Has anyone else applied this hotfix yet?
There seems to be a bug on the "your password is about to expire" screen.
If you select 'skip' you are returned to the login page instead of being
logged in.
Rob
*Rob Perrett*
Systems Administrator
Information Technology
Tel: 02 9030 1674
Fax: 02 9030 6262
Tower 1 Darling Park
201 Sussex Street
Sydney, NSW 2000
www.commander.com
------------------------------
*From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Jim Kenzig ThinHelp.com
*Sent:* Saturday, 21 July 2007 11:49 AM
*To:* THIN
*Subject:* [THIN] KB: CTX112803 - Hotfix AAC450W001 - For Access Gateway
Advanced Edition 4.5
CTX112803 - Hotfix AAC450W001 - For Access Gateway Advanced Edition 4.5
This document was published at:
http://support.citrix.com/article/CTX112803
Document ID: *CTX112803*, Created on: Jul 19, 2007, Updated: Jul 20, 2007
Products: Citrix Access Gateway 4.5 Advanced Edition
<http://support.citrix.com/servlet/KbServlet/download/13949-102-17043/AGAE%20Zip%20file.zip>Attachment:
AGAE Zip
file.zip<http://support.citrix.com/servlet/KbServlet/download/13949-102-17043/AGAE%20Zip%20file.zip>(
15.1 K)
Hotfix readme name: AACE450W001.HTML
Hotfix package name: AAC450W001.EXE
For: Access Gateway Advanced Edition 4.5
Replaces: None
Date: July, 2007
Languages supported: English (US), French, German, Japanese, Spanish
Readme version: 1.0
*Note*: You can apply this hotfix only to computers running Access Gateway
Advanced Edition 4.5.
Installing and Uninstalling this Hotfix
*Caution:*
Before installing this hotfix, use Windows Explorer to create a backup of
configured logon point folders because the logon points are not preserved
when this hotfix is applied. After the hotfix is installed, configure your
logon points again. *Any customized logon points that are configured must
also be recreated. When this hotfix is installed, all customized logon
points are erased.*
*To configure logon points*
1. Click *Start > Programs > Citrix > Access Gateway > Server
Configuration*.
2. Click *Configured Logon Points*.
3. For each logon point, click *Remove* and click *Deploy*.
4. When all of your logon points are deployed, click *OK*.
*Notes: *
This hotfix may or might not prompt you to restart the server when the
installation or uninstallation is complete.
*To install this hotfix: *
1. Download the hotfix package from the Hotfixes and Service Packs
page of the Citrix Web site at
<http://downloadns.citrix.com.edgesuite.net/2397/AAC450W001.zip>
http://downloadns.citrix.com.edgesuite.net/2397/AAC450W001.zip
2. Copy the hotfix package to an empty folder on the hard drive of
the server you want to update.
3. Close all applications.
4. Run the executable.
5. Restart the server.
*To uninstall this hotfix: *
1. On the server running Advanced Access Control, click *Start >
Administration Tools > Component Services*.
2. Expand *COM+ Services*.
3. Right-click *Access Gateway Server* and click *Shut down*.
4. Click *Start > Settings > Control Panel*.
5. In *Control Panel*, double-click *Add or Remove Programs*.
6. Highlight the hotfix you want to uninstall and click *Remove*.
7. Follow the directions.
Where to Find Documentation
This document describes the issues solved by this hotfix and includes
installation instructions. You can find more information about Citrix Access
Gateway Advanced Edition 4.5 in the *Citrix Access Gateway Advanced
Edition Administrator's Guide *. The guide is in the \Documentation
directory on the Citrix Access Gateway Advanced Edition CD. All product
documentation is also available from the Citrix Web site at
<http://www.citrix.com/support>http://www.citrix.com/support.
The *Administrator's Guide* is in an Adobe Portable Document (PDF) format
file. To view, search, and print the documentation, you need Adobe Reader
5.0.5 or later with Search. You can download Adobe Reader for free from
the Adobe Web site at <http://www.adobe.com/>http://www.adobe.com/.
New in this Release Access Gateway and Citrix WANScaler Support
The Access Gateway works with Citrix WANScaler to support TCP
optimization. WANScaler enhances Common Internet File System (CIFS) and HTTP
connections and accelerates traffic through the Access Gateway. The Access
Gateway is installed in the DMZ and the WANScaler is installed behind the
Access Gateway in the secure network. Clients connect through the Access
Gateway and WANScaler to resources in the secure network.
Two settings must be configured to support TCP optimization:
- Preserve TCP options for each network that is configured on the
Access Gateway. You configure network resources and then for each network
that is to have the TCP settings preserved, you apply the policy for that
network.
- Configure the Access Gateway to communicate with the WANScaler
Client. When this is configured, the Access Gateway sends a filter list to
the WANScaler Client with the settings for TCP optimization.
*To configure TCP optimization on Access Gateway Advanced Edition*
1. In the Access Management Console, in the left pane, click *Citrix
Resources > Access Gateway > Gateway Appliances > Appliance name*.
2. Under *Common Tasks*, click *Edit Gateway appliance properties*.
3. Click *Accessible Networks*, click *Enable TCP Acceleration*, and
then click *OK*.
4. In the Access Management Console, click *Citrix Resources >
Access Gateway > Network Resources* and select a network resource.
5. Under *Common Tasks*, click *Edit network resource*.
6. In Network Resource Properties, select *Server and Port Settings*,
select a network resource from the list, and click *Edit*.
7. Select *TCP*, select *TCP Acceleration*, and click *OK*.
[From AAC450W001][#24472]
Support for Web-enabled Mobile Devices
Access Gateway Advanced Edition supports Web access for Web-enabled mobile
devices. User can connect using Clientless Access to applications such as
the Web Interface, Microsoft Outlook Web Access, and Microsoft SharePoint.
When users log on to Access Gateway Advanced Edition using a Web-enabled
mobile device, they can click *My Applications* that displays a list of
configured resources in the Access Management Console.
Known Issue(s) in this Release
*Caution!* Several items in this hotfix may require you to edit the
registry. Using Registry Editor incorrectly can cause serious problems that
may require you to reinstall your operating system. Citrix cannot guarantee
that problems resulting from the incorrect use of Registry Editor can be
solved. Use Registry Editor at your own risk.
- Do not interrupt the install/uninstall process of this hotfix by
clicking *Cancel*. Interrupting the process prevents a clean
rollback and leaves your original installation corrupted.
- You must apply this hotfix to all servers, including Management
Console-only systems.
- You might be prompted for your Access Gateway Advanced Edition 4.5CD when
attempting to install or uninstall this hotfix. The issue is caused
by unversioned files that were part of the original installation that might
not be cached. If this happens, without canceling the uninstall process,
point to the location and click *OK* to continue.
- Silent installation of this hotfix is not supported.
- Installing this hotfix will first attempt to uninstall any
previous Access Gateway Advanced Edition 4.5 hotfixes on the system
before continuing with the hotfix install. On systems that have both the
Server and Management Console components installed, there might be an
intermittent issue where the uninstall of the previous hotfix ends
prematurely. If the hotfix you are attempting to install is not displayed in
Add/Remove Programs in the Control Panel, install the hotfix again.
- If you are configuring Access Gateway Advanced Edition in a
double-hop deployment, the Access Gateway appliance in the first DMZ and the
appliance in the second DMZ communicate using port 9005.
Issue(s) Resolved in this Hotfix
1. Attempts to download files larger than 12 megabytes fail when
using Clientless Access through the Web proxy.
[From AAC450W001][#24047, #160178]
2. If a Web site uses UTF-16 encoded Web pages and users access the
site through the Web Proxy, blank pages appear.
[From AAC450W001][#24071]
3. Users who log on through the Access Gateway to the Advanced
Access Control option are not notified when an updated version of the Secure
Access Client is available. To have the version number of the
Net6Helper.cab sent automatically to Advanced Edition, Hotfix 4.5.5must be
installed on the Access Gateway appliance and Hotfix AACE450W001 on
the server running Advanced Edition. When these versions are installed,
users are notified to update the Secure Access Client. If the Access Gateway
cannot be upgraded to Version 4.5.5, verify that the value for *
SACCodebase* in the Web.Config file in your default logon point
contains the correct version number for the file Net6Helper.cab.
[From AAC450W001][#24191]
4. Windows Firewall Scan might report that the firewall is enabled
even when the Windows Firewall Service (Internet Connection
Firewall/Internet Connection Service service) is stopped. If this occurs,
reinstall the Endpoint Analysis Client on the client device.
[From AAC450W001][#24275]
5. If the logon point session time-out, mouse and keyboard
inactivity time-out, and network activity time-out are all set with a value
of 1440, the Secure Access Client disconnects after 23 minutes.
[From AAC450W001][#24317]
6. If a user connects to a Web page containing JavaScript that
defines the text used in a Web application and the application uses a
character set other UTF-8, Japanese, or Western European (iso-8859-1), the
character set might not display correctly when the user connects through
Access Gateway Advanced Edition. On the client device that connects to the
Access Gateway, clear the browser cache. When the cache is cleared, the
JavaScript files are acquired from the server running the Advanced Access
Control option with the correct character set encoding.
[From AAC450W001][#24318]
7. Content for logon points, session initialization, or the portal
page are not cached. This can cause the perceived load time of Web pages to
be longer than it actually is.
[From AAC450W001][#24349]
8. The Endpoint Analysis Client fails to start if the user who
installs the client is different from the user who is logging on. Before
installing this hotfix, uninstall the Endpoint Analysis Client from client
devices. The issue is not resolved if you try to override the default
behavior (per-user installation) by forcing a per-computer installation
through another method, such as using the command ALLUSERS=1.
[From AAC450W001][#24362]
9. This fix addresses a security vulnerability. For more
information, see Knowledge Center article
CTX113814<http://support.citrix.com/article/CTX113814>.
[From AAC450W001][#24373]
10. When a user logs off from the Advanced Access Control option,
sessions on the file server are not closed.
[From AAC450W001][#24415]
11. Users trying to connect to sites that are redirected to another
page with a Web address longer than one kilobyte (kb) cannot connect through
the Web Proxy. The limit for a Web address is increased to 2100 characters.
[From AAC450W001][#24424]
12. On a server running the German version of Access Gateway
Advanced Edition, when users are required to change their RSA SecurID
personal identification number (PIN) users could have one generated by the
RSA server. Users receive a message indicating that when *OK* is
clicked, a new PIN should appear in 10 seconds. Instead, users receive an
error message that says "An internal system error has occurred."
[From AAC450W001][#24466]
13. The Access Gateway Advanced Edition does not display Web
applications on small form factor devices.
[From AAC450W001][#24471]
14. New logon points do not show images until the logon point is
refreshed in the Access Management Console.
[From AAC450W001][#24513]
15. Access Gateway Advanced Edition supports Citrix Presentation
Server Client for Windows, Version 10, which includes support for Windows
Vista.
[From AAC450W001][#24601]
16. When a PowerPoint file is attached to an email, it cannot be
opened or worked on in LiveEdit.
[From AAC450W001][#24623]
17. Occasionally, the Access Gateway connection cannot be
established before the server running Advanced Access Control redirects the
connection to the Access Interface. When this occurs, the Access Interface
Web address is not resolved and users receive a "page not found" error.
The Advanced Access Control option waits to redirect the connection
based on the value that is in the logon point file Web.Config, which
is five seconds. To change this value, modify
*AdvancedGatewayClientActivationDelay
*in Web.Config.
[From AAC450W001][#24625]
18. If multiple files are attached to an email, users cannot forward
the email using Email Companion.
[From AAC450W001][#24664]
19. When users are logged on to Access Gateway Advanced Edition
using Citrix Presentation Server Clients, users are asked for a client
certificate when trying to open a Microsoft Office file attached to an
email.
[From AAC450W001][#24699]
20. If the policies in the database become corrupted, the policies
cannot be edited or deleted.
[From AAC450W001][#134736]
21. The Windows Firewall Endpoint Analysis Scan works only if
Windows Firewall is manually configured in Windows Security Center on an
individual computer basis. If Windows Firewall is configured using Group
Policy, the scan does not detect Windows Firewall correctly.
[From AAC450W001][#135412]
22. If 50 or more Web resources are configured and then added to one
or more policies, Web proxy performance can deteriorate.
[From AAC450W001][#135774]
23. If a connection to Access Gateway Advanced Edition is slow or is
receiving a large amount of data, the Web proxy could time-out. To increase
the time-out value, add the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MSAM\WebProxy
Name: ReceiveTimeout
Type: REG_DWORD
Data: *number of seconds*
[From AAC450W001][#136039]
24. When users are using Web Email and viewing email using Outlook
Web Access through Advanced Access Control, if the user clicks *Next
*, then *Back* in Outlook Web Access, and then replies to the email,
the reply is to the previously viewed email, not the one that is selected.
[From AAC450W001][#136673]
25. If Access Gateway Advanced Edition uses a Cisco RADIUS server
for authentication, users cannot authenticate.
[From AAC450W001][#142607]
26. The Access Gateway Advanced Edition Configuration tool fails if
the access server farm is not available.
[From AAC450W001][#144464]
27. When users are connecting to Access Gateway Advanced Edition
using Citrix Presentation Server Clients, the client cannot be installed
from the installation bar on the Access Interface page.
[From AAC450W001][#145058]
28. For Web resources that allow users to download files using
server scripts, the user is prompted to save the downloaded file with the
script name instead of the name of the original file.
[From AAC450W001][#146804]
29. When a user updates a file on a share, the share does not show
the new file size and time stamp.
[From AAC450W001][#147015]
30. When a user is using the Citrix email client with the German
interface, the "Add to," "Add CC," and "Add BCC" buttons are missing text
and do not work.
[From AAC450W001][#148356]
31. If users try to access Web resources outside servers running
Advanced Access Control, and if the logon credentials contain special
characters in the password, authentication fails.
[From AAC450W001][#149775]
32. Users receive an error message when downloading a file with zero
bytes in length from a published file share.
[From AAC450W001][#150081]
33. If users view a PowerPoint file using HTML Preview and full
screen mode, the Access Gateway Advanced Edition reports an internal error.
After applying the hotfix, remove all cached preview files, except
cache.book, in the %ProgramFiles%\Citrix\Access
Gateway\ActivationCache folder. This forces the cached files to regenerate.
The PowerPoint files appear correctly in full screen mode.
[From AAC450W001][#150505]
34. When a user tries to install Live Edit and is not logged on to
the computer as a member of the Administrators or Power Users group on the
computer, the installation of the ActiveX control fails. After this hotfix
is applied, when users who are not administrators log on, they can install
the ActiveX control.
[From AAC450W001][#154622]
35. If a client computer is using a language other than English,
Japanese, French, German, or Spanish, the Endpoint Analysis Client
installation fails.
[From AAC450W001][#154923]
36. When attempting to publish a file share that has an underscore
(_) in the name, the file share is reported as invalid.
[From AAC450W001][#155091]
37. PassGo RADIUS servers do not accept the Message Authenticator
attribute. The Advanced Access Control option sends this option
automatically causing authentication on the PassGo RADIUS server to fail.
With this release, the Message Authenticator attribute is not sent
automatically. If you are using a RADIUS server that requires this
attribute, edit the CitrixAuthService Web.Config file and set the
value to true.
[From AAC450W001][#155387]
38. If the Web Interface is configured as a Web resource on Access
Gateway Advanced Edition, Client for Java files cannot be cached.
[From AAC450W001][#155440]
39. When a user logs on using a new system-generated RSA SecurID
PIN, the user cannot be authenticated.
[From AAC450W001][#156279]
40. If a Web resource is published that has links with multiple GET
statements or variables in the Web address, the Advanced Access Control
option inserts a second URL before the forward slash. For example, the Web
address
http://my.company.com/jibtest/simple/test.htm?V1=path&V2=path is
rewritten to
https://mycompany.com//CitrixWebProxy/aHR0cDovL2ppYnJoZS5hcGFjLmxhYg--/jibtest/simple/test.htm?V1=path&V2=path
.
If a forward slash (/) is typed into the original Web address, such
as http://my.company.com/jibtest/simple/test.htm?V1=/path&V2=/paththe Web
address is rewritten as
https:// <https:///>
my.company.com/CitrixWebProxy/aHR0cDovL2ppYnJoZS5hcGFjLmxhYg--/jibtest/simple/test.htm?V1=/path/&V2=/CitrixWebProxy/aHR0cDovL2ppYnJoZS5hcGFjLmxhYg--/path/.
When a forward slash is inserted at a second or later variable, the
Advanced Access Control option inserts /CitrixWebProxy/ a second time and
the portal cannot interpret the Web address.
[From AAC450W001][#156639]
41. When Web applications go through a proxy server, and POST HTTP
actions are used, data is redirected to the Citrix activation service. When
this occurs, users receive an error instead of the selection page.
[From AAC450W001][#157656]
42. Users cannot log on to the server running Advanced Access
Control using some versions of Pocket PC 2003 and Windows Mobile 5.0.
[From AAC450W001][#157692]
43. Sorting files on a share by date does not work for some locales.
[From AAC450W001][#159463]
44. Users experience a slow logon when connecting to Access Gateway
Advanced Edition.
[From AAC450W001][#159531]
45. The server running Advanced Access Control is not downloading
files with the GIF extension.
[From AAC450W001][#160321]
46. Logon point pages are limited to images with the GIF extension.
You can now use images with the extensions JPEG, JPG, and PNG.
[From AAC450W001][#160323]
47. If users have a not-for-resale license installed, and then try
to logon to either the Access Gateway Standard Edition or Access Gateway
Advanced Edition using a PDA device, the logon fails.
[From AAC450W001][#161210]
--
Jim Kenzig
Microsoft MVP - Terminal Services
http://www.thinhelp.com
Citrix Technology Professional
Provision Networks VIP
CEO The Kenzig Group
http://www.kenzig.com
Blog: http://www.techblink.com
----------------------------------------------------
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the company.
The recipient should check this email and any attachments for the presence
of viruses. The company accepts no liability for any damage caused by any
virus transmitted by this email.
----------------------------------------------------
