Archive for September, 2014

Info: cloud-client.info UMS Appliance 2.9 and Shellshock security bulletin

Friday, September 26th, 2014

Hello Folks,

please note that the cloud-client.info UMS Appliance 2.9 (Ubuntu 12.04 LTS) and lower are also affected by the Shellschock issue.

You are free to fix the issue by following several public available manuals by your own but we will not provide a fix for this!

Reason for this is simple, we will release a new UMS Appliance in the upcoming days (Version 3.0) which is based on a complete new Linux Version (Ubuntu 14.04 LTS) including a fixed bash version.

From our point it doesn’t make sense to invest time to maintain Versions < 3.0 at this moment and like mentioned, it’s quite simple to fix it by your own.

Cheers

Michael

P.S.: Ubuntu LTS means Long Term Support

Info (updated): IGEL Linux and Shellshock security issue

Friday, September 26th, 2014

Hello Folks,

already a few days the Linux/MacOSX Shellshock issue is sneaking around the internet, one question: Is the IGEL Linux affected?

Here is the answer: Yes

All IGEL Linux Version up to Firmware 5.04.100 have a Bash Version lower than 4.3 installed, means all these systems are affected.

You can check this quite easy with the command “bash –version”

or enter the following comand in a Terminal Session:

test=”() { echo Hello; }; echo Hacked” bash -c “”

Is it critical? Depends on your configuration, by default the IGEL System is very secure and the regular user don’t have any option to gain access to the command line or to a configuration to enter these “variable” hacks. So as long the user can not access the command line nothing will happen, there is no webserver or similar to sneak in with some dirty “cheats”.

So we classify this issue as “Low” for a regular configured IGEL Linux based Thin Client.

I will update you and provide a fix asap for the x86 based Linux (iam sorry but i don’t have a ARM platform to provide a ARM compiled bash replacement), these fix can be used until IGEL will release a firmware update to fix this issue.

Update: IGEL has released fixed firmwares for all current devices.

Cheers

Michael

Info: cloud-client.info at feedly.com

Wednesday, September 24th, 2014

Hello Folks,

cloud-client.info is now available at feedly the famous news aggregator to offer you our latest blogs and comments with your favorite news app for mobile devices.

Just open your feedly app or visit http://cloud.feedly.com and search/subscribe for blog.cloud-client.info.

Cheers

Michael

 

 

Migrated with IGEL UDC V2: HP ProBook 6360b

Tuesday, September 23rd, 2014

Hello Folks,

i got some reports about some successfull migrated devices, for the migration the IGEL Universal Desktop Converter 2 was used.

hp6360b

One device is the HP ProBook 6360b , the device is reported as fully compatible.

Cheers

Michael

P.S.: Regarding the fact that i don’t have a HP ProBook 6360b  available i was not able to reproduce the result. Test in advance!

Migrated with IGEL UDC V2: Lenovo L440

Tuesday, September 23rd, 2014

Hello Folks,

i got some reports about some successfull migrated devices, for the migration the IGEL Universal Desktop Converter 2 was used.

LenovoL440

One device is the Lenovo L440, the device is reported as fully compatible.

Cheers

Michael

P.S.: Regarding the fact that i don’t have a Lenovo L440 available i was not able to reproduce the result. Test in advance!

Release: Pidgin Multichat Tool for the IGEL Linux (LX/OS) x86 custom partition package

Thursday, September 18th, 2014

Hello Folks,

after some time I would like to introduce a new custom partition sample package for the IGEL Linux, this time it’s the Pidgin Multichat Tool.

pidgin

 

cloud-client.info Pidgin custom partition sample
———————————————————

Version: 1.0.0

Release Date: 18.09.2014

Copyright 2014 cloud-client.info

EMail: blog@cloud-client.info

For use with IGEL Universal Management Suite 4.07.110 or higher only!

Tested with IGEL Universal Desktop LX/OS Firmware 5.04.100

WARNING: ONLY FOR TESTS AND PERSONAL USE – NOT FOR PRODUCTION!
General Informations – Tems of use
———————————-

The use in public presentations, for comparing the IGEL products with other solutions or a public release in any other form is not permitted without the written permission by the author.

Universal Desktop and Universal Management Suite is a registered Trademark of IGEL Technology.

IGEL Technology and cloud-client.info will not support this partial update in any kind.

cloud-client.info is not responsible for any damage or loss, caused by using this partial update sample. You are using this partial update on your own risk!

This custom partition sample is for technical demonstrations and tests only.

Content
——-
This partial Update contains one package:

Pidgin Multichat Client: Pidgin Version 2.10.9
Installation
————
The pack contains also the UMSProfiles.zip, import this file into the IGEL Universal Management Suite to get the required configuration. After the import change the download path’s under System->Firmware Customization->Custom Partition->Download to your download site/server.

Restart the client after the package is deployed.
Starting / Configuring a Pidgin Session
——————————————
After the client reboot a desktop link to the generated script is available on the desktop, the script will be generated in the /config/sessions folder with the name pidgin0.

You can add parameters by modifing the script generation, you can find the script generator in the UMS Profile->System->Firmware Customization->Custom Commands->Desktop Commands->Custom Command Desktop Final area.

The following chat platforms are tested:

Lync 2013 – IM only, no voice or video calls!
Skype – Not supported, skype denied our written request to provide the client thru cloud-client.info.
Facebook – Follow https://www.facebook.com/sitetour/chat.php, use Port 443 and force encryption!
AIM – Just enter your credentials
Google Talk – Follow http://www.pctipp.ch/tipps-tricks/kummerkasten/internet/artikel/google-talk-in-pidgin-einrichten-66194/ (German)
Yahoo – Enter your username without @yahoo.com, as server use scs.msg.yahoo.com and as pager port 80.
ICQ – Just enter your credentials to get it working.
IRC – Regular IRC Setup, nothing special.
MSN – Not tested regarding the fact that Microsoft will discontinue MSN Chat and move it to Skype.

All other services are not tested, it may work but it don’t have to be.

The download is available here: Pidgin for IGEL Linux (LX/OS) x86

The package can be opened and modified with our Deployment Assistant Tool for IGEL Thin Clients (DATI), see also the Whitepaper on our main site.

Have Fun

Michael

Tip: Free space after a lot data has been deleted/moved from a Windows Server 2012 (R2) volume with enabled deduplication

Sunday, September 14th, 2014

Hello Folks,

the last day’s i setup a new design for a storage infrastructure, in this infrastructure i’ve moved/deleted round about 6TB of data.

On some volumes was/is deduplication enabled and after i’ve moved a bunch of data away from these volumes to free diskspace the Windows Explorer still shows no “new” free space available. By default Server 2012 and R2 will free diskspace one time per week or with other words you will not get free diskspace by only deleting a file; quite simple.

So how can you force Windows Server 2012R2 to free the diskspace asap? Quite simple, start the PowerShell as Administrator and run the following command:

Start-DedupJob -Type GarbageCollection -Priority High -Volume *yourvolumehere*

After you start the job you can check the status with Get-DedupJob

Wait until the job is finished and check the free space again, it should be available now. I will not explain why deduplication is working in this way here but I did note sometimes Administrators are not aware about the way how it works and that’s the reason why i mention it here.

This is also important if using data deduplication for portable harddisks (not recommended to do so), i’ve seen this already a few times and in this case you are required to run this job manual (mostly).

Have Fun

Michael

P.S.: If you run full backup jobs on a volume like this Microsoft recommends to create a new full backup after the “GarbageCollection” Job is finished, a lot of data can be changed during this job.

P.S.2: For infrastructure’s with a high rate of moving/deleting data on volumes with enabled data deduplication i recommend to schedule one “GarbageCollection” Job per night for the affected volume. You can schedule a job quite simple with the command: Set-DedupSchedule –Name "FreeSpace" –Type GarbageCollection –Start hh:ss –DurationHours 5 –Days Mon,Tues,Wed,Thurs,Fri,Sat,Sun –Priority High

Of course the execution time should not be at the same time like a large backup job or similar.. 🙂 Replace hh:ss with the time you want to perform the job, also remove unwanted days if not needed.

Tip: Configure hidden VMWare View settings that are not available in the IGEL Linux Setup incl. registry

Friday, September 12th, 2014

Hello Folks,

you want configure a few more settings for the VMWare View client like mentioned in the following links:
Setting Frames for Real-Time Audio-Video
VMWare View Client Release Notes

…and maybe other Sources.

A couple of these settings are currently not available in the Setup/Registry provided with the IGEL Setup / UMS Profile, but how can you apply it if you need it?

Quite simple, open the IGEL Setup or the UMS Profile and browse to System->Firmware Customization -> Custom Commands -> Desktop Commands.

In the “Custom Command Desktop Final” add the following lines, this sample is for Real-Time Audio-Video Frames configuration.

echo ‘rtav.srcWCamFrameWidth=”320″‘>>/etc/vmware/config
echo ‘rtav.srcWCamFrameHeight=”240″‘>>/etc/vmware/config

Repeat this for all settings you want to deploy, the text between the ‘….’ is the parameter, the configuration will be added to the /etc/vmware/config file after a reboot. If you finished the configuration apply the settings and reboot the device. The settings should be applied now. 🙂

Attention: If you change something else via a profile or the IGEL Setup you must reboot the device to take over the configuration!

Maybe IGEL will include these configuration’s in later Firmware releases but until now (Firmware 5.04.100 / 4.13.180) they are not.

Cheers

Michael

P.S.: All configuration’s are done at your own risk!

Tip: Troubleshoot Citrix HDX Flash redirection issues

Friday, September 12th, 2014

Hi Folks,

you have issues with the HDX Flash redirection? Just try the following steps:

 

1) Make sure the Flash Player plugin is installed on the Server and the Client site, it’s not available for ARM based devices like the IZ1(!).

 

2) Disable the Flash Player Auto Update at the Server site!

 

3) Flash redirection in general is not 100% compatible and never could be it.

 

4) Make sure that all Citrix Server Policies for HDX Flash redirection are enabled and configured in the right way.

 

5) Make sure that the Flash Redirection feature is enabled at the client site.

 

6) Make sure content fetching is enabled if the client can not access the Internet directly, this needs to be enabled at the Server and the Client.

 

7) Follow http://support.citrix.com/article/CTX134786, perform the registry settings to disable the Version check:

You can disable the version check by modifying Windows Registry Key on VDA, named “FlashPlayerVersionComparisonMask” which is a dword that should be set to zero.

This needs to be set on each and every VDA you need the checking disabled on.

32-bit OS HKLM\\Software\\Citrix\\HdxMediaStreamForFlash\\Server\\PseudoServer

64-bit OS HKLM\\Software\\Wow6432Node\\Citrix\\HdxMediaStreamForFlash\\Server\\PseudoServer

 

8) Ask user where they have to upload or download data thru websites and verify that these sites will not be redirected. Why? If the content is redirected the user will only see the file system coming from the Thin Client! It’s running redirected local at the client right… 🙂

 

9) For XenApp 6.5 make sure CTX140236 Hotfix is installed, http://support.citrix.com/article/CTX140236

 

10) For XenDesktop 5.x/XenApp 7.x or higher make sure the latest VDA Version incl. Hotfixes are installed.

 

11) If it is still not working add the following Registry Keys to the PseudoServer Registry Part (see 7).

UserEnabledFlashV2 as REG DWORD = 1
IEBrowserMaximumMajorVersion as REG DWORD = Installed IE Version in decimal, for example IE 9 = 9

 

Cheers

Michael

Migrated with IGEL UDC V2: Dell Optiplex 7010

Thursday, September 11th, 2014

Hello Folks,

today we migrated a Dell Optiplex 7010 with success, we used IGEL Universal Desktop OS 5.03.190.

DellOptiplex

GFX Card incl. Dual Monitor support: Working (Note: Display Port 2 seams to be not to work with DP->DVI Adapters, DP->VGA are working; this seams to be an issue with the GFX Card in general (BIOS already fail to initiate the connected Display without any IGEL Software loaded)
Network card: Working
USB Ports: Working
Audio: Working
DVD-Drive: Not tested
WiFi: Not available

Note: Disable “Deep Sleep Control” in the Energy configuration in the Dell device BIOS!

Cheers

Michael

P.S.: Of course we are not responsible for any damage related to this article, test in advance if you want to migrate similar devices.

Migrated with IGEL UDC V2: Dell Optiplex 790

Thursday, September 11th, 2014

Hello Folks,

today we migrated a Dell Optiplex 790 with success, we used IGEL Universal Desktop OS 5.03.190.

DellOptiplex

GFX Card incl. Dual Monitor support: Working
Network card: Working
USB Ports: Working
Audio: Working
DVD-Drive: Not tested
WiFi: Not available

Cheers

Michael

P.S.: Of course we are not responsible for any damage related to this article, test in advance if you want to migrate similar devices.

Migrated with IGEL UDC V2: Dell Optiplex 780

Thursday, September 11th, 2014

Hello Folks,

today we migrated a Dell Optiplex 780 with success, we used IGEL Universal Desktop OS 5.03.190.

DellOptiplex

GFX Card incl. Dual Monitor support: Working
Network card: Working
USB Ports: Working
Audio: Working
DVD-Drive: Not tested
WiFi: Not available

Cheers

Michael

P.S.: Of course we are not responsible for any damage related to this article, test in advance if you want to migrate similar devices.

Information: Distribution of cloud-client.info whitepaper thru papershare.com is discontinued

Tuesday, September 9th, 2014

Hello Folks,

it seams to be that I can not upload any new content thru Papershare without having a paid account, regarding this and the fact that we’re a none commercial project the distribution thru papershare.com is discontinued.

Please use only our website www.cloud-client.info to access our latest whitepapers, the content hosted at papershare.com will not be updated anymore.

Cheers

Michael

Whitepaper: IGEL Linux, Citrix Receiver 13 and Citrix Storefront

Tuesday, September 9th, 2014

Hello Folks,

a new Whitepaper is available!

Regarding the point that i’ve been asked a lot of times how the Citrix Receiver 13 which comes with the latest IGEL Firmware’s needs to be configured to use Citrix Storefront, i’ve decided to provide a Whitepaper to cover these questions.

This Whitepaper is not a small one… It covers all “must have” configuration task and which ways are available to get it running (Webbrowser, Store and Legacy Mode) incl. some basic information’s how to deploy the required certificates and a few other things that are important to know before using the Citrix Receiver 13.

The Whitepaper is free available for download here: Download

It’s also the first time a Whitepaper is sponsored by a company, thank you to BCD-Sintrag for providing the Test Lab which has been used for the configuration samples.

Cheers

Michael

Tip: Microsoft Workfolder Sync fails with error 0x80080222

Saturday, September 6th, 2014

Hi Folks,

i just got the issue with a tablet (Windows 8.1), i boot up the tablet and got a sync error from the Workfolder feature.  The error number was 0x80080222, after a research i did not found much information’s about this error. Typical it means that something with the licensing failed but all Servers incl. the tablet didn’t show any license issue and were still activated, also other devices still got no issues and worked without any error.

Funny… Only difference to the working devices was the fact that the workfolder file location was stored on a SD-Card (to save rare SSD space) and i remember that i remove the card a few hours before (device was off) to copy a file from it (not from the workfolder file folder…). So i tried to reproduce it and yep.. Same happens again, so it seams to be that the workfolder feature checks the filesystem and if something is wrong it denies to work anymore. 🙁 No workaround, just stop the use of workfolders and set it up again to get it working. Quite simple and don’t waste your time for troubleshooting.

Cheers

Michael

P.S.: Similar can happen with regular HDD’s/SSD’s if removed from the device and attached to an other one (to take a backup or whatever). I would like to get a more detailed error description or a hint at Microsoft TechNet but i did not found any article related to the issue.

Tip: Getting struggled with SHA2 certificates and the Citrix Linux Receiver?

Friday, September 5th, 2014

Hi Folks,

if you got issues with SHA2 certificates in the past and if used together with a Citrix environment you should try the latest IGEL 5.04.100 LX/OS firmware.

The new firmware contains a updated Citrix Receiver 13 version which comes now with SHA2 certificate support, important here: You must use the Citrix Receiver 13, no option to use Receiver Version 12 here! So it might be that you have to reconfigure your thin clients to work together with your environment and to get Receiver 13 to work.

Please test the new configuration in advance, do not just modify it to see what happens for all your users (otherwise they will hate you). 😉

Cheers

Michael

 

Release: Cloud-Client.info UMS Template Version 1.0.90

Friday, September 5th, 2014

Hello Folks,

a new cloud-client.info UMS Template is available. You can download the new template here: UMS Template Version 1.0.90

Changelog:

1.0.90
——
– Support for IGEL Universal Desktop LX V5 Firmware 5.04.100
– Support for IGEL Universal Desktop W7 Firmware 3.08.100
– Removed old firmwares
– Added Profile for IGEL Linux V5 to configure the Remote Desktop Gateway
– Added Profile for IGEL Linux V5 to configure other User credentials for the Remote Desktop Gateway than the regular user credentials
– Added Profile for IGEL Linux V5 to disable the Firefox Webbrowser splash screen
– Added Profile for IGEL Linux V5 to enable VNC Shadowing secure mode, requires SSL certificate deployed to the client in advance
– Added Profile for IGEL Linux V5 to enable the Toolbar in Microsoft RDS sessions
– Added Profile for IGEL Linux V5 to configure the Webbrowser Media cache memory to 32mb (default 64mb)
– Added Profile for IGEL Windows W7 to configure the general Audio settings
– Added Profile for IGEL Windows W7 to configure the Internet Explorer site security settings
– Modified Default Directory Rules for ARM and LX devices
– Renamed Quest vWorkspace settings to Dell vWorkspace
– Profiles Total 486

Cheers

Michael

 

Feature Highlight: Remote Desktop Gateway support coming with IGEL UD Linux 5.04.100

Thursday, September 4th, 2014

Hello Folks,

together with the Linux Version 5.04.100 IGEL has relased a lot of new features, one highlight here is the support for the Remote Desktop Gateway provided by Microsoft.

The Setup is quite simple and i would like to introduce the main setup steps to you, you can click on the picture to enlarge the view.

Step 1) Enter the public Gateway URL in the RDP Global Tab in the local IGEL Thin Client configuration, if you are using the IGEL Universal Management Suite read the release notes where you can find this setting. Don’t add a https to it, just the plan URL.

rdgwsetup1

 

Step 2) You have to configure the local login window, otherwise it might not work. The configuration is quite simple and can be also found in the RDP Global configuration. Don’t forget to enter the Domain Name here, the picture below shows the working configuration for my test environment at home.

rdgwsetup3

 

Step 3) By default the Remote Desktop Gateway will only work with certificates, i don’t want to deploy these certificate to the client so i disable the option in the RDP Global configuration (marked with red)

rdgwsetup2

 

Step 4) Now it’s time to perform the session configuration, in my scenario i’ve enabled the option to change the server url (fqdn) on demand but you can disable this option. Iam using the option to allow an external access also to my Hyper-V Servers or other Computers running at home (Administrative use of the RD Gateway feature… Marked in red.).

If you only want to allow users to access a regular session enter the DNS Name that points to the loadbalancer in your domain as FQDN. Please note: You have to setup a seperate Host entry in your DNS environment running in the company network to get the Loadbalancer (Remote Desktop Connection Broker, RDCB) to work right, do never never use the “real” RD Loadbalancer Hostname or you will only get a RD connection to the Loadbalancer Desktop. Error No.1 in the most RD environments!

rdgwsetup4

 

 

 

Step 5) Close the IGEL Setup and start the new created RD Session which appears on the IGEL Desktop. The local login window will pop up now. I can change the Server here, this was configured in Step 4 and it’s not required to use it (only my personal setup). Now enter your password and select “OK”.

rdgwsetup5

 

 

Step 6) The new IGEL RD Session start logo pops up.

rdgwsetup6

 

Step 7) Done… Iam now connected to my RD Environment at home (RemoteFX 8). 🙂

rdgwsetup7

 

 

Have fun, it really works very well for me so if you are using a Microsoft RD Environment it’s worth to get a look at the new IGEL solution.

 

Cheers

Michael

 

Release: IGEL Universal Desktop LX/OS 5.04.100

Wednesday, September 3rd, 2014

IGEL Universal Desktop OS 2
===========================
Version 5.04.100
Release date 2014-09-03
Last update of this document 2014-08-26
====================
Versions:
====================
Clients:
– 2X Client 10.1-1263
– Cisco VPN Client 4.8.02.0030-k9
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.4.103-956
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.0.3.274243
– Client for RedHat Enterprise Virtualization Desktops 3
– Dell vWorkspace Connector for Linux 7.7
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– FabulaTech USB for Remote Desktop 5.0.4
– Firefox 17.0.11
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 2.4.57.0
– NCP Secure Client (Enterprise) 3.25-rev15580-i686
– NX Client 3.5.0-7
– Oracle JRE 1.7.0_65
– Thinlinc Client 3.2.0
– ThinPrint Client 7.0.59
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon View client 2.3.4-1880356
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.0.9

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.93
– PKCS#11 Library Athena IDProtect 623.07
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.1.1.21
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.4
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems CCID 5.0.27
– Resource Manager PC/SC Lite 1.8.9

System Components:
– Graphics Driver ATI 6.14.99_git20111219
– Graphics Driver NVIDIA 304.60
– Graphics Driver INTEL 2.17.0
– Graphics Driver VIA 5.76.52.92-126076
– Kernel 3.2.46 #48.74-udos-r1120
– Xorg X11 Server 1.11.4
– Xorg Xephyr 1.7.6
====================
Information:
====================
IMPORTANT:
This releases integrates two Citrix Receiver versions 12 and 13.
You can only choose to run either of the versions.
The old 12 Citrix Receiver is still available for compatibility reasons and
activated by default. Version 13 of the Citrix Receiver can be activated at
the local setup of the device or through a UMS profile configuration.

IMPORTANT:
Dual monitor configuration for “unsupported hardware” works only if “native
driver support” works properly. It is a prerequisite to assure that the
native driver is really working, as the fallback VESA driver does not provide
any dual monitor configuration. Have a look at Application Launcher’s
“About tab->Hardware-Graphics Chipset”. If VESA is listed there the native
driver does not work and dual monitor configuration is not functional.
====================
Known issues:
====================
[ICA/Citrix Receiver 13 only]
– Currently Kerberos is not supported, so Kerberos passthrough will not work
with ICA sessions and Citrix XenApp/StoreFront.
Workaround: configure “Passthrough authentication”
– Smartcard authentication is supported for ICA sessions created on the IGEL
device (supported with Citrix servers up to version 6.5). Kerberos
passthrough and Citrix XenApp/StoreFront login are not supported.
– Only the “User name and password” StoreFront authentication method is supported.
– During Citrix XenApp/StoreFront logoff the logoff for running desktop sessions
does not work.
– Com-port redirection is not supported.
– Webcam redirection is not supported with H.264 hardware and software encoding,
still legacy theora encoding is supported.
– Persistent cache is not working and therefore completely disabled.

[RDP/IGEL RDP Client 2 only]
– RDP sessions freeze sporadically, if RD Gateway support is enabled.

[RDP/IGEL Legacy RDP Client 1.0 only]
– Fabulatech USB Redirection is not supported with IGEL Legacy RDP Client 1.0.
Please use IGEL RDP Client 2 – RDP legacy mode can be deactivated under
“IGEL Setup->Sessions->RDP->RDP Global->Options”.

[Dell vWorkspace Connector]
– With dual view configuration flash redirected windows can appear on wrong screen.
– Ctrl/Alt/Winkey combinations only work if the session grabs the keyboard by setting
“Override local windowmanager keyboard shortcuts”.
This key is either set globally at “IGEL Setup->Sessions->RDP->RDP Global->Keyboard”
or sessions-wise at “IGEL Setup->Sessions->vWorkspace Client->vWorkspace Client Sessions
->[session name]->Keyboard”.
This issue affects also seamless sessions: e.g. switch to the next window of
the local desktop (with Ctrl+Shift+Tab). When you switch with the mouse from a
seamless app to a local window it is possible that the keyboard focus is not
handed over to the local window again.
– After the start of a seamless session the window is initially maximized before
being resized to the correct size.
– Windows 7/8: The Alt-key must be pressed twice to show shortcut keys as a tool tip
in applications.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection does not work reliable.

[Virtual Bridges VERDE]
– Sessions using NoMachine’s NX protocol are not supported.

[NVIDIA graphics support]
– In dual screen configurations DPMS monitor saving mode creates display content
corruptions on secondary VGA display after resume of the device from suspend.

====================
New features:
====================
[ICA]
– Updated Citrix HDX RealTime Optimization Pack for Lync to version 1.4.103-956.
– Added support to restrict ICA sessions with workarea window mode to a single
monitor at
“IGEL Setup->Sessions->Citrix->ICA Sessions->[session name]->Window->Start Monitor”.
The value “No Configuration” expands the windows over all monitors without
hiding the taskbar.

[ICA/Citrix Receiver 13 only]
– Updated Citrix Receiver to version 13.0.3.274243
– Added support for SHA-2 based certificates.

[RDP/IGEL RDP Client 2 only]
– Added RD Gateway support for RDP sessions and RD Web Access:
configurable at “IGEL Setup->Sessions->RDP->RDP Global->Gateway”,
“IGEL Setup->Sessions->RDP->RDP Sessions->[session name]->Gateway” and
“IGEL Setup->Sessions->RDP->Remote Desktop Web Access->Server location”
registry keys:
– rdp.winconnect.enable-gateway, default: disabled
– rdp.winconnect.other-gateway-credentials, default: disabled;
disabled means: the credentials of the RDP login are also used for the gateway.
The following Gateway Credentials are only effective if
rdp.winconnect.other-gateway-credentials parameter is enabled:
* rdp.winconnect.gateway-user
* rdp.winconnect.gateway-crypt_password
* rdp.winconnect.gateway-domain
– sessions.winconnect<NR>.option.enable-gateway, default: Global setting;
Global setting means, the “RDP Global” configuration is effective.
The following Gateway configuration is only effective, if
sessions.winconnect<NR>.option.enable-gateway is configured to “Session setting”:
* sessions.winconnect<NR>.option.gateway-url
* sessions.winconnect<NR>.option.other-gateway-credentials, default: off
The following Gateway Credentials are only effective, if
sessions.winconnect<NR>.option.other-gateway-credentials is “on”:
* sessions.winconnect<NR>.option.gateway-user
* sessions.winconnect<NR>.option.gateway-crypt_password
* sessions.winconnect<NR>.option.gateway-domain
– rdp.rd_web_access.browseraddress<NR>.enable-gateway, default: Global setting;
the following Gateway address configuration is only effective,
if rdp.rd_web_access.browseraddress<NR>.enable-gateway
is configured to “Session setting”:
* rdp.rd_web_access.browseraddress<NR>.gateway-url
– Improved RDP Remote Apps: Tray icons and tooltips can be used.
– Added workarea mode support at “IGEL Setup->Sessions->
RDP->RDP Global->Window->Window Size” as a global setting.
You can also configure workarea mode session-specific at “IGEL Setup->Sessions->
RDP->RDP Sessions->[session name]->Window->Window Size”.
Please note that either workarea mode or the toolbar can be used.
Workarea mode superseeds toolbar configuration.
– Added a startup splash screen that is shown while connecting to a RDP server.

[ICA/RDP]
– Updated Grundig dictation driver with a better stability of the audio channel.
The following devices are not supported anymore:
– Grundig SoundBox 820
– DigtaSonic Mic I
– ProMic 840

[FabulaTech]
– Updated FabulaTech USB for Remote Desktop to version 5.0.4

[Browser]
– Added parameter to disable the firefox splash screen at
“IGEL Setup->Sessions->Browser->Browser Global->Show browser splash screen”
(registry key: browserglobal.app.showsplash, default: on).
– Updated flash player download URL to version 11.2.202.400.

[VMware Horizon View]
– Updated Horizon View Client to version 2.3.4.

[Appliance Mode]
– Added device reboot capability with a hotkey in XenDesktop,
VMware Horizon View, Spice and Imprivata Appliance mode.
The reboot hotkey is configured at
“IGEL Setup->Accessories->Commands->Reboot Terminal”

[UMS]
– Added information about network speed and duplex mode of Thin Client in the
system information pane along with other Thin Client specific properties.

[Shadowing/VNC]
– Updated VNC Server to version 0.9.13
– Added VNC secure mode, based on a SSL-encrypted VNC connection. The SSL
connection uses a special certificate located in the directory /wfs/ca-certs.
This feature requires the Universal Management Suite (UMS) to be involved,
to handle the shadowing permissions and double check whether the connection
is allowed or not. In addition the UMS is used to assure a secure credential
exchange between the TC and the UMS console.
IMPORTANT: The UMS must have the version 4.07.100 or higher!
The feature can be enabled at “IGEL Setup->System->Shadow->Secure Mode”
(registry key: network.vncserver.secure_mode, default: disabled)

[RedHat Enterprise Virtualization client]
– Updated spice/virt-viewer client to version 0.5.6.

[Virtual Bridges VERDE]
– Updated Virtual Bridges VERDE client to version 7.1.1 rel.24005.
The client supports RDP (IMPORTANT: IGEL Legacy RDP Client 1.0 is used)
and Spice client sessions.
VERDE Client sessions can be configured at
“IGEL Setup->Sessions->VERDE Sessions”
(registry keys: sessions.vbclient%)
The browser plugin is working without additional configuration.

[Dell vWorkspace Connector]
– Updated Dell vWorkspace Connector for Linux to version 7.7
– Added switch to enable bidirectional audio at “IGEL Setup->Sessions->
RDP->RDP Global->Sound->Audio capture” for global configuration or
or session-specific at “IGEL Setup->Sessions->
vWorkspace Client Sessions->[session name]->Mapping->Enable Microphone mapping”
(registry keys:
– rdp.winconnect.rdpeai.enable, default: disabled
– sessions.qrdesktop<NR>.option.enable-microphone, default: disabled)
– Added switch for font-smoothing at “IGEL Setup->Sessions->
RDP->RDP Global->Performance->Enable Font smoothing” for global configuration
or session-specific at “IGEL Setup->Sessions->
vWorkspace Client Sessions->[session name]->Performance->Enable font smoothing”.
(registry keys:
– rdp.winconnect.enable-font-smoothing, default: disabled
– sessions.qrdesktop<NR>.option.enable-font-smoothing, default: disabled)
– Added switch for vWorkspace connection bar at “IGEL Setup->Sessions
->RDP->RDP Global->Enable Toolbar” for global configuration
or session-specific at “IGEL Setup->Sessions->vWorkspace Client Sessions->
[session name]->Window->Display the connection bar when in full screen mode”.
(registry keys:
– rdp.winconnect.enable-toolbar, default: disabled
– sessions.qrdesktop<NR>.option.conbar_fullscreen, default: enabled)

[Smartcard]
– Updated SafeSign smart card PKCS#11 library to version 3.0.93.

[Network]
– Added parameter for DHCP user class option (see RFC 3004) at
“IGEL Setup->Network->DHCP Client->Standard Options->User Class”.
(registry key: network.dhcp.user_class, default: empty, which disables the option)
Non-printable bytes can be specified as \ooo, where each o is an octal digit,
or \xhh, where each h is a hexadecimal digit. ‘\’ and ‘”‘ must be escaped by prepending ‘\’.
– Added parameters for DHCP client identifier options (see RFC 2132):
(registry keys:
– network.interfaces.ethernet.device0.dhcp_client_id, default: empty, which disables the option
– network.interfaces.ethernet.device1.dhcp_client_id, default: empty, which disables the option
– network.interfaces.wirelesslan.device0.dhcp_client_id, default: empty, which disables the option)
Non-printable bytes can be specified as \ooo, where each o is an octal digit,
or \xhh, where each h is a hexadecimal digit. ‘\’ and ‘”‘ must be escaped by prepending ‘\’.
Example values:
– \x00host.example.org (a FQDN with type byte 0 prepended),
– \x01\x00\x11\x22\x33\x44\x55 (the MAC address 00:11:22:33:44:55 with type byte 1 prepended)

[base system]
– Added custom timezone support. Custom timezone files must be located at /wfs/zoneinfo/ directory
to be considered.
– Updated common CA certificates to ubuntu version ca-certificates_20140325.
The list of integrated certificates is available at:
http://myigel.biz/index.php?dir=IGEL_UNIVERSAL_DESKTOP_CONVERTER/updates/UDC2_V5/
– Updated timezone data to version 2014e-0ubuntu0.12.04.
– Updated Gstreamer plugins:
– Fluendo MPEG demuxer to version 0.10.81
– Fluendo MP3 decoder to version 0.10.29.
– Updated TC Setup to version 4.8.3
– Added webcam test application configuration at
“IGEL Setup->Accessories->Webcam Information”

[Java]
– Updated Java Runtime Environment to version 1.7.0 U65.

[PowerTerm]
– Added registry key “powerterm.autosavekeymapscript” default: enabled, to control
automatic saving of keyboard mapping changes and scripts within PowerTerm sessions.
Disabling this parameter avoids data transfer to UMS, however changes of keyboard mapping
and scripts within PowerTerm sessions are not reboot- or reconfiguration-safe.

====================
Resolved issues:
====================
[ICA]
– Fixed Citrix XenApp/StoreFront with multi monitor configuration for window
placement if “Sessions->Citrix->ICA Global->Window->Multi Monitor Fullscreen Mode”
is set to “Restrict fullscreen session onto one monitor”.
For this setup configure “IGEL Setup->Sessions->
Citrix->ICA Global->Citrix XenApp/StoreFront Start Monitor”
(registry: “ica.pnlogin.xineramamonitor”, default: 1st monitor).
– Fixed matching of application names in Citrix XenApp/StoreFront autostart list
at “IGEL Setup->Sessions->Citrix->Citrix XenApp/StoreFront->Logon->
Start following applications automatically…”.
– Fixed closing ICA sessions, if a USB headset is plugged in or out.
– Fixed HDX Flash Redirection to work with enabled server-side content
fetching (SSCF)

[ICA/Citrix Receiver 13 only]
– Fixed Copy/Paste and focus issue with new Citrix Receiver version 13.0.3.

[ICA/Citrix Receiver 12 only]
– Fixed persistant cache

[RDP]
– Fixed local logon window to customize the Server-URL within the logon window (changeable Server-URL).

[RDP/IGEL RDP Client 2 only]
– Fixed Remote Desktop Web Access login mechanism:
– IGEL Setup is not blocked, while the Remote Desktop Web Access
login is running.
– Handle more than one server in a correct way.
– Fixed English(International) keyboard layout.
– Fixed access of files via drive mapping: search for existing files in a case
insensitive way.
– Improved Windows Server 2003 handling with a color depth of 16 bpp.
– Fixed crash if connecting to a Windows Server 2003 with activated NLB
(Network Load Balancing).
– Fixed double mapped drives and printers.
– Fixed DNS Round Robin loadbalancing feature.
– Fixed termination of RDP sessions if IGEL Smartcard is removed.
– Fixed audio redirection for Remote Apps started by Remote Desktop Web Access.
– Fixed drive mapping in RDP sessions not to lock CDROM drives permanently.
CDs can be ejected at any time.
– Fixed playback of compressed audio frames used in Windows 2012 Server sessions.
– Fixed program crash on hardware without SSE4.1 instruction set,
if RemoteFX is enabled.
– Fixed window position on unsupported UDC hardware,
if VESA fallback graphics mode is active.

[Browser]
– Firefox crashed the system while playing videos due to vast memory consumption.
Memory usage can be limited with registry keys:
– browserglobal.app.media_cache_size, default: 64000 (=64MB)
– browserglobal.app.browser_cache_offline_capacity, default: 64000 (=64MB)

[Network/WiFi]
– Fixed not working registry keys:
– network.interfaces.ethernet.device0.hide_progress,
– network.interfaces.ethernet.device1.hide_progress and
– network.interfaces.wirelesslan.device0.hide_progress are no longer ignored.
Setting the values to “always” or in case of WiFi to “reconnect” results in fewer
notification messages on desktop.
– Fixed handling of PKCS#12 (PFX) files for 802.1X authentication.
– Fixed Broadcom 44xx/47xx (b44) ethernet driver.
– Fixed broken WiFi roaming between multiple SSIDs.
– Improved NetworkManager: Connection data is not stored in
/etc/NetworkManager/system-connections/ anymore.
– Fixed network notification window to disappear after boot process.
– Improved dynamic DNS registration with method DNS.
– Fixed 802.1X authentication together with SCEP certificate management.
– Fixed logon method (e.g. Kerberos logon) after resuming the device from suspend.
After the resume the device asks again for the login credentials (i.e.
for WPA Personal or 802.1X authentication) to ensure the login policy is enforced.

[Dell vWorkspace Connector]
– Fixed vWorkspace sessions with preconfigured credentials to not show the local login
window again during session start.

[FabulaTech]
– Fixed redirection of mass storage devices.
– Fixed Fabultech USB redirection to be available with IGEL IZ-HDX devices.

[Smartcard]
– Improved driver for HID Global Omnikey smart card reader OMNIKEY CardMan (076B:3022) 3021
by new driver version 4.0.5.4.
– Fixed reading of DATEV smart cards with Omnikey smart card readers.
The setting of registry key scard.pcscd.omnikey_mhzrequired is effective again.

[Desktop]
– Fixed Ctrl+Alt+Up/Down window focus cycling shortcut to work as expected.
– Fixed hotkeys for switching additional keyboard layouts.
– Fixed localisation of system programs that were started from start menu or desktop.
– Fixed keyboard focus of 802.1X authentication dialog:
When a logon screen (e.g. for Kerberos logon) and the network authentication dialog
were displayed at the same time the last one did not get the keyboard focus.
– Enabled LVDS output on radeon graphics chipsets by default, when a laptop
with battery is detected.
The registry key x.drivers.ati.ignore_lvds_output is ignored in that case.
This fixes black screens on laptops with ATI/Radeon graphics chipsets.
– Fixed a crash in radeon graphics driver, when LVDS output is ignored
with registry key x.drivers.ati.ignore_lvds_output and LVDS output is present.

[base system]
– Fixed chinese input method in GTK2 programs.
– Restricted RPC access: RPC informations are only reported to localhost now.
– Fixed OpenSSL 1.0.1 security issues: CVE-2014-0224, CVE-2014-0195, CVE-2014-0221,
CVE-2014-3470, CVE-2010-5298, CVE-2014-0198
– Fixed OpenSSL 0.9.8 security issues: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195,
CVE-2013-0169, CVE-2013-0166, CVE-2012-2333, CVE-2012-0884.
– Added security patch to fix CVE-2014-0196.
– Added missing parameter at “IGEL Setup->Sessions->Citrix->ICA Global->Mapping->
Device Support->Grundig MMC Channel for Dictation with Grundig Devices”.
– Fixed changing passwords when logging on with Active Directory/Kerberos
and specifying Domain Controller manually at
“IGEL Setup->Security->Active Directory/Kerberos->Domain X”.
– Fixed reboot on Dell OptiPlex 760 and 755 UDC hardware.
– Added support for Realtek SD Card Reader in Acer Veriton 260G UDC hardware.

[UMS]
– Fixed UMS configuration if the connection is established via Cisco VPN client.

[Imprivata]
– Fixed Login dialog in multi monitor environments.
– Fixed issue with Imprivata partition.

Tip: Optimizing WD My Cloud NAS drive Part2

Monday, September 1st, 2014

Hi Folks,

let’s continue possible optimization for the WD MyCloud NAS drive. In the last part we killed not really needed  services which consumes a bunch of CPU resources but there are still some other services that could be skipped.

First of all i don’t have any Apple devices in my environment and already disabled the itunes server and Time Machine Mac-Backups  in the MyCloud configuration but still there is a netatalk (Apple network communication) service running.. Why can i not configure this in the WD GUI?

So we need putty again…

Like in Part 1 you have to open a SSH connection to the MyCloud, proceed with Step 1 to 3 from Part 1.

1) To stop the “netatalk” Apple network service enter the following command: service netatalk stop

2) If you want to “stop” it after a reboot enter: crontab -e

3) Scroll down in the shown editor and add as last “new” line the command: @reboot /bin/sh /etc/rc2.d/S50netatalk stop

4) Press ctrl-x -> y -> enter to save the changes

 

Next point… WD has enabled IPv6 in the used Debian distribution, what a nonsense! You can’t configure it, you can’t use it but still it’s enabled and consumes network resources (doesn’t matter if used or not, it creates IPV6 related traffic at anytime if enabled). Yes, this is no joke! So let’s remove it.

To disable IPV6 follow the steps below:

1) Connect thru the SSH console

2) Enter the following command (use copy and paste to enter the command in putty, it’s one line of code!), this disables ipv6 on demand:
echo '/sbin/ifconfig eth0 inet6 del `ifconfig | /bin/grep "Scope:Link" | /bin/sed -e "s/^.*addr: //" -e "s/ .*//"` '> /bin/disableipv6

3) Enter the following command, this modifies the permanent ipv6 configuration (it’s one line of code):
echo "echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6" >> /bin/disableipv6

4) Enter the following command: chmod a+x /bin/disableipv6

5) Verify the script, enter ifconfig and verify the ipv6 address shown for the eth0 adapter. Now execute the disableipv6 command and verify with ifconfig that the ipv6 address is gone for eth0. If the ipv6 address is not gone or you received an error check the script with nano /bin/disableipv6

6) If the ipv6 address was gone after executing the disableipv6 command execute crontab -e

7) Scroll down in the shown editor and add as last “new” line the command: @reboot /bin/sh /bin/disableipv6

8) Press ctrl-x -> y -> enter to save the changes

9) Reboot the device by using the reboot command

 

Please note, other options to disable IPV6 will be overwritten by the WD configuration tools so you have to use this way. Step 3 is required to modify the default configuration which will be overwritten during bootime by WD configuration tools, it’s required regarding the fact that some services/configurations might restart the network services and in this case the previous on demand deactivation will not work anymore. So we need two ways to prevent ipv6. 🙂 Also if you are using ifconfig you will see that the dropped RX frames will increase, this is by design and counts ipv6 frames from other devices in the network which can not be handled anymore and it’s not critical.

Reboot the device to take over the network configuration, after the reboot connect via SSH and enter the command ifconfig to verify the result but wait some time, it maybe take a while until all cron commands are executed.

These two steps will also increase the performance again and should be used with the configuration done in Part 1 of the WD MyCloud optimization article.

Results so far:

With my two 3TB WD MyCloud drives i was able to increase the performance for writing a large file from max. 2-6 mb/s up to max. 70-90 mb/s. This could be reproduced with both drives, both drives currently host more than 30.000 files for tests, mostly images coming from misc clipart collection DVD’s and own pictures. Important: Before you copy a large amount of files make sure that the DLNA Database update service is not running, this can be checked quite simple in the WebGui -> Settings -> Media -> Last refresh. If last refresh shows “running” wait until it finished. As already written i will look out for an alternative DLNA solution but this will be a future step. Tip for the WD Support and R&D Team: If you try to reproduce customer issues try to fill up the HDD with 30.000 or more files hosted in the public default shares, otherwise you will not see any issues and it’s quite easy to blame customers for there network without any real reproducing. Iam quite sure that the weakness of the software is known at WD and it doesn’t make sense to have a 2,3 or 4TB NAS to only save a few large files… Nobody will do this and use the device in this way.

Cheers

Michael

P.S.: Like everytime no warranty from my side, iam not responsible for any damage or the loss of warranty related to the provided tweaks.