Release: IGEL Linux SoC for IZ1 and UD2 Multimedia Version 1.08.100

IGEL Linux SoC
Version 1.08.100
Jul 01 2014
Supported devices: IZ1-RFX, IZ1-HDX, UD2-LX MultiMedia
– Citrix Receiver
– Citrix Receiver
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– VMware View client 2.0.0-1049726
– Leostream Java Connect
– Firefox 20.0
– Xorg X11 Server 1.10.4
– Xorg Xephyr 1.10.4
– PC/SC Lite 1.8.9
– MUSCLE CCID Driver 1.4.13
– REINER SCT cyberJack Driver 3.99.5final.SP03
– ACS CCID Driver 1.0.5
– Imprivata OneSign ProveID Embedded
IMPORTANT: If you install this firmware you cannot downgrade to versions
earlier than 1.07.100.

IMPORTANT: This releases integrates two Citrix Receiver versions 12 and 13.
You can only choose to run either of the versions.
The old 12 Citrix Receiver is still available for compatibility reasons and
activated by default. Version 13 of the Citrix Receiver can be activated at
the local setup of the device or through a UMS profile configuration.
Please check in this readme which restrictions apply and how to switch the
Known issues:
[ICA/Citrix Receiver 12 and 13]
– Currently Kerberos is not supported, so Kerberos passthrough will not work
with ICA sessions and Citrix XenApp/StoreFront.
Workaround: configure “Passthrough authentication”

[ICA/Citrix Receiver 13]
– Smartcard authentication is supported for ICA sessions created on the IGEL
device (supported with Citrix servers up to version 6.5). Kerberos
passthrough and Citrix XenApp/StoreFront login are not supported.
– Only the “User name and password” StoreFront authentication method is supported.
– During Citrix XenApp/StoreFront logoff the logoff for running desktop sessions
does not work.
– Com-port redirection is not supported.
– Webcam redirection is not supported with H.264 hardware and software encoding,
still legacy theora encoding is supported.

New features:
[ICA/Citrix Receiver 13]
– Added Citrix Receiver
– Added support for StoreFront
– Added support for SHA-2 certificates

Hints (It is IMPORTANT to read this, if you plan to use Citrix Receiver 13
instead of 12 and/or want to connect to a Citrix server version 7.x):
– This firmware contains two Citrix Receivers, but only one of them can be
active at a time. Default is Citrix Receiver 12. The version can be
switched by the new parameter “Use Citrix Receiver version 13” in the
IGEL setup at “Sessions->Citrix->Citrix Receiver Selection” (registry:
ica.useversion13). For Citrix Receiver 13 configuration setting the new
parameter “Citrix server version” is mandatory (see below).
– The new parameter “Citrix server version” on IGEL setup page
“Sessions->Citrix->Citrix XenApp/StoreFront->Server” (registry key:
ica.pnlogin.serverversion) defines the capabilities of the Receiver
accroding to the used Citrix server versions (default is “XenApp 6.x or
IGEL Setup or UMS 4.07.100 the server url is automatically stored at the
correct keys, if you use the provided setup page at
“Sessions->Citrix->Citrix XenApp/StoreFront->Server”):
Depending on the Citrix server version you have configured, different
sets of server url configurations apply:
* XenApp/XenDesktop 7.x Store:
For access to a Citrix Storefront:
registry keys ica.pnlogin.browseraddress_store<NR>.*
(optional: ica.pnlogin.browseraddress_store<NR>.farm)
* XenApp/XenDesktop 7.x Legacy Mode
For access to the legacy mode of a Citrix Storefront:
registry keys ica.pnlogin.browseraddress_store_legacy<NR>.*
(optional: ica.pnlogin.browseraddress_store_legacy<NR>.farm)
* XenApp 6.x or older:
For access to a XenApp Server:
registry keys ica.pnlogin.browseraddress<NR>.*
(optional: ica.pnlogin.browseraddress<NR>.farm)

– For Citrix StoreFront access with Citrix Receiver 13 only https web interfaces
are supported. If the SSL certificate of your Citrix server is not signed
by a trusted certificate authority (like Verigsign, Thawte etc.), you have to
install the root certificate of your own certificate authority on each Thin
Please use to access the document
on how to install SSL certificate.
– With Citrix Receiver 13 it is not possible to connect to a Citrix server
with other methods than the web interface (this affects the parameter
“Use Citrix XenApp Services Site” registry key: ica.pnlogin.useserversettings).
Due to that it is not possible to select another password change method than
“Citrix XenApp Services Site”.
– ICA sessions created on the IGEL device only work with Citrix XenApp servers up
to version 6.5.
– The parameter “Deferred update mode” has no effect anymore.
– The window options on IGEL setup page
“Sessions->Citrix->Citrix XenApp/StoreFront->Options” are not supported anymore.

Hints for the configuration on server side (for Citrix servers version 7.x):
– After installation and basic configuration of Machine Catalogs and Delivery
Groups, you end up with a store that uses http only. But the Citrix Receiver
13 for Linux supports stores with https only (the Windows version of Citrix
Receiver has this limitation, too; but it is possible to change some
registry keys on the client side to enable http support; unfortunately
this is not possible with the Linux version of Citrix Receiver).
– To switch the store to https, change the base URL on page “Server Group”
in the Citrix StoreFront Management Console.
– Then adjust the “Transport Type” in the “Manage Delivery Controllers”
dialog of the “Store” page in Citrix StoreFront Management Console.
– Then add a https binding for the website in the IIS Management Console
(you have to choose an SSL certificate in the corresponding dialog).
– Password change is disabled by default on a Citrix server 7.x. To enable it,
open the Citrix StoreFront Management Console and go to page
“Authentication”. Click on the authentication method “User name and
password” and then on “Manage Password Options” on the right pane.
– The error messages of Citrix servers 7.x and Citrix Receiver 13 are terribly
misleading. When you are using Citrix servers 7.x and you experience
problems with the connection itself or login, please double check
that everything is ok on the server side. It is a good thing to check the
overview page for a target machine in Citrix Studio. To get there, choose
“View Machines” in the context menu of a Delivery Group.
Then check for each machine:
– that the “Registration State” of the machine is “Registered”
– that the “Maintenance Mode” of the machine is “Off”
– that the “Power State” of the machine is “On”
– that you are using the correct user if there is a user
mentioned in the column “User”.
Also, if something does not work (although it really should), try to reboot
the Citrix server. In our tests this helped sometimes when we experienced
strange problems.

– With Citrix Receiver 13 the following codec parameters are available:
JPEG codec registry keys:
* ica.wfclient.directdecode
* ica.wfclient.batchdecode (enabled by default)

The H264 deep compression codec is not available in this release.

Detailed description of the parameters is available at:

[ICA/Citrix Receiver 12]
– Updated Citrix Receiver to version

– For ICA sessions with workarea window mode: In multi monitor setups
the workarea window can be restricted to a single monitor now.
Configure “Start Monitor” at setup page:
“Sessions->Citrix->ICA Sessions->session name->Window”.
If the “Start Monitor” is configured to “No Configuration”, the session window
is expanded over all monitors without covering the taskbar.
– Improved Citrix XenApp/StoreFront session configuration
– Added new filter for desktop placement of Citrix XenApp applications
at Setup page “Sessions->Citrix->Citrix XenApp/StoreFront->Appearance”.
– Improved “Overwrite local Start Menu and desktop setting with server
setting” by separting parameter for start menu and desktop.
– Added autostart of sessions. The list of autostarted applications can be
defined at: “Sessions->Citrix->Citrix XenApp/StoreFront->Logon”.
The autostart mechanism does not care about automatically reconnected
applications. To avoid this, the number of allowed running sessions
can be limited at server side.
– Added additional settings for protocol encryption
– At registry key “ica.module.encryption” you can disable encryption for
all ICA sessions
– At setup page “Sessions->Citrix->ICA Sessions->session name->Options” set
“Encryption Level” to “None” to disable encryption for individual ICA sessions.
(registry key: session.ica<NR>.appsrv.encryptionlevelsession)

– Updated to IGEL RDP Client 2.1 based on FreeRDP Client 1.1:
– Added support for RDP 8 based RemoteFX Adaptive Graphics virtual channel:
– Calista Codec (RemoteFX7)
– Progressive Codec
– Clear Codec
– Planar Codec
– Added H264 Video optimized remoting virtual channel
– Added support for audio recording capability
– Improved RemoteApp support
– Added support for Remote Desktop Web Access accessible at setup page
“Sessions->RDP->Remote Desktop Web Access”
– For compatibility reasons it is still possible to enable IGEL Legacy RDP
Client 1.0 at setup page “Sessions->RDP->RDP Global->Options->RDP legacy mode”.
IMPORTANT: The following features are not available:
– RDP 8 based RemoteFX support
– Remote Desktop Web Access
– Changed default authentication mode to support NLA authentication aside local logon
for automatic access to Windows Server 2008, 2008 R2, 2012 and 2012 R2.
You can disable local logon and network authentication at IGEL setup page
“Sessions->RDP->RDP Global->Local Logon”
(registry: rdp.login.use_rdplogin and rdp.login.enable-network-authentication)
– The RDP session window resolution can now be configured with custom resolutions at
IGEL setup page “Sessions->RDP->RDP Sessions->session name->Window”
(registry key: sessions.winconnect<NR>.option.resolution)
– Added a “RDP connection bar” in a fullscreen RDP session, to minimize and quit the session.
The feature can be enabled at IGEL setup page “Sessions->RDP->RDP Global->Window->Enable toolbar”
(registry key: rdp.winconnect.enable-toolbar)

– Updated bootstrap loader to version 1.0.230504

– Added VNC secure mode, based on a SSL-encrypted VNC connection. The SSL
connection uses a special certificate located in the directory /wfs/ca-certs.
This feature requires the Universal Management Suite (UMS) to be involved,
to handle the shadowing permissions and double check whether the connection
is allowed or not. In addition the UMS is used to assure a secure credential
exchange between the TC and the UMS console.
IMPORTANT: The UMS must have the version 4.07.100 or higher!
The feature can be enabled in IGEL setup at “System->Shadow->Secure Mode”
(registry key: network.vncserver.secure_mode, default: off)
– Added hide disconnect button configuration in the Remote Shadowing Indicator at setup page
“System->Shadow->Allow User to disconnect Remote Shadowing”
(registry key: “network.vncserver.showdisconnectbtn”, default: on).

– Added information about network speed and duplex mode of Thin Client in the
system information pane along with other Thin Client specific properties.

– Added support for 802.1X MD5 authentication
– Added parameter for DHCP user class option (see RFC 3004):
Setup page Network -> DHCP Client -> Standard Options -> “User Class”
Registry key: network.dhcp.user_class
The default value is empty and means that the option is not used.
Non-printable bytes can be specified as \ooo, where each o is an octal digit,
or \xhh, where each h is a hexadecimal digit.
‘\’ and ‘”‘ must be escaped by prepending ‘\’.
– Added parameters for DHCP client identifier options (see RFC 2132):
Registry keys:
* network.interfaces.ethernet.device0.dhcp_client_id
* network.interfaces.ethernet.device1.dhcp_client_id
* network.interfaces.wirelesslan.device0.dhcp_client_id
The default value is empty and means that the option is not used.
Non-printable bytes can be specified as \ooo, where each o is an octal digit,
or \xhh, where each h is a hexadecimal digit.
‘\’ and ‘”‘ must be escaped by prepending ‘\’. Example values:
\ (a FQDN with type byte 0 prepended),
\x01\x00\x11\x22\x33\x44\x55 (the MAC address 00:11:22:33:44:55 with type byte 1 prepended)

[base system]
– Updated Chinese, Dutch, French and German userinterface translations.
– Added an webcam test application. The application can be started from
“Application Launcher->System tab->Webcam Information”.
For scripting access use the command “webcam-info”:
* option “-l”:
retrieve a list containing all possible frame resolutions and frame rates.
– Added bulgarian keyboard layout support
– Added a new user setup session. Configurable at IGEL setup page
“Accessories->Setup Session”
– Improved Application Launcher: applications are sorted by name.
– Updated TC Setup to version 4.7.4
– Updated PC/SC Lite to version 1.8.9
– Updated open source ccid driver to version 1.4.13
– Updated timezone informations to ubuntu version tzdata_2014a-0ubuntu0.12.04
– Updated common CA certificates to ubuntu version ca-certificates_20140325:
The list of integrated certificates is available at:

Fixed bugs:
[ICA/Citrix Receiver 13]
– Fixed LED indicator for (Caps Lock, Num Lock or Scroll Lock) when a published
application is configured to run a macro on one of the LED keys. Pressing the key
can cause multiple runs of the macro. Configureable at registry

– Fixed missing desktop/menu icons with Citrix XenApp/StoreFront.
– Fixed Citrix XenApp/StoreFront refresh command.
– Fixed matching of application names for Citrix XenApp/StoreFront autostart.
– Fixed screen lock dialog to show the logged in user name, if
Citrix XenApp password is synchronized with screen lock password.
– Citrix XenApp/StoreFront with multi monitor configuration:
Fixed fullscreen window placement if “Multi Monitor Fullscreen Mode” is set to
“Restrict fullscreen session onto one monitor” at setup page
“Sessions->Citrix->ICA Global->Window”.
Configure option “Citrix XenApp/StoreFront Start Monitor” (registry:
“ica.pnlogin.xineramamonitor”) at the same page.

[RDP Rdesktop]
– Fixed random server disconnection when audio is enabled.
– Fixed RDP login speed.
– Fixed execution of remote apps with short names.
– Fixed smart card support in RDP sessions.

– Fixed autoresolution and monitor detection issues.
– Fixed VGA monitor timings.
– Fixed taskbar background with left and right taskbar position.

[base system]
– Fixed bootloader to prevent sudden system crashes,
optimized bootloader.
– Enabled Browser Sessions on IGEL IZ1-RFX.
– Fixed audio capture control in audio mixer.
– Fixed security vulnerability CVE-2014-0196

– Firefox crashed the system while playing videos.
Limited memory usage with these registry keys:, default: 64000 (=64MB), default: 64000 (=64MB)

– Fixed Login dialog in multi monitor environments