceclassicontrolpanel, default: true)
(registry key: userinterface.desktop.user1.hddriveautorun, default: false)
(registry key: userinterface.desktop.user1.hidden, default: false)
(registry key: userinterface.desktop.user1.hidefileext, default: true)
(registry key: userinterface.desktop.user1.hideicons, default: false)
(registry key: userinterface.desktop.user1.iconsonly, default: false)
(registry key: userinterface.desktop.user1.listviewalphaselect, default: true)
(registry key: userinterface.desktop.user1.listviewshadow, default: true)
(registry key: userinterface.desktop.user1.mapnetdrvbtn, default: false)
(registry key: userinterface.desktop.user1.navpaneexpandtocurrentfolder, default: false)
(registry key: userinterface.desktop.user1.navpaneshowallfolders, default: false)
(registry key: userinterface.desktop.user1.networkdriveautorun, default: true)
(registry key: userinterface.desktop.user1.nobandcustomize, default: false)
(registry key: userinterface.desktop.user1.nochangestartmenu, default: true)
(registry key: userinterface.desktop.user1.noclose, default: false)
(registry key: userinterface.desktop.user1.nocommongroups, default: false)
(registry key: userinterface.desktop.user1.nocontrolpanel, default: false)
(registry key: userinterface.desktop.user1.nodispcpl, default: false)
(registry key: userinterface.desktop.user1.nodrivea, default: true)
(registry key: userinterface.desktop.user1.nodriveautorun, default: true)
(registry key: userinterface.desktop.user1.nodriveb, default: true)
(registry key: userinterface.desktop.user1.nodrivec, default: true)
(registry key: userinterface.desktop.user1.nodrivee, default: true)
(registry key: userinterface.desktop.user1.nodrivez, default: true)
(registry key: userinterface.desktop.user1.noentirenetwork, default: true)
(registry key: userinterface.desktop.user1.nofavoritesmenu, default: true)
(registry key: userinterface.desktop.user1.nofilemenu, default: true)
(registry key: userinterface.desktop.user1.nofind, default: true)
(registry key: userinterface.desktop.user1.nofolderoptions, default: true)
(registry key: userinterface.desktop.user1.nologoff, default: false)
(registry key: userinterface.desktop.user1.nonetconnectdisconnect, default: true)
(registry key: userinterface.desktop.user1.norun, default: true)
(registry key: userinterface.desktop.user1.nosavesettings, default: true)
(registry key: userinterface.desktop.user1.nosetfolders, default: false)
(registry key: userinterface.desktop.user1.nosettaskbar, default: true)
(registry key: userinterface.desktop.user1.nosimplestartmenu, default: false)
(registry key: userinterface.desktop.user1.nostartmenumoreprograms, default: false)
(registry key: userinterface.desktop.user1.nostartmenusubfolders, default: false)
(registry key: userinterface.desktop.user1.notoolbarcustomize, default: true)
(registry key: userinterface.desktop.user1.notraycontextmenu, default: true)
(registry key: userinterface.desktop.user1.noviewcontextmenu, default: true)
(registry key: userinterface.desktop.user1.nowindowsupdate, default: false)
(registry key: userinterface.desktop.user1.nowinkeys, default: true)
(registry key: userinterface.desktop.user1.ramdriveautorun, default: false)
(registry key: userinterface.desktop.user1.separateprocess, default: false)
(registry key: userinterface.desktop.user1.serveradminui, default: false)
(registry key: userinterface.desktop.user1.showcompcolor, default: true)
(registry key: userinterface.desktop.user1.showinfotip, default: true)
(registry key: userinterface.desktop.user1.showsuperhidden, default: false)
(registry key: userinterface.desktop.user1.showtypeoverlay, default: false)
(registry key: userinterface.desktop.user1.smalliconscontrolpanel, default: true)
(registry key: userinterface.desktop.user1.specifydefaultbuttons, default: false)
(registry key: userinterface.desktop.user1.superhidden, default: false)
(registry key: userinterface.desktop.user1.swappabledriveautorun, default: false)
(registry key: userinterface.desktop.user1.taskbaranimations, default: true)
(registry key: userinterface.desktop.user1.taskbarglomlevel, default: false)
(registry key: userinterface.desktop.user1.taskbarsizemove, default: false)
(registry key: userinterface.desktop.user1.taskbarsmallicons, default: false)
(registry key: userinterface.desktop.user1.unknowndriveautorun, default: true)
(registry key: userinterface.desktop.user1.webview, default: true)
On IGEL setup page “User Interface->Start menu->Administrators”
(registry key: userinterface.startmenu.user0.admintools, default: true)
(registry key: userinterface.startmenu.user0.autocascade, default: true)
(registry key: userinterface.startmenu.user0.configure_domain_users, default: false)
(registry key: userinterface.startmenu.user0.enabledragdrop, default: true)
(registry key: userinterface.startmenu.user0.jumplistitems, default: 10)
(registry key: userinterface.startmenu.user0.largemfuicons, default: true)
(registry key: userinterface.startmenu.user0.notifynewapps, default: false)
(registry key: userinterface.startmenu.user0.powerbuttonaction, default: “Shutdown”)
(registry key: userinterface.startmenu.user0.searchfiles, default: false)
(registry key: userinterface.startmenu.user0.searchprograms, default: false)
(registry key: userinterface.startmenu.user0.showcontrolpanel, default: “Display as link”)
(registry key: userinterface.startmenu.user0.showcontrolpanel, default: “Don’t display”)
(registry key: userinterface.startmenu.user0.showhelp, default: false)
(registry key: userinterface.startmenu.user0.showhomegroup, default: false)
(registry key: userinterface.startmenu.user0.showmycomputer, default: “Display as link”)
(registry key: userinterface.startmenu.user0.showmydocs, default: “Don’t display”)
(registry key: userinterface.startmenu.user0.showmymusic, default: “Don’t display”)
(registry key: userinterface.startmenu.user0.shownetconn, default: false)
(registry key: userinterface.startmenu.user0.shownetplaces, default: false)
(registry key: userinterface.startmenu.user0.showprinters, default: false)
(registry key: userinterface.startmenu.user0.showrecentdocs, default: “Don’t display”)
(registry key: userinterface.startmenu.user0.showrecordedtv, default: “Don’t display”)
(registry key: userinterface.startmenu.user0.showrun, default: true)
(registry key: userinterface.startmenu.user0.showsetprogramaccessanddefaults, default: false)
(registry key: userinterface.startmenu.user0.showuser, default: “Display as link”)
(registry key: userinterface.startmenu.user0.showvideos, default: “Don’t display”)
(registry key: userinterface.startmenu.user0.sortbyname, default: true)
(registry key: userinterface.startmenu.user0.showmenufavorites, default: false)
(registry key: userinterface.startmenu.user0.startmenuinit, default: true)
(registry key: userinterface.startmenu.user0.trackdocs, default: true)
(registry key: userinterface.startmenu.user0.trackprogs, default: true)
On IGEL setup page “User Interface->Start menu->Users”
(registry key: userinterface.startmenu.user1.admintools, default: false)
(registry key: userinterface.startmenu.user1.autocascade, default: true)
(registry key: userinterface.startmenu.user1.configure_domain_users, default: false)
(registry key: userinterface.startmenu.user1.enabledragdrop, default: false)
(registry key: userinterface.startmenu.user1.jumplistitems, default: 10)
(registry key: userinterface.startmenu.user1.largemfuicons, default: true)
(registry key: userinterface.startmenu.user1.notifynewapps, default: false)
(registry key: userinterface.startmenu.user1.powerbuttonaction, default: “Shutdown”)
(registry key: userinterface.startmenu.user1.searchfiles, default: false)
(registry key: userinterface.startmenu.user1.searchprograms, default: false)
(registry key: userinterface.startmenu.user1.showcontrolpanel, default: “Display as link”)
(registry key: userinterface.startmenu.user1.showcontrolpanel, default: “Don’t display”)
(registry key: userinterface.startmenu.user1.showhelp, default: false)
(registry key: userinterface.startmenu.user1.showhomegroup, default: false)
(registry key: userinterface.startmenu.user1.showmycomputer, default: “Display as link”)
(registry key: userinterface.startmenu.user1.showmydocs, default: “Don’t display”)
(registry key: userinterface.startmenu.user1.showmymusic, default: “Don’t display”)
(registry key: userinterface.startmenu.user1.showmypics, default: “Don’t display”)
(registry key: userinterface.startmenu.user1.shownetconn, default: false)
(registry key: userinterface.startmenu.user1.shownetplaces, default: false)
(registry key: userinterface.startmenu.user1.showprinters, default: false)
(registry key: userinterface.startmenu.user1.showrecentdocs, default: “Don’t display”)
(registry key: userinterface.startmenu.user1.showrecordedtv, default: “Don’t display”)
(registry key: userinterface.startmenu.user1.showrun, default: false)
(registry key: userinterface.startmenu.user1.showsetprogramaccessanddefaults, default: false)
(registry key: userinterface.startmenu.user1.showuser, default: “Display as link”)
(registry key: userinterface.startmenu.user1.showvideos, default: “Don’t display”)
(registry key: userinterface.startmenu.user1.sortbyname, default: true)
(registry key: userinterface.startmenu.user1.showmenufavorites, default: false)
(registry key: userinterface.startmenu.user1.startmenuinit, default: true)
(registry key: userinterface.startmenu.user1.trackdocs, default: false)
(registry key: userinterface.startmenu.user1.trackprogs, default: false)
On IGEL setup page “User Interface->Shell->Users”
(registry key: userinterface.shell.cpl0.configure_domain_users, default: false)
(registry key: userinterface.shell.cpl0.show_access, default: true)
(registry key: userinterface.shell.cpl0.show_actioncenter, default: true)
(registry key: userinterface.shell.cpl0.show_administrative, default: true)
(registry key: userinterface.shell.cpl0.show_appwiz, default: true)
(registry key: userinterface.shell.cpl0.show_autoplay, default: true)
(registry key: userinterface.shell.cpl0.show_bitlocker, default: false)
(registry key: userinterface.shell.cpl0.show_cardspace, default: true)
(registry key: userinterface.shell.cpl0.show_colormanagement, default: true)
(registry key: userinterface.shell.cpl0.show_credentialmanager, default: true)
(registry key: userinterface.shell.cpl0.show_defaultprograms, default: true)
(registry key: userinterface.shell.cpl0.show_desk, default: true)
(registry key: userinterface.shell.cpl0.show_desktopgadgets, default: true)
(registry key: userinterface.shell.cpl0.show_firewall, default: true)
(registry key: userinterface.shell.cpl0.show_folderoptions, default: true)
(registry key: userinterface.shell.cpl0.show_fonts, default: true)
(registry key: userinterface.shell.cpl0.show_hdwwiz, default: true)
(registry key: userinterface.shell.cpl0.show_homegroup default: true)
(registry key: userinterface.shell.cpl0.show_indexing, default: true)
(registry key: userinterface.shell.cpl0.show_inetcpl, default: true)
(registry key: userinterface.shell.cpl0.show_intl, default: true)
(registry key: userinterface.shell.cpl0.show_main, default: true)
(registry key: userinterface.shell.cpl0.show_main_keyboard, default: true)
(registry key: userinterface.shell.cpl0.show_mmsys, default: true)
(registry key: userinterface.shell.cpl0.show_modem, default: true)
(registry key: userinterface.shell.cpl0.show_notificationarea, default: true)
(registry key: userinterface.shell.cpl0.show_nusrmgr, default: false)
(registry key: userinterface.shell.cpl0.show_nwsc, default: true)
(registry key: userinterface.shell.cpl0.show_personalization, default: true)
(registry key: userinterface.shell.cpl0.show_powercfg, default: true)
(registry key: userinterface.shell.cpl0.show_printers, default: true)
(registry key: userinterface.shell.cpl0.show_remotedesktop, default: true)
(registry key: userinterface.shell.cpl0.show_sysdm, default: true)
(registry key: userinterface.shell.cpl0.show_taskbar, default: true)
(registry key: userinterface.shell.cpl0.show_timedate, default: true)
(registry key: userinterface.shell.cpl0.show_winupd, default: true)
On IGEL setup page “User Interface->Shell->Users”
(registry key: userinterface.shell.cpl1.configure_domain_users, default: false)
(registry key: userinterface.shell.cpl1.show_access, default: true)
(registry key: userinterface.shell.cpl1.show_actioncenter, default: false)
(registry key: userinterface.shell.cpl1.show_administrative, default: false)
(registry key: userinterface.shell.cpl1.show_appwiz, default: false)
(registry key: userinterface.shell.cpl1.show_autoplay, default: false)
(registry key: userinterface.shell.cpl1.show_bitlocker, default: false)
(registry key: userinterface.shell.cpl1.show_cardspace, default: false)
(registry key: userinterface.shell.cpl1.show_colormanagement, default: true)
(registry key: userinterface.shell.cpl1.show_credentialmanager, default: false)
(registry key: userinterface.shell.cpl1.show_defaultprograms, default: false)
(registry key: userinterface.shell.cpl1.show_desk, default: true)
(registry key: userinterface.shell.cpl1.show_desktopgadgets, default: true)
(registry key: userinterface.shell.cpl1.show_firewall, default: false)
(registry key: userinterface.shell.cpl1.show_folderoptions, default: false)
(registry key: userinterface.shell.cpl1.show_fonts, default: true)
(registry key: userinterface.shell.cpl1.show_hdwwiz, default: false)
(registry key: userinterface.shell.cpl1.show_homegroup default: false)
(registry key: userinterface.shell.cpl1.show_indexing, default: false)
(registry key: userinterface.shell.cpl1.show_inetcpl, default: false)
(registry key: userinterface.shell.cpl1.show_intl, default: true)
(registry key: userinterface.shell.cpl1.show_main, default: true)
(registry key: userinterface.shell.cpl1.show_main_keyboard, default: true)
(registry key: userinterface.shell.cpl1.show_mmsys, default: true)
(registry key: userinterface.shell.cpl1.show_modem, default: false)
(registry key: userinterface.shell.cpl1.show_notificationarea, default: true)
(registry key: userinterface.shell.cpl1.show_nusrmgr, default: false)
(registry key: userinterface.shell.cpl1.show_nwsc, default: false)
(registry key: userinterface.shell.cpl1.show_personalization, default: true)
(registry key: userinterface.shell.cpl1.show_powercfg, default: false)
(registry key: userinterface.shell.cpl1.show_printers, default: true)
(registry key: userinterface.shell.cpl1.show_remotedesktop, default: true)
(registry key: userinterface.shell.cpl1.show_sysdm, default: false)
(registry key: userinterface.shell.cpl1.show_taskbar, default: false)
(registry key: userinterface.shell.cpl1.show_timedate, default: true)
(registry key: userinterface.shell.cpl1.show_winupd, default: false)
-[VMWare]:
– Updated VMWare Horizon Client to version 3.1.0
On IGEL setup page “Sessions->Horizon Client->Horizon Client Sessions->Horizon Client Session->Connection Settings”
(registry key: sessions.vdm_client%.options.hideclientafterlaunchsession, default: false)
(registry key: sessions.vdm_client%.options.appname, default: “”)
– Added configuration of VMWare Horizon Client USB redirection
On IGEL setup page “Sessions->Horizon Client->Horizon Client Global->USB redirection”
(registry key: vmware.view.usb.enabled-view-usb, default: false)
(registry key: vmware.view.usb.devicepolicy.default_rule, default: true)
(registry key: vmware.view.usb.devicepolicy.class_rule%)
(registry key: vmware.view.usb.devicepolicy.product_rule%)
– Removed VMWare View Appliance mode
On IGEL setup page “Sessions->Appliance mode”
-[Fabulatech]:
– Updated Fabulatech USB for RemoteDesktop to version 5.0.2
-[Citrix]:
– Updated Citrix Receiver to version 4.1
– Removed PNAgent configuration
On IGEL setup page “Sessions->Citrix->Online plug-in”
– Added configuration of Citrix Self-Service Plug-In
On IGEL setup page “Sessions->Citrix->Self-Service Plug-In->Server”
(registry key: ica.selfservice.enable, default: true)
(registry key: ica.selfservice.browseraddress%)
(registry key: ica.selfservice.browseraddress_store%)
(registry key: ica.selfservice.browseraddress_store_legacy%)
On IGEL setup page “Sessions->Citrix->Self-Service Plug-In->Logon”
(registry key: ica.selfservice.allowusersavepwd, default: “Do not allow user saving password”)
(registry key: ica.selfservice.allowuseraddstore, default: “Do not allow user to add stores”)
(registry key: ica.selfservice.allowhttpstores, default: false)
(registry key: ica.selfservice.logonmethod, default: “Prompt User”)
On IGEL setup page “Sessions->Citrix->Self-Service Plug-In->Appearance”
(registry key: ica.selfservice.enablecategoryasstartmenupath, default: false)
(registry key: ica.selfservice.startmenudisplayrootfolder, default: “”)
On IGEL setup page “Sessions->Citrix->Self-Service Plug-In->Desktop integration”
(registry key: session.selfservice0.name, default: “Citrix Self-Service Plug-In)
(registry key: session.selfservice0.autostart, default: false)
– Removed Citricx XEN Appliance mode
On IGEL setup page “Sessions->Appliance mode”
-[TightVNC]:
– Updated TightVNC Server to version 2.7.10
In IGEL registry
(registry key: network.vncserver.block_local_input, default: false)
(registry key: network.vncserver.rfbport, default: 5900)
(registry key: network.vncserver.httpport, default: 5800)
(registry key: network.vncserver.disconnect_action, default: “Do nothing”)
(registry key: network.vncserver.accept_rfb_connections, default: true)
(registry key: network.vncserver.use_control_authentication, default: false)
(registry key: network.vncserver.repeat_control_authentication, default: false)
(registry key: network.vncserver.loopback_only, default: false)
(registry key: network.vncserver.accept_http_connections, default: false)
(registry key: network.vncserver.loglevel, default: 0)
(registry key: network.vncserver.enable_file_transfers, default: true)
(registry key: network.vncserver.use_mirror_driver, default: true)
(registry key: network.vncserver.pollinginterval, default: 1000)
(registry key: network.vncserver.allow_loopback, default: false)
(registry key: network.vncserver.video_recognition_interval, default: 3000)
(registry key: network.vncserver.grab_transparent_windows, default: true)
(registry key: network.vncserver.save_log_to_all_users, default: false)
(registry key: network.vncserver.videoclasses%)
(registry key: network.vncserver.control_crypt_password default: “”)
(registry key: network.vncserver.local_input_priority default: false)
(registry key: network.vncserver.local_input_priority_timeout default: 3)
-[Quest]:
– Updated Quest VWorkspace to version 8.0.3
On IGEL setup page “Sessions->vWorkspace Client->vWorkspace Client Sessions->vWorkspace Client Session->Mapping”
(registry key: sessions->qrdesktop%->option->enable_pnpdevices, default: false)
On IGEL setup page “Sessions->vWorkspace Client->vWorkspace Client Sessions->vWorkspace Client Session->Logon”
(registry key: sessions->qrdesktop%->option->enable_anonymouslogin, default: false)
On IGEL setup page “Sessions->vWorkspace Client->vWorkspace AppPortal->vWorkspace AppPortal Farms->vWorkspace Farm->Mapping”
(registry key: sessions->qappportal_farm%->option->enable_pnpdevices, default: false)
On IGEL setup page “Sessions->vWorkspace Client->vWorkspace AppPortal->vWorkspace AppPortal Farms->vWorkspace Farm->Options”
(registry key: sessions->qappportal_farm%->option->enable_anonymouslogin, default: false)
On IGEL setup page “Sessions->vWorkspace Client->vWorkspace AppPortal->vWorkspace AppPortal Farms->vWorkspace Farm->Password Management”
(registry key: sessions->qappportal_farm%->option->enable_passwordmanager, default: “vWorkspace password management server”)

===============
Bug fixes:
===============
-[System]
– Fixed bug in IGEL setup: “Enable Tooltips” has no function
On IGEL setup page “Setup->Accessories->Setup Session->Options”
– Fixed bug in IGEL setup: Mouse wheel scrolling is not possible
On IGEL setup page “Citrix->ICA Global->Keyboard”
– Fixed on UD5-740 W7 only native monitor resolution is set and desktop is scaled
– Fixed bug in system audio master volume configuration
– Fixed bug disabling IGEL Features does not work properly
– Fixed bug applying W7+ snapshots to W7 devices and vice versa should not be possible
– Fixed bug Browser Sessions Proxy configuration does not work properly
– Fixed bug Browser Sessions TLS configuration does not work properly
– Fixed bug where system hangs on boot when “User Interface->Language->Use IGEL Setup for regional and language settings” is disabled
-[Citrix]:
– Fixed bug with Citrix ICA native USB redirection and IPhone5

===============
Known Issues:
===============
-[System]:
– Deactivating WLAN devices is not working
– Deactivating Bluetooth devices is not working
-[FABULATECH]:
– Fabulatech USB for Remote Desktop is currently
not working with Citrix XenDesktop.
-[VMware]:
– USB Redirection: Devices connected to a USB 3.0 Port will not be redirected.
– USB redirection is currently not working if Quest vWorkspace USB
redirection service is enabled.

Firmware release: IGEL Universal Desktop LX/OS Version 5.05.100

Monday, December 8th, 2014

IGEL Universal Desktop OS 2
===========================
Version 5.05.100
Release date 2014-12-08
Last update of this document 2014-12-08
====================
Versions:
====================
Clients:
– 2X Client 10.1-1263
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.5.0-115
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.0.4.281908
– Client for RedHat Enterprise Virtualization Desktops 3
– Dell vWorkspace Connector for Linux 7.7.3
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– FabulaTech USB for Remote Desktop 5.0.4
– Firefox 17.0.11
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– NCP Secure Client (Enterprise) 3.25-rev15580-i686
– NX Client 4.2.27
– Oracle JRE 1.7.0_71
– Systancia AppliDis 4.0.0.14
– Thinlinc Client 3.2.0
– ThinPrint Client 7.0.63
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon client 3.1.0-2095124
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.2.7

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.93
– PKCS#11 Library Athena IDProtect 623.07
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.1.1.21
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.4
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems CCID 5.0.27
– Resource Manager PC/SC Lite 1.8.12

System Components:
– Graphics Driver ATI 7.3.0
– Graphics Driver NVIDIA 304.117
– Graphics Driver INTEL 2.99.910
– Graphics Driver VIA 5.76.52.92-151843
– Kernel 3.13.11.8 #38.65-udos-r1207
– Xorg X11 Server 1.15.1
====================
Information:
====================
IMPORTANT:
This releases integrates two Citrix Receiver versions 12 and 13.
You can only choose to run either of the versions.
The old 12 Citrix Receiver is still available for compatibility reasons and
activated by default. Version 13 of the Citrix Receiver can be activated at
the local setup of the device or through a UMS profile configuration.

IMPORTANT:
Dual monitor configuration for “unsupported hardware” works only if “native
driver support” works properly. It is a prerequisite to assure that the
native driver is really working, as the fallback VESA driver does not provide
any dual monitor configuration. Have a look at Application Launcher’s
“About tab->Hardware-Graphics Chipset”. If VESA is listed there the native
driver does not work and dual monitor configuration is not functional.
====================
Removed features:
====================

[Hardware]
– Removed support for i586 platforms. At least i686 is required now.

[Cisco VPN]
– Removed outdated Cisco VPN client from firmware.

[CUPS Printing]
– Removed deprecated IPP printer browsing, not supported in CUPS 1.7.2.
====================
Known issues:
====================
[Dell vWorkspace Connector]
– Seamless applications exported from Win8/8.1 desktops show display
errors when dragged to the outer edges of a screen.
– Dual view configuration: Flash redirected windows can appear on
wrong screen.
– At the start of a seamless session the window is initially maximized
before being resized to the correct size.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If COM-Port Redirection is enabled all linux serial ports (/dev/ttySx) will
be mapped to session.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– At Multimedia Redirection sound redirection with WMV/WMA streams
is not working.
– Sessions starts only if RDP Local Logon Window
(IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active.

[VMware Horizon]
– Remote Applications are not seamless integrated in the local desktop.
Rather they are displayed in an extra window decorated by the TC’s
window manager.
If you start more applications defined at the same session, all are displayed
inside this window.
The default size of this window can be defined in the Window section of the
Horizon session.

[RDP/IGEL RDP Client 2 only]
– If EGFX is in use, pressed mouse buttons will be released after at least 32
seconds.
– RD Web Access sessions with Passthrough authentication will only work if
IGEL registry parameter auth.login.krb5_enterprise is set to false.
– RemoteFX cannot be disabled in RD Web Access sessions.

[IGEL Setup]
– Labels are missing in color picker dialog, only in UDC2 firmware.

[Hardware]
– Instability with Intel Haswell based chipset graphics (e.g. HP t820):
Sometimes monitors remain black after boot.
– Dual monitor clone mode with Intel based graphics and different resolutions
of the monitors can lead to distortion.

====================
New features:
====================
[ICA]
– Updated Citrix HDX RealTime Optimization Pack LX to version 1.5.0.
– Updated Philips Speech drivers to version 12.2.7.
– Updated Grundig dictation driver.
– Added use of the built-in authentication management of the
Citrix Receiver 13 instead of the IGEL mechanism. This disables credential
related features like passthrough, auto-logon etc. To enable this mode,
turn on the IGEL registry parameter “ica.pnlogin.use_ctx_auth_mgmt”.

[RDP]
– Updated Philips Speech drivers to version 12.2.7.
– Updated Grundig dictation driver.

[VMware Horizon]
– Updated VMware Horizon Client to version 3.1.0-2095124.
– Added Remote Application support to start a specific application published
by a Horizon 6 server.
In the IGEL Setup go to “Sessions->Horizon Client->Horizon Client Sessions”
choose a session or create one and specify under Connection Settings
the application name to start and set the session type to “Application”.
(the checkbox “Autoconnect” should also be enabled).

In the IGEL setup registry the new keys can be found in each Horizon session:
sessions.vdm_client%.options.appname
sessions.vdm_client%.options.sessiontype (Default is “Desktop”)

– Changed the Ctrl+Alt+Delete behavior (for PCoIP sessions) to three options:
– show Horizon Client’s chooser dialog to either send the key combo to the
host/VM or disconnect from the session
– send Ctrl-Alt+Delete directly to the host/VM
– do nothing
The corrosponding key in the IGEL registry can be found in:
vmware.view.handle-ctrl-alt-del (default is “Show chooser”)
For sessions connected via Microsoft RDP the “Show chooser” dialog is the only option.
– RDP sessions are using the IGEL RDP Client 2.1 now instead of the
IGEL Legacy RDP Client 1.0.
– Added browser support for vmware-view. URL scheme: vmware-view://…

[Dell vWorkspace Connector]
– Updated Dell vWorkspace Connector for Linux to version 7.7.3.
– Added switch to enable bidirectional audio at IGEL setup “Sessions->
RDP->RDP Global->Sound->Audio capture” for global configuration
or session-specific at IGEL setup “Sessions->
vWorkspace Client Sessions->[session name]->Mapping->Enable Microphone mapping”
(registry keys:
– rdp.winconnect.rdpeai.enable, default: disabled
– sessions.qrdesktop<NR>.option.enable-microphone, default: disabled)
– Added switch for font-smoothing at IGEL setup “Sessions->
RDP->RDP Global->Performance->Enable Font smoothing” for global configuration
or session-specific at IGEL setup “Sessions->
vWorkspace Client Sessions->[session name]->Performance->Enable font smoothing”.
(registry keys:
– rdp.winconnect.enable-font-smoothing, default: disabled
– sessions.qrdesktop<NR>.option.enable-font-smoothing, default: disabled)
– Added switch for vWorkspace connection bar at IGEL setup “Sessions
->RDP->RDP Global->Enable Toolbar” for global configuration
or session-specific at IGEL setup “Sessions->vWorkspace Client Sessions->
[session name]->Window->Display the connection bar when in full screen mode”.
(registry keys:
– rdp.winconnect.enable-toolbar, default: disabled
– sessions.qrdesktop<NR>.option.conbar_fullscreen, default: enabled)

[Leostream]
– Updated Leostream Connect to version 3.0.57.0.

[Systancia AppliDis]
– Added AppliDis Client by Systancia with the following parameters:
“IGEL Setup->Sessions->AppliDis->AppliDis Session->[session name]->Connection”:
“Server URL” (sessions.applidis<NR>.url) default: Your Server
“HTTP/HTTPS server port” (sessions.applidis<NR>.port) range: http, https default: http
“Connect Type” (sessions.applidis<NR>.ctype)
range: AppliDis SLB Server, AppliDis Server (WINEXPLODIS) default: AppliDis SLB Server
“AppliDis SLB Connector Mode” (sessions.applidis<NR>.afilter) default: [empty]
“IGEL Setup->Sessions->AppliDis->AppliDis Session->[session name]->Options”:
“Language” (sessions.applidis<NR>.lang) range: English, French default: English
“Working Directory” (sessions.applidis<NR>.pathdem) default: [empty]
“Lock Connection Type” (sessions.applidis<NR>.ltype) default: true
“RDP Mode” (sessions.applidis<NR>.mode)
range: classic RDP, console mode RDP default: classic RDP
“Hide Close Panel” (sessions.applidis<NR>.hideclose) default: true
“Close AppliDis Client on closing session” (sessions.applidis<NR>.close) default: true
“Force Insecure mode” (sessions.applidis<NR>.insecure) default: false
“Debug Mode” (sessions.applidis<NR>.verbose) default: false
“Activate SSL Mode” (sessions.applidis<NR>.ssl) default: false
“Username” (sessions.applidis<NR>.user) default: [empty]
“Password” (sessions.applidis<NR>.crypt_password) default: [empty]
“Purge Credentials” (sessions.applidis<NR>.purge) default: true
“Full Path to Cert” (sessions.applidis<NR>.cert) default: [empty]
“Timeout” (sessions.applidis<NR>.timeout) default: 30
“AppliDisXML access path” (sessions.applidis<NR>.path) default: [empty]
“Hide Filter Panel” (sessions.applidis<NR>.hfilter) default: false
“Hide Service Panel” (sessions.applidis<NR>.stype) default: false
“Hide Server Panel” (sessions.applidis<NR>.hideserver) default: false

[NX-Client]
– Updated NX Client to version 4.2.27.
– Added new parameter to choose protocol at
IGEL setup “Sessions->NX->[session name]->Server->Connection Service”,
range: SSH, NX default: SSH.
– Added new parameter to choose logon method at IGEL setup “Sessions->NX->[session name]->Logon->Logon Method”,
range: Password, Private key default: Password.

[Firefox]
– Updated Flash Player download URL to version 11.2.202.418.
[Desktop]
– Updated the integrated screensaver to show user defined image slideshow and/or a digital clock.
By default the values are set to present the original behavior of the screensaver.

The traditional parameter sessions.xlock0.options.custom_logo may now refer
either to a single image file or to a directory that contains an multiple images.
Default value is still empty, this means that the IGEL logo will be displayed.
Supported image formats are PNG and JPEG. Files are only recognized as images if their filenames stick
to the following suffixes (.jpg, .png).

New parameters:
* sessions.xlock0.options.time_image_saver.image_enable (boolean)
Image display is enabled only if this is true.
Default: true
* sessions.xlock0.options.time_image_saver.image_display_mode (string)
Image display mode
Possible values:
-smallhopping
Like the traditional screensaver: A small image appears for some time at a
random position, the screen gets blank for some time, and the image
appears again at a random position.
-mediumhopping
Same as smallhopping, only the image is larger.
-centercutout
The image is scaled to at least fullscreen size and may be cropped on two
sides to match the screen’s dimension.
-letterbox
The image is scaled to at most fullscreen size and may leave stripes of the
background visible on two sides.
Default: smallhopping
* sessions.xlock0.options.time_image_saver.image_duration (integer)
Time in seconds before images change. This has no effect if
sessions.xlock0.options.custom_logo is not a directory, that contains
more than one image.
(In the hopping modes, images can only change while hopping. So this value
is not exact in these cases)
Default: 10
* sessions.xlock0.options.time_image_saver.image_per_monitor (boolean)
If true, there is one image per display.
If false, a single image is used for all displays. In the case of the
fullscreen modes the single image is extended across all displays.
Default: true
* sessions.xlock0.options.time_image_saver.time_monitor (integer)
The display number (starting from 1), selects where the clock is shown.
0 means all displays, -1 means none
Default: -1
* sessions.xlock0.options.time_image_saver.time_size (string)
Clock size (relative to the width of the display where the clock is shown)
Possible values: tiny, small, medium, large, huge
Default: medium
* sessions.xlock0.options.time_image_saver.time_pos_h (string)
Horizontal clock position
Possible values left, center, right
Default: left
* sessions.xlock0.options.time_image_saver.time_pos_v (string)
Vertical clock position
Possible values top, center, left
Default: top
* sessions.xlock0.options.time_image_saver.time_seconds (boolean)
Seconds are only shown, if this is true
Default: false
* sessions.xlock0.options.time_image_saver.time_background_shape (integer)
Shape of the clock background. Possible values: 0 means a rounded rectangle,
1 means an outline around the time string’s characters.
Default: 0
* sessions.xlock0.options.time_image_saver.time_background_color (editable)
The clock background color.
Default: #000000 (black)
* sessions.xlock0.options.time_image_saver.time_background_alpha (integer)
The opacity of the clock’s background, a percentage value.
Default: 75
* sessions.xlock0.options.time_image_saver.time_foreground_color (editable)
Color of the clock characters
Default: #fbc100 (~ yellow)
* sessions.xlock0.options.time_image_saver.screen_background_color (editable)
Screen background color
Default: #000000 (black)

Colors are specified as #RRGGBB where each R, G, and B are hexadecimal digits.
RR, GG, and BB, are the color’s red, green, and blue components respectively.

[Hardware]
– Added Base Support for new product UD5-LX 50 based on hardware IGEL-H830C.
– Added full support in UDC2 for the following third party devices:
– DELL/Wyse D10D
– DELL/Wyse Z50D
– Fujitsu Futro S720
– HP t620
– HP t820
– Added ELO Multitouch driver 2.0.0, which supports, among others, ELO Devices
1939L, 1717L and 1723L. For more details see ELO’s support web site.

[Desktop]
– The LVDS output is now enabled by default with ATI graphics chipsets to support
more laptop devices out of the box.
The LVDS can be disabled by registry key x.drivers.ati.ignore_lvds_output.

[Network/WiFi]
– Added Broadcom Wireless driver 802.11 Linux STA, version 6.30.223.248 which
supports Broadcom BCM4311-, BCM4312-, BCM4313-, BCM4321-, BCM4322-,
BCM43224-, BCM43225-, BCM43227- and BCM43228-based hardware.
Tested with Dell Latitude E5500 (Broadcom 4322).
– Added support for WIFI adapter Mediatek MT7630 PCI-E 802.11b/g/n built in
HP ProBook 470G1.

[CUPS Printing]
– Updated CUPS printing system to version 1.7.2.

[Remote Management]
– Improved Remotemanagment Configuration. Thin Client can get a UMS
structure tag from DHCP, IGEL Setup or UMS registration tool and send
the option to UMS.

[Java]
– Updated Java Runtime Environment to version 1.7.0 U71.

[Smartcard]
– Updated PC/SC smart card service pcsc-lite to version 1.8.12.
– Added new type of IGEL license smart card with
ATR 3B F9 13 00 00 81 31 FE 45 4A 43 4F 50 32 34 32 52 33 A2.

[base system]
– Updated Kernel to Ubuntu Trusty version 3.13-38.65.
– Updated base system to Ubuntu Trusty
– Updated Intel graphics driver to version 2.99.910.
List of supported graphics cards on
https://www.igel.com/en/service-support/linux-3rd-party-hardware-database.html
– Updated ATI/Radeon graphics driver to version 7.3.0.
List of supported graphics cards on
https://www.igel.com/en/service-support/linux-3rd-party-hardware-database.html
– Updated Nvidia graphics driver to version 304.117.
– Updated VIA graphics driver to version 5.76.52.92-151843.
– Updated Ethernet/WiFi drivers to Ubuntu Trusty.
List of supported network cards on
https://www.igel.com/en/service-support/linux-3rd-party-hardware-database.html
– Updated Realtek r8168 Vendor Ethernet driver to version 8.038.00.
– Updated VIA VT6656 WiFi driver to version 1.21.03.
– Updated Perle serial kernel driver.
– Updated ALSA sound system to Ubuntu Trusty version 1.0.27.2.
List of supported sound cards on
https://www.igel.com/en/service-support/linux-3rd-party-hardware-database.html
– Updated Pulseaudio to version 4.0.
– Updated Gstreamer multimedia framework to version 0.10.31.
– Updated OpenSSH daemon to version 6.6.1.
– Updated TC Setup to version 4.8.10.
– Added notification if a domain account password will expire soon.
In this case the user can change the password directly. The new feature can be
controlled with parameter auth.passwd.enable_passwd_expiry_notification
(default value is true).
– Added Accessory->Change Password in IGEL Setup to provide a password change
dialog for domain account passwords.
– Added “Total operating time” line on About page of Application Launcher.
– Added the possibility to produce strace log files for debugging purposes in
a more convenient way. Call the new script “igel_enable_strace programfile”
to create a wrapper for a program. After that, execute the program creates
a compressed strace log in “/tmp/programfile.strace.gz” and is ready to be
sent to the IGEL support. Disable the logging with
“igel_disable_strace programfile”. Caution: Please be aware that the log file
resides in the system’s RAM and can become very large, especially for
programs with GUI.
Known Issue: There are problems with programs which need command line
password authentication and/or try to perform user switching.
====================
Resolved issues:
====================
[ICA]
– Fixed window focus after closing a dialog. The focus will be set correctly.
– Added a workaround to deal with windows of a very low height, that show up
in the taskbar although they shouldn’t (e.g. some tooltip windows in seamless
Citrix sessions). To use this, adjust the parameter
“windowmanager.wm0.variables.tooltipsize” in the registry. A useful value for
single-lined tooltip windows would be 20.

[ICA/Citrix Receiver 13 only]
– Updated Citrix Receiver to version 13.0.4.281908.
This fixes amongst others the following issues:
– Receiver for Linux might fail if you enable PersistentCacheSize.
– The session might become unresponsive when transferring data over a
serial port with Receiver for Linux.
– Fixed autostart of applications. The visual feedback now only shows the
application name.

[RDP/IGEL RDP Client 2 only]
– Fixed RDP drive mapping issue when moving sub-directories on
Windows 2008r2 servers.
– Fixed published applications whose alias name is like “NAME (1)”.
– Fixed synchronization of lock keys (like num lock, caps lock and so on).
– Fixed login with user names which have a domain alias as a part of the name.
– Fixed error in device name handling for device based RD CAL license
management (device name has been shortened by mistake)
registry parameter to select in which way the fix should be used:
rdp.winconnect.cal-handling
IMPORTANT: Be careful while using this option. Read for this issue FAQ
“Identical IGEL device names in windows server CAL maanagement” at
http://edocs.igel.com
Range:
– Fixed mode:
RDP client starts immediately with fixed handling. Activate only if
the devices are new. Otherwise it can happen that more then one license
will be used.
– Legacy mode:
The same behavior as before. The error is going to persist.The assigned
licenses will be stored on the device.
– Migrate CALs:
Use this mode if you want to correct the names of IGEL devices which are
already in use.
default: Legacy mode.
– Added support for various multimedia keys within RDP sessions, e.g on
keyboard Logitech MK270.
– Improved handling of server redirection. There was a bug which randomly
crashed the client application once it got redirected by the server.

[VMware Horizon]
– Fixed Horizon sessions using protocol RDP to use global RDP settings
specified at IGEL Setup “Sessions->RDP->RDP Global”.

[Dell vWorkspace Connector]
– Fixed USB Redirection issues.
– Fixed hotkey handling.

[PowerTerm]
– Fixed parameter at IGEL setup
“Sessions->PowerTerm Terminal Emulation->[session name]->Preferences->User Interface Language”
to be linked to instance parameter instead of template parameter.

[IBM iSeriesAccess]
– Fixed system language detection in IBM iSeriesAccess sessions.

[Imprivata oneSign embedded]
– Fixed USB-Redirection of VMware Horizon when triggered by Imprivata.
– Fixed dual screen of VMware Horizon when it’s triggered by Imprivata.

[base system]
– Improved robustness of the TC settings storage against corruption on
power loss of the TC.
– Applied bash security patches for CVE-2014-6271, CVE-2014-6277 and
CVE-2014-6278 (ShellShock Bug).
– Fixed Active Directory domain logon with user principal names (UPN):
Before logon was only working if the first part of the UPN was the same
as the sAMAccountName of the user.

[TC Setup]
– Fixed French translation on IGEL Setup page
“Sessions->Citrix->ICA Global->Flash”: “Activโ€š” and “Dโ€šsactivโ€š” were swapped.
– Improved color picker in setup to show only relevant channels (it was showing
transparency channel in OS version).
– Added license acceptance dialog when enabling SecMaker Net iD Software
in IGEL Setup.

[Desktop]
– Fixed display gamma correction setting on UD2 and UD3.
– Removed duplicate non working battery icon.
– Fixed after boot network notification “Successfully connected”
did not disappear automatically, if automatic update check via FTP
was configured.

[Network/WiFi]
– Introduced a new parameter to disable HT (High Throughput) capabilities
in driver for Ralink RT3572 WIFI adapter. The parameter is available in
the registry of the IGEL Setup
(network.interfaces.wirelesslan.device0.driver.disable_ht).

[CUPS Printing]
– Fixed printing to USB printer when the print job was queued before the
printer is online.

[Remote Management]
– Fixed automatic registration at UMS after a firmware update failed.

Release: IGEL Universal Management Suite 4.08.100

Thursday, October 23rd, 2014

==========================
IGEL Universal Management Suite
==========================
Version 4.08.100
Release date: 22.10.2014
==========================
Notes
==========================

If the windows installer does not start on Windows Server 2003 hosts,
contact IGEL support to get an UNSIGNED setup executable. This will solve
the issue.

The linux installer is tested with
– Ubuntu 12.04 (32bit) and Ubuntu 14.04 (64bit)
– RedHat Enterprise Linux 6 (32bit)

For further compatibility information check the Universal Management Suite
Data Sheet at www.igel.com.
*****************************************************************************
UMS 4.08.100
*****************************************************************************
==========================
New features
==========================

[Common]
– Added possibility to schedule a ‘Update desktop customization’ job with
repeat condition
– Enhanced firmware update mechanism: registration of firmware updates from
zip file omits thin client selection
– Added new profile feature: template profiles
Parameter values can be defined by using template keys (placeholder
for ‘real’ values). Values for the template keys (template values) can
be assigned to thin clients (or thin client folders) and replace the
template keys when thin client gets its settings.
Note:
– Feature is disabled by default; enable it in administration
tree -> misc settings
– A ‘health check’ is available in menu
‘Thin clients -> Check template definitions’, which checks template
keys and assigned template values for each thin client.
Limitations:
– Shared workplace feature does not support template profiles!
– Added new ums default directory rule criterion: ‘Structural Tag’
The rule allows sorting of thin clients by a thin client provided tag.
The tags are bound to single UMS directories in which the thin clients
are filed on registration / boot. Thin clients get the tag for example
from the DHCP server (will be available in the next LX firmware
release 5.05) and send it to UMS during registration / boot.
UMS then moves the thin client to the mapped directory.
– Added content element count to folder labels in management tree.
The feature can be deactivated in UMS console settings.
– Feature not implemented
– Enhanced permission system: permissions for assignments can be granted
more detailed (every assignable object type has its own assignment permission)

[Configuration Dialog]
– Enhanced configuration dialog: navigation button panel removed to gain
more space for the content panel

[Administrator application]
– Enhanced embedded database functionality: after changing the database
password in UMS Administrator it is no longer necessary to (re-) activate the database

[UMS common]
– Enhanced logging functionality: command executions are logged in UMS
Log Messages. The logging contains all command parameters and the user
initiating the command (optional).

[Server: common]
– Added SQL Server 2014 support
– Derby driver update to version 10.8.3.0

[Console administration tree]
– Added global UMS option to force IGEL Secure VNC for all thin clients.
The option is located in the administration tree, misc settings. If the
option is activated, all thin clients supporting the secure VNC feature
are forced to be shadowed only via secure VNC only. Even device local
settings cannot overrule this globally enabled feature configuration.
This adds more security in multitenant environment.
==========================
Fixed bugs
==========================

[Thin clients]
– Fixed export of plaintext passwords with thin client settings exports;
passwords are now replaced by “*****”.
– Fixed thin client registration issue: UMS registration tool on thin client
did not display any directory unless db user credentials were entered.

[Jobs]
– Fixed host assignment issue: host assignments are no longer relevant for
job execution in non-HA environments (but are still relevant in HA environments!)

[Console: common]
– Improved sort functions for some columns in the thin client
overview – issues are now sorted by “type”.
– Fixed recycle bin root: expand icon (triangle) no longer visible at the recycler node
– Fixed job issue: jobs are no longer executed after restore them from the recycle bin
– Fixed recycle bin issue: deleted firmware updates will not reappear after tree refresh
– Fixed thin client being marked blue, if the thinclients config has been opened (via ums) and saved without any changes.
– fixed – a deleted thinclient can now no longer be assignee to a profile (Occurred in combination with “Scan Thinclients”)
– Fixed saving changes in column setup (count or order) in thin client directories, views and thin client searches

[Configuration Dialog]
– Fixed new session issue: disabled parameters of new created sessions were not saved properly.
– Fixed new session issue: parameters of new created sessions sometimes got out
of sync with the corresponding registry parameters.
– Enhanced performance in configuration dialog: faster navigation between setup pages

[Administrator application]
– Fixed sort behavior in UMS Administrator backup table

[UMS common]
– Fixed issues when moving deep directory structures to recycle bin and
revert them afterwards
– Fixed GUI effects (resizing menue bar…) after changing settings in UMS (misc -> settings)
– Fixed default directory rule issue: after creating a netmask default directory rule
and scanning a thin client which requires a new folder creation, the folder was not ,
created and the thin client filed in the root directory.
– Fixed issue when deleting two files with the same path at once.
– Fixed access control issue after creating new folders in ‘System->Snapshot Management’
dialog: AD users (permitted as member of an imported AD group) may now manage permission for the folder

[Universal Firmware Update]
– Fixed firmware update issue when running the UMS server on Linux and
UMS Console on Windows: firmware update URL is occasionally invalid.
– Fixed problem with universal firmware updates bigger than 2GB: UMS could
not download the firmware update file from myigel.biz
– Fixed firmware update issue: scan for available firmware updates fails
with UMS on Oracle database.

[Universal Customization Builder UCB]
– Fixed UCB windows title: UCB windows now displays the correct product version

[Server: common]
– Fixed recycle bin issue when registering thin clients to UMS from the thin
client side: deleted folders were available in the directory list.
[Files (URLFiles)]
– Fixed file assignment issue: assignments of files to thin client folders take effect again.

Release: All IGEL Universal Desktop related Linux firmwares (Shellschock fix)

Friday, October 3rd, 2014

Hello Folks,

IGEL has released a major update for all Linux Firmwares related to the Universal Desktop Series incl. the Universal Desktop Converter (UDC).

This big release pack will fix the Shellshock related security issues and we recommend to apply these updates soon.

Regarding the fact that these updates are mostly designed to fix the shellschock issue i will not post all release notes here.

Have Fun

Michael

Release: IGEL Universal Desktop LX/OS 5.04.100

Wednesday, September 3rd, 2014

IGEL Universal Desktop OS 2
===========================
Version 5.04.100
Release date 2014-09-03
Last update of this document 2014-08-26
====================
Versions:
====================
Clients:
– 2X Client 10.1-1263
– Cisco VPN Client 4.8.02.0030-k9
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.4.103-956
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.0.3.274243
– Client for RedHat Enterprise Virtualization Desktops 3
– Dell vWorkspace Connector for Linux 7.7
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– FabulaTech USB for Remote Desktop 5.0.4
– Firefox 17.0.11
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 2.4.57.0
– NCP Secure Client (Enterprise) 3.25-rev15580-i686
– NX Client 3.5.0-7
– Oracle JRE 1.7.0_65
– Thinlinc Client 3.2.0
– ThinPrint Client 7.0.59
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon View client 2.3.4-1880356
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.0.9

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.93
– PKCS#11 Library Athena IDProtect 623.07
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.1.1.21
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.4
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems CCID 5.0.27
– Resource Manager PC/SC Lite 1.8.9

System Components:
– Graphics Driver ATI 6.14.99_git20111219
– Graphics Driver NVIDIA 304.60
– Graphics Driver INTEL 2.17.0
– Graphics Driver VIA 5.76.52.92-126076
– Kernel 3.2.46 #48.74-udos-r1120
– Xorg X11 Server 1.11.4
– Xorg Xephyr 1.7.6
====================
Information:
====================
IMPORTANT:
This releases integrates two Citrix Receiver versions 12 and 13.
You can only choose to run either of the versions.
The old 12 Citrix Receiver is still available for compatibility reasons and
activated by default. Version 13 of the Citrix Receiver can be activated at
the local setup of the device or through a UMS profile configuration.

IMPORTANT:
Dual monitor configuration for “unsupported hardware” works only if “native
driver support” works properly. It is a prerequisite to assure that the
native driver is really working, as the fallback VESA driver does not provide
any dual monitor configuration. Have a look at Application Launcher’s
“About tab->Hardware-Graphics Chipset”. If VESA is listed there the native
driver does not work and dual monitor configuration is not functional.
====================
Known issues:
====================
[ICA/Citrix Receiver 13 only]
– Currently Kerberos is not supported, so Kerberos passthrough will not work
with ICA sessions and Citrix XenApp/StoreFront.
Workaround: configure “Passthrough authentication”
– Smartcard authentication is supported for ICA sessions created on the IGEL
device (supported with Citrix servers up to version 6.5). Kerberos
passthrough and Citrix XenApp/StoreFront login are not supported.
– Only the “User name and password” StoreFront authentication method is supported.
– During Citrix XenApp/StoreFront logoff the logoff for running desktop sessions
does not work.
– Com-port redirection is not supported.
– Webcam redirection is not supported with H.264 hardware and software encoding,
still legacy theora encoding is supported.
– Persistent cache is not working and therefore completely disabled.

[RDP/IGEL RDP Client 2 only]
– RDP sessions freeze sporadically, if RD Gateway support is enabled.

[RDP/IGEL Legacy RDP Client 1.0 only]
– Fabulatech USB Redirection is not supported with IGEL Legacy RDP Client 1.0.
Please use IGEL RDP Client 2 – RDP legacy mode can be deactivated under
“IGEL Setup->Sessions->RDP->RDP Global->Options”.

[Dell vWorkspace Connector]
– With dual view configuration flash redirected windows can appear on wrong screen.
– Ctrl/Alt/Winkey combinations only work if the session grabs the keyboard by setting
“Override local windowmanager keyboard shortcuts”.
This key is either set globally at “IGEL Setup->Sessions->RDP->RDP Global->Keyboard”
or sessions-wise at “IGEL Setup->Sessions->vWorkspace Client->vWorkspace Client Sessions
->[session name]->Keyboard”.
This issue affects also seamless sessions: e.g. switch to the next window of
the local desktop (with Ctrl+Shift+Tab). When you switch with the mouse from a
seamless app to a local window it is possible that the keyboard focus is not
handed over to the local window again.
– After the start of a seamless session the window is initially maximized before
being resized to the correct size.
– Windows 7/8: The Alt-key must be pressed twice to show shortcut keys as a tool tip
in applications.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection does not work reliable.

[Virtual Bridges VERDE]
– Sessions using NoMachine’s NX protocol are not supported.

[NVIDIA graphics support]
– In dual screen configurations DPMS monitor saving mode creates display content
corruptions on secondary VGA display after resume of the device from suspend.

====================
New features:
====================
[ICA]
– Updated Citrix HDX RealTime Optimization Pack for Lync to version 1.4.103-956.
– Added support to restrict ICA sessions with workarea window mode to a single
monitor at
“IGEL Setup->Sessions->Citrix->ICA Sessions->[session name]->Window->Start Monitor”.
The value “No Configuration” expands the windows over all monitors without
hiding the taskbar.

[ICA/Citrix Receiver 13 only]
– Updated Citrix Receiver to version 13.0.3.274243
– Added support for SHA-2 based certificates.

[RDP/IGEL RDP Client 2 only]
– Added RD Gateway support for RDP sessions and RD Web Access:
configurable at “IGEL Setup->Sessions->RDP->RDP Global->Gateway”,
“IGEL Setup->Sessions->RDP->RDP Sessions->[session name]->Gateway” and
“IGEL Setup->Sessions->RDP->Remote Desktop Web Access->Server location”
registry keys:
– rdp.winconnect.enable-gateway, default: disabled
– rdp.winconnect.other-gateway-credentials, default: disabled;
disabled means: the credentials of the RDP login are also used for the gateway.
The following Gateway Credentials are only effective if
rdp.winconnect.other-gateway-credentials parameter is enabled:
* rdp.winconnect.gateway-user
* rdp.winconnect.gateway-crypt_password
* rdp.winconnect.gateway-domain
– sessions.winconnect<NR>.option.enable-gateway, default: Global setting;
Global setting means, the “RDP Global” configuration is effective.
The following Gateway configuration is only effective, if
sessions.winconnect<NR>.option.enable-gateway is configured to “Session setting”:
* sessions.winconnect<NR>.option.gateway-url
* sessions.winconnect<NR>.option.other-gateway-credentials, default: off
The following Gateway Credentials are only effective, if
sessions.winconnect<NR>.option.other-gateway-credentials is “on”:
* sessions.winconnect<NR>.option.gateway-user
* sessions.winconnect<NR>.option.gateway-crypt_password
* sessions.winconnect<NR>.option.gateway-domain
– rdp.rd_web_access.browseraddress<NR>.enable-gateway, default: Global setting;
the following Gateway address configuration is only effective,
if rdp.rd_web_access.browseraddress<NR>.enable-gateway
is configured to “Session setting”:
* rdp.rd_web_access.browseraddress<NR>.gateway-url
– Improved RDP Remote Apps: Tray icons and tooltips can be used.
– Added workarea mode support at “IGEL Setup->Sessions->
RDP->RDP Global->Window->Window Size” as a global setting.
You can also configure workarea mode session-specific at “IGEL Setup->Sessions->
RDP->RDP Sessions->[session name]->Window->Window Size”.
Please note that either workarea mode or the toolbar can be used.
Workarea mode superseeds toolbar configuration.
– Added a startup splash screen that is shown while connecting to a RDP server.

[ICA/RDP]
– Updated Grundig dictation driver with a better stability of the audio channel.
The following devices are not supported anymore:
– Grundig SoundBox 820
– DigtaSonic Mic I
– ProMic 840

[FabulaTech]
– Updated FabulaTech USB for Remote Desktop to version 5.0.4

[Browser]
– Added parameter to disable the firefox splash screen at
“IGEL Setup->Sessions->Browser->Browser Global->Show browser splash screen”
(registry key: browserglobal.app.showsplash, default: on).
– Updated flash player download URL to version 11.2.202.400.

[VMware Horizon View]
– Updated Horizon View Client to version 2.3.4.

[Appliance Mode]
– Added device reboot capability with a hotkey in XenDesktop,
VMware Horizon View, Spice and Imprivata Appliance mode.
The reboot hotkey is configured at
“IGEL Setup->Accessories->Commands->Reboot Terminal”

[UMS]
– Added information about network speed and duplex mode of Thin Client in the
system information pane along with other Thin Client specific properties.

[Shadowing/VNC]
– Updated VNC Server to version 0.9.13
– Added VNC secure mode, based on a SSL-encrypted VNC connection. The SSL
connection uses a special certificate located in the directory /wfs/ca-certs.
This feature requires the Universal Management Suite (UMS) to be involved,
to handle the shadowing permissions and double check whether the connection
is allowed or not. In addition the UMS is used to assure a secure credential
exchange between the TC and the UMS console.
IMPORTANT: The UMS must have the version 4.07.100 or higher!
The feature can be enabled at “IGEL Setup->System->Shadow->Secure Mode”
(registry key: network.vncserver.secure_mode, default: disabled)

[RedHat Enterprise Virtualization client]
– Updated spice/virt-viewer client to version 0.5.6.

[Virtual Bridges VERDE]
– Updated Virtual Bridges VERDE client to version 7.1.1 rel.24005.
The client supports RDP (IMPORTANT: IGEL Legacy RDP Client 1.0 is used)
and Spice client sessions.
VERDE Client sessions can be configured at
“IGEL Setup->Sessions->VERDE Sessions”
(registry keys: sessions.vbclient%)
The browser plugin is working without additional configuration.

[Dell vWorkspace Connector]
– Updated Dell vWorkspace Connector for Linux to version 7.7
– Added switch to enable bidirectional audio at “IGEL Setup->Sessions->
RDP->RDP Global->Sound->Audio capture” for global configuration or
or session-specific at “IGEL Setup->Sessions->
vWorkspace Client Sessions->[session name]->Mapping->Enable Microphone mapping”
(registry keys:
– rdp.winconnect.rdpeai.enable, default: disabled
– sessions.qrdesktop<NR>.option.enable-microphone, default: disabled)
– Added switch for font-smoothing at “IGEL Setup->Sessions->
RDP->RDP Global->Performance->Enable Font smoothing” for global configuration
or session-specific at “IGEL Setup->Sessions->
vWorkspace Client Sessions->[session name]->Performance->Enable font smoothing”.
(registry keys:
– rdp.winconnect.enable-font-smoothing, default: disabled
– sessions.qrdesktop<NR>.option.enable-font-smoothing, default: disabled)
– Added switch for vWorkspace connection bar at “IGEL Setup->Sessions
->RDP->RDP Global->Enable Toolbar” for global configuration
or session-specific at “IGEL Setup->Sessions->vWorkspace Client Sessions->
[session name]->Window->Display the connection bar when in full screen mode”.
(registry keys:
– rdp.winconnect.enable-toolbar, default: disabled
– sessions.qrdesktop<NR>.option.conbar_fullscreen, default: enabled)

[Smartcard]
– Updated SafeSign smart card PKCS#11 library to version 3.0.93.

[Network]
– Added parameter for DHCP user class option (see RFC 3004) at
“IGEL Setup->Network->DHCP Client->Standard Options->User Class”.
(registry key: network.dhcp.user_class, default: empty, which disables the option)
Non-printable bytes can be specified as \ooo, where each o is an octal digit,
or \xhh, where each h is a hexadecimal digit. ‘\’ and ‘”‘ must be escaped by prepending ‘\’.
– Added parameters for DHCP client identifier options (see RFC 2132):
(registry keys:
– network.interfaces.ethernet.device0.dhcp_client_id, default: empty, which disables the option
– network.interfaces.ethernet.device1.dhcp_client_id, default: empty, which disables the option
– network.interfaces.wirelesslan.device0.dhcp_client_id, default: empty, which disables the option)
Non-printable bytes can be specified as \ooo, where each o is an octal digit,
or \xhh, where each h is a hexadecimal digit. ‘\’ and ‘”‘ must be escaped by prepending ‘\’.
Example values:
– \x00host.example.org (a FQDN with type byte 0 prepended),
– \x01\x00\x11\x22\x33\x44\x55 (the MAC address 00:11:22:33:44:55 with type byte 1 prepended)

[base system]
– Added custom timezone support. Custom timezone files must be located at /wfs/zoneinfo/ directory
to be considered.
– Updated common CA certificates to ubuntu version ca-certificates_20140325.
The list of integrated certificates is available at:
http://myigel.biz/index.php?dir=IGEL_UNIVERSAL_DESKTOP_CONVERTER/updates/UDC2_V5/
– Updated timezone data to version 2014e-0ubuntu0.12.04.
– Updated Gstreamer plugins:
– Fluendo MPEG demuxer to version 0.10.81
– Fluendo MP3 decoder to version 0.10.29.
– Updated TC Setup to version 4.8.3
– Added webcam test application configuration at
“IGEL Setup->Accessories->Webcam Information”

[Java]
– Updated Java Runtime Environment to version 1.7.0 U65.

[PowerTerm]
– Added registry key “powerterm.autosavekeymapscript” default: enabled, to control
automatic saving of keyboard mapping changes and scripts within PowerTerm sessions.
Disabling this parameter avoids data transfer to UMS, however changes of keyboard mapping
and scripts within PowerTerm sessions are not reboot- or reconfiguration-safe.

====================
Resolved issues:
====================
[ICA]
– Fixed Citrix XenApp/StoreFront with multi monitor configuration for window
placement if “Sessions->Citrix->ICA Global->Window->Multi Monitor Fullscreen Mode”
is set to “Restrict fullscreen session onto one monitor”.
For this setup configure “IGEL Setup->Sessions->
Citrix->ICA Global->Citrix XenApp/StoreFront Start Monitor”
(registry: “ica.pnlogin.xineramamonitor”, default: 1st monitor).
– Fixed matching of application names in Citrix XenApp/StoreFront autostart list
at “IGEL Setup->Sessions->Citrix->Citrix XenApp/StoreFront->Logon->
Start following applications automatically…”.
– Fixed closing ICA sessions, if a USB headset is plugged in or out.
– Fixed HDX Flash Redirection to work with enabled server-side content
fetching (SSCF)

[ICA/Citrix Receiver 13 only]
– Fixed Copy/Paste and focus issue with new Citrix Receiver version 13.0.3.

[ICA/Citrix Receiver 12 only]
– Fixed persistant cache

[RDP]
– Fixed local logon window to customize the Server-URL within the logon window (changeable Server-URL).

[RDP/IGEL RDP Client 2 only]
– Fixed Remote Desktop Web Access login mechanism:
– IGEL Setup is not blocked, while the Remote Desktop Web Access
login is running.
– Handle more than one server in a correct way.
– Fixed English(International) keyboard layout.
– Fixed access of files via drive mapping: search for existing files in a case
insensitive way.
– Improved Windows Server 2003 handling with a color depth of 16 bpp.
– Fixed crash if connecting to a Windows Server 2003 with activated NLB
(Network Load Balancing).
– Fixed double mapped drives and printers.
– Fixed DNS Round Robin loadbalancing feature.
– Fixed termination of RDP sessions if IGEL Smartcard is removed.
– Fixed audio redirection for Remote Apps started by Remote Desktop Web Access.
– Fixed drive mapping in RDP sessions not to lock CDROM drives permanently.
CDs can be ejected at any time.
– Fixed playback of compressed audio frames used in Windows 2012 Server sessions.
– Fixed program crash on hardware without SSE4.1 instruction set,
if RemoteFX is enabled.
– Fixed window position on unsupported UDC hardware,
if VESA fallback graphics mode is active.

[Browser]
– Firefox crashed the system while playing videos due to vast memory consumption.
Memory usage can be limited with registry keys:
– browserglobal.app.media_cache_size, default: 64000 (=64MB)
– browserglobal.app.browser_cache_offline_capacity, default: 64000 (=64MB)

[Network/WiFi]
– Fixed not working registry keys:
– network.interfaces.ethernet.device0.hide_progress,
– network.interfaces.ethernet.device1.hide_progress and
– network.interfaces.wirelesslan.device0.hide_progress are no longer ignored.
Setting the values to “always” or in case of WiFi to “reconnect” results in fewer
notification messages on desktop.
– Fixed handling of PKCS#12 (PFX) files for 802.1X authentication.
– Fixed Broadcom 44xx/47xx (b44) ethernet driver.
– Fixed broken WiFi roaming between multiple SSIDs.
– Improved NetworkManager: Connection data is not stored in
/etc/NetworkManager/system-connections/ anymore.
– Fixed network notification window to disappear after boot process.
– Improved dynamic DNS registration with method DNS.
– Fixed 802.1X authentication together with SCEP certificate management.
– Fixed logon method (e.g. Kerberos logon) after resuming the device from suspend.
After the resume the device asks again for the login credentials (i.e.
for WPA Personal or 802.1X authentication) to ensure the login policy is enforced.

[Dell vWorkspace Connector]
– Fixed vWorkspace sessions with preconfigured credentials to not show the local login
window again during session start.

[FabulaTech]
– Fixed redirection of mass storage devices.
– Fixed Fabultech USB redirection to be available with IGEL IZ-HDX devices.

[Smartcard]
– Improved driver for HID Global Omnikey smart card reader OMNIKEY CardMan (076B:3022) 3021
by new driver version 4.0.5.4.
– Fixed reading of DATEV smart cards with Omnikey smart card readers.
The setting of registry key scard.pcscd.omnikey_mhzrequired is effective again.

[Desktop]
– Fixed Ctrl+Alt+Up/Down window focus cycling shortcut to work as expected.
– Fixed hotkeys for switching additional keyboard layouts.
– Fixed localisation of system programs that were started from start menu or desktop.
– Fixed keyboard focus of 802.1X authentication dialog:
When a logon screen (e.g. for Kerberos logon) and the network authentication dialog
were displayed at the same time the last one did not get the keyboard focus.
– Enabled LVDS output on radeon graphics chipsets by default, when a laptop
with battery is detected.
The registry key x.drivers.ati.ignore_lvds_output is ignored in that case.
This fixes black screens on laptops with ATI/Radeon graphics chipsets.
– Fixed a crash in radeon graphics driver, when LVDS output is ignored
with registry key x.drivers.ati.ignore_lvds_output and LVDS output is present.

[base system]
– Fixed chinese input method in GTK2 programs.
– Restricted RPC access: RPC informations are only reported to localhost now.
– Fixed OpenSSL 1.0.1 security issues: CVE-2014-0224, CVE-2014-0195, CVE-2014-0221,
CVE-2014-3470, CVE-2010-5298, CVE-2014-0198
– Fixed OpenSSL 0.9.8 security issues: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195,
CVE-2013-0169, CVE-2013-0166, CVE-2012-2333, CVE-2012-0884.
– Added security patch to fix CVE-2014-0196.
– Added missing parameter at “IGEL Setup->Sessions->Citrix->ICA Global->Mapping->
Device Support->Grundig MMC Channel for Dictation with Grundig Devices”.
– Fixed changing passwords when logging on with Active Directory/Kerberos
and specifying Domain Controller manually at
“IGEL Setup->Security->Active Directory/Kerberos->Domain X”.
– Fixed reboot on Dell OptiPlex 760 and 755 UDC hardware.
– Added support for Realtek SD Card Reader in Acer Veriton 260G UDC hardware.

[UMS]
– Fixed UMS configuration if the connection is established via Cisco VPN client.

[Imprivata]
– Fixed Login dialog in multi monitor environments.
– Fixed issue with Imprivata partition.

Release: IGEL Universal Management Suite 4.07.110

Wednesday, July 23rd, 2014

=====================
IGEL Universal Management Suite
=====================
Version 4.07.110
Release date: 11.07.2014
=====================
Notes:
=====================

If the windows installer does not start on Windows Server 2003 hosts,
contace IGEL support to get an UNSIGNED setup executable. This will solve
the issue.

The stand alone VNCViewer application has been removed in version 4.05.220.
Use UMS Console with appropriate user permissions to replace it.

The linux installer is tested with
– Ubuntu 12.04 (32bit)
– RedHat Enterprise Linux 6 (32bit)

For further compatibility information check the Universal Management Suite
Data Sheet at www.igel.com.
*****************************************************************************
UMS 4.07.110 (stable build based on version 4.07.100)
*****************************************************************************
=====================
Fixed bugs
=====================
– Fixed problem creating thin client directories (occurs in combination with
default directory rules only)
– Fixed firmware update assignment issue: assignments did not take effect
if they were assigned to thin client subdirectories
– Fixed file assignment issue: assignments did not take effect
if they were assigned to thin client subdirectories
– Fixed profile assignment issue: assigned object list showed all profiles,
even if there were only some assigned;
NOTE: this was an UI issue only, it did NOT affect the thin client settings
– Fixed null pointer exception if a firmware update is deleted
– Fixed firmware update deployment issue: firmware update registration
(from zip file) fails if UMS console runs on a windows system and the
UMS server runs on linux