Release: IGEL Universal Desktop LX/OS 5.04.100

IGEL Universal Desktop OS 2
===========================
Version 5.04.100
Release date 2014-09-03
Last update of this document 2014-08-26
====================
Versions:
====================
Clients:
– 2X Client 10.1-1263
– Cisco VPN Client 4.8.02.0030-k9
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.4.103-956
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.0.3.274243
– Client for RedHat Enterprise Virtualization Desktops 3
– Dell vWorkspace Connector for Linux 7.7
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– FabulaTech USB for Remote Desktop 5.0.4
– Firefox 17.0.11
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 2.4.57.0
– NCP Secure Client (Enterprise) 3.25-rev15580-i686
– NX Client 3.5.0-7
– Oracle JRE 1.7.0_65
– Thinlinc Client 3.2.0
– ThinPrint Client 7.0.59
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon View client 2.3.4-1880356
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.0.9

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.93
– PKCS#11 Library Athena IDProtect 623.07
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.1.1.21
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.4
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems CCID 5.0.27
– Resource Manager PC/SC Lite 1.8.9

System Components:
– Graphics Driver ATI 6.14.99_git20111219
– Graphics Driver NVIDIA 304.60
– Graphics Driver INTEL 2.17.0
– Graphics Driver VIA 5.76.52.92-126076
– Kernel 3.2.46 #48.74-udos-r1120
– Xorg X11 Server 1.11.4
– Xorg Xephyr 1.7.6
====================
Information:
====================
IMPORTANT:
This releases integrates two Citrix Receiver versions 12 and 13.
You can only choose to run either of the versions.
The old 12 Citrix Receiver is still available for compatibility reasons and
activated by default. Version 13 of the Citrix Receiver can be activated at
the local setup of the device or through a UMS profile configuration.

IMPORTANT:
Dual monitor configuration for “unsupported hardware” works only if “native
driver support” works properly. It is a prerequisite to assure that the
native driver is really working, as the fallback VESA driver does not provide
any dual monitor configuration. Have a look at Application Launcher’s
“About tab->Hardware-Graphics Chipset”. If VESA is listed there the native
driver does not work and dual monitor configuration is not functional.
====================
Known issues:
====================
[ICA/Citrix Receiver 13 only]
– Currently Kerberos is not supported, so Kerberos passthrough will not work
with ICA sessions and Citrix XenApp/StoreFront.
Workaround: configure “Passthrough authentication”
– Smartcard authentication is supported for ICA sessions created on the IGEL
device (supported with Citrix servers up to version 6.5). Kerberos
passthrough and Citrix XenApp/StoreFront login are not supported.
– Only the “User name and password” StoreFront authentication method is supported.
– During Citrix XenApp/StoreFront logoff the logoff for running desktop sessions
does not work.
– Com-port redirection is not supported.
– Webcam redirection is not supported with H.264 hardware and software encoding,
still legacy theora encoding is supported.
– Persistent cache is not working and therefore completely disabled.

[RDP/IGEL RDP Client 2 only]
– RDP sessions freeze sporadically, if RD Gateway support is enabled.

[RDP/IGEL Legacy RDP Client 1.0 only]
– Fabulatech USB Redirection is not supported with IGEL Legacy RDP Client 1.0.
Please use IGEL RDP Client 2 – RDP legacy mode can be deactivated under
“IGEL Setup->Sessions->RDP->RDP Global->Options”.

[Dell vWorkspace Connector]
– With dual view configuration flash redirected windows can appear on wrong screen.
– Ctrl/Alt/Winkey combinations only work if the session grabs the keyboard by setting
“Override local windowmanager keyboard shortcuts”.
This key is either set globally at “IGEL Setup->Sessions->RDP->RDP Global->Keyboard”
or sessions-wise at “IGEL Setup->Sessions->vWorkspace Client->vWorkspace Client Sessions
->[session name]->Keyboard”.
This issue affects also seamless sessions: e.g. switch to the next window of
the local desktop (with Ctrl+Shift+Tab). When you switch with the mouse from a
seamless app to a local window it is possible that the keyboard focus is not
handed over to the local window again.
– After the start of a seamless session the window is initially maximized before
being resized to the correct size.
– Windows 7/8: The Alt-key must be pressed twice to show shortcut keys as a tool tip
in applications.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection does not work reliable.

[Virtual Bridges VERDE]
– Sessions using NoMachine’s NX protocol are not supported.

[NVIDIA graphics support]
– In dual screen configurations DPMS monitor saving mode creates display content
corruptions on secondary VGA display after resume of the device from suspend.

====================
New features:
====================
[ICA]
– Updated Citrix HDX RealTime Optimization Pack for Lync to version 1.4.103-956.
– Added support to restrict ICA sessions with workarea window mode to a single
monitor at
“IGEL Setup->Sessions->Citrix->ICA Sessions->[session name]->Window->Start Monitor”.
The value “No Configuration” expands the windows over all monitors without
hiding the taskbar.

[ICA/Citrix Receiver 13 only]
– Updated Citrix Receiver to version 13.0.3.274243
– Added support for SHA-2 based certificates.

[RDP/IGEL RDP Client 2 only]
– Added RD Gateway support for RDP sessions and RD Web Access:
configurable at “IGEL Setup->Sessions->RDP->RDP Global->Gateway”,
“IGEL Setup->Sessions->RDP->RDP Sessions->[session name]->Gateway” and
“IGEL Setup->Sessions->RDP->Remote Desktop Web Access->Server location”
registry keys:
– rdp.winconnect.enable-gateway, default: disabled
– rdp.winconnect.other-gateway-credentials, default: disabled;
disabled means: the credentials of the RDP login are also used for the gateway.
The following Gateway Credentials are only effective if
rdp.winconnect.other-gateway-credentials parameter is enabled:
* rdp.winconnect.gateway-user
* rdp.winconnect.gateway-crypt_password
* rdp.winconnect.gateway-domain
– sessions.winconnect<NR>.option.enable-gateway, default: Global setting;
Global setting means, the “RDP Global” configuration is effective.
The following Gateway configuration is only effective, if
sessions.winconnect<NR>.option.enable-gateway is configured to “Session setting”:
* sessions.winconnect<NR>.option.gateway-url
* sessions.winconnect<NR>.option.other-gateway-credentials, default: off
The following Gateway Credentials are only effective, if
sessions.winconnect<NR>.option.other-gateway-credentials is “on”:
* sessions.winconnect<NR>.option.gateway-user
* sessions.winconnect<NR>.option.gateway-crypt_password
* sessions.winconnect<NR>.option.gateway-domain
– rdp.rd_web_access.browseraddress<NR>.enable-gateway, default: Global setting;
the following Gateway address configuration is only effective,
if rdp.rd_web_access.browseraddress<NR>.enable-gateway
is configured to “Session setting”:
* rdp.rd_web_access.browseraddress<NR>.gateway-url
– Improved RDP Remote Apps: Tray icons and tooltips can be used.
– Added workarea mode support at “IGEL Setup->Sessions->
RDP->RDP Global->Window->Window Size” as a global setting.
You can also configure workarea mode session-specific at “IGEL Setup->Sessions->
RDP->RDP Sessions->[session name]->Window->Window Size”.
Please note that either workarea mode or the toolbar can be used.
Workarea mode superseeds toolbar configuration.
– Added a startup splash screen that is shown while connecting to a RDP server.

[ICA/RDP]
– Updated Grundig dictation driver with a better stability of the audio channel.
The following devices are not supported anymore:
– Grundig SoundBox 820
– DigtaSonic Mic I
– ProMic 840

[FabulaTech]
– Updated FabulaTech USB for Remote Desktop to version 5.0.4

[Browser]
– Added parameter to disable the firefox splash screen at
“IGEL Setup->Sessions->Browser->Browser Global->Show browser splash screen”
(registry key: browserglobal.app.showsplash, default: on).
– Updated flash player download URL to version 11.2.202.400.

[VMware Horizon View]
– Updated Horizon View Client to version 2.3.4.

[Appliance Mode]
– Added device reboot capability with a hotkey in XenDesktop,
VMware Horizon View, Spice and Imprivata Appliance mode.
The reboot hotkey is configured at
“IGEL Setup->Accessories->Commands->Reboot Terminal”

[UMS]
– Added information about network speed and duplex mode of Thin Client in the
system information pane along with other Thin Client specific properties.

[Shadowing/VNC]
– Updated VNC Server to version 0.9.13
– Added VNC secure mode, based on a SSL-encrypted VNC connection. The SSL
connection uses a special certificate located in the directory /wfs/ca-certs.
This feature requires the Universal Management Suite (UMS) to be involved,
to handle the shadowing permissions and double check whether the connection
is allowed or not. In addition the UMS is used to assure a secure credential
exchange between the TC and the UMS console.
IMPORTANT: The UMS must have the version 4.07.100 or higher!
The feature can be enabled at “IGEL Setup->System->Shadow->Secure Mode”
(registry key: network.vncserver.secure_mode, default: disabled)

[RedHat Enterprise Virtualization client]
– Updated spice/virt-viewer client to version 0.5.6.

[Virtual Bridges VERDE]
– Updated Virtual Bridges VERDE client to version 7.1.1 rel.24005.
The client supports RDP (IMPORTANT: IGEL Legacy RDP Client 1.0 is used)
and Spice client sessions.
VERDE Client sessions can be configured at
“IGEL Setup->Sessions->VERDE Sessions”
(registry keys: sessions.vbclient%)
The browser plugin is working without additional configuration.

[Dell vWorkspace Connector]
– Updated Dell vWorkspace Connector for Linux to version 7.7
– Added switch to enable bidirectional audio at “IGEL Setup->Sessions->
RDP->RDP Global->Sound->Audio capture” for global configuration or
or session-specific at “IGEL Setup->Sessions->
vWorkspace Client Sessions->[session name]->Mapping->Enable Microphone mapping”
(registry keys:
– rdp.winconnect.rdpeai.enable, default: disabled
– sessions.qrdesktop<NR>.option.enable-microphone, default: disabled)
– Added switch for font-smoothing at “IGEL Setup->Sessions->
RDP->RDP Global->Performance->Enable Font smoothing” for global configuration
or session-specific at “IGEL Setup->Sessions->
vWorkspace Client Sessions->[session name]->Performance->Enable font smoothing”.
(registry keys:
– rdp.winconnect.enable-font-smoothing, default: disabled
– sessions.qrdesktop<NR>.option.enable-font-smoothing, default: disabled)
– Added switch for vWorkspace connection bar at “IGEL Setup->Sessions
->RDP->RDP Global->Enable Toolbar” for global configuration
or session-specific at “IGEL Setup->Sessions->vWorkspace Client Sessions->
[session name]->Window->Display the connection bar when in full screen mode”.
(registry keys:
– rdp.winconnect.enable-toolbar, default: disabled
– sessions.qrdesktop<NR>.option.conbar_fullscreen, default: enabled)

[Smartcard]
– Updated SafeSign smart card PKCS#11 library to version 3.0.93.

[Network]
– Added parameter for DHCP user class option (see RFC 3004) at
“IGEL Setup->Network->DHCP Client->Standard Options->User Class”.
(registry key: network.dhcp.user_class, default: empty, which disables the option)
Non-printable bytes can be specified as \ooo, where each o is an octal digit,
or \xhh, where each h is a hexadecimal digit. ‘\’ and ‘”‘ must be escaped by prepending ‘\’.
– Added parameters for DHCP client identifier options (see RFC 2132):
(registry keys:
– network.interfaces.ethernet.device0.dhcp_client_id, default: empty, which disables the option
– network.interfaces.ethernet.device1.dhcp_client_id, default: empty, which disables the option
– network.interfaces.wirelesslan.device0.dhcp_client_id, default: empty, which disables the option)
Non-printable bytes can be specified as \ooo, where each o is an octal digit,
or \xhh, where each h is a hexadecimal digit. ‘\’ and ‘”‘ must be escaped by prepending ‘\’.
Example values:
– \x00host.example.org (a FQDN with type byte 0 prepended),
– \x01\x00\x11\x22\x33\x44\x55 (the MAC address 00:11:22:33:44:55 with type byte 1 prepended)

[base system]
– Added custom timezone support. Custom timezone files must be located at /wfs/zoneinfo/ directory
to be considered.
– Updated common CA certificates to ubuntu version ca-certificates_20140325.
The list of integrated certificates is available at:
http://myigel.biz/index.php?dir=IGEL_UNIVERSAL_DESKTOP_CONVERTER/updates/UDC2_V5/
– Updated timezone data to version 2014e-0ubuntu0.12.04.
– Updated Gstreamer plugins:
– Fluendo MPEG demuxer to version 0.10.81
– Fluendo MP3 decoder to version 0.10.29.
– Updated TC Setup to version 4.8.3
– Added webcam test application configuration at
“IGEL Setup->Accessories->Webcam Information”

[Java]
– Updated Java Runtime Environment to version 1.7.0 U65.

[PowerTerm]
– Added registry key “powerterm.autosavekeymapscript” default: enabled, to control
automatic saving of keyboard mapping changes and scripts within PowerTerm sessions.
Disabling this parameter avoids data transfer to UMS, however changes of keyboard mapping
and scripts within PowerTerm sessions are not reboot- or reconfiguration-safe.

====================
Resolved issues:
====================
[ICA]
– Fixed Citrix XenApp/StoreFront with multi monitor configuration for window
placement if “Sessions->Citrix->ICA Global->Window->Multi Monitor Fullscreen Mode”
is set to “Restrict fullscreen session onto one monitor”.
For this setup configure “IGEL Setup->Sessions->
Citrix->ICA Global->Citrix XenApp/StoreFront Start Monitor”
(registry: “ica.pnlogin.xineramamonitor”, default: 1st monitor).
– Fixed matching of application names in Citrix XenApp/StoreFront autostart list
at “IGEL Setup->Sessions->Citrix->Citrix XenApp/StoreFront->Logon->
Start following applications automatically…”.
– Fixed closing ICA sessions, if a USB headset is plugged in or out.
– Fixed HDX Flash Redirection to work with enabled server-side content
fetching (SSCF)

[ICA/Citrix Receiver 13 only]
– Fixed Copy/Paste and focus issue with new Citrix Receiver version 13.0.3.

[ICA/Citrix Receiver 12 only]
– Fixed persistant cache

[RDP]
– Fixed local logon window to customize the Server-URL within the logon window (changeable Server-URL).

[RDP/IGEL RDP Client 2 only]
– Fixed Remote Desktop Web Access login mechanism:
– IGEL Setup is not blocked, while the Remote Desktop Web Access
login is running.
– Handle more than one server in a correct way.
– Fixed English(International) keyboard layout.
– Fixed access of files via drive mapping: search for existing files in a case
insensitive way.
– Improved Windows Server 2003 handling with a color depth of 16 bpp.
– Fixed crash if connecting to a Windows Server 2003 with activated NLB
(Network Load Balancing).
– Fixed double mapped drives and printers.
– Fixed DNS Round Robin loadbalancing feature.
– Fixed termination of RDP sessions if IGEL Smartcard is removed.
– Fixed audio redirection for Remote Apps started by Remote Desktop Web Access.
– Fixed drive mapping in RDP sessions not to lock CDROM drives permanently.
CDs can be ejected at any time.
– Fixed playback of compressed audio frames used in Windows 2012 Server sessions.
– Fixed program crash on hardware without SSE4.1 instruction set,
if RemoteFX is enabled.
– Fixed window position on unsupported UDC hardware,
if VESA fallback graphics mode is active.

[Browser]
– Firefox crashed the system while playing videos due to vast memory consumption.
Memory usage can be limited with registry keys:
– browserglobal.app.media_cache_size, default: 64000 (=64MB)
– browserglobal.app.browser_cache_offline_capacity, default: 64000 (=64MB)

[Network/WiFi]
– Fixed not working registry keys:
– network.interfaces.ethernet.device0.hide_progress,
– network.interfaces.ethernet.device1.hide_progress and
– network.interfaces.wirelesslan.device0.hide_progress are no longer ignored.
Setting the values to “always” or in case of WiFi to “reconnect” results in fewer
notification messages on desktop.
– Fixed handling of PKCS#12 (PFX) files for 802.1X authentication.
– Fixed Broadcom 44xx/47xx (b44) ethernet driver.
– Fixed broken WiFi roaming between multiple SSIDs.
– Improved NetworkManager: Connection data is not stored in
/etc/NetworkManager/system-connections/ anymore.
– Fixed network notification window to disappear after boot process.
– Improved dynamic DNS registration with method DNS.
– Fixed 802.1X authentication together with SCEP certificate management.
– Fixed logon method (e.g. Kerberos logon) after resuming the device from suspend.
After the resume the device asks again for the login credentials (i.e.
for WPA Personal or 802.1X authentication) to ensure the login policy is enforced.

[Dell vWorkspace Connector]
– Fixed vWorkspace sessions with preconfigured credentials to not show the local login
window again during session start.

[FabulaTech]
– Fixed redirection of mass storage devices.
– Fixed Fabultech USB redirection to be available with IGEL IZ-HDX devices.

[Smartcard]
– Improved driver for HID Global Omnikey smart card reader OMNIKEY CardMan (076B:3022) 3021
by new driver version 4.0.5.4.
– Fixed reading of DATEV smart cards with Omnikey smart card readers.
The setting of registry key scard.pcscd.omnikey_mhzrequired is effective again.

[Desktop]
– Fixed Ctrl+Alt+Up/Down window focus cycling shortcut to work as expected.
– Fixed hotkeys for switching additional keyboard layouts.
– Fixed localisation of system programs that were started from start menu or desktop.
– Fixed keyboard focus of 802.1X authentication dialog:
When a logon screen (e.g. for Kerberos logon) and the network authentication dialog
were displayed at the same time the last one did not get the keyboard focus.
– Enabled LVDS output on radeon graphics chipsets by default, when a laptop
with battery is detected.
The registry key x.drivers.ati.ignore_lvds_output is ignored in that case.
This fixes black screens on laptops with ATI/Radeon graphics chipsets.
– Fixed a crash in radeon graphics driver, when LVDS output is ignored
with registry key x.drivers.ati.ignore_lvds_output and LVDS output is present.

[base system]
– Fixed chinese input method in GTK2 programs.
– Restricted RPC access: RPC informations are only reported to localhost now.
– Fixed OpenSSL 1.0.1 security issues: CVE-2014-0224, CVE-2014-0195, CVE-2014-0221,
CVE-2014-3470, CVE-2010-5298, CVE-2014-0198
– Fixed OpenSSL 0.9.8 security issues: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195,
CVE-2013-0169, CVE-2013-0166, CVE-2012-2333, CVE-2012-0884.
– Added security patch to fix CVE-2014-0196.
– Added missing parameter at “IGEL Setup->Sessions->Citrix->ICA Global->Mapping->
Device Support->Grundig MMC Channel for Dictation with Grundig Devices”.
– Fixed changing passwords when logging on with Active Directory/Kerberos
and specifying Domain Controller manually at
“IGEL Setup->Security->Active Directory/Kerberos->Domain X”.
– Fixed reboot on Dell OptiPlex 760 and 755 UDC hardware.
– Added support for Realtek SD Card Reader in Acer Veriton 260G UDC hardware.

[UMS]
– Fixed UMS configuration if the connection is established via Cisco VPN client.

[Imprivata]
– Fixed Login dialog in multi monitor environments.
– Fixed issue with Imprivata partition.