Info: Improved Microsoft Lync support with latest IGEL LX/OS V5 Firmwares

May 18th, 2015

Hi Folks,

maybe you noticed already that IGEL has now released two new releases for the OS and LX Firmwares.

Here is the difference:

5.06.100 has integrated Citrix HDX Realtime Media Engine 1.6.0-6
for support of the Lync 2010 Client (Lync 2010 and 2013 Server).
5.06.101 has integrated Citrix HDX Realtime Media Engine 1.7.0-56
for support of the Lync 2013 Client (Lync 2013 Server).

Cheers

Michael

Release: IGEL Universal Desktop LX/OS 5.06.10x

May 18th, 2015

IGEL Linux
==========
Version 5.06.101
Release date 2015-05-11
Last update of this document 2015-05-13

Supported devices:
IZ2-RFX, IZ2-HDX, IZ2-HORIZON
IZ3-RFX, IZ3-HDX, IZ3-HORIZON
UD2-LX 40, UD2-LX 31, UD2-LX 30
UD3-LX 42, UD3-LX 41, UD3-LX 40, UD3-LX 31
UD5-LX 50, UD5-LX 40, UD5-LX 30
UD6-LX 51
UD9-LX Touch 11, UD9-LX 10
UD10-LX Touch 10, UD10-LX 10
===================
Versions:
===================
Clients:
– 2X Client 12.0.0-2270
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.7.0-56
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.0.4.281908
– Citrix Receiver 13.1.3.305346
– Dell vWorkspace Connector for Linux 8.5.0
– Ericom PowerTerm 10.1.0.0.20130211.2-_rc_-31580
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– Evidian AuthMgr 1.2.5447
– FabulaTech USB for Remote Desktop 5.1.0
– Firefox 31.6.0
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– NX Client 4.2.27
– Oracle JRE 1.8.0_45
– Remote Viewer 2.0 for RedHat Enterprise Virtualization Desktops
– Systancia AppliDis 4.0.0.14
– Thinlinc Client 4.3.0-4538
– ThinPrint Client 7.0.63
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon client 3.2.0-2331566
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.2.7

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.93
– PKCS#11 Library Athena IDProtect 623.07
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.1.1.21
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.5
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems CCID 5.0.27
– Resource Manager PC/SC Lite 1.8.12

System Components:
– Graphics Driver ATI 7.3.0
– Graphics Driver INTEL 2.99.910
– Graphics Driver VIA 5.76.52.92-151843
– Kernel 3.13.11-ckt16 #48.80-ud-r1268
– Xorg X11 Server 1.15.1
– Xorg Xephyr 1.15.1

===================
Information:
===================

IMPORTANT:
This release integrates three Citrix Receiver versions: 12.1.8, 13.0.4 and 13.1.3.
Only one of these versions can be active at a time.
In prior firmwares the default Citrix Receiver version was 12.1.8, but now it
is 13.1.3 instead. You can change the Receiver version in IGEL Setup/UMS on page
“Sessions -> Citrix XenDesktop / XenApp -> Citrix Receiver Selection”

Please be aware that the mechanism to change the Citrix Receiver version has
changed, so any existing UMS profiles, which set the version to 13 by activating
the parameter “ica.useversion13”, won’t take effect anymore
(in regard to the Citrix Receiver version).

===================
Known issues:
===================

[Citrix]
– Citrix Receiver 13.1.3 with dual screen configuration:
– Fullscreen sessions are not working when restricted to 1 monitor
Workaround: configure Citrix Receiver 13.0.4 or 12.1.8 on setup page
Sessions > Citrix XenDesktop > Citrix Receiver Selection

[VMware Horizon]
– Remote Applications are not seamless in the strict sense.
These are rather displayed in an extra window decorated by the TC’s window manager.
– If more applications defined and started in the same session, all are displayed inside this window.
The default size of this window can be defined in the Window section of the Horizon session.
– PCoIP user input language synchronization is currently broken.

[Dell vWorkspace Connector]
– Seamless applications exported from Win8/8.1 desktops show display errors when
dragged to the screen edges.
– At dual view configuration flash redirected windows can appear on wrong screen.
– After the start of a seamless session the window is initially maximized before being
resized to the correct size.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection may not work reliable.
– Session starts only if RDP Local Logon Window
(IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active.

[Evidian AuthMgr]
– Active directory users with a password containing escape characters have problems
to authenticate with the configured session.

[X session (Xephyr)]
– X-Sessions don’t work with UMD currently.

[X11 system]
– XC font services not supported

[VPN]
– NCP Secure Client temporarely removed from firmware due to incompatibility with new Linux Kernel.

===================
IGEL Linux 5.06.101 (stable build based on 5.06.100)
===================
New Features:
===================
[Citrix]
– Updated Citrix HDX Realtime Media Engine to version 1.7.0-56.
Citrix HDX RTME is used for Lync optimization.
This version supports Microsoft Lync 2013 clients only.
===================
IGEL Linux 5.06.100

The online Release Notes can be found at http://edocs.igel.com/#10202978.htm
Registry Keys of parameters are listed there.
===================
New Features:
===================

[Citrix]
– Removed parameter “ica.useversion13”. Parameter was replaced by ica.activeversion
– Added parameter “ica.activeversion”, which is available in the registry and on page “Citrix > Citrix Receiver Selection”
in setup/UMS. This parameter is set to “Default” by default, which means that the used Citrix Receiver version is
the recommended version for the particular firmware version (in this firmware it is Receiver 13.1.3).
It is possible to change this behavior by pinpointing a specific Receiver version here, but if a later firmware
version does not contain the chosen version, the default version of this later firmware will be used instead.
CAUTION: Please note that the default version up to this firmware was 12.1.8 for a long time now.
With this firmware release, it switches to 13.1.3. You have to change “ica.activeversion” if you insist on
continuing to use Receiver 12.1.8.

– Redesigned setup page “Citrix > StoreFront/Web Interface > Logon” to make the configuration of
authentication methods less prone to mistakes and to make it more clear which combinations are possible
and which are not.

– Updated Citrix HDX Realtime Media Engine to version 1.6.0-6.
Citrix HDX RTME is used for Lync optimization.

– Added Dynamic Client Drive Mapping support for Citrix (ICA)

– Removed support for Softpro VirtualSerialSignpad. Please see next line for replacement mechanism.

– Added Citrix Virtual Channel SPVC for Softpro signature pad support. Activate “Softpro SPVC Signature Pad Channel” on
setup page Sessions->Citrix XenDesktop / XenApp ->HDX / ICA Global->Mapping->Device Support
Registry: ica.module.virtualdriver.spvc.enable
Default: disabled

– Improved the synchronization of starting Citrix sessions to avoid opening
multiple ICA channels, if possible. For fine-tuning, it is possible to
configure the maximum waiting time till a session starts, regardless of
the status of a previous started session. The parameter is available in
the registry: “ica.pnlogin.app_start_max_delay” (default: 30)
Note: This also applies to sessions which are autostarted after a
StoreFront/Web Interface login.

– Added window manager tweak configuration for debugging Citrix ICA seamless window oddities:

windowmanager.tweaks.mode = “All” or “None” or “Custom”. (default: All)
– All = All tweaks are enabled in the window manager
– None = None of the tweaks are enabled in the window manager
– When the tweak mode is set to “Custom” the following registry keys can be used to
enable/disable tweaks separately:

windowmanager.tweaks.DONT_REPARENT_ICA_SEAMLESS_WINDOWS
– Fixes flash redirection window positioning

windowmanager.tweaks.WFICA_REPAINT_TRIGGER
– Fixes drawing issues when windows change state (iconic, maximized, normal …) or when they have
been obscured by sending a sequence of repaint (expose) events to the ICA window

windowmanager.tweaks.PREVENT_TOOLTIPS_IN_TASKBAR
– Avoid ICA tooltip windows to appear in the local taskbar

windowmanager.tweaks.FOLLOW_ORIGINAL_POSITION
– Use the window position as requested by the ICA client instead of letting the window manager
calculate its own window placement

windowmanager.tweaks.EXPOSE_WFICA_SEAMLESS_WITH_COMPOSITOR
– Fixes redraw issues with ICA seamless windows if the compton composite manager is enabled

windowmanager.tweaks.DONT_SET_LEGACY_FULLSCREEN_PROPERTY
– Don’t do the window manager internal legacy fullscreen handling for ICA seamless windows
to avoid problems when maximizing

windowmanager.tweaks.MOVE_ICA_AUTH
– Make sure the ICA authentication dialogs are of a proper size and positioned correctly

windowmanager.tweaks.SKIP_FULLSCREEN_WM_NORMAL_HINTS
– Ignore the window positioning hints for reconnected ICA desktop sessions to keep them fullscreen when
the local resolution has changed meanwhile

windowmanager.tweaks.SKIP_WM_FLAG_INPUT_WINDOWS
– Force all ICA seamless windows to accept keyboard input

windowmanager.tweaks.UNFRAME_REPARENTED_WINDOWS
– Fix for Flash redirection windows in ICA seamless applications

windowmanager.tweaks.AVOID_FOCUS_LOSS
– Support application driven focus change

windowmanager.tweaks.RESTORE_MAXIMIZED_FROM_FULLSCREEN
– Make sure we return to maximized state when a maximized window was set to fullscreen for a while

windowmanager.tweaks.RESTORE_FULLSCREEN_OLD_LAYER
– Go back to the original window manager window stack layer when leaving fullscreen mode
[Citrix Receiver 13]
– Integrated Citrix Receiver version 13.1.3 (additionally to 12.1.8 and 13.0.4)

– Added support for Smartcard authentication at Citrix StoreFront.
To enable usage of Smartcard authentication it is necessary to choose Smartcard logon on the redesigned setup page
Citrix > Citrix StoreFront / Web Interface > Logon
and to choose the correct smart card on page
Citrix > Citrix StoreFront / Web Interface > Logon > Smartcard.
Passthrough authentication with smart card is only possible with StoreFront version 2.x and above.

– If passthrough is enabled and if there are no stored credentials for some reason (e.g. when the system is not configured
to ask for a login in the first place), the user is asked to enter his credentials when he tries to connect to
StoreFront/WebInterface. This behavior can be changed by disabling parameter
“ica.pnlogin.passthrough_fallback_user_pass” in the registry of Setup/UMS. In this case the user is not asked
for credentials and the login fails with an error message instead.

– Removed parameter ica.wfclient.h264enabled. Please see next lines for details about the replacement mechanism.

– Added an automatic mode for usage of the H.264 Deep Compression Codec, dependent on the hardware capabilities
of the device. Devices with more than one CPU core or with a CPU frequency of at least 1300 MHz will use the
H.264 codec instead of the JPEG codec automatically. It is possible to adjust this, along with some parameters for
each codec on the new setup/UMS page:
Citrix > HDX / ICA Global > Codec
Detailed description of the parameters are available at:
http://support.citrix.com/proddocs/topic/receiver-linux-13-1/receiver-linux-13-1.html and

Click to access linux-oem-guide-13-1.pdf

– Added new parameters which can be set via registry ica.wfclient.[Parametername]

Parameter: SSLCertificateRevocationCheckPolicy
States:
– NoCheck (A CRL check is not performed.)
– CheckWithNoNetworkAccess (If a valid CRL file is present, it is used
to check if the certificate is revoked. If the CRL file is not present or
expired, no attempts are made to download one.)
– FullAccessCheck (If a valid CRL file is present, it checks if the certificate
is revoked. If the CRL file is not present or expired, an attempt is made
to download one. If the download fails, the connection is still allowed.)
– FullAccessCheckAndCRLRequired (If a valid CRL file is present, it
checks if the certificate is revoked. If the CRL file is not present or
expired, an attempt is made to download one. If the download fails, then
the connection is not allowed.)
Default: Off

Parameter: TWIRedrawAfterMove,
When moving a seamless window, the window might not be redrawn correctly in certain scenarios.
Fix this issue by activating TWIRedrawAfterMove parameter.
States: True, False
Default: False

Parameter: TWICoordinateWinPosition,
If you move a published application window launched in a seamless mode, the contents of the window
might be corrupted. To fix this issue, do the following:
– On the server, set the policy “View window contents while dragging” to “Prohibited.”
– On the user device activate TWICoordinateWinPosition and TWIRedrawAfterMove.
States: True, False
Default: False

Parameter: LogoffDesktopThroTWI,
Sometimes the StoreFront logoff command fails to end a desktop session.The issue can be fixed by
activating the LogoffDesktopThroTWI parameter.
States: True, False
Default: False

– Added the parameters TWISetFocusBeforeRestore and ApplySucConnTimeoutToDesktops.
Both parameters can be set by registry keys:
ica.wfclient.twisetfocusbeforerestore and
ica.wfclient.applysucconntimeouttodesktops.

– TWISetFocusBeforeRestore:
Sets the focus on server-side windows before restoring them. This is a workaround for an issue with virtual
Java applications, like jEdit, which were not redrawn correctly if the application was moved, or restored.
(Default: Disabled)

– ApplySucConnTimeoutToDesktops:
Works with the SucConnTimeout setting. Ensures that the setting SucConnTimeout is honored by virtual desktops
as well as virtual applications. When ApplySucConnTimeoutToDesktops is applied to desktops, repeated clicks
launch multiple sessions, but you can set SucConnTimeout to a suitable timeout and run a custom script in
between the desktop launches. (Default: Disabled).

– Added support for FlowControl. This feature is separate to the flow control feature for HDX MediaStream
Windows Media Redirection. Since XenDesktop 7.1 server this feature is enabled by default.
Now, the feature has to be activated in our Registry:
ica.wfclient.flowcontrolenabled. Default: false
[RDP/IGEL RDP Client 2]
– Added the Toolbar to Workarea mode. This Feature is restricted to single monitor setup.
– Better performance when RemoteFX is not used, but when compression is enabled.
– Added support for different multi-monitor configurations for each RDP session. This could be configured by
the global value on the window page of the RDP global section, or on the window page of a RDP session, or by
modifiying the registry key sessions.winconnectX.option.usemonitorfullscreen (X is the session number).
– Added support for UPN Suffixes to IGEL RDP Client 2.
– Added support for custom static virtual channels. The channels can be configured by creating a new instance of
rdp.winconnect.custom-static-channel% in the registry.
– Optimized the Local Logon Window. If you configure a RDP session with RD Gateway and select
“Use other credentials for RD-Gateway authentication” and enter the username and password for the Gateway connection,
you will no longer see the section Gateway in the Local Logon Window. This is especially helpful if
the user should not know the Gateway credentials, but should logon with his credentials in the Local Logon Window.
If the username field or password field of the Gateway credentials is empty, you will still see the Gateway section
in the Local Logon window.

[RD Web Access]
– Added support for RD Web Access started directly out of the browser. Works only with Windows Server 2012 and
Windows Server 2012 R2.
Known Issues:
– You have to enter credentials everytime you start a Remote App.

[VMware Horizon]
– Updated VMware Horizon Client to version 3.2.0-23315666

[Quest vWorkspace]
– Updated Dell Wyse vWorkspace to version 8.5.0
[PowerTerm]
– Added PowerTerm InterConnect LTC terminal emulation version 10.1.0.0.20130211.2-_rc_-31580. The previous version
9.2.0.6.20091224.1-_rc_-25848 still is available in the firmware and is active by default.
In IGEL setup on page Sessions->PowerTerm Terminal Emulation->PowerTerm Selection the version can be specified
with parameter PowerTerm Version.
The possible values are:
– default (version 9.2.0.6.20091224.1-_rc_-25848 in this release)
– 9.2.0.6.20091224.1-_rc_-25848
– 10.1.0.0.20130211.2-_rc_-31580
Default: default

Version 10.1.0.0.20130211.2-_rc_-31580 has fixes for the following issues:
– sometimes characters are dropped when using bar code scanners
– character  not working in swedish code page with IBM 5250 emulation
[2X Client]
– Updated 2X Client to version 12.0.0-2270
New parameters:
– TLS Authentication (boolean): sessions.twox<NR>.local_resources.windows_key_combinations
Default: false
– Network Level Authentication (boolean): sessions.twox<NR>.advanced.network_level_authentication
Default: true
– Pre-Windows 200 Login Format (boolean): sessions.twox<NR>.advanced.oldwindows_login_format
Default: true
– Windows key combinations (string): sessions.twox<NR>.local_resources.windows_key_combinations
Default: Local

[Shared Workplace]
– In shared workplace mode (SWP) user specific screen configurations are now supported. Note that the total
screen size (framebuffer size) of a user specific configuration cannot exceed the total screen size of
the base profile. So the base profile should have the maximum screen resolutions in order not to restrict
the user specific profile.

[ThinLinc]
– ThinLinc client updated to version 4.3.0-4538.
New parameters:
– Multi monitor option: sessions.thinlinc<NR>.config.full_screen_all_monitors
(boolean, default: true)
– Resize remote desktop session: sessions.thinlinc<NR>.config.remote_resize
(boolean, default: true)
– Send system keys: sessions.thinlinc<NR>.config.send_syskeys
(boolean, default: true)
– SmartCard redirection: sessions.thinlinc<NR>.config.smartcard_export_enabled
(boolean: default: false)
– Lockdown Local device tab: sessions.thinlinc<NR>.options.locklocaldevices
(boolean, default: true)
– Lockdown Security tab: sessions.thinlinc<NR>.options.locksecurity
(boolean, default: true)
[RedHat Enterprise Virtualization client]
– Updated virt-viewer client to version 2.0 (Red Hat Enterprise Virtualization)
Added new parameters:
– browser_plugin.redhat_spice.audio_enabled Default: true
– browser_plugin.redhat_spice.usb_sharing_enabled Default: true
– browser_plugin.redhat_spice.smartcard_redirection_enabled Default: false
– browser_plugin.redhat_spice.fullscreen Default: true
[Firefox]
– Updated Firefox to 31.6.0 ESR
– Updated Flash Player download URL to version 11.2.202.457
– TIFF files are now openend directly in the document viewer.

– Added support to configure buttons in the browser’s new Application Menu, if user customization of
the toolbars is disabled. In the Setup look for:
Sessions -> Browser -> Browser Sessions -> Browser (#NR) -> Toolbarconfig -> Application Menu
In the registry:
sessions.browser<NR>.app.custom_toolbar.applicationmenu
Only Navigation Bar and Application Menu remain changeable.
The elements (=buttons) which can be chosen for the configuration are specified
in the respective tooltip.

If you leave these settings empty, the default set of buttons is used.
Default set for the Navigation Bar:
urlbar-container, search-container, webrtc-status-button, bookmarks-menu-button, downloads-button, home-button
Default set for the Application Menu:
zoom-controls, edit-controls, history-panelmenu, privatebrowsing-button, save-page-button, find-button,
open-file-button, developer-button, sidebar-button, feed-button, print-button, characterencoding-button

Mind, that a button can only be used in either the Navigation Bar or the Application Menu.
If it is included in both, the Navigation Bar will take precedence.
The urlbar-container is always shown in the Navigation Bar.
– The firefox profile partition is now formated as ext4 to avoid data loss. The particular partition has been enlarged to 50MB.
– Added parameter to enable Google Safe Browsing and Malware Protection:
IGEL Setup -> Sessions -> Browser -> Browser Global -> Security:
Registry: browserglobal.app.browser_safebrowsing_enabled; default: On; range: On, Off
Registry: browserglobal.app.browser_safebrowsing_malware_enabled; default: On; range: On, Off

IGEL Setup -> Sessions -> Browser -> [session name] -> Security:
Registry: sessions.browser<NR>.app.browser_safebrowsing_enabled; default: Global Setting;
range: Global Setting, On, Off
Registry: sessions.browser<NR>.app.browser_safebrowsing_malware_enabled; default: Global Setting;
range: Global Setting, On, Off

– Added parameter to always start in private browsing mode:
IGEL Setup -> Sessions -> Browser -> Browser Global -> Privacy:
Registry: browserglobal.app.autostart_privatebrowsing; default: Off; range: On, Off

IGEL Setup -> Sessions -> Browser -> [session name] -> Privacy:
Registry: sessions.browser<NR>.app.autostart_privatebrowsing; default: Global Setting; range: Global Setting, On, Off

– Added parameters to change the behaviour of the mousehweel while the shift, control, win or alt key is pressed:

browserglobal.app.mousewheel_with_shift_action; default: Go back or forward in the history;
range: Do nothing, Scroll through content, Go back or forward in history, Zoom the content in or out
browserglobal.app.mousewheel_with_shift_multiplier; default: 100
browserglobal.app.mousewheel_with_control_action; default: Zoom the content in or out;
range: Do nothing, Scroll through content, Go back or forward in history, Zoom the content in or out
browserglobal.app.mousewheel_with_control_multiplier; default: 100
browserglobal.app.mousewheel_with_win_action; default: Scroll through content;
range: Do nothing, Scroll through content, Go back or forward in history, Zoom the content in or out
browserglobal.app.mousewheel_with_win_multiplier; default: 100
browserglobal.app.mousewheel_with_alt_action; default: Scroll through content;
range: Do nothing, Scroll through content, Go back or forward in history, Zoom the content in or out
browserglobal.app.mousewheel_with_alt_multiplier; default: 100

sessions.browser<NR>.app.mousewheel_with_shift_action; default: Global Setting;
range: Global Setting, Do nothing, Scroll through content, Go back or forward in history,
Zoom the content in or out
sessions.browser<NR>.app.mousewheel_with_shift_multiplier; default: Global Setting
sessions.browser<NR>.app.mousewheel_with_control_action; default: Global Setting;
range: Global Setting, Do nothing, Scroll through content, Go back or forward in history,
Zoom the content in or out
sessions.browser<NR>.app.mousewheel_with_control_multiplier; default: Global Setting
sessions.browser<NR>.app.mousewheel_with_win_action; default: Global Setting;
range: Global Setting, Do nothing, Scroll through content,
Go back or forward in history, Zoom the content in or out
sessions.browser<NR>.app.mousewheel_with_win_multiplier; default: Global Setting
sessions.browser<NR>.app.mousewheel_with_alt_action; default: Global Setting;
range: Global Setting, Do nothing, Scroll through content, Go back or forward in history,
Zoom the content in or out
sessions.browser<NR>.app.mousewheel_with_alt_multiplier; default: Global Setting

Note that for the particular multiplier a value of 100 means 1.0. For instance, if one wants to scroll
20 lines per mousehweel click while the control key is held, the parameter mousewheel_with_control_multiplier
needs to be set to 2000.
– Removed deprecated parameters browserglobal.app.security_enable_ssl3, browserglobal.app.security_enable_tls and
sessions.browser<NR>.app.security_enable_ssl3, sessions.browser<NR>.app.security_enable_tls since they
are deprecated in Firefox 31.

– Added parameter to set minimum required encryption protocol and maximum supported encryption protocol to
initiate an encrypted connection.
IGEL Setup -> Sessions -> Browser -> Browser Global -> Encryption:
Registry: browserglobal.app.security_tls_version_min; default: 0; range: 0, 1, 2, 3
Registry: browserglobal.app.security_tls_version_max; default: 0; range: 0, 1, 2, 3
IGEL Setup -> Sessions -> Browser -> [session name] -> Encryption:
Registry: sessions.browser<NR>.app.security_tls_version_min; default: Global Setting;
range: Global Setting, 0, 1, 2, 3
Registry: sessions.browser<NR>.app.security_tls_version_max; default: Global Setting;
range: Global Setting, 0, 1, 2, 3

Info: The values for minimum/maximum encrpytion protocol are
– 0 – SSL3
– 1 – TLS 1.0
– 2 – TLS 1.1
– 3 – TLS 1.2

– Added parameter to enable or disable installation of webapps:
Registry: browserglobal.app.webapps_enabled; default: Off; range: On, Off

– Java (webstart) applications can now launch the local browser by using the desktop’s url-handler
– Removed parameter browserglobal.app.layout_spellcheckDefault and sessions.browser<NR>.app.layout_spellcheckDefault

– Added parameter to enable or disable spell checking in the browser:
Registry: browserglobal.app.layout_spellcheck; default: On for multi-line controls;
range: Off, On for multi-line controls, On for multi- and single-line controls
Registry: sessions.browser<NR>.app.layout_spellcheck; default: Global Setting;
range: Global Setting, Off, On for multi-line controls, On for multi- and single-line controls

The included dictionaries for spell checking are: de-DE, en-GB, en-US, fr-FR, nl and es-ES

– Added new parameter to disable OpenGL acceleration in the browser:
Registry: browserglobal.app.disableopengl; default: Off, range: On, Off

– Added parameter to enable built-in ‘Do Not Track’ feature.
Registry: browserglobal.app.privacy_donottrack; default: On; range: On, Off
Registry: sessions.browser<NR>.app.privacy_donottrack; default: Global Setting; range: Global Setting, On, Off

– Added parameter to block redirection and autorefresh of websites.
Registry: browserglobal.app.accessibility_blockautorefresh; default: Off; range: On, Off
Registry: sessions.browser<NR>.app.accessibility_blockautorefresh; default: Global Setting;
range: Global Setting, On, Off
[WiFi]
– Added boolean parameter network.interfaces.wirelesslan.device0.hide_network_details Default: true
If set to false the SSID will be shown in notifications regarding the WiFi connection. Furthermore the SSID and
the authentication method will be shown in the tooltip of the WiFi tray icon.

– Added support for Realtek RTL8192SE mini-PCI wireless adapter
[Smartcard]
– Added driver for HID Global Omnikey smart card reader OMNIKEY 5021 CL (076B:5340) by new driver version 4.0.5.5.
– Added support for smart card reader VASCO DIGIPASS 870
[base system]
– Added support for automatic firmware update over all supported transfer protocols used by update mechanism.

– New battery power management configuration at setup page System > Energy > Power Management
– Added the ability to apply setup-defined CPU power plans depending on the devices power supply on
setup page System > Energy > Power Management.
For AC mode the registry key is “system.power_management.cpu_gov_ac” with a default of “High Performance” and
for battery mode it’s “system.power_management.cpu_gov_bat” with the default of “Balanced (recommended)”.
For both parameters the range of possible values is High Performance, Balanced (smooth),
Balanced (recommended), Power Saver.
– Added an tray icon to allow the user to change the CPU power plan.
You can turn it on/off at the setup at
System->Energy->Power Management
or by the registry key
“system.power_management.cpu_scaler”, default: disabled

– Updated Kernel to Ubuntu Trusty version 3.13-48.80

– Updated ca-certificates to version “ca-certificates_20141019ubuntu0.14.04.1”

– Added support for Arabic Keyboard Layout.
– Added new locales for:
United Arab Emirates (ar_AE)
Bahrain (ar_BH)
Algeria (ar_DZ)
Egypt (ar_EG)
India (ar_IN)
Iraq (ar_IQ)
Jordan (ar_JO)
Kuwait (ar_KW)
Lebanon (ar_LB)
Libyan Arab Jamahiriya (ar_LY)
Morocco (ar_MA)
Oman (ar_OM)
Qatar (ar_QA)
Saudi Arabia (ar_SA)
Sudan (ar_SD)
Syrian Arab Republic (ar_SY)
Tunisia (ar_TN)
Yemen (ar_YE)

– Added MIME type handling to Browser. For more information visit http://edocs.igel.com/index.htm#10203086.htm.
– Added image viewer to view images downloaded by Browser.
– Changed english label of start button on Application Launcher’s Applications page from “Start” to “Execute”.
A custom label for the button can be defined with parameter userinterface.launcher.displaynames.startbuttonname.
– Updated CUPS to lastest Ubuntu Trusty release 1.7.2-0ubuntu1.5
– Updated the devices driver list

– Updated base libraries and binaries to Ubuntu Trusty version 14.04.2
– Updated name service cache daemon
– Updated timezone information
– Added new parameter: network.smbmount<NR>.security_mode
Possible values: NTLM, NTLMSSP, NTLMi, NTLMSSPi, LanMan
Default value: NTLM
This will allow to specify a security protocol mode for connecting to Windows share

– Added script hooks to run before a certain session is started and after the session has closed.
This feature is only accessible through the System->Registry in the IGEL setup.

The registry keys are:

for VNCviewer:
sessions.vncviewer*.init_action
sessions.vncviewer*.final_action

for RDP:
sessions.winconnect*.init_action
sessions.winconnect*.final_action

for Citrix/ICA:
sessions.ica*.init_action
sessions.ica*.final_action

(where * means the related session number, i.e. 0,1,2,3,…)

NOTE: If you’ve created a new session, you need to close and restart the IGEL setup before you actually
can see the registry keys mentioned above.

– Updated TC Setup to version 4.9.3
[Storage Devices]
– Dynamic Client Drive Mapping added.
– To enable it in the IGEL setup go to:
Devices -> Storage Devices -> USB Storage Hotplug -> Enable dynamic client drive mapping
Registry: devices.autofs.dcdm_enable (default: disabled)
* IMPORTANT NOTE: If dynamic client drive mapping is enabled it is necessary to “safely remove” all
USB storage devices manually by using the eject button in the task bar tray icon area to prevent data loss.
The eject button appears in the tray icon area of the taskbar as soon as a removable USB storage
device was detected.

– To configure the desktop integration go to: Accessories -> Disk Removal
* NOTE: Dynamic client drive mapping is currently only supported for Citrix XenDesktop / XenApp sessions and is
globally enabled by the above setup switch. For other session types you may benefit from enabling the
dynamic client drive mapping in terms of more control of when a devices is actually unmounted and
getting an error message in case the device is still in use. This probably reduces the risk of data loss in
your case of application.

– Added Dynamic Client Drive Mapping support for Citrix (ICA)

– Added a common toolbar that shows up automatically for Citrix and X11 desktop sessions when enabled
(User Interface -> Display -> Desktop -> Common Toolbar). It allows to minimize or close the active session and
allows to eject removable devices like USB memory sticks in case dynamic client drive mapping is enabled
(Devices -> Storage Devices -> USB Storage Hotplug -> Enable dynamic client drive mapping).
[Driver]
– Added StepOver TCP Client for StepOver signature pad support. In setup on page User Interface->Input->Signature Pad
click “Enable StepOver TCP Client” to activate. Specify the port on which the service is listening with
parameter “Listening TCP Port”.
StepOver TCP Client is different to the StepOver serversonet (padserver) functionality.
* NOTE: Only one of these two can be used at a time.

– Updated ELO Single Touch (ST) USB touchscreen driver to v4.0.1:
Select Touch Screen Type “Elo Singletouch (USB)” at setup page User Interface > Input > Touch Screen.
Supported touch monitors and Elo touchscreen controllers:
– Elo Smartset USB Controllers
– (IntelliTouch(R) 2701, 2700, 2600, 2500U,
– CarrollTouch(R) 4500U, 4000U,
– Accutouch(R) 2216, 3000U, 2218,
– Surface Capacitive 5020, 5010, 5000,
– Accoustic Pulse Recognition(APR) Smartset 7010
and other Elo Smartset USB controllers)
Known-Issue: hold-to-right-click feature is not working.

– Updated “Elographics (serial)” touchscreen driver to ELO Single Touch Serial touchscreen driver to v3.4.0.
Supported touch monitors and Elo touchscreen controllers:
– All Elo Entuitive brand touchmonitors with an internal serial controller
– Elo Serial Controllers (IntelliTouch(R) 2500S, 2310B, 2310, 2300, 2701S
CarrollTouch(R) 4000S, 4500S
AccuTouch(R) 2210, 2216, 2218)
Known-Issue: hold-to-right-click feature is not working.
[X11 system]
– Added possibilty to change display configuration on the fly via the “Display Switch” application.
Configurable at setup page Accessories -> Display Switch -> Options:
– Configure new Displays when connected:
sessions.user_display0.options.notify default: disabled
if enabled monitor unplug and replug behaviour is improved
– Preserve settings over reboot:
sessions.user_display0.options.preserve_settings default: disabled
– Dialog Type:
sessions.user_display0.options.dialog_type default: Minimal Dialog, range: Minimal Dialog, Advanced Dialog
– Buttons in Minimal Dialog:
Advanced button -> Button to switch from Minimal Dialog to Advanced Dialog
sessions.user_display0.options.show_advanced default: enabled

Reset button -> Button to reset the Display configuration to the Setup defaults
sessions.user_display0.options.show_reset default: enabled

– Added a new Touchpad section in “User Interface” -> “Input” -> “Touchpad”
This will allow to modify the Touchpad configuration options.
Note that the options listed below also requires hardware support from the touchpad.
The new Touchpad section is composed by three pages:
(Where not specified, the default value of a parameter is taken directly from the touchpad internal configuration)
“General” with the following parameters:
-Touchpad custom configuration: userinterface.touchpad.general.TouchpadConfiguration (boolean)
this parameter will enable the customization of the Touchpad configuration
Default: false
– Disable Touchpad: userinterface.touchpad.general.TouchpadOff (string)
Possible values: Touchpad Enable, Touchpad Disable, Turn off tapping and scrolling
Default: Touchpad Enable
– Min Speed: userinterface.touchpad.general.MinSpeed (integer)
Possible values range from 0.1 to 3
– Max Speed: userinterface.touchpad.general.MaxSpeed (integer)
Possible values range from 1 to 5
– Acceleration: userinterface.touchpad.general.AccelFactor (integer)
Possible values range from 0 to 0.5
– Left-Top corner button: userinterface.touchpad.general.RTCornerButton (string)
Possible values: Disable, Left Mouse Button, Right Mouse Button, Middle Mouse Button
– Left-Bottom corner button: userinterface.touchpad.general.RBCornerButton (string)
Possible values: Disable, Left Mouse Button, Right Mouse Button, Middle Mouse Button
– Right-Top corner button: userinterface.touchpad.general.LTCornerButton (string)
Possible values: Disable, Left Mouse Button, Right Mouse Button, Middle Mouse Button
– Right-Bottom corner button: userinterface.touchpad.general.LBCornerButton (string)
Possible values: Disable, Left Mouse Button, Right Mouse Button, Middle Mouse Button
“Scrolling” with the following parameters:
– Vertical scroll: userinterface.touchpad.scrolling.VertEdgeScroll (boolean)
– Vertical scroll speed: userinterface.touchpad.scrolling.VertScrollDelta (integer)
Possible values range from 1 to 100
– Two finger vertical scroll: userinterface.touchpad.scrolling.VertTwoFingerScroll (boolean)
– Horizontal scroll: userinterface.touchpad.scrolling.HorizEdgeScroll (boolean)
– Horizontal scroll speed: userinterface.touchpad.scrolling.HorizScrollDelta (integer)
Possible values range from 1 to 100
– Two finger horizontal scroll: userinterface.touchpad.scrolling.HorizTwoFingerScroll (boolean)
“Advanced” with the following parameters:
– Corner Coasting: userinterface.touchpad.scrolling.CornerCoasting (boolean)
– Circular scrolling: userinterface.touchpad.scrolling.CircularScrolling (boolean)
– Circular scroll trigger: userinterface.touchpad.scrolling.CircScrollTrigger (string)
Possible values: All Edges, Top Edge, Top Right Corner, Right Edge, Bottom Right Corner,
Bottom Edge, Bottom Left Corner, Left Edge, Top Left Corner
– Tap and drag gesture: userinterface.touchpad.general.TapAndDragGesture (boolean)
– Locked drags: userinterface.touchpad.general.LockedDrags (boolean)
– Palm detect: userinterface.touchpad.general.PalmDetect (boolean)
– ClickPad userinterface.touchpad.general.ClickPad (boolean)

In addition to the parameters included in the pages above, in the registry there is other advanced
options for Touchpad fine tuning:
– Right-Button Area Left: userinterface.touchpad.advanced.rightbuttonarealeft (integer)
– Right-Button Area Right: userinterface.touchpad.advanced.rightbuttonarearight (integer)
– Right-Button Area Top: userinterface.touchpad.advanced.rightbuttonareatop (integer)
– Right-Button Area Bottom: userinterface.touchpad.advanced.rightbuttonareabottom (integer)
– Middle-Button Area Left: userinterface.touchpad.advanced.middlebuttonarealeft (integer)
– Middle-Button Area Right: userinterface.touchpad.advanced.middlebuttonarearight (integer)
– Middle-Button Area Top: userinterface.touchpad.advanced.middlebuttonareatop (integer)
– Middle-Button Area Bottom: userinterface.touchpad.advanced.middlebuttonareabottom (integer)
– Locked Drag Timeout: userinterface.touchpad.general.lockeddragtimeout (integer)
– Palm Min Width: userinterface.touchpad.general.palmminwidth (integer)
– Palm Min Z: userinterface.touchpad.general.palmminz (integer)
– Circular Scroll Delta: userinterface.touchpad.scrolling.circscrolldelta (integer)
– Max Tap Time: userinterface.touchpad.tapping.maxtaptime (integer)
– Max Tap Move: userinterface.touchpad.tapping.maxtapmove (integer)
– Max DoubleTap Time: userinterface.touchpad.tapping.maxdoubletaptime (integer)
– SingleTap Timeout: userinterface.touchpad.tapping.singletaptimeout (integer)
– Click Time: userinterface.touchpad.tapping.clicktime (integer)
– Tap Button 1: userinterface.touchpad.tapping.tapbutton1 (integer)
– Tap Button 2: userinterface.touchpad.tapping.tapbutton2 (integer)
– Tap Button 3: userinterface.touchpad.tapping.tapbutton3 (integer)
– Click Finger 1: userinterface.touchpad.tapping.clickfinger1 (integer)
– Click Finger 2: userinterface.touchpad.tapping.clickfinger2 (integer)
– Click Finger 3: userinterface.touchpad.tapping.clickfinger3 (integer)
– Added support for Touchscreen monitor with DUS Series controller, for example EIZO T2381W.
Multifinger gesture are supported, 2 finger for right-click, 3 finger for middle click.
Known Issue: Scrolling with two fingers doesn’t work.
– Added the following font families as X fonts:
liberation mono
liberation sans
liberation serif
ubuntu mono
century schoolbook l
dingbats-medium
nimbus mono l
nimbus roman no9 l
nimbus sans l
standard symbols l
urw bookman l
urw chancery l
urw gothic l
urw palladio l

The fonts can be controlled via the following parameters:
x.fontpath.gsfonts.enabled
century schoolbook l
dingbats-medium
nimbus mono l
nimbus roman no9 l
nimbus sans l
standard symbols l
urw bookman l
urw chancery l
urw gothic l
urw palladio l
x.fontpath.ttf-liberation.enabled
liberation mono
liberation sans
liberation serif
x.fontpath.ubuntu-font-family.enabled
ubuntu mono
[VNC / Shadowing]
– added possibility to change VNC port. Does not affect secure VNC.
new setup parameter: network.vnc.port. Default is 5900
[Audio]
– Volume for sound input is now configurable in IGEL Setup: Accessories > Sound Preferences > Options
[Multimedia]
– Added hardware video acceleration for the following video codecs:
H.264, MPEG-2 and VC1/WMV3. The video acceleration is supported on:
UD2-LX 40, UD3-LX 42, UD3-LX 41, UD3-LX 40, UD5-LX 50, UD5-LX 40, UD6-LX 51, UD10-LX Touch 10, UD10-LX 10,
IZ2-RFX 40, IZ2-HDX 40, IZ2-HORIZON 40, IZ3-RFX 42/41/40, IZ3-HDX 42/41/40, IZ3-HORIZON 42/41/40

Additionally MPEG-4/DivX is supported on:
UD3-LX 42, UD3-LX 41, UD3-LX 40, UD10-LX Touch 10, UD10-LX 10,
IZ3-RFX 42/41/40, IZ3-HDX 42/41/40, IZ3-HORIZON 42/41/40

The feature is deactivated by default and must be activated in the IGEL Setup at:
IGEL Setup -> System -> Firmware Customization -> Features -> Hardware Video Acceleration

For more information visit http://edocs.igel.com/index.htm#10201440.htm.

– Added support for playback of RTP/IPTV streams. Stream sources can be configured in “Media Player Sessions” with
the “Medium / Filename” option by a URI beginning with rtp:// like rtp://IPADDR:PORT
[VirtualBox Guest Additions]
– Integrated VirtualBox Guest Additions 4.3.10 (OS only).
[Evidian AuthMgr]
– Ingrated Evidian AuthMgr version 1.2.5447.
Evidian AuthMgr sessions can be configured at
IGEL Setup -> Evidian
(registry keys: sessions.rsuserauth%)

New registry keys:
– sessions.rsuserauth<NR>.parameters.crypt_password, default: empty
– sessions.rsuserauth<NR>.parameters.custom.start_exec, default: empty
– sessions.rsuserauth<NR>.parameters.custom.stop_exec, default: empty
– sessions.rsuserauth<NR>.parameters.debug, default: false
– sessions.rsuserauth<NR>.parameters.debug_level, default: none
– sessions.rsuserauth<NR>.parameters.ini, default: false
– sessions.rsuserauth<NR>.parameters.ini_path, default: /etc/rsUserAuth/rsUserAuth.ini
– sessions.rsuserauth<NR>.parameters.message, default: false
– sessions.rsuserauth<NR>.parameters.sessiontype, default: None
– sessions.rsuserauth<NR>.parameters.tapping, default: false
– sessions.rsuserauth<NR>.parameters.url, default: empty

An Evidian AuthMgr session starts automatically by default and a session icon will not appear on the desktop
– sessions.rsuserauth<NR>.autostart, default: true
– sessions.rsuserauth<NR>.desktop, default: false

– Added support for Citrix XenDesktop/XenApp
A Citrix server must be configured at
“IGEL Setup->Sessions->Citrix XenDesktop/XenApp->Citrix Storefront/Web Interface->Server”
– Added support for RDP
A RDP session must be configured at “IGEL Setup->RDP Sessions”
IMPORTANT: The first configured RDP session will be used.
– Added support for VMware Horizon
A VMware Horizon Client session must be configured at “IGEL Setup->Horizon->Horizon Client Sessions”
IMPORTANT: The first configured Horizon Client session will be used.
[Hardware]
– Added support for new product UD2-LX 40 based on hardware IGEL-D220.
– Added support for Wacom CTH-30x Pad
– Added support for Wacom Bamboo Pad CTH-300 and CTH-301

[Java]
– Updated Java Runtime Environment to version 8 Update 45
Changes:
Decision to run applets or java webstart apps once the jvm becomes outdated is made persistent.
===================
Resolved issues:
===================

[CUPS Printing]
– Fixed the non-printing issue when a USB printer is redirected to a session.
– Update the USB printer queue system:
– If the USB printer is offline on thinclient startup and a user send a job
to the printer, job(s) go in queue and a printed when the right printer is
back online.
– If the USB printer is disconnected or powered off after the thinclient
startup and a user sends a job to the printer, job(s) go in queue and
printed when the right printer is online. With some printers this
operation return an “Unable to send data to the printer”, new queue system
will retry automatically after 5mins to print the job.

[Citrix Receiver 13]
– Improved handling of desktop icons with Citrix XenApp when “Follow server settings” is activated.
This applies to connections to a Web Interface and to a StoreFront server in Legacy Mode.
It does _not_ work with a normal StoreFront server (because the current version of the Citrix tool “storebrowse”
does not fetch the necessary information from the server).
– Fixed switching between Citrix windows with hotkeys ctrl+alt+tab, ctrl+alt+cursorup, ctrl+alt+cursordown
with Citrix Receiver 13. Before ctrl and alt remained “pressed” inside the window after switching.
– Fixed non reliable redirect from USB Devices into XenDektop (5.5 & 5.6) sessions (mainly affected single core devices)
– Added parameter “Force NumLock On” (x.global.forcenumlock) in Registry to force NumLock state always on.
This might be a workaround for problems with NumLock state.

– It is now possible to use an IP address to access a Citrix server with Citrix Receiver 13.
Note: Please be aware that you need an appropriate web server certificate issued to the IP address instead of a
host name if you want to connect via SSL.
– The extended ICA application start mechanism is a central application launcher for Citrix sessions.
It also affects the autostart mechanism. The launch mechanism starts only one session at a time,
while all other sessions have to wait till the currently starting session has established the connection.
The max waiting time can be set via the setup parameter ica.pnlogin.app_start_max_delay.
The default value for this parameter is 30 seconds.

– Added parameter windowmanager.wm0.variables.igelicaallowminimize in the registry to circumvent problems with
java-based windows over ICA with a popup window. If set to false, ICA windows with a popup can not be
minimized anymore.
– Fixed the handling of the “Path to Store” part of the URL of a Citrix Store, which was
ignored under some circumstances.
Hint: If necessary for some reason, it is possible to get the previous behavior by emptying the
“Path to Store” entry field in the Citrix Store configuration in setup and UMS.
– Fixed a bug that caused a crash during login sometimes.
– Disabled session reliability by default as it causes problems under some circumstances.
To activate it, go to setup/UMS page:
“Citrix > HDX / ICA Global > Options”.

[RDP/IGEL RDP Client 2]
– Fixed problems with not working performance flag “Don’t show contents of window while dragging”
– Added detection for connection loss via TCP Keep-Alive packages to our Igel RDP Client 2.
Now the session will not longer freeze if connection is lost. Instead the session will be terminated.
You can configure the global timeout via registry parameter:
– sessions.winconnect%.option.connection-timeout (default: 30s)
This registry key is also avialable for each session:
– sessions.winconnectX.option.connection-timeout (default: 30s)
– Fixed periodic mouse release if RemoteFX is enabled.
– Added a message to inform the customer about SSL-Errors and Connection-Errors.
Previously the session just dissapered without informing the customer.
– Fixed disabling of the multimedia redirection in RDP sessions.
– Fixed drawing issues for non-RemoteFX connections.
– Fixed behaviour when using a RDP Session from smartcard and pull out the smartcard while the session is avctive.
Now you won’t get bogus error messages anymore.
– Fixed a bug which randomly aborted a file transfer to a mapped USB pendrive if the filesize was greater than 2GB.
– Fixed potential client crash regarding offscreen pixmaps.
– Enhanced TS Gateway functionality. Now you can connect to a Server which is behind
a Session Broker, which is behind a TS Gateway by itself.
– Fixed a problem with TS Gateway connections and true multimonitor support. Now you can use true multimonitor
support with TS Gateway, if the server behind the Gateway announces true multimonitor support.
– Fixed COM port redirection to work with ORGA 930M eGK/KVK health card reader
– Fixed COM port redirection: writing a large amount of data to serial port was failing
[RD Web Access]
– Fixed bug for disabling features like RemoteFX or sound while using RD Web Access.
– Fixed authentication problem with enterprise domain user names while using RD Web Access.
– Close all active remote app connections on “RD Web Access Logout”.
– Fixed problems with not working performance flag settings in RD Web Access sessions.
[VMware Horizon]
– Fixed Horizon Client not closing when IGEL Smartcard is removed.
– Workaround for sound recording in a PCOIP session using the internal microphone
on a Lenovo B50 notebook. The workaround must be activated by the following custom
command:
cp /usr/share/pulseaudio/alsa-mixer/paths/analog-input-internal-mic-ign-boost.conf \
/usr/share/pulseaudio/alsa-mixer/paths/analog-input-internal-mic.conf; \
amixer sset ‘Internal Mic Boost’ 0,1; su user -c “sound store”
The custom command must be set in
“Firmware Customization/Custom Commands/Base Commands/Initialization”

– Fixed a focus problem of the thin client’s lock screen dialog in connection with PCOIP sessions.
– Fixed COM port redirection: writing a large amount of data to serial port was failing for RDP.
[PowerTerm]
– Fixed printer list display dialog, now the “Setup Printer” window in Powerterm show correctly the printer list
[2X Client]
– Fixed parameter handling with IGEL Smartcard: parameter names ending with digits were not handled
correctly and the values were not set. This e.g. affected 2X sessions.
– Fixed bug: Running multiple 2X sessions in parallel did not work.
[IBM_5250]
– enable registry key “iseriesaccessglobal.iso8859_2_fix”, to fix keyboard input of eastern european
characters (czech, slovak, etc.)
default: disabled
[ThinLinc]
– Fixed Thinlinc login window on suspend resume.
– Fixed mapping of compose key on Sun Type 6 Keyboards
[X session (Xephyr)]
– Fixed X Session not overlapping taskbar in fullscreen mode if taskbar position is top or left.
– Fixed X Session not opening if either fullscreen or workarea mode is active and the start
monitor is set to “No configuration”.
– Fixed the keyboard layout in Xephyr session login screen.
The keyboard layout used is the current keyboard layout selected by the user.
[Network]
– Fixed managing of certificate with SCEP: expired certificates weren’t renewed automatically.
[WiFi]
– Fixed support for intel Dualband-Wireless-AC 7265 based devices
[VPN]
– Fixed Genucard DHCP IP retrieval bug for newer Genucard versions.
– Added support for Genucard firmware version 4 and 5
– Added machine authentication. A private key file is needed if machine authentication is activated,
otherwise VPN connection is not possible. The private key file path can be set by the new setup parameter:
sessions.genucard_vpn_connection%.options.machine_auth_keyfile
default value: <empty>

– Upgraded IPTABLES tools up to v1.4.21 (Ubuntu Trusty)
[Imprivata]
– fixed availability of VMware Horizon USB-Redirection in Imprivata sessions
[Smartcard]
– Fixed detection of IGEL Smartcards in mode “Enable IGEL Smartcard without Locking Desktop”.
Previously the insertion of any type of smartcard caused the PIN entry window to show up.
– Fixed log off with IGEL Smartcard: when additional smart card readers were added or removed during a session,
removing the smart card did not trigger log off any more.
– Fixed personalization of IGEL Smartcards: when writing sessions to the smart card which were assigned via a profile,
only write parameters whose value differs from the default value. This helps reducing the data to write,
and a bigger amount of sessions can be written to the smart card.
– Fixed redirection of Cherry G87-1504 and Cherry ST-1503 eGK smart card readers via Citrix and RDP.
[CUPS Printing]
– Solved the problem with the USB to TCP/IP port redirection in the new CUPS system.
– Added timing to CUPS USB backend to avoid soft-reset to be sent during printing.
– Fixed sharing local printers with IPP Printer Sharing
– Fixed the non-printing issue when a USB printer is redirected to a session.
– Updated the USB printer queue system:
– If the USB printer is offline on thinclient startup and a user send a job
to the printer, job(s) go in queue and a printed when the right printer is
back online.
– If the USB printer is disconnected or powered off after the thinclient
startup and a user sends a job to the printer, job(s) go in queue and
printed when the right printer is online. With some printers this
operation return an “Unable to send data to the printer”, new queue system
will retry automatically after 5mins to print the job.
[base system]
– Security upgrade of libflac8 (CVE-2014-8962, CVE-2014-9028): arbitrary code execution via crafted .flac file.
– Fixed OpenSSL 1.0.1 security issues: CVE-2014-3513, CVE-2014-3567, CVE-2014-3567, CVE-2014-3568, CVE-2014-3568,
CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205,
CVE-2015-0206, CVE-2015-0293, CVE-2015-0292, CVE-2015-0289, CVE-2015-0288, CVE-2015-0287,
CVE-2015-0286 and CVE-2015-0209 fixed.
– Improved OpenSSL 1.0.1 security: Added support to mitigate a protocol downgrade attack to
SSLv3 that exposes the POODLE attack.
Fixed libgcrypt11 security issues: CVE-2014-5270, CVE-2015-0837 and CVE-2014-3591
Fixed libgnutls26 security issues: CVE-2015-0294 and CVE-2015-0282
Fixed libnspr4 security issues: CVE-2013-5607 and CVE-2014-1545
Fixed libnss3 security issues: CVE-2013-5606, CVE-2013-5605, CVE-2013-1741, CVE-2013-1739, CVE-2014-1492,
CVE-2014-1544 and CVE-2014-1569
Fixed libc6 security issues: CVE-2014-4043, CVE-2014-0475, CVE-2014-7817, CVE-2014-6040, CVE-2015-1472,
CVE-2015-1473, CVE-2014-9402 and CVE-2013-7423
– Improved FAT USB Stick write performance with using flush,dirsync mount option instead of sync.
The corresponding switch is in the IGEL Registry:
– devices.autofs.automount%.sync_option, default: Disabled (default was changed)
– devices.autofs.automount%.flush_option, default: Enabled (new registry entry)
To get back old behaviour switch devices.autofs.automount%.sync_option to enabled.
– Show a message dialog and reboot device after an IGEL license has been successfuly assigned over UMS.
– Fixed a crash of the disk utility when switching between entries in the left pane too quickly.
– Improved behaviour of the lock screen / log-on screen in connection with notifications and prompts for network credentials.
Fixed focus issues concerning the associated dialogs.
– Do not interrupt boot process if some optional partitions couldn’t be updated because firmware updated
wasn’t started during boot. This can occur if network connection couldn’t be established
(e.g misconfigured VPN or unplugged network cable).
– Fixed a problem of the screensaver, that prevented it from loading images from a mounted Windows share.
– Fixed a problem with IGEL soft keyboard and ICA/RDP session in full screen.
– Fixed display stays black after unplug and plug again monitor from a IGEL UD 3 42/41 (M330C)
– Fixed desktop panel freezes.
– Fixed SANE scanner support (updated to Ubuntu Trusty)
– Fixed non reliable redirect from USB Devices into XenDektop (5.5 & 5.6) sessions (mainly affected single core devices)
– Fixed “Elographics (serial)” Touch Screen Type (setup page User Interface > Input > Touch Screen).
– Fixed issue with resetted keyboard delay/rate options after reboot.
– Fixed Custom Partition configuration while running a firmware update.
– Fixed applying of rules based on USB Class ID.
– Fixed Document/PDF Viewer not opening hyperlinks.
– Fixed start of the stage 2 of the firmware update on devices without active or configured networking
(i.e. update from a USB stick).
– Added hold-to-right-click function for “Elo Multitouch(USB)” and “TSharc (serial)” touchscreens type.
Enable “Emulate right button” on setup page User Interface > Input > Touch Screen.

[X11 system]
– Fixed keyboard layout setting of hotplugged keyboards
– Fixed the “Hide Cursor” feature
– Fixed “Disable NumLock” and “Disable ScrollLock” (parameters x.global.disablenumlock and
x.global.disablescrolllock in Setup Registry)
[X-Server]
– Added additional default graphic modes to the IGEL UD10 TC236 integrated display to allow resolution
changes to different modes.
– Improved radeon display hotplug
– Fixed manual setting of display resolution on UD10
– Fixed display stays black after unplug and plug again monitor from a IGEL UD 3 42/41 (M330C)
– Fixed right mouseclick emulation for multitouch devices
[Universal MultiDisplay]
– Fixed UMD eternal waiting loop bug after update
[Windowmanager]
– The system sets the focus correctly on desktop after system start, if registry key
userinterface.desktop.focusable is enabled, default: disabled
– Fixed taskbar overlapping windows if it is expanded onto all monitors and a second screen is present
at the same direction as the panel.
– Fixed window focus freeze when hotkeys are used with modifiers set to “None”
– Window focus hotkeys now work even when no modifier keys are defined.
[Shadowing/VNC]
– Fixed bugs with certain special characters
– enable registry key “iseriesaccessglobal.iso8859_2_fix”, to fix
keyboard input of eastern european characters (czech, slovak, etc.)
default: disabled
[Audio]
– Fixed autostart of the sound control dialog.
– Fixed whining of front audio port of IGEL UD3 42/41 (M330C)
[Hardware]
– Fixed usage of intel turbo boost on newer intel CPUs (sandybridge and newer)
– Fixed right mouseclick emulation for multitouch devices
– Fixed Display Port/HDMI Audio with Intel Haswell chipsets, that need power well support
– Fixed display stays black after unplug and plug again monitor from a IGEL UD 3 42/41 (M330C)
[Java]
– Java (webstart) applications can now launch the local browser by using the desktop’s url-handler
[TC Setup]
– Added hint in setup tooltips that suspend option isn’t available with Universal MultiDisplay.
– Fixed license SecMaker EULA dialog in setup when activating SecMaker Net iD PKCS#11
module: in some cases the dialog had to be accepted twice.
– Fixed german translation in IGEL Setup: Zubeh”r->Systemprotokolle->Optionen
[Remote Management]
– Enhanced UMS structure tag mechanism. When manually registering Thin Clients from UMS, the structure tag
is taken into account now.

Iam looking for a new colleague…

April 21st, 2015

Hi Folks!

Are you intrested to work for the biggest Citrix Distributor in Switzerland? You have knowledge about Microsoft and Citrix Products and you’re waiting for a new challenge? German and english is no issue for you? You always wanted to be a full trained Citrix Certified Instructor (CCI)? So what are you waiting for? Just visit this site and apply for the next step of your carreer!

Cheers

Michael

P.S.: The linked Job subscription is written in german.. 😉

Release: IGEL Universal Management Suite 4.09.100

April 21st, 2015

=================
IGEL Universal Management Suite
=================
Version 4.09.100
Release date: 20.04.2015
=================
Notes
=================

Windows Server 2003 is no longer supported by the IGEL UMS (Java 8 does not
support Server 2003).

The option to accept UMS server certificate temporary when connecting with
UMS console was removed due to incompatiblity with security enhancements.

The linux installer is tested with
– Ubuntu 12.04 (32bit) and Ubuntu 14.04 (32bit and 64bit)

For further compatibility information check the Universal Management Suite
Data Sheet at www.igel.com.
*********************
UMS 4.09.100
*********************
=================
New features
=================

[UMS common]
– Updated java environment to Java 8 Update 40
– Added ability to disable the UMS server http connector. If disabled, secure connections are allowed only (https). Http connector can be disabled in UMS Administrator->Ports/Timeouts->’Allow SSL connections only’
– Added support for Oracle 12c database
[Console, common]
– Added link to user manual on edocs.igel.com (Menu Misc->User manual); User manual in pdf format is no longer included in UMS installations
– Added “configuration changed flag” after assigning/releasing a profile to/from thin clients/ thin client directories.
[Profiles]
– Added new profile type: Master-profile
* master-profiles allow a priorised profile assignment which cannot be overwritten by standard-profiles (priority of master-profiles is always higher than priority of standard-profiles)
* master-profiles are organized in a separate root node in the navigation tree (for access control reasons)
* assignment priority of master-profiles is inverse to standard-profiles: profile closest to TC has lowest priorits, indirect assignments with largest distance have highest priority)
* Use master-profiles to force thin client settings which must not be overwritten by standard-profiles (e.g. session profiles or desktop configuration profiles managed by department administrators or helpdesk)
– Enhanced template profile health check: list empty template values in health check result
[Views]
Added view export feature: send view result by mail (via SMTP).
Exports can be triggered manually via view context menu action or scheduled as administrative task.
Initial configuration of mail server, security settings and user credentials has to be defined in the UMS console administration tree ‘Global Configuration-> Email Settings’. Available parameters are:
* SMTP Host
* Reply Address
* SMTP User
* SMPT Password
* SMTP Port
* Available authentication methods: simple, SSL/TLS, Start TLS
[Universal Firmware Update]
– Added release notes in html format (available with the latest firmware versions only)

=================
Resolved Issues
=================
[UMS common]
– Fixed several security issues: the UMS server is now based on Tomcat 8.0.14. Please refer to http://tomcat.apache.org/tomcat-8.0-doc/changelog.html for details
– Fixed: Directory rules with a product name criterion had no effect on reboot or register.
[Console, common]
– Fixed problem with Recycle Bin: objects would randomly reappear if you put them in the Recycle Bin, clear the Recycle Bin and refresh the tree (F5)
– Fixed minor issue in log level configuration (administration tree): log level labels are now translated
– Fixed some template key issues:
* assignment inconsistency after restoring template keys from the recycle bin
* renaming issue on template values
– Fixed issue with views containing the online criterion: they are now assignable to jobs
[Profiles]
– Fixed: profiles with “overwrite” – flag are now effective again.
[Thin clients]
– Fixed “export Thin Clients” action for Thin Clients and Thin Client directories. Now this action is available in the context menu of content tables too.
– Improved performance in ums console for thinclient-directories with a lot of profile assignments.
[Shared Workplace Feature]
– Fixed shared workplace profile assignment inconsistency: assignments to AD groups now have less priority than direct assignments to a AD user
[Views]
– Fixed issue with missing thin clients in views with ‘assigned profiles’ criterion
– Fixed: a view with “profile assigned” criterion now shows all thinclients with the chosen (direct and indirect) assigned profile.
[Jobs]
– Fixed date picker issue: wrong week day abbreviations (e.g. in ‘Edit Job’ dialog) for german language replaced by proper ones
[Files (URLFiles)]
– Fixed file transfer via context menu ‘File UMS->TC’ on thin client directories
[Universal Firmware Update]
– Changed ums firmware update authentication. All firmware update user entries will be updated to user ‘IGEL_INTERNAL_FIRMWAREUPDATE_USER’ and will get a generated password. It is no longer necessary to manage the users in firmware updates manually (e.g. on password changes).
– Fixed universal firmware update registration issue: when registering a firmware update from zip file, direct assignments to thin clients are not possible.
– Fixed: Disabled the ftp/WebDAV buttons, if no row is selected (in “Check for Firmware Updates”)
– Fixed: ums firmware updates can be created out of windows 7+ snapshots.
– Fixed HTTP response code 500 when proxy configuration of universal firmware update is used.
[Configuration Dialog]
– Fixed coloring issue with nodes Userinterface -> Display -> Desktop -> Background: path is now marked blue, if paramters are activated.
Additional: Pages which contains template keys are now displayed green.
[Console, administration tree]
– Fixed issue in ‘Wake on LAN’ configuration: add/remove/change subnet or netmask configurations sometimes generated ‘Index: 0, Size: 0’ errors
[AD / LDAP integration]
– fixed a bug occurred by deleting AD/LDAP configurations
[Console, webstart]
– Added full support for Java 8 RIA (Java Web Start) security features. Application and web start configuration (jnlp) are signed. Starting UMS Console via web start will produce no security warnings.
[Database schema]
– Fixed: The search results in oracle databases can now be deleted
[Universal Customization Builder (UCB)]
– Fixed minor internatialization issues in UCB (some labels had wrong language)

Tip: Citrix released Feature Pack 1 for XenDesktop/XenApp 7.6

March 31st, 2015

Hello Folks,

today Citrix released the Feature Pack for XenDesktop/XenApp 7.6.

The FP1 brings Session Recording and better Lync 2013 (HDX Realtime Optimization Pack 1.7: Manual) support to your Citrix environment, it will now support the use of the Lync 2013 Client running on the Terminal Server/VDI.

The Download is available here: Download (Citrix account required)

Cheers

Michael

P.S.: Please note, you need to update the HDX Realtime Optimzation Pack Client component (Media Engine) to 1.7.

 

Tip: Having trouble with Remote Desktop Gateway and IGEL Linux V5.. Ask for a trial firmware.

March 24th, 2015

Hi Folks,

a User reported that IGEL has a none public Firmware Version 5.05.250 for the LX based devices available which fixes a few issues with the Remote Desktop Gateway access. We got this as email regarding the fact that some of our FAQ’s did not solve an issue for a user and i believe this do may apply also for other users.

This beta Firmware comes also with an updated Citrix Receiver 13.1.2.295815 but from the release notes it doesn’t support the new UD6 Hardware (iam not sure if this is a mistake).

To get the firmware you should get in contact with the IGEL Support but please note that this is not an official release.

Cheers

Michael

Tip: Optimizing Windows Server 2012 (R2) or Windows 8(.1) for VDI/Terminal Server use

March 18th, 2015

Hi Folks,

Citrix already one year ago released in article with several optimizations for Windows Server 2012 (R2) and Windows 8(.1) to optimize these systems for VDI / Terminal Server use. A lot of people doesn’t know it and it can be really helpfull, you can find the article here and it also include a .vbs script to run all these optimizations in one step. It will work for Citrix and also other solutions and can be very usefull to improve the user experience in general.

Just try it!

Cheers

Michael

Windows Phone Remote Desktop Services Client comes now with RDGateway support

March 12th, 2015

Hi Folks,

the Remote Desktop Services Client for the Windows Phone now comes with RDGateway support (after a long time waiting…).

The RDGateway Client works fine but seams to have some issues with self signed certificates if the CA can not be reached to verify the certificate blacklist. So i recommend to use certificate coming from a public CA to make sure it’s working fine. You will get an 0x3000005 error in this case, this error will only happen if you connect thru an external network and not if you try it in the local network.

Cheers

Michael

 

 

New Release: IGEL Linux for ARM (UD2 Multimedia/IZ1) based devices Version 1.09.100

March 10th, 2015

IGEL Linux SoC
==============
Version 1.09.100
Release date 2015-03-09
Last update of this document 2015-03-09

Supported devices: IZ1-RFX, IZ1-HDX, UD2-LX MultiMedia

The online Release Notes can be found at http://edocs.igel.com/#10202674.htm
Registry Keys of parameters are listed there.

====================
Versions:
====================
Clients:
– Citrix Receiver 12.5.1
– Citrix Receiver 13.1.2.295815
– Firefox 20.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– Oracle JRE 1.7.0_60
– VMware Horizon client 2.0.0-1049726

Smartcard:
– Reader Driver ACS CCID 1.0.5
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Resource Manager PC/SC Lite 1.8.9

System Components:
– Xorg X11 Server 1.10.4
– Xorg Xephyr 1.10.4
====================
Information:
====================
IMPORTANT: Depending on your board, you may not be able to downgrade to
versions earlier than 1.08.300. Check the Application Launcher
at the “About” Tab. If you have a board with a so called SPI-Flash
attached, you can read its type at the “Hardware” section.
If your type is “w25q80”, the lowest version to downgrade to is
1.08.300. If you don’t have a SPI-Flash, the lowest version to
downgrade to is 1.07.100

IMPORTANT: This releases integrates two Citrix Receiver versions 12 and 13.
You can only choose to run either of the versions.
The old 12 Citrix Receiver is still available for compatibility
reasons and activated by default. Version 13 of the Citrix Receiver
can be activated at the local setup of the device or through a UMS
profile configuration.
====================
Removed features:
====================

[Java]
– Removed java webstart session type and webbrowser support
====================
Known issues:
====================

[ICA/Citrix Receiver 12 and 13]
– Currently Kerberos is not supported, so Kerberos passthrough will not work
with Legacy ICA sessions and Citrix StoreFront/Web Interface.
Workaround: configure “Passthrough authentication”

[RDP/IGEL RDP Client 2]
– RDP sessions freeze sporadically, if RD Gateway support is enabled.
====================
New features:
====================

[ICA/Citrix Receiver 13]
– Updated Citrix Receiver to version 13.1.2
– Added “CGP Address” parameter to support the session reliability feature on page:
Citrix > HDX / ICA Global > Options
(Please note that this parameter might be overwritten by the Citrix server.)
– Added parameter “ica.wfclient.twiavoidfullscreenwhenmaximized” to enable
a bug fix from Citrix regarding maximization of windows in a multi-monitor
setup with different resolutions (default: disabled).
– Added parameter “ica.wfclient.twisetfocusbeforerestore” to enable a
workaround from Citrix to set the focus on windows before restoring them
to avoid issues with Java applications.(default: disabled)
– Added parameter “ica.wfclient.applysucconntimeouttodesktops” to let the
session sharing timout option “SucConnTimeout” be applied to desktops
as well (default: disabled)
– Added registry parameter “ica.pnlogin.use_ctx_auth_mgmt”, that
enforces usage of the built-in authentication management of the
Citrix Receiver 13 instead of the IGEL mechanism. This disables credential
related features like passthrough, auto-logon etc.

[ICA/Citrix Receiver 12 and 13]
– Added registry parameter “ica.pnlogin.debug” to enable debug output of
pnlogin on stderr console.
– Added parameter windowmanager.wm0.variables.igelicaallowminimize in the
registry to circumvent problems java-based windows over ICA with a popup
window. If set to false, ICA windows with a popup can not be minimized
anymore.
– Improved the synchronization of starting Citrix sessions to avoid opening
multiple ICA channels, if possible. For fine-tuning, it is possible to
configure the maximum waiting time until a session starts, regardless of
the status of a previous started session. The parameter is available in
the registry: “ica.pnlogin.app_start_max_delay” (default: 30)
– The new synchronization mechanism mentioned above applies also for
autostarted published applications, configurable on
setup page Citrix > Citrix StoreFront / Web Interface > Logon.

[RDP/IGEL RDP Client 2]
– Added RD Gateway support for RDP sessions and RD Web Access:
configurable at “IGEL Setup->Sessions->RDP->RDP Global->Gateway”,
“IGEL Setup->Sessions->RDP->RDP Sessions->[session name]->Gateway” and
“IGEL Setup->Sessions->RDP->Remote Desktop Web Access->Server location”
– Improved RDP Remote Apps: Tray icons and tooltips can be used.
– Added workarea mode support at “IGEL Setup->Sessions->
RDP->RDP Global->Window->Window Size” as a global setting.
You can also configure workarea mode session-specific at “IGEL Setup->Sessions->
RDP->RDP Sessions->[session name]->Window->Window Size”.
Please note that either workarea mode or the toolbar can be used.
Workarea mode superseeds toolbar configuration.
– Added a startup splash screen that is shown while connecting to a RDP server.

[Java]
– Added Oracle JRE Version 1.7.0 update 60

[base system]
– If you have a device with SPI-Flash, you’ll now see the type in the
Application Launcher at ‘About -> Hardware’
– If you have a device with a SPI-Flash, the type of the Flash
is now visible within UMS
– Updated IGEL Setup to version 4.8.18:
Added a quick link bar on many setup pages to find and get to related
configuration pages directly. Increased the default size of the setup window
to retain the readability of the affected setup pages (only when the setup
is started for the first time).
– Added possibility to add custom timezone files to /wfs/zoneinfo/ directory.
====================
Resolved issues:
====================

[ICA/Citrix Receiver 13]
– It is now possible to use an IP address to access a Citrix server

[ICA/Citrix Receiver 12 and 13]
– ICA sessions are not closed anymore, when a USB headset is plugged in or out
– Fixed StoreFront instability
– Added a registry key to disable the DSP acceleration ica.disable_dsp_accel,
default: disabled
– Fixed ICA session handling with applications from more than three server.
– Fixed missing desktop/menu icons with Citrix StoreFront/Web Interface
– Fixed matching of application names in ICA autostart list
– Fixed Citrix StoreFront/Web Interface refresh command
– Fixed problems with vanishing systray icons.
– Fixed window focus after closing a dialog. The focus will be set correctly.
– Added a workaround to deal with windows of a very low height, that show up.
in the taskbar although they shouldn’t (e.g. some tooltip windows in seamless
Citrix sessions). To use this, adjust the parameter
“windowmanager.wm0.variables.tooltipsize” in the registry. A useful value for
single-lined tooltip windows would be 20.

[RDP/IGEL RDP Client 2]
– Fix for published applications which alias name is like “NAME (1)”.
– Improved RDP Network authentication support (NLA) if Local Logon is used.
Previously Network authentication support (NLA) wasn’t reliable.
– Fixed synchronization of lock keys (like num lock, caps lock and so on).
– Added support for various multimedia keys within RDP sessions, e.g on
keyboard Logitech MK270.
– Improved handling of server redirection. There was a bug which randomly
crashed the client application once it got redirected by the server.
– Improved RD Web Access logout mechanism. The started applications will be closed
if we perform a logout.
– Fixed bug in RD Web Access to utilize global settings.

[base system]
– updated libssl0.9.8; this fixes:
– CVE-2013-0166
– CVE-2013-0169
– updated libssl1.0.0; this fixes:
– CVE-2014-3571
– CVE-2015-0206
– CVE-2014-3569
– CVE-2014-3572
– CVE-2015-0204
– CVE-2015-0205
– CVE-2014-8275
– CVE-2014-3570
– Fixed glibc 2.13 security issues: CVE-2015-0235 (GHOST), CVE-2009-5029,
CVE-2011-1658, CVE-2011-4609, CVE-2012-3405, CVE-2012-3480, CVE-2013-4788,
CVE-2013-4458, CVE-2013-4332, CVE-2013-4237, CVE-2013-1914, CVE-2013-0242,
CVE-2012-4424, CVE-2013-4458, CVE-2014-0475, CVE-2014-5119, CVE-2014-0475,
CVE-2013-4357, CVS-2014-7817, CVE-2014-6040 and CVE-2012-6656
– Fixed the “Hide Cursor” feature
– The system sets the focus correctly on desktop after system start, if
registry key userinterface.desktop.focusable is enabled, default: disabled

Tip: Fixing HDX3D Pro performance issues with Citrix XenDesktop 7.x and Nividia Grid Cards

March 6th, 2015

Hi Folks,

if getting performance issues when using HDX 3D Pro together with XenDesktop 7.x and Nvidia Grid Cards you should try the latest XenDesktop Desktop VDA release which is available here.

It doesn’t matter what type of end device is used.

Cheers

Michael

Whitepaper: IGEL Linux and Citrix Storefront Whitepaper has been updated

March 6th, 2015

Hello Folks,

i updated the Whitepaper how to configure an IGEL Linux based device to work with a Citrix Storefront Server.

It will now also mention the 4.14.100 firmware as supported firmware and regarding some comments from users i’ve added the information that only Base64/PEM certificates will work for none Windows based end devices like the IGEL OS.

The download is available here.

Cheers

Michael

cloud-client.info will discontinue support for current IGEL Hardware and will add Google ChromeOS

March 6th, 2015

Hi Folks,

rearding the fact that we doesn’t have any current IGEL Hardware like the new UD6 or UD3 we will not provide any information’s or faq’s for these devices in the future and all related hardware whitepaper’s are discontinued. Please do not contact us if you have questions related to these devices because it’s not serious to provide information’s or help without any way to reproduce.

We’re also currently investigating  the Google ChromeOS to put some attention on this OS. Citrix has announced a partnership with Google and also Clients from VMWare and 2X are available incl. a management solution; so this one could be an intresting cloud client OS for road workers. For us important are the limitations and differences between the ChromeOS clients and the Windows/Linux/MacOSX clients. If you have already some experience with the Chrome OS we will be happy if you share some daily use experience with us incl. how updates are handled thru the different hardware vendor’s (the main gap for Google’s Android OS).

Cheers

Michael

Tip: Still using IGEL LX/OS Version 4.x.x and require SHA2 or Storefront support for Citrix ICA sessions?

February 24th, 2015

Hi Folks,

i know a couple of customers and users are waiting for this, so if you still have older IGEL UDx-x2x and UDx-x3x running IGEL LX Version 4.x.x or migrated 3rd Party devices (migrated with the Universal Desktop Converter Version 1) you can now use SHA2 certificates and Citrix Storefront with the latest Version 4.14.100.

Please be aware: Read the disclaimer coming with the new firmware release, it’s very important for devices coming with only a 512MB HDD/CF-Card! Also the “old” hidden failback switch (mentioned here) to select between different Citrix Receiver 12 Versions is obsolete with Firmware 4.14.100, you can now switch  between Citrix Receiver Version 12 and 13!

For the Storefront Setup you can use our Whitepaper here, only the local Client screens will look a little bit different regarding the GUI difference between Linux V4 and V5.

Cheers
Michael

News from Superfish (aka Lenovogate)

February 24th, 2015

Hi Folks,

last week we posted two articles related to the Superfish Adware which came pre-installed with some Lenovo devices produced in the last Quarter of 2014. Superfish contains strong security concerns regarding the used SSL interception technology coming from an other Company calling Komodia.

It seams that this will now run into a or better several (i know already about two) class action lawsuit in the US against Lenovo, read also the article at PCWorld. I hope this will be a warning for other Hardware vendors pre-installing software without any sense or effective use for the user and without any real security verification.

Lenovo has already published a uninstall tool (Read also here), also some Virus remove tools like Avast or Microsoft Defender will remove it (or try to do it). In any way you should verify the local Computer Certificate Store to be sure… Also Lenovo released an open letter here.

There is also other Software available which uses the Komodia SSL interception technology incl. a Trojan, there is a really good article available at Facebook by Matt Richard(Facebook Securtiy Team) here and i recommend to read it if you have to do or are intrested with/in IT Security.

If you want to perform a check to verfiy that you’ve not any SSL interception software installed try out this site: Badfish check

You’re using Firefox and Chrome/Internet Explorer? Don’t forget to open the Website above with Firefox and also Chrome/Internet Explorer.

Cheers

Michael

Release: IGEL Universal Desktop LX/OS Firmware 4.14.100

February 24th, 2015

IGEL Universal Desktop LX
=========================
Version 4.14.100
Release date 2015-02-23
Last update of this document 2015-02-23

Supported devices:
UD2-x31 LX, UD2-x30 LX, UD2-x21 LX, UD2-x20 LX
UD3-x40 LX, UD3-x31 LX, UD3-x30 LX, UD3-x21 LX, UD3-x20 LX
UD5-x40 LX, UD5-x30 LX, UD5-x20 LX
UD9-x31 LX, UD9-x30 LX
The online Release Notes can be found at http://edocs.igel.com/index.htm#10202439.htm
Registry Keys of parameters are listed there.

====================
Versions:
====================
Clients:
– 2X Client 12.0.0-2270
– Cisco VPN Client 4.8.02.0030-k9
– Citrix Access Gateway Standard Plug-in 4.6.3.0800
– Citrix HDX Realtime Media Engine 1.6.0-6
– Citrix Receiver 12.1.8.250715
– Citrix Receiver 13.1.2.295815
– Client for RedHat Enterprise Virtualization Desktops 3
– Dell vWorkspace Connector for Linux 7.7.3
– Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848
– Ericom Webconnect 5.6.0.4000-rel.20413
– FabulaTech USB for Remote Desktop 5.0.4
– Firefox 17.0.11
– IBM iSeriesAccess 7.1.0-1.0
– IGEL Legacy RDP Client 1.0
– IGEL RDP Client 2.1
– Imprivata OneSign ProveID Embedded
– Leostream Java Connect 3.0.57.0
– NCP Secure Client (Enterprise) 3.25-rev15580-i686
– NX Client 4.2.27
– Oracle JRE 1.7.0_76
– SAP GUI java710rev6
– Thinlinc Client 4.3.0-4538
– ThinPrint Client 7.0.63
– Totem Media Player 2.30.2
– Virtual Bridges VERDE Client 7.1.1_rel.24005
– VMware Horizon client 3.2.0-2331566
– Voip Client Ekiga 3.2.7

Dictation:
– Driver for Grundig Business Systems dictation devices
– Driver for Olympus dictation devices
– Legacy Philips Speech Driver 5.0.10
– Philips Speech Driver 12.2.7

Smartcard:
– PKCS#11 Library A.E.T SafeSign 3.0.3665
– PKCS#11 Library Gemalto IDPrime 1.1.0
– PKCS#11 Library SecMaker NetID 6.1.1.21
– Reader Driver ACS CCID 1.0.5
– Reader Driver HID Global Omnikey CCID 4.0.5.5
– Reader Driver MUSCLE CCID 1.4.13
– Reader Driver Omnikey CCID legacy-3.6.0
– Reader Driver Omnikey RFID legacy-2.7.2
– Reader Driver REINER SCT cyberJack 3.99.5final.SP03
– Reader Driver Safenet / Aladdin eToken 8.1.0-4
– Reader Driver SCM Microsystems CCID 5.0.27
– Resource Manager PC/SC Lite 1.8.9

System Components:
– Graphics Driver INTEL 2.17.0
– Graphics Driver VIA 5.75.32.87a-59172
– Graphics Driver VIA Legacy 4.1.83
– Xorg X11 Server 1.11.4
– Xorg Xephyr 1.7.6
====================
Information:
====================
IMPORTANT:
This release contains Citrix Receiver versions 12 and 13.
The Citrix Receiver 12 is still available for compatibility reasons and
activated by default. Version 13 of the Citrix Receiver can be activated at
the local setup of the device or through a UMS profile configuration.
Only one version can be used.
====================
Known issues:
====================

[Dell vWorkspace Connector]
– Seamless applications exported from Win8/8.1 desktops show display errors when
dragged to the screen edges.
– At dual view configuration flash redirected windows can appear on wrong screen.
– After the start of a seamless session the window is initially maximized before being
resized to the correct size.
– Windows XP sessions might not work properly anymore.
– Only standard 105 keys PC keyboards are supported.
Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys.
– Mapping of drives to a dedicated drive letter is not possible anymore.
– If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped.
– If printer mapping is enabled all printers configured in CUPS are mapped.
– For Multimedia Redirection sound redirection with WMV/WMA streams is not working.
– USB Redirection may not work reliable.
– Session starts only if RDP Local Logon Window
(IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active.

[VMware Horizon]
– Remote Applications are not seamless in the strict sense.
These are rather displayed in an extra window decorated by the TC’s window manager.
– If more applications defined and started in the same session, all are displayed inside this window.
The default size of this window can be defined in the Window section of the Horizon session.
– PCoIP user input language synchronization is currently broken.

[StepOver]
– StepOver serversonet does not work with natureSign signature pad.

[Genucard]
– Genucard versions 4 or greater currently cannot retrieve an IP adress.

[Smartcard]
– In mode “IGEL Smart Card without Locking Desktop”: when a Horizon session is running
and the smart card is removed , the Horizon desktop and application chooser window stays open.
– In mode “IGEL Smart Card without Locking Desktop”: when a RDP session is running
and the smart card is removed, a bogus warning window is shown.
– Running 2X sessions from IGEL Smart Card fails with error “server name missing”.
====================
New features:
====================

[Citrix Receiver 13]
– Integrated Citrix Receiver 13.1.2
– Added support for StoreFront
Hints (It is IMPORTANT to read this, if you plan to use Citrix Receiver 13
instead of 12 and/or want to connect to a Citrix StoreFront server):
– This firmware contains two Citrix Receivers, but only one of them can be
active at a time. Default is Citrix Receiver 12. The version can be
switched by the new parameter “Use Citrix Receiver version 13” in the
IGEL setup at “Sessions->Citrix->Citrix Receiver Selection”
– The new parameter “Citrix server type” on IGEL setup page
“Sessions->Citrix->Citrix StoreFront / Web Interface ->Server” defines the
capabilities of the Receiver
according to the used Citrix server versions (default is “Web Interface”).
– For Citrix StoreFront only access via https is supported. If the SSL certificate
of your Citrix server is not signed by a trusted certificate authority
(like Verigsign, Thawte etc.), you have to install the root certificate of your
own certificate authority on each Thin Client.
Please use http://edocs.igel.com/index.htm#10200413.htm to access the
document on how to install SSL certificate.
– Legacy ICA sessions only work with Citrix XenApp servers up to version 6.5.
– The parameter “Deferred update mode” has no effect anymore.
– Added support for SHA-2 based certificates.
– Kerberos is only supported with Legacy ICA Sessions and Web Interface,
not with StoreFront.
– To enable usage of Smartcard authentication it is necessary
to choose Smartcard logon on the redesigned setup page
Citrix > Citrix StoreFront / Web Interface > Logon
and to choose the correct smart card on page
Citrix > Citrix StoreFront / Web Interface > Logon > Smartcard.
Passthrough authentication with smart card is only possible with StoreFront.
– Added “CGP Address” parameter to support the session reliability feature on page:
Citrix > HDX / ICA Global > Options
(Please note that this parameter might be overwritten by the
Citrix server.)
– Added parameter “ica.wfclient.twiavoidfullscreenwhenmaximized” to enable
a bug fix from Citrix regarding maximization of windows in a multi-monitor
setup with different resolutions (default: Disabled).
– Added parameter “ica.wfclient.twisetfocusbeforerestore” to enable a
workaround from Citrix to set the focus on windows before restoring them
to avoid issues with Java applications.(default: Disabled)
– Added parameter “ica.wfclient.applysucconntimeouttodesktops” to let the
session sharing timout option “SucConnTimeout” be applied to desktops
as well (default: Disabled)
– Added registry parameter “ica.pnlogin.use_ctx_auth_mgmt”, that
enforces usage of the built-in authentication management of the
Citrix Receiver 13 instead of the IGEL mechanism. This disables credential
related features like passthrough, auto-logon etc.
– With Citrix Receiver 13 there is support for new graphics codec parameters:
– H264 deep compression codec registry keys:
* ica.wfclient.h264enabled (disabled by default)
* ica.wfclient.texttrackingenabled
* ica.wfclient.smallframesenabled
The H264 codec is only usable if the multimedia codec pack is installed.
Detailed description of the parameters are available at:
http://support.citrix.com/proddocs/topic/receiver-linux-13-1/receiver-linux-13-1.html and

Click to access linux-oem-guide-13-1.pdf

– JPEG codec registry keys:
* ica.wfclient.directdecode
* ica.wfclient.batchdecode (enabled by default)
Detailed description of the parameters are available at:
http://support.citrix.com/proddocs/topic/receiver-linux-13-1/receiver-linux-13-1.html and

Click to access linux-oem-guide-13-1.pdf

[ICA]
– Updated Philips Speech drivers to version 12.2.7
– New Grundig dictation driver: increased stability of audio channel.
Grundig SoundBox 820, DigtaSonic Mic I and ProMic 840 are not supported any more
– Updated driver for dictation with Olympus devices
– Added Citrix HDX RTME 1.6.0-6 used for Lync optimization.
– ICA sessions with Kerberos Passthrough: it is now possible to choose the Kerberos
implementation(s) which are used with Citrix via parameter
ica.module.virtualdriver.sspi.kerberosselection default: Heimdal,MIT
– Added parameter windowmanager.wm0.variables.igelicaallowminimize in the
registry to circumvent problems java-based windows over ICA with a popup
window. If set to false, ICA windows with a popup can not be minimized
anymore.
– Added support to restrict Legacy ICA sessions with workarea window mode to
a single monitor at
“IGEL Setup->Sessions->Citrix-> Legacy ICA Sessions->[session name]->
Window->Start Monitor”.
The value “No Configuration” expands the windows over all monitors without
hiding the taskbar.
– Improved the synchronization of starting Citrix sessions to avoid opening
multiple ICA channels, if possible. For fine-tuning, it is possible to
configure the maximum waiting time till a session starts, regardless of
the status of a previous started session. The parameter is available in
the registry: “ica.pnlogin.app_start_max_delay” (default: 30)
– Added a mechanism to autostart published applications, configurable on
setup page Citrix > Citrix StoreFront / Web Interface > Logon.
The new synchronization mechanism mentioned above is applied for
autostarts as well.

[RDP]
– Integrated IGEL RDP Client 2:
– New workarea window mode
– New Audio-In support
– Improved RemoteApp support
– Fixes for drive mapping
– Without Gateway Support
– Without RDP 8 based RemoteFX support (EGFX)
– Without Video Optimized Redirection (EVOR)
– IGEL Legacy RDP Client 1.0 can be enabled at setup page:
IGEL Setup -> Sessions -> RDP -> RDP Global -> Options
– Updated Philips Speech drivers to version 12.2.7
– New Grundig dictation driver: increased stability of audio channel.
Grundig SoundBox 820, DigtaSonic Mic I and ProMic 840 are not supported any more
– Updated driver for dictation with Olympus devices

[VMware Horizon]
– Updated VMware Horizon Client to version 3.2.0-23315666
– Added support to start a specific application published by a Horizon 6 server.
In the IGEL Setup go to Sessions->Horizon Client->Horizon Client Sessions
choose a session or create one and specify under Connection Settings
the application name to start and set the session
type to “Application”. (the checkbox “Autoconnect” should also be enabled).
In the IGEL setup registry the new keys can be found in each view session:
– sessions.vdm_client%.options.appname
– sessions.vdm_client%.options.sessiontype (default: “Desktop”)
– RDP sessions are using the standard IGEL RDP Client 2 client now
instead of the legacy rdesktop variant.
– The Ctrl+Alt+Delete behavior (for PCoIP sessions) has three options now:
* show Horizon Client’s chooser dialog to either send the key combo to the
host/VM or disconnect from the session
* send Ctrl-Alt+Delete directly to the host/VM
* do nothing
The corrosponding key in the IGEL registry is found in:
– vmware.view.handle-ctrl-alt-del (default is “Show chooser”)
For sessions connected via Microsoft RDP the chooser dialog is the only option.
– Added switch for “Ctrl+Alt+Insert” redirection to VM.
Depending on server configuration either “Ctrl+Alt+Insert”,
“Ctrl+Alt+Delete” or no action can be triggered.
The registry key is located at “vmware.view.sendctrlaltinstovm” (default: Disabled)

[Dell vWorkspace Connector]
– Updated Dell vWorkspace Connector for Linux to version 7.7.3
– Added switch to enable bidirectional audio at
“IGEL Setup->Sessions-> RDP->RDP Global->Sound->Audio capture”
for global configuration, or session-specific at
“IGEL Setup->Sessions-> vWorkspace Client Sessions->[session name]->Mapping->Enable Microphone mapping”
– Added switch for font-smoothing at
“IGEL Setup->Sessions-> RDP->RDP Global->Performance->Enable Font smoothing”
for global configuration or session-specific at
“IGEL Setup->Sessions-> vWorkspace Client Sessions->[session name]->Performance->Enable font smoothing”.
– Added switch for vWorkspace connection bar at
“IGEL Setup->Sessions ->RDP->RDP Global->Enable Toolbar”
for global configuration, or session-specific at
“IGEL Setup->Sessions->vWorkspace Client Sessions-> [session name]->Window->Display the
connection bar when in full screen mode”.

[NX-Client]
– Updated NX Client to version 4.2.27:
New parameters:
– Connection service: sessions.nxclient<NR>.general.connection_service (Possible values: SSH, NX. Default: SSH)
– Logon method: sessions.nxclient<NR>.login.login_method (Possible values: Password, Private key. Default: password)

[2X Client]
– Updated 2X Client to version 12.0.0-2270
New parameters:
– TLS Authentication: sessions.twox<NR>.local_resources.windows_key_combinations Default: Disabled
– Network Level Authentication: sessions.twox<NR>.advanced.network_level_authentication Default: Enabled
– Pre-Windows 2000 Login Format: sessions.twox<NR>.advanced.oldwindows_login_format Default: Enabled
– Windows key combinations: sessions.twox<NR>.local_resources.windows_key_combinations Default: Local

[Shared Workplace]
– Shared workplace (SWP) now supports user display configurations
(including resolution, orientation, layout, refresh rates).

[ThinLinc]
– Updated ThinLinc client to version 4.3.0-4538.
New parameters:
– Multi monitor option: sessions.thinlinc<NR>.config.full_screen_all_monitors (default: Enabled)
– Resize remote desktop session: sessions.thinlinc<NR>.config.remote_resize (default: Enabled)
– Send system keys: sessions.thinlinc<NR>.config.send_syskeys (default: Enabled)
– SmartCard redirection: sessions.thinlinc<NR>.config.smartcard_export_enabled (default: Disabled)
– Lockdown Local device tab: sessions.thinlinc<NR>.options.locklocaldevices (default: Enabled)
– Lockdown Security tab: sessions.thinlinc<NR>.options.locksecurity (default: Enabled)

[Leostream Java Connect]
– Updated Leostream Connect_Java Client to Version 3.0.57

[Shadowing/VNC]
– Changed VNC version to 0.9.13
– Added VNC secure mode, based on a SSL-encrypted VNC connection. The SSL
connection uses a special certificate located in the directory /wfs/ca-certs.
This feature requires the Universal Management Suite (UMS) to be involved,
to handle the shadowing permissions and double check whether the connection
is allowed or not. In addition the UMS is used to assure a secure credential
exchange between the TC and the UMS console.
IMPORTANT: The UMS must have the version 4.07.100 or higher!
The feature can be enabled in IGEL setup at “System->Shadow->Secure Mode”

[Smartcard]
– Upgraded HID Global Omnikey smart card reader driver to version 4.0.5.5.
The following new readers are supported:
OMNIKEY CardMan (076B:0596) 2020
OMNIKEY CardMan (076B:3020) 3020
OMNIKEY CardMan (076B:3022) 3021
OMNIKEY CardMan (076B:3620) 3620
OMNIKEY CardMan (076B:7021) 3121
OMNIKEY CardMan (076B:3623) 3621
OMNIKEY CardMan (076B:3822) 3821
OMNIKEY CardMan (076B:3823) 3821
OMNIKEY CardMan (076B:5820) 4121 CL
OMNIKEY CardMan (076B:512D) 5025 PROX CL
OMNIKEY CardMan (076B:502A) 5025 PROX CL
OMNIKEY CardMan (076B:C001) 5121
OMNIKEY CardMan (076B:C100) 5121
OMNIKEY CardMan (076B:C101) 5121
OMNIKEY CardMan (076B:C104) 5125 CL
OMNIKEY CardMan (076B:C105) 5125
OMNIKEY CardMan (076B:5127) 5127 CK
OMNIKEY CardMan (076B:5220) 5220 Pay CL
OMNIKEY CardMan (076B:5221) 5221 Pay
OMNIKEY CardMan (076B:5311) 5321
OMNIKEY CardMan (076B:532B) 5321 Pay
OMNIKEY CardMan (076B:5340) 5021 CL
OMNIKEY CardMan (076B:A521) 5321
OMNIKEY CardMan (076B:5326) 5326 DFR
OMNIKEY CardMan (076B:5421) 5421
OMNIKEY CardMan (076B:1784) 6020
OMNIKEY CardMan (076B:6623) 6121
OMNIKEY CardMan (076B:6310) 6311 CL
OMNIKEY CardMan (076B:1BD0) 7120
OMNIKEY CardMan (076B:1BD1) 7121
OMNIKEY CardMan (076B:8630) 8630
OMNIKEY CardMan (076B:9621) 9621
CCID SC Reader (076B:A023)
CCID SC Reader (076B:A024)
CCID SC Reader (076B:A111) Keyboard
CCID SC Reader (076B:A112) Keyboard
CCID SC Reader (076B:A721)
CCID SC Reader (076B:B000) HID identiCLASS
CCID SC Reader (076B:B001) iCLASS Smart@Link
CCID SC Reader (076B:C000)
CCID SC Reader (076B:C200)
CCID SC Reader (076B:C300)
CCID SC Reader (0BF8:101B)
Fujitsu D321 (0BF8:1021)
Fujitsu G87 SC Contact Keyboard Cherry SmartTerminal XX44 (046A:007B)
Cherry SC Reader (046A:0090)
Cherry SC Reader (046A:0091)
Cherry SC Reader (046A:0092)
Cherry SC Reader (046A:00A3)

[Driver]
– Updated Softpro VirtualSerialSignpad driver to version 1.4.6.0

[USB Redirection]
– Upgraded Fabulatech USB for Remote Desktop up to 5.0.4

[Java]
– Updated JRE to version 1.7.0 update 76

[StepOver]
– Updated StepOver serversonet to version 0.7.16

[Network]
– Added parameter for DHCP user class option (see RFC 3004): * network.dhcp.user_class The default value is
empty and means that the option is not used. Non-printable bytes can be specified as \ooo, where each o is
an octal digit, or \xhh, where each h is a hexadecimal digit. ‘\’ and ‘”‘ must be escaped by prepending ‘\’.
– Added parameters for DHCP client identifier options (see RFC 2132):
– network.interfaces.ethernet.device0.dhcp_client_id
– network.interfaces.ethernet.device1.dhcp_client_id
– network.interfaces.wirelesslan.device0.dhcp_client_id
Example values: \x00host.example.org (a FQDN with type byte 0 prepended),
\x01\x00\x11\x22\x33\x44\x55 (the MAC address 00:11:22:33:44:55 with type byte 1 prepended)

[VPN]
– Upgraded NCP Enterprise VPN client up to 3.25-rev15580

[base system]
– Active Directory/Kerberos Logon: it is now possible to specify the default lifetime
and renewal lifetime of Kerberos tickets with parameters auth.krb5.libdefaults.ticket_lifetime
and auth.krb5.libdefaults.renew_lifetime in setup registry.
The default values are 10 hours and 7 days respectively.
– New TC Setup 4.8.18:
Added a quick link bar on many setup pages to find and get to related
configuration pages directly. Increased the default size of the setup window
to retain the readability of the affected setup pages (only when the setup
is started for the first time).
– Updated Chinese, Dutch, French and German userinterface translations
– Changed english label of start button on Application Launcher’s Applications
page from “Start” to “Execute”. A custom label for the button can be defined with parameter:
– userinterface.launcher.displaynames.startbuttonname.
– Added possibility to add custom timezone files to /wfs/zoneinfo/ directory.
– Increased the default taskbar height to 40.

====================
Resolved issues:
====================

[ICA]
– Fixed missing desktop/menu icons with Citrix XenApp/Program Neighborhood
– Fixed matching of application names in ICA autostart list
– Fixed Citrix XenApp/Programm Neighborhood refresh command
– Fixed problems with vanishing systray icons.
– Fixed: ICA sessions are not closed anymore, when a USB headset is plugged in or out.
– Fixed window focus after closing a dialog. The focus will be set correctly.
– Added a workaround to deal with windows of a very low height, that show up.
in the taskbar although they shouldn’t (e.g. some tooltip windows in seamless
Citrix sessions). To use this, adjust the parameter
“windowmanager.wm0.variables.tooltipsize” in the registry. A useful value for
single-lined tooltip windows would be 20.

[XEN]
– Fixed a minor bug in xen appliance mode with german keyboard layout and numblock DEL key.

[RDP]
– Fixed log on with Gemalto .net cards to Windows Server 2008
– Fixed execution problems of RemoteApps with short names.

[VMware Horizon]
– Added for passthrough authentication the possibility to use the shortened
domain name instead of the fully qualified domain name, like “EXAMPLE” instead of “EXAMPLE.COM”.
To enable shortened domain name for a particular session, go in the IGEL Registry and set the key
sessions.vdm_client%.options.passthrough_shortdomain to true.
– Fixed bug regarding Horizon/RDP sessions, where session restart was not possible after closing via menu bar
(Disconnect desktop and quit).

[Dell vWorkspace Connector]
– Fixed USB Redirection issues
– Fixed hotkey handling

[IBM_5250]
– Fixed system language detection in IBM iSeriesAccess sessions.
– fixed keyboard input of eastern european characters (czech, slovak, etc.)
enable registry key “iseriesaccessglobal.iso8859_2_fix”, default: Disabled

[ThinPrint]
– Handling of the “default” mark of a printer configured under Devices/Printer/Thinprint/Printer has been improved.

[Shadowing/VNC]
– Improved handling of Lock keys in VNC Server. All modifiers will be cleared
by default when shadowing is started. Lock keys are handled on client side
only by default.
(registry: network.vncserver.clear_all (default: Enabled) and
network.vncserver.skip_lockkeys (default: Enabled))

[XDMCP]
– Fixed X server restart.

[Universal MultiDisplay]
– Fixed UMD screen arrangement

[Smartcard]
– Implemented SCARD_ATTR_CURRENT_PROTOCOL_TYPE in pcsc-lite; this helps smart card log on with
SafeSign minidriver
– Fixed log off with IGEL Smartcard: when additional smart card readers were added or removed during
a session, removing the smart card did not trigger log off any more.

[base system]
– Updated ca-certificates to ubuntus utopic version
The list of integrated certificates is available at:
http://myigel.biz/index.php?dir=IGEL_UNIVERSAL_DESKTOP_FIRMWARE/LX/V4/
– Fixed CVE-2014-6271 (ShellShock Bug)
– Applied bash security patches for CVE-2014-6277, CVE-2014-6278
– Fixed OpenSSL 1.0.1 security issues:
CVE-2014-0160 (heartbleed bug), CVE-2014-0076, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470,
CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-5139, CVE-2014-3512, CVE-2014-3511,
CVE-2014-3510, CVE-2014-3509, CVE-2014-3508, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505,
CVE-2014-3568, CVE-2014-3567, CVE-2014-3513, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571,
CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205 and CVE-2015-0206 fixed.
– Improved OpenSSL 1.0.1 security: Added support to mitigate a protocol downgrade attack
to SSLv3 that exposes the POODLE attack.
– Fixed OpenSSL 0.9.8 security issues: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195,
CVE-2013-0169, CVE-2013-0166, CVE-2012-2333 and CVE-2012-0884 fixed.
– Fixed gnuTLS security issues: CVE-2014-0092, CVE-2011-4128, CVE-2012-1573, CVE-2013-1619,
CVE-2013-2116, CVE-2014-1959, CVE-2014-0092 and CVE-2014-3466 fixed.
– Fixed libtasn1-3 security issues: CVE-2012-1569, CVE-2014-3469, CVE-2014-3468 and CVE-2014-3467 fixed.
– Fixed libgcrypt11 security issues: CVE-2013-4242 and CVE-2014-5270 fixed.
– Fixed libkrb5 security issues: CVE-2010-1321, CVE-2010-1322, CVE-2010-4020, CVE-2010-1323,
CVE-2010-1324, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0284, CVE-2011-1530,
CVE-2012-1012, CVE-2012-1013, CVE-2012-1015, CVE-2012-1014, CVE-2014-4345, CVE-2014-4344,
CVE-2014-4343, CVE-2014-4342, CVE-2014-4341, CVE-2013-6800, CVE-2013-1418, CVE-2013-1416,
CVE-2013-1415 and CVE-2012-1016 fixed.
– Fixed: With Kerberos authentication, when typing a wrong password at log on or screen saver unlock,
badPwdCount in Active Directory was incremented by 2 instead of 1 and thus the
account was locked too soon.
– Added security patch to fix CVE-2014-0196
– Fix for identical custom CAs.
– Fixed CVE-2014-6271 (ShellShock Bug)
– Fixed Active Directory domain logon with user principal names (UPN): Before logon was only working
if the first part of the UPN was the same as the sAMAccountName of the user.
– Improved FAT USB Stick write performance with using flush,dirsync mount option instead of sync.
The corresponding switch is in the IGEL Registry:
– devices.autofs.automount%.sync_option, default: Disabled (default was changed)
– devices.autofs.automount%.flush_option, default: Enabled (new registry entry)
To get back old behaviour switch devices.autofs.automount%.sync_option to enabled.
– Fixed glibc 2.15 security issues: CVE-2015-0235 (GHOST), CVE-2012-6656, CVE-2014-6040,
CVE-2014-7817, CVE-2014-5119, CVE-2014-0475, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043,
CVE-2013-4332, CVE-2012-4412, CVE-2012-4424, CVE-2013-0242, CVE-2013-1914, CVE-2013-4237
and CVE-2013-4332
– Fixed english label in application launcher: renamed “Start …” in context menu of
applications to “Execute …”
– On resume caps-lock/scroll-lock modifiers are reset
– Updated timezone information

[TC Setup (Java)]
– Added hint in setup tooltips that suspend option isn’t available with Universal MultiDisplay.
– Fixed alphabetical sorting of keyboard layout list on IGEL Setup page User Interface->Language.
Previously the sorting was not correct in some languages like German.

[Desktop]
– Fixed the “Hide Cursor” feature
– Added support for DisplayPort Resolution 2560×1080
– Fixed display gamma correction setting on UD2 and UD3
– Fixed wrong background of taskbar separators after screen lock
– The System set the focus correctly on desktop after system start.
Registryparameter: userinterface.desktop.focusable must be activate.

[VPN]
– Fixed Genucard DHCP IP retrieval

Security: cloud-client.info domain blacklist

February 23rd, 2015

Hello Folks,

like already mentioned in our blog registration form we will publish domains which are used by spam bots, malware and virus senders and/or domains where users perform suspicious actions against our websites.

So here is our first list called “domains_we_dont_like” containing 643 domains (collected by our websites in the last 12 months), you can use this list as blacklist for mail servers or to protect other webhostings/services. We do also allow the use of this list for other security related use and to prevent these actions in the future. Please note: There are also a couple popular email providers like GMX, Yahoo or Hotmail in the list, as long these mail provider can’t prevent the massive misuse of there services we have no reason to remove these providers from the list. All listed domains are used a couple of times for different suspicious activities, if you are responsible for one of these domains and you want to be removed you can get in contact with us to discuss how you can be removed from the list.

The list will updated from time to time.

Cheers

Michael

 

Info: What clients can be used with the Windows Server 2012 Work Folder feature?

February 23rd, 2015

Hi Folks,

very often asked during workshop’s, what Clients can be used with the Windows Server 2012 Work Folder feature. Currently the following Desktop/Mobile OS’s are supported:

– Windows 8(.x) x86 and 64-Bit and Windows RT: Work Folder support is coming directly with the OS.
– Windows 7 x86 and 64-Bit; Work Folder support needs do be downloaded from here and to be installed.
– Apple Ipad (IOS): Work Folders app for devices is available in the Apple store

Still unsupported:

– Windows Phone 8(.x)
– Android
– Linux
– Webbrowser based access

It’s quite funny (no, not really) to see how Microsoft create good features/products and directly do the best to kill this advantage by not providing a client for several major OS’s in the same or nearly equal way.. Similar to the still existing Remote Desktop Gateway gap for Windows Phone or a missing Lync/RDP Client for Linux. Before talking about cloud as the future of Microsoft it’s maybe helpfull to unterstand that “cloud” means a bunch of end devices and it still seams that Microsoft did not realize this small but important fact. ..don’t misunterstand me, i really like these features/products but i really don’t like to explain customers/users all the time why they can’t use these features in there infrastructure regarding the lack of a well developed client infrastructure. Maybe it will be better with Windows Server vNext… …or Skype for Business. 🙂 Maybe iam also to spoilt by the existing Citrix client environment… 🙂 🙂

Cheers

Michael

Tip: Using Windows Server 2012 R2 workfolders with Remote Desktop/Citrix XenApp based Terminal Servers/VDI’s

February 23rd, 2015

Hi Folks,

already a year ago I wrote an article how you can change the default port for the Windows Server 2012 R2 workfolder role/feature. By default the Workfolder feature works a “sync” share for Windows 8.1 based desktop systems/VDI’s like a self hosted OneDrive/Google Drive. In the article here i’ve also mentioned that these Workfolders can be mapped to a Terminal Server based on Microsoft Remote Desktop Services and Citrix XenApp.

I got a couple of request how the setup should look like so here is a small guide.

1) Install the Workfolder feature (can be found in the file server roles setup) to a Windows Server 2012 R2, make sure that no other feature or application block the SSL Port 443 or modify the Port by following our guide here. During the Workfolder configuration you will be ask what “folder” name should be used, username or username@domain; use username here only.
2) After the workfolder setup is done create a new smb fileshare pointing to your workfolder directory, make sure to setup the exact similar user rights like set for the original workfolder directory. Open Windows Explorer at the Workfolder Server and check the User Rights for the Workfolder and adopt this configuration for the Workfolder Share. If not done right you may mismatch the Userrights and Users may can access files from other Users or loose the Workfolder access.
3) After this is done open the Group Policy Management Console (GPMC) and create a new policy linked to your Terminal Server OU
4) Edit the new policy and browse to User Configuration->Preferences->Windows Settings->Drive Maps and create two new mapping entries, in my sample i map the workfolder shares to drive U: (Click picture to enlarge). Location should be always \\*your_workfolder_server*\*Workfolder_Sharename*\%USERNAME%.

Create the share configuration

Create the share configuration

Update the share configuration

Update the share configuration

Final view

Final view

5) Close the policy and logon to a terminal server to verify the configuration, all modified content within the drive U: will be synced to the user devices and vice versa.

Cheers

Michael

P.S.: This can be also used with any Microsoft Desktop OS based VDI if you want to use the workfolder sync feature only for physical devices (which make sense to prevent double data in the Workfolder Share and the User Profile/Personal VDisk). If you install the file resource manager to the Workfolder Server to set quotes (like 250MB availabe space per User) make sure to set the similar quote also for the fileshare!

P.S.2: The screenshot’s are coming from a production environment, that why the location path is pixeled.

 

Tip (Update): Setting the Startmenu for Terminal Server Users working with Windows Server 2012 R2

February 23rd, 2015

Hi Folks,

maybe you noticed already that the handling for the Startmenu is very different between Windows Server 2012 R2 and old Windows Server versions like 2008 R2 and so on. These configurations will also work for Windows 8.1 incl. Windows 8.1 RT (Require enabled Group Policy Client service or local Policy setup).

A lot of Administrator want to modify the Startmenu and to offer a standard view for all User, this can be a very tricky task and i saw already a lot of funny way’s how to edit it. To clear this up a little bit i would like to suggest you two ways how this task can be done, the first variant will introduce you a “static” way. Static means the User will get a “fixed” Startmenu without the ability to change something here. The second way will introduce you a way to create a “default” Starmenu  that can be modified by the User. So you can figure out which way works best for you, depending on the scenario, for example if you deploy Terminal Server thru Citrix Provisioning with an static base image it doesn’t make sense to give the User the ability to modificate the Startmenu in any way. These configurations can be done thru local and/or domain policies.

Way 1 – Static Startmenu for all users

1) Login as User with Administrator permissions and install/setup all Applications you want to provide to the user.
2) Setup Starmenu like it should be “published” to the users.
3) After you have finished the final look and feel create a new SMB Share on any fileserver in your environment, call it “startmenu” or something similar.
4) At the server where you have created the Startmenu “User” view open the powerhell with administrative permissions and enter the command: “Export-StartLayout -Path \\*yourfileserver*\*sharename*\StartMenu.xml -As XML”
5) Logoff from the Terminal Server and start the GPMC (Group Policy Management Console) on any domain system where the GPMC is available.
6) Create a new policy (or use an existing Policy) and link it to the OU where your Terminal Server Users can be found and click the right mouse button->Edit.
7) In the policy browse to User Configuration->Policies->Administrative Templates->Start Menu and Taskbar and edit here the setting Start Screen Layout.
8) Enable the policy and set the Start Layout File to the file you have created in 4) = \\*yourfileserver*\*sharename*\StartMenu.xml

startmenustatic

9) Close the policy and make sure the policy is assigned to the right OU, after this login to the Server and verify the result.

Please note: The Startmenu can not be modified thru a User! For the Export-StartLayout command (4) you have to use the XML format for the export, the bin format can not be used thru the policy! If you assign the policies to a Computer OU like your terminal servers don’t forget to enable loopback processing!

Update: I forgot, Applications where the shortcut is not listed in %ProgramData%>Microsoft>Windows>Start Menu may dissapear after the second User Login (Notepad, Internet Explorer default entry as example). So you may have to create the Shortcuts by your own and assign it to the Startmenu before exporting the XML file. In this folder you can also setup the Applications that should be shown to the User in the “full” Starmenu applications view by editing the User permissions for each file and folder in a very simple way. As example if you want to hide the Windows Store disable the permission inheritance and set the User permissions to full access for “Domain Administrators”, “System”, “Administrators” and add the Usergroup(s) which should be able to gain access to the Applications thru the “full” Startmenu view (Arrow down button in the Startmenu). If you want to be more secure regarding the general Application access you can also combine this with the Windows Applocker feature.

Way 2 – Flexible default Startmenu for all Users (Source: Microsoft Platform)

There is also an alternative described here: Microsoft Platform, this way allows also provide write access for the users but it’s a little bit tricky to set it up and can cause issues in production.

I personal do prefer Way 1 which make more sense for the most scenarios, so i do provide only the link to the source.

Cheers

Michael

Lenovo released a Superfish uninstall tool

February 21st, 2015

Hi Folks,

after big public concerns against the Superfish pre-installed tool coming with some Lenovo End Consumer product’s, Lenovo now released a tool to fully remove the Superfish Adware.

You can download the software from the Lenovo support site here.

I strongly recommend to perform the uninstall as soon as possible, the root certificate is already hacked (CA Private key password: “komodia”) and this means it’s now quite simple to create or be a victim of a man in the middle attack by using this certificate anymore.

Cheers

Michael