Here it is: Citrix Systems READ ME Citrix (r) MetaFrame XP (tm) Server for Windows (r) with Feature Release 3 April 2003 This document contains information about Service Pack 3 and Feature Release 3 for MetaFrame XP Server for Windows. It contains the following sections: Viewing and Printing this Document Where to Find Documentation Known Issues in this Release Fixes Incorporated in Service Pack 3 Fixes Incorporated in Service Pack 2 Fixes Incorporated in Service Pack 1 Viewing or printing this document ----------------------------------- When viewing this document in Notepad, if the text does not wrap in the window, choose Format > Word Wrap. Before printing from Notepad, you may have to adjust the width of the window to fit your printer paper. To print the document, choose File > Print. WHERE TO FIND DOCUMENTATION The MetaFrame XP documentation is available from the Docs directory of the MetaFrame XP CD and various Docs directories on the Components CD. Use Adobe Acrobat to view PDF files. You can download the free Acrobat Reader program from Adobe's Web site at http://www.adobe.com. Some documentation files are installed on the server with MetaFrame XP. Updates to these documents are installed with Feature Release 3 and Service Pack 3. To display the installed documentation, click the folder icon on the ICA Administrator Toolbar or choose Start > Programs > Citrix > Documentation. Documentation is available also on the Citrix Web site at http://www.citrix.com/support. Select Product Documentation. Updates to Citrix technical manuals are posted on the Web site. CAUTION: Instructions in Known Issues may direct you to use the Registry Editor. Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it. PLEASE NOTE Citrix MetaFrame XP Server, Feature Release 3 installs files in the %systemroot%\System32 folder on a Windows server. These files cannot be safely moved. See the file named Citrix_System32_files.pdf, located in the DOCS directory on this CD, for a complete list of these files. Known issues in this release ---------------------------------- Issues Running MetaFrame XP Server on both operating systems (Windows 2000 Server and Windows Server 2003). ============================================================================ == Changes to a MetaFrame XP server's product code do not take effect instantaneously. When you change a MetaFrame XP server's product code, the change does not take effect until a polling interval passes. When the polling interval is passed, the server attempts to take a new license based on the new product code. The original product code is displayed in the Management Console for MetaFrame XP during the polling interval. [#56603] Small delay in displaying licenses When you add, activate, or delete licenses in the Management Console, you can experience a delay of a minute before the updated license information is displayed in the Management Console and the licenses are available to the farm. If you try to refresh the licensing information in less than a minute you may see a message that the license list is incomplete. [#56674] ica32_all.msi is not supported for independent installation A new file, ica32_all.msi, is used during the regular installation of MetaFrame XP on a server. Using ica32_all.msi for independent installation of the ICA Client outside of the MetaFrame XP installation is not supported. [#55827] IMA Service can fail to start when using IPSEC The Citrix IMA Service can fail to start when IP Security (IPSEC) is required in communications between MetaFrame XP servers and the server hosting the MetaFrame XP server farm's data store. When the MetaFrame XP server is restarted, the IMA Service must wait for the Microsoft IPSEC services to start. You can fix this problem by manually adding PolicyAgent to the IMAService dependencies list. Add the string "PolicyAgent" to the registry value DependOnService under HKLM\SYSTEM\CurrentControlSet\Services\IMAService. [#54405] MetaFrame 1.8 installation using the Program Neighborhood Agent If you want to use the Program Neighborhood Agent as the pass-through client on the MetaFrame XP Server and you are upgrading from MetaFrame 1.8, you must install both the full Program Neighborhood Client and the Program Neighborhood Agent when you run MetaFrame Setup. Installing Program Neighborhood updates earlier versions of the Program Neighborhood Client. Not updating the client can cause problems. If you want to install only the Program Neighborhood Agent pass-through client, remove Program Neighborhood using Add/Remove Programs for MetaFrame XP Server with Feature Release 3. Select the Modify option in the installation wizard to remove components. [#58844] Close the Management Console before running CHFARM Be sure that the Management Console for MetaFrame XP is closed before you run the chfarm command. Running chfarm while the console is open can result in loss of data and functionality. [#42269] Multiple servers can be set to be most preferred data collectors When installing servers into a new zone, multiple servers can be automatically set to be most preferred data collectors. [#57146] Avoid a forward slash (/) in Active Directory Service account names when using MFCOM The MFCOM service incorrectly interprets an Active Directory Service user name that contains forward slashes. The "/" in an account name string is interpreted as a folder delimiter. For example, account name "account/01_A" is interpreted as two separate entities, the string "account" is interpreted as a MFCOM folder, and "01_A" is treated as a user name. The most common exception caused is "the parameter is incorrect" but other exceptions can also occur. Either do not use MFCOM to access Active Directory Service account names that contain a "/" or avoid using a "/" in the account names. [#56361] Setting CTX_MF_ENABLE_VIRTUAL_SCRIPTS for a silent installation Running a silent installation of MetaFrame XP without setting the MetaFrame XP Setup property CTX_MF_ENABLE_VIRTUAL_SCRIPTS to "Yes" or 1" can cause Setup to abort. A "Yes" or "1" setting prevents a prompt for creating a virtual scripts directory during silent installation. For more information on customizing MetaFrame XP Setup, see the MetaFrame XP Server Administrator's Guide. CTX_MF_ENABLE_VIRTUAL_SCRIPTS is used when the XML port on the MetaFrame XP server is shared with Internet Information Services (IIS) and one of the following is true: * The server is running Windows Server 2003 with IIS installed * The server is running Windows 2000 Server with IIS installed and the IIS Lockdown Tool applied [#62080] Input from Extended UNICODE Keyboard Support-enabled clients fails in four cases When you use Windows XP Tablet PC Edition Service Pack 1 with Speech to Text or handwriting recognition invoked (utilizing the writing pad): * If the ICA published application or desktop is configured for the floating bubble option in SpeedsScreen Latency Reduction, the floating bubble will not display text written from within the writing pad panel. [#59204] * Text cannot be entered into a shadowed ICA session. [#59424] * Text cannot be entered into the Windows Logon dialog box for an ICA session. [#59425] * Text cannot be entered into an embedded Web session. [#60599] Text entered using the keyboard panel is handled correctly. Issues Running MetaFrame XP Server on the Windows 2000 Server Operating System ============================================================================ == Downgrading to Feature Release 2 resets the XML port The XML port is reset to port 80 when you downgrade from MetaFrame XP Server Feature Release 3 to Feature Release 2 on a server on which Internet Information Services (IIS) is not installed. [#58002] Uninstalled servers continue to be displayed in the Management Console When you uninstall MetaFrame XP from several servers, the servers that are no longer in the MetaFrame XP farm may continue to be displayed in the Management Console (in the Zones pane of the farm's Properties page). Uninstall MetaFrame XP from only ten servers at a time to avoid this issue. [#58288] Issues Running MetaFrame XP Server on the Windows Server 2003 Operating System ============================================================================ == Published application limits Changes that you make to the application instance limits setting for a published application are effective only for ICA connections established after you change the setting. This means that if users disconnect before or after you change the setting, they can always reconnect to the disconnected session. You can either kill disconnected sessions or restart the machines in the farm after you change the setting for it to be totally effective. MetaFrame XP server farm-wide logon limits Changes that you make to the server farm-wide logon limits affect only ICA connections established after you change the setting. This means that if users disconnect before or after you change the setting, they can always reconnect to the disconnected session. You can either kill disconnected sessions or restart the machines in the farm after you change the setting for it to be totally effective. User access to published applications Changes that you make to the users or user groups who have access to a published application affect only ICA connections established after you change the setting. This means that if users disconnect before or after you change the setting, they can always reconnect to the disconnected session. You can either kill disconnected sessions or restart the machines in the farm after you change the setting for it to be totally effective. You are likely to see this issue if you move users from group to group or if you completely remove groups from the list of those having access to the application. Audio as a minimum requirement Audio as a minimum requirement cannot be enforced on Windows Server 2003 when users are reconnecting to disconnected sessions. This limitation will be fixed in a future release of Windows Server 2003. Issues using smart cards on Windows Server 2003 Contact your smart card vendor for specific smart card software that is validated by the vendor for use with Windows Server 2003. Citrix recommends that you contact your smart card vendor for advice and support before deploying MetaFrame XP running on Windows Server 2003 with your smart card system. The minimum encryption level set in a MetaFrame XP policy is not enforced The minimum encryption level, set in a MetaFrame XP policy using the Management Console, is ignored when Citrix ICA Clients connect to a server running Windows Server 2003. Citrix will be working with Microsoft to resolve this issue. You can use Microsoft Terminal Server Group Policies to enforce minimum encryption level on a Windows Server 2003 server. See "ICA session encryption level can be controlled with Microsoft Group Policies" later in this readme. [#62013] ICA session encryption level can be controlled with Microsoft Group Policies You can use the Microsoft Terminal Services Group Policy option, Set client connection encryption level, to set the minimum encryption level for an ICA Session. There are three encryption levels: High Level (128 bit), Low Level, and Client Compatible. When High Level is used, ICA Clients must be configured for 128 bit encryption to access the MetaFrame XP server. When Low Level is used, data is encrypted at the maximum level supported by the ICA Client. A client can be configured at any ICA encryption level to access the server including Basic. When Client Compatible is used Basic is excluded, otherwise data is encrypted at the maximum level supported by the ICA Client. [#28454] Limiting connections for anonymous users may be enforced erratically in one case When you set the registry key HKLM\SYSTEM\CurrentControlSet\Control\Citrix\MaxAnonymousUsers to limit connections for anonymous users and the Terminal Services Configuration setting Restrict each user to one session to Yes, the result is erratic enforcement of the limit. Sometimes the connection limit is exceeded without errors and sometimes fewer connections are permitted than the allowed limit. If you want to use the MaxAnonymousUsers registry key to limit the number of anonymous user connections, ensure that Restrict each user to one session is set to No. [#56127] Installation of Citrix Web Console on a non-MetaFrame XP server To install the Citrix Web Console on a server that is running Windows Server 2003 but is not running MetaFrame XP, you must turn on Active Server Pages scripting support in Internet Information Services. Follow these steps: Start the Internet Information Services Manager from within Administrative Tools. Click the local computer. Double-click Web Service Extensions. In the right pane, right-click Active Server Pages and select Allowed. [#60081] Client time zone settings no longer override Windows group policy settings Help in the Management Console for MetaFrame XP states that client time zone settings override similar settings configured in Microsoft Windows Group Policies. This statement is not true for MetaFrame XP servers running Windows Server 2003. On a server running Windows Server 2003, the Microsoft Terminal Services Group Policy option, "Allow time zone redirection", overrides the Management Console setting, "Use local time of ICA Clients". An ICA session on a client connected to that type of server reflects the server's time zone when "Allow time zone redirection" is disabled. The setting "Use local time of ICA Clients" is ignored. [#62388] Internet Explorer Enhanced Security Configuration can restrict Internet browsing Users can be restricted in browsing the internet from an ICA session if the Internet Explorer Enhanced Security Configuration is enabled. This feature is enabled by default when Windows Server 2003 is installed. To allow users to browse the Internet easily follow these steps: 1. Open Add or Remove Programs in the Control Panel. 2. Click Add/Remove Windows Components. 3. Click Internet Explorer Enhanced Security Configuration and click Details. 4. Make sure the setting "For all other user groups" is not selected. Click OK. For security, you may want to leave Internet browsing restricted for the administrator group. [#62591] Anonymous users must be in the Remote Desktop Users group in order to connect To allow anonymous users to connect to a MetaFrame XP server, add the anonymous user accounts to the Remote Desktop Users group. Anonymous user accounts are created during MetaFrame XP installation. To administer group access choose Start > Administrative Tools > Computer Management > Local Groups and Users > Groups. [#62483] After installing MSDE start the MSDE service prior to installing MetaFrame XP When you install an instance of Microsoft SQL Server 2000 Desktop Engine (MSDE) for use as a data store, start the MSDE service by restarting the server prior to installing MetaFrame XP. The MSDE Service should be running when MetaFrame XP accesses the data store during installation. For more information about installing MSDE from the MetaFrame XP Server CD, see the MetaFrame XP Server Administrator's Guide. [#62944] Citrix WMI Provider for MetaFrame XP ======================================= Using the WMI Provider with servers running Windows Server 2003 Citrix recommends that you do not use a WMI consumer (for example, Microsoft MOM) to manage a server running Windows Server 2003 if you have more than 10 servers in your server farm. **************************************************************************** ** Fixes Incorporated In Service Pack 3 --------------------------------------- This service pack includes all hotfixes that were previously released separately, and additional fixes that were not previously released. MetaFrame XP, Service Pack 3 includes all of the hotfixes packaged into MetaFrame XP, Service Packs 1 and 2. Hotfix releases are cumulative; that is, they include fixes contained in prior hotfix releases. Issues addressed by hotfixes are listed here once, under the number of the hotfix in which they were first resolved. ME183T030 The <LSGT> (less than, greater than, and backslash) keys on a Swiss German keyboard did not work when NumLock was off. To resolve this problem, the respective key codes were redefined to use the scancode for the keys rather than the Alt+ sequences. [#252708] ME183T036 Servers experienced fatal system errors with error code 0xA. This occurred when memory allocation failed at the beginning or end of shadowing. A Citrix .dll did not record the state correctly and processed unwanted GDI calls. With this hotfix, the Citrix .dll records the state correctly. [#258497] ME183W032 UNIX clients connected to MetaFrame XP servers could not import some file types into Office applications if the filenames were longer than 12 characters. Users might notice this problem with .cgm or .hpgl files. With this hotfix, the files are imported successfully. [#242375] ME183W035 The less than, greater than, and bar (pipe symbol) key on a Swedish keyboard did not work when NumLock was off. To resolve this problem, the respective key codes were redefined to use the scancode for the key rather than the Alt+ sequences. [#254572] ME183W039 The Published Application Manager displayed updated user and group names incorrectly when they were renamed by the user. The Published Application Manager stores the user and group names in the registry and displays them in the user list. The security descriptor stored in the registry by the Published Application Manager now dynamically recreates the user and group names and the Published Application Manager now displays the user and group names correctly. [#257865] ME183W041 1. The Program Neighborhood Service intermittently trapped with error code C0000005. A buffer allocated for asynchronous read was deleted before the asynchronous read operation was cancelled. This caused a write on released memory that corrupted the heap. This hotfix cancels the asynchronous read operation before deleting the buffer and the Program Neighborhood Service no longer traps. [#243884] 2. When setting the seamless flag to 0x01 in the following registry key, seamless session sharing was not being disabled as it should have been: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control \Citrix\Wfshell\TWI\SeamlessFlags A code path was not reading or using the registry flag to determine whether or not to share the session. A modification to the code path now disables session sharing as intended. [#256474] XE102W001 Smart card authentication to a MetaFrame server using Schlumberger CSP Version 4.1 smart cards did not always work. For example, if the smart card was used with an ANSI client with a specific session ID, the session ID remained in the device handle table. If the smart card was later used in a session with a UNICODE client, the cached ANSI session ID caused authentication to fail. This hotfix corrects this problem by invalidating the cached session ID, causing the client information to be refreshed for each new session. [#254074] XE102W002 Under certain conditions, the session monitoring and control (SMC) API would obtain incorrect information for ICA sessions. During an ICA session, the session ID parameter was set to the current session ID. When the session was terminated, the session ID was not reset and the same session ID was erroneously used for the next ICA session. With a modification to software code, this behavior no longer occurs. [#254700] XE102W003 1. This hotfix adds Microsoft Active Directory users support for the MetaFrame COM server. [#255434] 2. Removing the video mode in Feature Release 2 resulted in breaking existing customer code developed based on the APSDK. A revision to the Apsdk.dll file reverses the change that removed the video mode. [#253023] XE102W004 Users in an ICA session using the Linux Client were unable to connect to the client printer. The following error message appeared: "Could not connect to the client printer." The problem was caused by the Ctxprnui.exe file being located in the wrong directory. The installation script was modified so that the file is correctly located in the %WINNT%\System32 directory. [#254494] XE102W005 Sometimes ICA sessions would hang and eventually would disconnect. This was caused by a problem in the code that buffers the ICA packets sent to the client. If the buffer filled up, the code would enter a wait loop that could not be preempted. This used all the CPU and subsequent attempts to log on were very slow. A modification to the code permits flushing the buffer when it becomes full, thereby making room for additional data to be sent to the client. [#256987] XE102W006 Users could not authenticate when using a Schlumberger smart card on the client and the Schlumberger smart card CSP and virtual channel on a server newly installed (not upgraded from MetaFrame Version 1.0 or Feature Release 1) with MetaFrame XP with Feature Release 2. After entering the PIN, the following error message appeared: "Provider DLL failed to initialize correctly." The Schlumberger smart card CSP Dll file imports functionality from several Citrix Dll files located in the %GANGES_INSTALL_LOCATION%\citrix\system 32 directory. These files were moved to the %SystemRoot%\system 32 directory and users can authenticate without error. [#256661] XE102W007 1. Could not save Microsoft Word 98 (Office 97 Professional) documents on a client mapped drive. The following error message appeared: "There has been a network or file permission error. The network connection may be lost <filename.doc>." Word 98 documents can now be saved without error. [#245447] 2. Users occasionally experienced a trap in Cdm.sys when failing to access a file. When Cdm.sys failed to access a file, the Windows I/O subsystem was not always notified. Subsequently, the system crashed when the Windows I/O subsystem tried to perform various operations on the file. [#254580] 3. Users could not delete print jobs if the option "Start printing after last page is spooled" was selected and the ICA connection disconnected because of network disruption during spooling. The "Start printing after last page is spooled" option appears on the Advanced tab of the printer Properties dialog box. This hotfix provides a check function that detects print jobs with a delete status, even if a session is disconnected. The check also works whether or not the "Start printing after last page is spooled" option is selected in the printer's properties. [#249730] 4. A remapped ICA Client COM port device intermittently displayed a time-out error message during I/O operations. Applications that use the device sometimes indicated that the device was not connected or had timed out. This occurred because the MetaFrame XP server lost track of the ICA Client's input buffer data count when processing a GetPort request. The server callback function cleared the server's local copy of the client's input data count but failed to restore the count. With this hotfix, a local copy of the data count is restored to the callback function. [#251239] XE102W008 The browser could not enumerate application lists for older ICA Clients because they passed only one flag instead of two. This hotfix permits enumeration of the application list when only one flag is passed. [#256897] XE102W009 Users/groups in a Windows NT 4.0 domain are given rights to published applications. The Windows NT 4.0 domain permits users/groups to authenticate and connect to the applications. A trust is established between the Windows NT domain and an Active Directory domain, and the users/groups were migrated to the Active Directory domain using Microsoft's Active Directory Migration (ADMT) utility. The migration is accomplished with Sid history enabled. Following the migration, users/groups could no longer access their published applications. A similar problem occurred when administrators for the Management Console were migrated. They could no longer log on to the console. The problem occurred because the IMA Distinguished Name for a published application did not account for Sid history. The Distinguished Name is formed using the domain name and the account Sid. The Distinguished Name formed with the Active Directory domain and the Windows NT 4.0 Sid did not match the Distinguished Name for any published applications in the data store. With this hotfix, the domain name is skipped when comparing Distinguished Names for published applications or searching for the Management Console administrators. [#251728] XE102W010 When ICA listener names were changed from the default "ICA-tcp," any attempt to shadow sessions from the shadow taskbar failed for all encryption levels except Basic. MetaFrame XP looks for the default ICA listener name "ICA-tcp." If this listener name is not found, the shadow taskbar defaults to Basic encryption. With this hotfix, MetaFrame XP searches for ICA-tcp listeners of any name and determines the highest level of encryption in use by the listeners. The ICA file created to shadow a session is then set to the highest encryption level found. [#249330] XE102W011 1. Sessions that were in a down state were not displayed as such in the Management Console. Instead, the console displayed these sessions as disconnected or do not display any data at all. Other tools displayed the down sessions correctly. This hotfix causes all the tools to display the sessions in a down state correctly. [#254256] 2. Events corresponding to event sources were showing up with no data in them. This problem occurred with the Citrix MetaFrame Management Pack for MOM development process. MOM is Microsoft Operations Manager 2000, which delivers enterprise-class operations management by providing comprehensive event management, proactive monitoring and alerting, reporting, and trend analysis. MOM health pack functionality relies on these events to be generated appropriately. MetaFrame XP components were not registered correctly in the event log-related keys in the registry. Installation of this hotfix causes an executable file to run that updates the registry entries for the MetaFrame components that were not registed properly. After installation of the hotfix, the event sources appear in the event log with the appropriate data. [#254339] 3. Upgrading from MetaFrame XP 1.0 to MetaFrame XP 1.0 with Feature Release 2 left two copies of the ImaRPCclient.dll on the server, with the older version the one being used. The Windows Management Instrumentation (WMI) events were not being generated by this dll. This hotfix deletes the older .dll so that the newer one is used and events are generated correctly. [#27149] XE102W012 1. Some applications, including JavaScript in Internet Explorer and forms in Microsoft Access, displayed the current time in the server's time zone rather than converting it to the client's time zone. [#256602] 2. Local time zone and smart card support, which use API hooking, did not work with some programs. This occurred most frequently with applications created using Borland development tools. The API hooking mechanism assumes the existence of data in a specific part of the image. If that data is not present, local time zone and smart card support fail. With this hotfix, the API hooking mechanism looks for the required data (when necessary) in an alternate part of the image and local time zone and smart card support are successful. [#244817] 3. Some third-party applications became unresponsive or otherwise behaved in an unpredicatable or undesired manner. This is related to the way these applications support API hooking. The problem is dependent upon how these applications are implemented. To prevent problematic programs from using API hooking, set the following registry value. WARNING! Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook Value Name: ExcludedImageNames Type: REG_SZ Value: Badapp1.exe, Badapp2.exe, Badapp3.exe [#257394] XE102W013 The MFCOM "Users" method of the IMetaFrameApplication interface did not work correctly when used against a MetaFrameWinAppObject. In addition, the "Groups" method of the IMetaFrameApplication interface did not work correctly when used against a MetaFrameContentObject. These two problems were caused by an internal function that validated a parameter incorrectly and caused the call to fail. This hotfix corrects this function by validating this parameter correctly. [#257664] XE102W014 1. Servers were trapping with error code 0x1E. [#254903] 2. Servers were trapping with error code 0x0A. [#44342] 3. While using MetaFrame XP on VMware, performance was not scaling as well as expected as the number of sessions increased. A dynamic link library was being linked with an image base that is outside of session space for Windows 2000. This resulted in some memory pages not getting shared across sessions and VMware had to do additional work for non-shared pages. The image base was changed to be within session space, resulting in a decrease in memory usage per session. [#257437] 4. The server intermittently experienced a kernel trap when the server was in ThinWire 1 (TWI) mode. This occurred when a dynamic link library did not correctly handle an error returned by the function used to enumerate the object count and the object list. This caused a situation where the object list had fewer objects than specified by the object count. The function used to enumerate the object count and the object list now returns the data correctly. [#256623] XE102W015 If a user logged on as a domain administrator to a server in an Active Directory domain, drive remapping became unresponsive. The recommended workaround was to move the server out of the Active Directory domain into a workgroup, remap the drives, and then move the server back into the Active Directory domain. Drive remapping is now accomplished without having to remove the server from the Active Directory domain. [#257419] XE102W016 When assigning users to applications in the Management Console, the console could not enumerate Active Directory users in an organization unit if the unit name had a forward slash in it. This problem occurred because the enumeration of an organization unit with a forward slash in the unit name was not being treated as a special case. Enumeration of an organization unit with a forward slash in its name is now treated as a special case and the Management Console successfully enumerates Active Directory users in the organization units. [#257471] XE102W017 Using the command "change client COM1: \\Client\Com1:" to map the server's COM1 port to the client's COM1 port did not succeed. Instead, the server's COM1 port was mapped to the client's LPT1 port. This occurred because the syntax of the command is incorrect. The correct syntax is "change client [host_device][client_device]" (without the parentheses). The program was modified to prevent device mapping in this situation. If the command "change client COM1: \\Client\Com1:" is used, an error message will appear stating that the network name cannot be found. [#254559] XE102W018 The Lotus Notes R5 client caused a Dr. Watson if a user typed in a control box with local text echo enabled. This problem occurred because Lotus Notes does not handle a COM interface call correctly. Although it returns success for the call, it returns an invalid pointer and corrupts the stack area that surrounds the space that stores the invalid pointer. With this hotfix, the return pointer is checked and is not used if it is invalid. The Lotus Notes R5 client with local text echo enabled will run correctly. [#244399] XE102W019 Occasionally, if users attempted to log on immediately after logging off, they could not print to the default autocreated printer because another user's printer was set as the default printer. Installation of this hotfix resolves the issue. [#250207] XE102W020 Excel 97 on MetaFrame XP took a long time to open the .csv file in both ICA and RDP sessions. This occurred because several Dlls were out of synchronization with regard to time zone information. As a result, a Dll kept accessing the registry for every Win32 time function call, thereby slowing down Excel 97. With this hotfix, the Dlls are synchronized for time zone information and Excel 97 works correctly. [#257208] XE102W021 1. A MetaFrame XP server would trap (buffer overrun) because an invalid data packet was sent by the client. This occurred mostly with Linux or UNIX clients. With this hotfix, the server ignores the invalid data packet. [#257127] 2. Wdica.sys sometimes caused a fatal system error because not enough memory buffer space was allocated. This caused a memory overwrite. With this hotfix, enough memory buffer space is allocated to prevent the memory overwrite. [#41539] 3. NOTE: This hotfix item requires that you have the Version 6.30 or later ICA Client installed. Multi-monitor high color seamless applications failed and were put into a remote desktop. This occurred because of a session memory limitation. This hotfix resolves this issue. [#254469] 4. Sometimes when running an ICA session in a language other than English, the English keyboard layout was loaded. This occurred under the following conditions: * The default input locale in the client device was IME-based, such as MS-IME2000 * The keyboard for the ICA Client was set to (User Profile) * The MetaFrame server had an IME-based input locale other than MS-IME2000 installed. When the server received an invalid IME file name, the user's default layout was loaded instead of one of the available IME-based input locales. With this hotfix, the IME-based file name is first verified. If the IME file name is not found, an available IME-based file name is substituted and the correct keyboard layout is loaded. [#257430] 5. The "Explain Text" dialog box for the ICA performance counters contained information about the counter list instead of an explanation of the counter. This occurred because an incorrect function call was being used to get the information for the "Explain Text" dialog box. With this hotfix, the correct function is now called and the information in the "Explain Text" dialog box is displayed correctly. [#44041] XE102W022 The following problem occurred after installing MetaFrame XP 1.0, Feature Release 2, and a corresponding connection license. When trying to deploy a package using Installation Manager, installation stopped and the following error message appeared: "Server incorrectly licensed." This problem occurred because some conditional statements in Installation Manager returned inaccurate data under certain circumstances. This occurred on a random basis. This hotfix removes the conditional statements that are not necessary. After installing this hotfix, packages will deploy correctly. [#257427] XE102W023 In an ICA session, if users clicked on a URL in an application such as Microsoft Outlook and a Web browser was already open, the session did not navigate to the new URL. This occurred because a backup registry value used to establish DDE communication with the Web browser was set incorrectly. With this hotfix, the registry value is set correctly and the URL will open correctly in a running Web browser. [#257855] XE102W024 1. Ctxgina.dll would not load any third party Gina.dlls except for Nwgina.dll or MSGina.dll. Functionally has been added so that other third party Gina.dlls can be loaded by Ctxgina.dll. [#258354] 2. Single Sign-On did not work if the primary Gina Dll was not the Citrix Gina Dll. User credentials were deleted when the Citrix Gina Dll was not the primary Gina Dll. Some applications replace the primary Gina Dll with their own Gina Dll. When this occurred, the following registry key showed the custom Gina Dll instead of the Citrix Gina Dll: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT \Current Version\Winlogon\GinaDll With this hotfix, user credentials are not deleted even if the Citrix Gina Dll is not used. In addition, another Dll was moved to the %SystemRoot%\System32 directory and Single Sign-On now works properly. [#258460] 3. With MetaFrame XP Feature Release 2 and the Novell client installed on the same server, Single Sign-On did not work for the Pass-Through Client in an ICA session. This problem had several causes: A. A known issue in Windows 2000 caused logon scripts not to run in certain situations. B. On a fresh installation of Feature Release 2, a Citrix Dll was not placed in the %SystemRoot% \system32 directory. C. Some third-party GINAs do not run logon scripts. This hotfix moves the Citrix Dll to the %SystemRoot%\system32 directory and the logon script is triggered to run. You need to perform the following workaround: A. Right-click "My Network Places" on the server console. B. Click "Properties." C. From the "Advanced" pull-down menu, choose "Advanced Settings." D. Click the "Provider Order" tab. E. Move "NetWare Services" below "Citrix Single Sign-On." F. Click "OK." Single Sign-On will work correctly for the Pass-Through Client. [#257573] 4. Single Sign-on failed on a server newly installed (not upgraded from MetaFrame Version 1.0 or Feature Release 1) with MetaFrame XP with Feature Release 2 with the Pass-Through Client connecting to a published application. A Citrix Dll was moved from the %GANGES_INSTALL_LOCATION%\citrix\system32 directory to the %SystemRoot%\system32 directory and single sign-on now works correctly. [#257571] XE102W025 After installing Hotfix XE102W009 or XJ102W009, non-MetaFrame XP administrators were able to log on to the Management Console for MetaFrame XP. Code was added to allow migrated MetaFrame XP administrators to continue to log on to the Management Console. This new code does not fully qualify the administrators' credentials. Additional checks were added to the Management Console logon process to verify the administrators' credentials. Non-MetaFrame XP administrators are no longer able to log on to the Management Console. [#43494] XE102W026 1. When running seamlessly, some applications built using the Borland development environment, such as Delphi, sometimes allowed the parent window of a dialog box to go to the foreground, leaving no mechanism to return the dialog box to the foreground. In a seamless session, the parent window can receive messages other than mouse-oriented ones, like a focus change request from the ICA Client. The parent window responds to the request and goes to the foreground. This hotfix introduces a new seamless exception flag by which you can set the following registry value to have the ICA Client always send the mouse event messages to the server. A. Set the following registry value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI Value Name: SeamlessFlags Value Type: REG_DWORD Value: 0x400 B. Install the Citrix ICA Client, Version 6.31 or later. The parent window of a dialog box no longer moves to the foreground to cover the dialog box. [#257632] 2. When disconnecting from an ICA session on certain WBT devices, some modules remained active on the WBT devices. With this hotfix, the modules no longer remain as an active session on the WBT devices. [#249791] 3. Users were unable to change window focus by toggling the window icons on the taskbar. Installation of this hotfix resolves the issue. [#253398] 4. When setting the seamless flag to 0x01 in the following registry key, seamless session sharing was not being disabled as it should have been: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\Wfshell\TWI \SeamlessFlags A path was not reading or using the registry flag to determine whether or not to share the session. A modification to the path now disables session sharing as intended. [#258522] 5. NOTE: This hotfix item does not apply to the Japanese language version of MetaFrame XP 1.0 for Windows 2000. When using Microsoft Word 2000, the AutoText ToolTip window occasionally disappeared for several seconds. Users sometimes noticed the AutoText ToolTip window blinking. This occurred when icon request messages were sent to both the Word 2000 document window and the ToolTip window. The solution is to exclude messages that request icon changes in these two windows. To enable this feature, add the two registry entries detailed below. WARNING! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it. A. Open the Registry Editor and navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI B. From the Edit menu, choose Add Key and add a key with the following information: Key Name: OpusApp Note that you do not need to enter a value in the Class text box. C. Open the OpusApp key you just created. D. From the Edit menu, choose Add Value and add a value with the following information: Value Name: ClassName Data Type: REG_SZ String: OpusApp E. From the Edit menu, choose Add Value again and add a value with the following information: Value Name: Type Data Type: REG_DWORD Data: 00000100 Radix: Hex F. Navigate back to the TWI registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI G. From the Edit menu, choose Add Key and add a key with the following information: Key Name: _WwM NOTE: This Key Name is case-sensitive. To type this Key Name, you must type an underscore, an uppercase "W," a lowercase "w," and then an uppercase "M." H. Open the _WwM key you just created. I. From the Edit menu, choose Add Value and add a value with the following information: Value Name: ClassName Data Type: REG_SZ String: _WwM NOTE: This Key Name is case-sensitive. To type this Key Name, you must type an underscore, an uppercase "W," a lowercase "w," and then an uppercase "M." J. Choose Add Value again and add a value with the following information: Value Name: Type Data Type: REG_DWORD Data: 00000100 Radix: Hex With this change, the AutoText ToolTip and the insertion-point cursor displayed in Microsoft Word 2000 no longer blink. [#242516] XE102W027 1. When Alt-address is specified on a per IP-basis (no default Altaddress) like "ALTADDR /SET AdapterAddress AlternateAddress", Citrix XML service fails to return the IP address. [#245556] 2. Users employing the Web Interface for MetaFrame XP desktop credential pass-through feature may receive the following error message: "ERROR: The MetaFrame XP server farm cannot process your request at this time. Error: Citrix XML Service request too large, more than 4096 bytes [413 request too large]." This error was caused by logic used to prevent a denial of service attack (which restricted the maximum size of a request from the Web Interface) was too restrictive for users who were members of a large number of groups. The default maximum request size has been increased and a new registry key has been added that allows you to increase the maximum request size. The new registry key is: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\XML Service A Value Name called MaxRequestSize of type DWORD controls the maximum request size. If the error message still appears, create the new registry value and increase it until the error message disappears. [#257853] 3. This hotfix addresses a problem that occurred when using the group filtering feature of the Web Interface (formerly NFuse). (Note: The problem occurred only when running in Interoperability mode.) When using group filtering, the Web Interface appeared to return only those applications based on the first Windows NT group configured for that application. This fix ensures that all groups configured for the application are returned. [#246294] XE102W028 When using Chfarm.exe to create a new server farm using a SQL data store, the following message appeared: "The farm name does not correspond with the specified data store. Verify that you have selected the right (good) data store for the specified server farm or enter another name for the server farm." After pressing OK, the following message appeared: "Starting IMA Service." This was followed by several additional messages indicating a failure to start the IMA Service. The initialization of a global variable indicating the default name of the ODBC configuration file was moved. As a result, the global variable was not initialized and the DSN file could not be loaded, causing the creation of the database connection to fail. The global variable is now initialized in a common section of code earlier in the processing of Chfarm to ensure it is available to all code paths and Chfarm now works properly. [#42155] XE102W029 1. Users were sometimes asked if they wanted to make Internet Explorer their default browser the first time they launched it in an ICA session. If the users clicked "Yes," content redirection did not always work in that session. This problem occurred because the code in a .dll did not change the following registry value as was intended: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer \Main Value Name: Check_Associations Value Type: REG_SZ Value: no The code has been moved to an executable and the registry value is now always changed. Users are no longer asked if they want to make Internet Explorer their default browser and content redirection works properly. [#43971] 2. When logging on from an ICA Client that has networked printers, a Dr. Watson sometimes occurred when autocreating the client printers. This occurred because an executable file was not checking for a null pointer. The executable file has been updated so it will check for the null pointer and ICA Clients with networked printers can logon to an ICA session without error. [#43913] 3. If an ICA Client device has printers whose print drivers are not approved on the server, an error event is sent to the server's application event log. The following message appears by the ICA Client device: "Printer Creation." "One or more printers could not be created due to a driver that has not been approved for use on this server. Please contact your system administrator." The program has been modified so the error message no longer appears. [#44092] 4. If a user in an ICA session had client printers created with a universal printer driver, the user could not print to those printers after reconnecting to the ICA session. When reconnecting, the server negotiates with the client about using the printers created with a universal driver. This negotiation did not take place. This hotfix updates the server's ability to negotiate print capabilities with the client when reconnecting. [#258138] 5. Printing to an ICA Client device's networked printer through an ICA session was sometimes slower in Feature Release 2 than in Feature Release 1. This occurred when the Feature Release 2 server and the ICA Client were separated by a wide area network (WAN) and the networked printer was on the client side of the network. Another problem occurred when the Feature Release 2 server and the ICA Client device were on two separate networks and both networks had a networked printer with the same name. Print jobs that intended to be printed on the networked printer on the client side were instead sent to the networked printer on the Feature Release 2 server network instead. When a Feature Release 2 server is separated from the ICA Client by a wide area network (WAN) and the networked printer is on the ICA Client side of the network, printing is slower when the server connects directly to the networked printer, rather than when a Feature Release 2 server creates a client print queue for the networked printer. This occurs in the first example above because print data is sent using Microsoft's SMB protocol. In the second example, print data is sent using Citrix' ICA protocol, which offers data reduction. The hotfix introduces a registry switch so that you can toggle which functionality you want - direct connection to network printers from a Feature Release 2 server or the network printers created as client printers that print through the ICA Client device. Create the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix \ClientPrinterAutoCreate Add the following values: Value Name: fCreateNetworkPrinter Value Type: DWORD Value: 1 (to have network printers created as client printers) Value: 0 (to retain the Feature Release 2 behavior) Reboot the system for the value you entered to take effect. With this feature enabled, network printers are created as client printers in the ICA session. [#258358] 6. If a user reconnected to an ICA session from a client device that was not the one used for the original connection, the printers on the new client device did not get autocreated. Now if the client device used to reconnect to an ICA session is different from the one used for the original connection, printer autocreation will occur. If this feature is on when a user disconnects, all print jobs and printers are deleted. When the user reconnects, the client printers are autocreated. NOTE: MetaFrame does not differentiate between a disconnection caused by the user's intent or one caused by network problems. If sessions can be dropped constantly because of network problems, Citrix recommends that you do not turn this feature on. To turn this feature on, navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix \ClientPrinterProperties Value Name: fReconnectionPrinterReconfig=1 Value Type: REG_DWORD Restart the system after you change the registry for the change to take effect. To turn this feature off: Navigate to the above registry key. Value Name: fReconnectionPrinterReconfig=0 Value Type: REG_DWORD Restart the system after you change the registry for the change to take effect. [#258464] 7. Task Manager showed that Wfshell.exe leaked one handle each time a user reconnected to an ICA session. Wfshell.exe did not close the handle after reconnection. Wfshell.exe has been modified so that it will close the handle after reconnection. This eliminates the handle leak problem. [#258464] 8. Internet Explorer sometimes did not open in the same window size as it did when it was last run. This was caused by Content Redirection launching an instance of Internet Explorer using the SW_SHOW Windows flag. With this hotfix, Content Redirection launches an instance of Internet Explorer using the SW_SHOWNORMAL Windows flag. Internet Explorer opens with the same size window as when it was previously opened. [#44535] 9. After installing or upgrading to MetaFrame XP, Feature Release 2/Service Pack 2, some applications experienced a problem when launching a Web browser. Symptoms of the problem were that a Web browser would not open, that the browser opened a URL passed to it incorrectly, or certain attachments that can be opened in a browser did not open. The problem occurred because the following registry key was backed up and changed to the MetaFrame server FTA executable after Service Pack 2 was installed. Also, some applications may be hard coded to look for popular Web browsers such as Iexplore.exe or Netscape.exe: HKEY_CLASSES_ROOT\http\shell\open\command This hotfix introduces a registry flag that gives you the ability to turn off the file type associations created by the MetaFrame server FTA and restore them to their original values. To disable the file type associations for server FTA, you need to create the following registry key for SFTA: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SFTA Value Name: DisableServerFTA Value Type: DWORD Value: 1 If you use the registry value of 1, you cannot use "Enable content redirection from server to client" for that server. [#44560] 10. Sometimes Microsoft Terminal Server experienced a fatal system error. This occurred when some portion of the MetaFrame XP data store became corrupt and a Citrix Dll received incorrect data. The Citrix Dll could not process the incorrect data. The program has been modified so that even if the MetaFrame data store becomes corrupt, the Microsoft Terminal Service will remain running. [#258382] XE102W030 1. The ADF Installer service caused Terminal Server to change to Install mode after every restart of the system. The ADF Installer service calls on an executable to run the "change user /install" and "change user /execute" commands. However, the system process scheduler did not always run the commands in the order they were issued. Therefore, depending on the order in which the system scheduled them, the system could be in either Install or Execute mode. With this hotfix, the system waits for the "change user /install" process to complete before it starts the "change user /execute" procedure. [#257428] 2. When installing packages that install fonts to any location other than the \winnt\fonts directory, font registration failed and Installation Manager displayed an error message that it was unable to install the application. In addition, Installation Manager was not deleting the fonts properly when uninstalling the package. Installation Manager uses the information in the AddFont section of the packager file to register the fonts. When packaging the application, the full target location of the path was not written in the AddFont section. Also, when uninstalling the package, the fonts did not unregister properly. To resolve the problem, the Packager now writes the full target location of the fonts in the AddFont section. We created a new section, DeleteFont, that will unregister the fonts properly by calling the correct Win32 APIs. Installation Manager no longer displays the error message. [#41627] 3. The following error message appeared in the scenario described below: "Error, 1015. Error posting the package file..." A. A new project was created with the Packager and then saved. B. The Packager was closed and then reopened. C. The project was reopened and additional files were included. The above error message appeared when attempting to save the project. This occurred because the functions that cause the ADF to open and close did not work properly, causing the ADF file to remain open when attempting to save the project. This caused an access violation in the file system. With this hotfix, the functions that affect the opening and closing of the ADF file work correctly and the access violation no longer occurs. [#41570] 4. The Installation Manager Packager and Installer did not properly handle installation recording that added strings to a semicolon delimited registry value of type EXPAND_SZ. The change to the registry was recorded as a "replace" operation rather than an "append" or "prepend" operation. The Packager and Installer were not originally designed to support this feature. Support has been added for prepending and appending strings to a semicolon delimited registry value. Strings of the type EXPAND_SZ are now correctly recorded as append or prepend operations. [#43435] XE102W031 A fatal system error caused by Cdm.sys occurred repeatedly with error code 0XCB: "DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS" The error occurred because Cdm.sys could not free all the resources it had acquired. The program has been modified so that Cdm.sys will free all the resources and the fatal system error no longer occurs. [#256815] XE102W032 The IMA Service became unresponsive when a user started an application for which the command line plus parameters exceeded 128 characters. In the IMA Service, the maximum allocation for the command line and parameters was 128 characters and the buffer was not enlarged to accommodate a command line plus parameters that exceeded 128 characters. This caused a buffer overrun. The program was modified to allocate sufficient memory buffer to accommodate a lengthy command line plus parameters and the IMA Service works correctly. [#258314] XE102W033 1. SpeedScreen Latency Reduction did not work in the email message/edit field in Microsoft Outlook XP. When using Outlook XP with SpeedScreen enabled to "Display Text in Place," the text was displayed as if the "Display Text in Place" setting was not enabled. The problem also appeared in Microsoft Word, which is the format of Outlook XP messages. Outlook XP did not call a required function as was expected. We are now using a similar function that Outlook XP calls and text displays properly in both Outlook XP and Word XP. [#253116] 2. When local text echo is enabled on a ICA Win32 Client and a user backspaces in a custom application, Wfica32.exe traps and the client disconnects. This happened when the server got an invalid index from the custom application. When the client device received the invalid index from the server, it ignored the packet. This caused the client device to store incomplete and inconsistent information. The server now catches the invalid index sent from the custom application and sends a corrected packet to the client device. The user can backspace in the custom application without causing the client to disconnect. [#43462] 3. Administrator's could not disable local text echo for published application windows in the SpeedScreen Configured Input Field list. When creating the window hierarchy list from the published application's SpeedScreen configuration file, the class and window name strings were inadvertently truncated. The truncated strings caused subsequent window searches of the hierarchy list to fail, which prevented reading the configuration input settings. This hotfix prevents the truncation of the class and window name strings in the window hierarchy list and local text echo can be disabled for published application windows in the SpeedScreen Configured Input Field list. [#258071] XE102W034 SpeedScreen Latency Reduction did not work if all servers in a farm were not set to create the network protocol listener. The Query Farm command mismatched server names and server network addresses. This could occur: * When not all servers in a farm were set to create UDP protocol listeners, query farm and query farm /tcp sometimes reported incorrect IP addresses. * When not all servers in a farm were set to create IPX protocol listeners, query farm and query farm /ipx sometimes reported incorrect IPX addresses. * When not all servers in a farm were set to create NetBIOS protocol listeners, query farm and query farm /netbios sometimes reported incorrect NetBIOS addresses. The program has been modified so that server names and server network addresses always match even when not all servers in the farm are set to create network protocol listeners. [#44844] XE102W035 When installing MetaFrame XP Feature Release 2 as a clean install or an upgrade from a previous version of MetaFrame on a Windows 2000 server with Microsoft Service Pack 3, the ICA Pass-Through Client is not installed. See the Citrix Knowledgebase article CTX015294 for complete information about this issue. XE102W036 Large MetaFrame XP Feature Release 2/Service Pack 2 server farms sometimes experienced data store contention problems when simultaneously adding or upgrading multiple servers to the farm. Similar problems sometimes occurred when using the Mlicense.exe utility to add multiple licenses or when manually adding multiple licenses to these large farms. When a new server was added to the farm and a dual CPU server was being used for the data store, the CPU usage on the data store server sometimes went to 100% for periods of time up to 30 minutes. Problems with installation integrity and the Management Console connectivity were sometimes experienced during this time. Because of the changes made in this hotfix, fewer read requests will be sent to the data store, resulting in improved data store/database performance. These changes will decrease installation and license addition times. [#43961] XE102W037 Diacritic dead keys such as acute, grave, or circumflex did not work on UNIX Clients configured with a US International keyboard layout. This occurred because the UNICODE diacritic key mappings were invalid in the MetaFrame XP US International keyboard file. The US International keyboard file now contains the correct UNICODE mappings for the diacritic keys. When a diacritic key is pressed, no output appears until the next key is pressed. [#44415] XE102W038 Users did not get all their published applications if they were members of too many NDS groups. This occurred because the code did not provide sufficient buffer size for Novell APIs when enumerating groups. This is resolved by increasing the buffer size to accommodate all the NDS groups. Users can get all their published applications even if they are members of a large number of groups. [#43009] XE102W040 When using chfarm to join an existing farm that uses an Access database for the data store, the local host cache was created in the root directory of the hard drive instead of in the \Program Files\Citrix\Independent Management Architecture directory. This occurred when using a global variable that holds the location of the default local host cache directory was not initialized prior to executing the function that creates the local host cache. The variable is now initialized prior to creating the local host cache and the cache is created in the \Program Files\Citrix\Independent Management Architecture directory. [#256788] XE102W042 Servers sporadically experienced a fatal system error caused by Vdtw30.dll freeing memory twice. PdCrypt2.sys sometimes deleted all of the memory even if the driver was not unloaded, resulting in memory being freed twice. PdCrypt2.sys now deletes all of the memory only when the driver is unloaded from memory and the fatal system error no longer occurs. [#49578] XE102W043 1. A fatal system error occurred when a process in an ICA session attempted to write to a file on the client device. In the process of writing to a file on the client device, the Cdm.sys file sometimes freed the same memory twice. The program is modified so that the same memory is not freed twice and the fatal system error no longer occurs when writing to a file on the client device. [#45391] 2. When being called through a smart card virtual channel, some smart card APIs would hang and return error code 240 if another smart card API was in progress. The smart card channel did not have the support to prevent one smart card API from canceling the results of other smart card APIs. This hotfix adds the support needed to prevent the smart card API from canceling the results of other smart card APIs and error code 240 is not returned. [#46325] 3. When being called through a smart card virtual channel, a zero time-out was being treated as an infinite value. With this hotfix, time-out zero is treated as a normal time-out and is no longer considered as an infinite value. [#46325] XE102W046 An application error occurred when users created a new client update database in the ICA Client Update Configuration utility. This problem is specific to Windows 2000. The FileDialog class compiled by using the latest Microsoft Platform SDK is larger in size than in the Microsoft Foundation Class dlls. When a FileDialog class is destroyed, the offsets used in memory for member variables are incorrect and the class is not destroyed properly. This hotfix allows the FileDialog class to build the correct size. You can create the new ICA Client database in the ICA Client Update Configuration utility. [#258312] XE102W047 Using the Management Console, users modified the order of packages in a package group and exited the console. When the users returned to the console, the packages were no longer displayed in the same order. The relationships between the package groups and packages were not being loaded correctly from the Independent Management Architecture service. This hotfix corrects that behavior. Package ordering persists when exiting and reentering the Management Console. [#45953] XE102W048 When using qfarm to enumerate online or offline servers in a particular zone, users were receiving inaccurate results. If a server was added to a zone and the zone name was capitalized differently than it was when the first server was placed in the zone, or if a mixed-case zone name was used, the search for online or offline servers did not correctly identify which zone a server was in. For example, "qfarm /offline zonename" listed one server in the farm and "qfarm /offline ZONENAME" listed a different server in the farm even if both servers were online. The zone name is saved in the data store without regard to case but the search algorithm performed a case-sensitive search for servers in the zone. The search algorithm now performs a case-insensitive search for servers in the zone. Qfarm /online and Qfarm /offline work as expected. [#43188] XE102W049 1. Servers sometimes experienced a fatal system error caused by Vdtw30.dll with error code 0x50 (PAGE_FAULT_IN_NONPAGED_AREA) or 0xC2 (BAD_POOL_CALLER). This occurred because a buffer did not have enough memory allocated for reconnecting or shadowing. Vdtw30.dll has been modified to always allocate sufficient memory to the global buffer and the fatal system error no longer occurs. [#50076] 2. The mouse pointer disappeared when using the Microsoft Magnifier on the desktop. The Magnifier sends multiple mouse pointer hide and restore requests and the mouse pointer was not being restored after a hide request. [#49495] XE102W050 Diacritic dead keys such as acute, grave, circumflex, diaeresis, and tilde did not work properly when using a Linux Client connected to a MetaFrame server with a Danish keyboard layout. This occurred because the diacritic key UNICODE mappings were not properly defined in the Danish keyboard (.kbd) file. The Danish keyboard file now contains the correct UNICODE mappings and the diacritic keys behave as dead keys. When a diacritic key is pressed, no output is displayed until the next key is pressed. [#51003] XE102W051 If a MetaFrame XP server with Service Pack 2 did not have a Feature Release 2 license installed, printers could not be created asynchronously for published applications. This occurred because the registry switch that controls asynchronous printer creation was inadvertently deleted from Service Pack 2. The registry has been modified to include the proper switch. Client printers are created asynchronously for all published applications launched on the server whether a Feature Release 2 license is present or not. [#51934] XE102W052 When recording an installation management package using the Packager, the server sometimes experienced a fatal system error caused by Enblrdrv.sys with error code 0xC2 (BAD_POOL_CALLER). The reference count to allocated memory block was not being updated using automatic functions. This resulted in memory being freed twice. With this fix, the program uses automatic functions to update the reference count for allocated memory and the server no longer experiences a fatal system error. [#46546] XE102W053 When connecting to a published application through the Web Interface for MetaFrame XP (formerly NFuse) using credentials in a domain where the domain name contained an ampersand (&), the following error message appeared: "The application encountered an error trying to connect to the MetaFrame XP server through NFuse. The ticketing feature is disabled on one or more MetaFrame XP servers. Please make sure the Citrix XML Service is running in the farm and that all are listening on the same port number." An ampersand is the escape character in XML and HTML. The Citrix XML parser attempted to parse the characters after the ampersand as an escape character sequence, which caused the error in the XML parser. The ampersand in the domain name is now properly encoded in the XML request and the ticketing feature works as intended. [#51707] XE102W054 The IMA Service sometimes experienced a fatal system error when an administrator was browsing the Installation Manager folder in the Management Console. While reading the network credentials for the Installation Manager folders from a data store into a memory buffer, a variable that held the buffer size could be bigger than the actual size of the buffer. This caused data to be written out of buffer bounds. With this hotfix, the variable that holds the buffer size reflects the actual size of the memory buffer and the IMA Service operates correctly. [#52135] XE102W055 When saving NDS group names that contained a forward slash (/) in a data store, the IMA Service could not retrieve and parse the group names correctly. Before saving the group names, change any forward slashes in the group names to a non-NDS character. When you retrieve the group names from the data store, replace the non-NDS character in the names with the forward slash (/). [#60136] XE102W056 In the Management Console, when the Use Local Time checkbox was deselected in the <farm name> Properties dialog box, some applications that were running in an ICA session utilized 100% of the CPU. This occurred because of excessive queries to the registry. When an ICA session starts, MetaFrame XP writes the client time zone information to the registry if the client time is different from the server time. In the above situation, when the Use Local Time checkbox was deselected, MetaFrame XP did not write to the registry. This resulted in registry access by every Win32 Client time-related function intercepted by MetaFrame. With this update, MetaFrame XP now writes the registry value when the Use Local Time checkbox is deselected. This prevents 100% utilization of the CPU caused by excessive queries to the registry. [#53734] XE102W057 1. If an attempt was made to launch an application on a server where the application was not being published, a server desktop was launched instead. This modification stops the application launching process when the application is not being published on a server. An error message appears and no server desktop is launched. [#53009] 2. When attempting to change the password for NDS users through NFuse Version 1.7, users received the following error message: 'Change password operation failed.' This occurred because the XML administrative service tried to log on with the user's old password instead of using the new password. This behavior is corrected with this hotfix and users can change their NDS passwords using the NFuse Version 1.7 interface. [#55793] XE102W058 Certain keys did not work on UNIX Clients configured with a Canadian Multilingual Standard keyboard layout. This occurred because there were invalid UNICODE mappings in the Canadian Multilingual Standard keyboard (.kbd) file. The keyboard file now contains the correct UNICODE mappings and all keys work properly. [#48683] XE102W059 1. The IMA Service randomly generated Dr. Watson errors when a MetaFrame XP function deleted a memory pointer but did not set the memory pointer to NULL. As a result, the same memory was freed twice. The program is modified so that the same memory is not freed twice and the IMA Service no longer generates Dr. Watson errors. [#53262] 2. Administrators could not import a print server that had a large number of print queues. This occurred because the RPC call to the print server requesting the driver and port information timed out when enumerating a large number of print queues. To prevent the Management Console from timing out while enumerating print queues, add the following to the command line when running the console: java -Djava.ext.dirs=Ext -jar Tool.jar -gcInterval:0 -EnumTimeoutMul:40 %* Alternatively, you can change the Isctx.log file to include the following as one of the command line options: -EnumTimeoutMul:40 [#46362] XE102W060 If you uninstalled an upgrade installation of MetaFrame XP, Version 1.0 with Feature Release 2, then reinstalled MetaFrame XP, Version 1.0 with Feature Release 2, the following problems occurred: ICA sessions could not be created A "Rasctrs(2001)" entry was written to the event log every time the server was rebooted This was caused by the inadvertent deletion of two registry keys when uninstalling the software. This fix ensures that the associated registry keys are not deleted when uninstalling the software. [#44150] XE102W061 When network errors occurred while processing XML requests, the pending IO list was not being updated. This caused the XML Service to consume CPU cycles. With this hotfix, the pending IO list is updated and the XML Service no longer consumes CPU cycles. [#52121] XE102W062 1. The application event log returned the following auto-created client printer error message when using a universal printer driver: "Event ID 1106, Client printer autocreation failed. The driver could not be installed. Possible reasons for the failure: The driver is not in the list of drivers on the server. The driver cannot be located. The driver has not been mapped." To prevent this error message from appearing, you need to edit the registry. Navigate to the following registry key: WARNING! Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. HKEY_LOCAL_MACHINE]SOFTWARE\Citrix\IMAPRINTER Add the following: Value Name: DisableError Type: DWORD Value: 1 [#256508] 2. An audit event was not recorded at logoff when users logged on to and logged off from the console. A handle leak inhibited the security audit logoff event because the user's impersonation token reference count was not zero. This hotfix eliminates the handle leak and the audit event is now recorded at logoff when users log on to and log off from the console. [#55095] 3. A specific function was not utilizing a Win32 API properly to free memory. Instead, the incorrect memory was freed, which caused the spooler to go down frequently. A modification included in this hotfix causes the Win32 API to free memory properly and the spooler no longer goes down. [#55846] XE102W063 1. When a smart card reader was attached to a server, sometimes the non-paged pool memory was depleted when a user logged on. This caused the system to become unresponsive. This occurred because a function did not always release the allocated non-paged pool memory. A modification now causes the function to always release the non-paged pool memory when it is no longer needed. [#55448] 2. Smart card access did not work properly with certain customized applications. The smart card hook, used to intercept certain function calls destined for the smart card reader, was not working properly. This resulted in commands being issued to a server instead of to the client device where the smart card reader was located. The method used to intercept smart card function calls was modified so the customized application now correctly accesses the smart card reader attached to the client device. [#54978] XE102W064 1. Users who had shadowing rights to specific users could view all users when using the shadowing taskbar. With the installation of this hotfix, users can view only those users for whom they have shadowing rights. [#45401] 2. Under certain circumstances, autocreated client printers were not deleted when a user logged off from an ICA session. The logoff process could not access the ICA Client name to determine which autocreated printers to delete. With this hotfix, autocreated client printers are deleted when a user logs off. [#52394] 3. Using the Program Neighborhood Client, when a user tried to refresh an application set but did not enter user credentials at the prompt, the IMA Service could not be stopped. The thread that reads the user credentials from the client did not exit until either the user entered the user credentials or discontinued refreshing the application set. With the application of this hotfix, the IMA Service can be stopped even if the user does not enter user credentials while refreshing the application set. [#236618] 4. If the default printer on an ICA Client was a network printer, it was not always set as the default printer in the ICA session if the user connected to a Feature Release 2 server. The ICA session did not set the default printer if the default printer on the client was a network printer and the server already had a connection to that printer. With this fix, even if the Feature Release 2 server already has a connection to the network printer, the network printer is set as the default printer in the ICA session as long as it is the default printer on the client device. [#51686] 5. In an ICA session, autocreated printers were always set to "Start printing after last page is spooled" instead of "Start printing immediately" or "Print directly to the printer." Users could change this setting during the ICA session but the next time they logged on, the printers were again set to "Start printing after last page is spooled." With this hotfix, even if users in an ICA session change the settings for autocreated client printers, the change is preserved in the users' profiles. Printer settings will reflect the change at the next logon. [#46108] 6. When using the Citrix Management Console to import a network print server and autocreate the network printers, users found that the printer copy count changed at random in their ICA sessions. The DEVMODE, which determines the copy count field for printers, was not always correctly set for autocreated network printers. This fix ensures that the DEVMODEs for network printers are valid before setting them. The printer copy count for autocreated printers no longer changes at random. [#45049] 7. Sessions in Connected and ConnectQuery states could not be reset through the Management Console. The following error message appeared: "Failed to reset session: User information will be refreshed. Error code: 523." Those sessions could be reset through tools like Terminal Service Manager. Sessions in the ConnectQuery state were shown to be using the RDP protocol when no protocol should have been visible. A change was made to correct this behavior. Sessions in the Connected and ConnectQuery states can now be reset through the Management Console. [#46617] 8. If a seamless ICA session was disconnected, reconnecting to the session did not restore the system tray icons created by seamless applications in that session. This occurred because the system tray agent did not notify the ICA Client of the need to recreate the tray icons when the session was reconnected. This hotfix introduces a function that refreshes the tray icons when reconnecting to a disconnected seamless ICA session. The system trays are now restored when reconnecting to the seamless ICA session. [#44697] 9. Novell Directory Services users sometimes could not reconnect to their disconnected sessions. Instead new sessions were established. NDS user names can be in different formats. When searching for disconnected sessions for a given NDS user name, the MetaFrame XP server did not recognize those sessions disconnected with the same user name but in a different user name format. The MetaFrame XP server will now recognize disconnected sessions with the same user name but in a different user name format. [#254396] 10. In the Management Console, the rules under Load Evaluators did not work. The parameters for the rules were not cached in the local host cache so the Load Evaluators did not know which IP ranges to allow or deny. The data is now cached in the local host cache. After installing this hotfix, edit the rules under Load Evaluators so the values are saved in the directory and updated in the local host cache. The rules under Load Evaluators will now work. [#257582] 11. When running 16-bit Windows applications, some legacy interprocess communication mechanisms (such as shared memory) no longer worked properly. The use of Job Objects to track child processes to control the removal of applications launched from batch files caused 16-bit applications to be started in separate NTVDMs. This resulted in their inability to communicate using shared memory. 16-bit applications that are sharing a session are now launched in the same NTVDM. [#51005] Applications that use shared OLE components (such as COM objects exported from Winword.exe) were not always removed from the Management Console session list even though they terminated. The use of Job Objects to track child processes to control the removal of applications launched from batch files caused this problem. When a published application created a COM object causing another process (such as Winword.exe) to start, the new process was associated with the published application's Job Object. If a second published application used the COM components provided by the Winword.exe process, when the first application terminated, it remained in the session list until the second application released the COM components and Winword.exe terminated. ******************************************************** This Week's Sponsor - NetX Inc Thin Clients NetX develops embedded flexible client solutions, customized to your specifications. Our clients are easy to configure, extremely secure and remotely managed. http://www.netxinc.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm