AAC logon. I put the below hotfix on the AAC, and now you are unable to choose skip on any of the logonpoints. You can still change your password ok, however if you 'skip' you are returned to the logon page of that logonpoint. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Joe Shonk Sent: Wednesday, 25 July 2007 12:52 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Hotfix AAC450W001 - Bug in "your password is about to expire" Are you getting this with the GINA or Web Interface? Joe On 7/23/07, Robert Perrett <robert_perrett@xxxxxxxxxxxxx > wrote: Has anyone else applied this hotfix yet? There seems to be a bug on the "your password is about to expire" screen. If you select 'skip' you are returned to the login page instead of being logged in. Rob Rob Perrett Systems Administrator Information Technology Tel: 02 9030 1674 Fax: 02 9030 6262 Tower 1 Darling Park 201 Sussex Street Sydney, NSW 2000 www.commander.com <http://www.commander.com/> ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto: thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig ThinHelp.com Sent: Saturday, 21 July 2007 11:49 AM To: THIN Subject: [THIN] KB: CTX112803 - Hotfix AAC450W001 - For Access Gateway Advanced Edition 4.5 CTX112803 - Hotfix AAC450W001 - For Access Gateway Advanced Edition 4.5 This document was published at: http://support.citrix.com/article/CTX112803 Document ID: CTX112803, Created on: Jul 19, 2007, Updated: Jul 20, 2007 Products: Citrix Access Gateway 4.5 Advanced Edition <http://support.citrix.com/servlet/KbServlet/download/13949-102-17043/AG AE%20Zip%20file.zip> Attachment: AGAE Zip file.zip <http://support.citrix.com/servlet/KbServlet/download/13949-102-17043/AG AE%20Zip%20file.zip> (15.1 K) Hotfix readme name: AACE450W001.HTML Hotfix package name: AAC450W001.EXE For: Access Gateway Advanced Edition 4.5 Replaces: None Date: July, 2007 Languages supported: English (US), French, German, Japanese, Spanish Readme version: 1.0 Note: You can apply this hotfix only to computers running Access Gateway Advanced Edition 4.5. Installing and Uninstalling this Hotfix Caution: Before installing this hotfix, use Windows Explorer to create a backup of configured logon point folders because the logon points are not preserved when this hotfix is applied. After the hotfix is installed, configure your logon points again. Any customized logon points that are configured must also be recreated. When this hotfix is installed, all customized logon points are erased. To configure logon points 1. Click Start > Programs > Citrix > Access Gateway > Server Configuration. 2. Click Configured Logon Points. 3. For each logon point, click Remove and click Deploy. 4. When all of your logon points are deployed, click OK. Notes: This hotfix may or might not prompt you to restart the server when the installation or uninstallation is complete. To install this hotfix: 1. Download the hotfix package from the Hotfixes and Service Packs page of the Citrix Web site at <http://downloadns.citrix.com.edgesuite.net/2397/AAC450W001.zip> http://downloadns.citrix.com.edgesuite.net/2397/AAC450W001.zip 2. Copy the hotfix package to an empty folder on the hard drive of the server you want to update. 3. Close all applications. 4. Run the executable. 5. Restart the server. To uninstall this hotfix: 1. On the server running Advanced Access Control, click Start > Administration Tools > Component Services. 2. Expand COM+ Services. 3. Right-click Access Gateway Server and click Shut down. 4. Click Start > Settings > Control Panel. 5. In Control Panel, double-click Add or Remove Programs. 6. Highlight the hotfix you want to uninstall and click Remove. 7. Follow the directions. Where to Find Documentation This document describes the issues solved by this hotfix and includes installation instructions. You can find more information about Citrix Access Gateway Advanced Edition 4.5 in the Citrix Access Gateway Advanced Edition Administrator's Guide . The guide is in the \Documentation directory on the Citrix Access Gateway Advanced Edition CD. All product documentation is also available from the Citrix Web site at <http://www.citrix.com/support> http://www.citrix.com/support. The Administrator's Guide is in an Adobe Portable Document (PDF) format file. To view, search, and print the documentation, you need Adobe Reader 5.0.5 or later with Search. You can download Adobe Reader for free from the Adobe Web site at <http://www.adobe.com/> http://www.adobe.com/. New in this Release Access Gateway and Citrix WANScaler Support The Access Gateway works with Citrix WANScaler to support TCP optimization. WANScaler enhances Common Internet File System (CIFS) and HTTP connections and accelerates traffic through the Access Gateway. The Access Gateway is installed in the DMZ and the WANScaler is installed behind the Access Gateway in the secure network. Clients connect through the Access Gateway and WANScaler to resources in the secure network. Two settings must be configured to support TCP optimization: * Preserve TCP options for each network that is configured on the Access Gateway. You configure network resources and then for each network that is to have the TCP settings preserved, you apply the policy for that network. * Configure the Access Gateway to communicate with the WANScaler Client. When this is configured, the Access Gateway sends a filter list to the WANScaler Client with the settings for TCP optimization. To configure TCP optimization on Access Gateway Advanced Edition 1. In the Access Management Console, in the left pane, click Citrix Resources > Access Gateway > Gateway Appliances > Appliance name. 2. Under Common Tasks, click Edit Gateway appliance properties. 3. Click Accessible Networks, click Enable TCP Acceleration, and then click OK. 4. In the Access Management Console, click Citrix Resources > Access Gateway > Network Resources and select a network resource. 5. Under Common Tasks, click Edit network resource. 6. In Network Resource Properties, select Server and Port Settings, select a network resource from the list, and click Edit. 7. Select TCP, select TCP Acceleration, and click OK. [From AAC450W001][#24472] Support for Web-enabled Mobile Devices Access Gateway Advanced Edition supports Web access for Web-enabled mobile devices. User can connect using Clientless Access to applications such as the Web Interface, Microsoft Outlook Web Access, and Microsoft SharePoint. When users log on to Access Gateway Advanced Edition using a Web-enabled mobile device, they can click My Applications that displays a list of configured resources in the Access Management Console. Known Issue(s) in this Release Caution! Several items in this hotfix may require you to edit the registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. * Do not interrupt the install/uninstall process of this hotfix by clicking Cancel. Interrupting the process prevents a clean rollback and leaves your original installation corrupted. * You must apply this hotfix to all servers, including Management Console-only systems. * You might be prompted for your Access Gateway Advanced Edition 4.5 CD when attempting to install or uninstall this hotfix. The issue is caused by unversioned files that were part of the original installation that might not be cached. If this happens, without canceling the uninstall process, point to the location and click OK to continue. * Silent installation of this hotfix is not supported. * Installing this hotfix will first attempt to uninstall any previous Access Gateway Advanced Edition 4.5 hotfixes on the system before continuing with the hotfix install. On systems that have both the Server and Management Console components installed, there might be an intermittent issue where the uninstall of the previous hotfix ends prematurely. If the hotfix you are attempting to install is not displayed in Add/Remove Programs in the Control Panel, install the hotfix again. * If you are configuring Access Gateway Advanced Edition in a double-hop deployment, the Access Gateway appliance in the first DMZ and the appliance in the second DMZ communicate using port 9005. Issue(s) Resolved in this Hotfix 1. Attempts to download files larger than 12 megabytes fail when using Clientless Access through the Web proxy. [From AAC450W001][#24047, #160178] 2. If a Web site uses UTF-16 encoded Web pages and users access the site through the Web Proxy, blank pages appear. [From AAC450W001][#24071] 3. Users who log on through the Access Gateway to the Advanced Access Control option are not notified when an updated version of the Secure Access Client is available. To have the version number of the Net6Helper.cab sent automatically to Advanced Edition, Hotfix 4.5.5 must be installed on the Access Gateway appliance and Hotfix AACE450W001 on the server running Advanced Edition. When these versions are installed, users are notified to update the Secure Access Client. If the Access Gateway cannot be upgraded to Version 4.5.5, verify that the value for SACCodebase in the Web.Config file in your default logon point contains the correct version number for the file Net6Helper.cab. [From AAC450W001][#24191] 4. Windows Firewall Scan might report that the firewall is enabled even when the Windows Firewall Service (Internet Connection Firewall/Internet Connection Service service) is stopped. If this occurs, reinstall the Endpoint Analysis Client on the client device. [From AAC450W001][#24275] 5. If the logon point session time-out, mouse and keyboard inactivity time-out, and network activity time-out are all set with a value of 1440, the Secure Access Client disconnects after 23 minutes. [From AAC450W001][#24317] 6. If a user connects to a Web page containing JavaScript that defines the text used in a Web application and the application uses a character set other UTF-8, Japanese, or Western European (iso-8859-1), the character set might not display correctly when the user connects through Access Gateway Advanced Edition. On the client device that connects to the Access Gateway, clear the browser cache. When the cache is cleared, the JavaScript files are acquired from the server running the Advanced Access Control option with the correct character set encoding. [From AAC450W001][#24318] 7. Content for logon points, session initialization, or the portal page are not cached. This can cause the perceived load time of Web pages to be longer than it actually is. [From AAC450W001][#24349] 8. The Endpoint Analysis Client fails to start if the user who installs the client is different from the user who is logging on. Before installing this hotfix, uninstall the Endpoint Analysis Client from client devices. The issue is not resolved if you try to override the default behavior (per-user installation) by forcing a per-computer installation through another method, such as using the command ALLUSERS=1. [From AAC450W001][#24362] 9. This fix addresses a security vulnerability. For more information, see Knowledge Center article CTX113814 <http://support.citrix.com/article/CTX113814> . [From AAC450W001][#24373] 10. When a user logs off from the Advanced Access Control option, sessions on the file server are not closed. [From AAC450W001][#24415] 11. Users trying to connect to sites that are redirected to another page with a Web address longer than one kilobyte (kb) cannot connect through the Web Proxy. The limit for a Web address is increased to 2100 characters. [From AAC450W001][#24424] 12. On a server running the German version of Access Gateway Advanced Edition, when users are required to change their RSA SecurID personal identification number (PIN) users could have one generated by the RSA server. Users receive a message indicating that when OK is clicked, a new PIN should appear in 10 seconds. Instead, users receive an error message that says "An internal system error has occurred." [From AAC450W001][#24466] 13. The Access Gateway Advanced Edition does not display Web applications on small form factor devices. [From AAC450W001][#24471] 14. New logon points do not show images until the logon point is refreshed in the Access Management Console. [From AAC450W001][#24513] 15. Access Gateway Advanced Edition supports Citrix Presentation Server Client for Windows, Version 10, which includes support for Windows Vista. [From AAC450W001][#24601] 16. When a PowerPoint file is attached to an email, it cannot be opened or worked on in LiveEdit. [From AAC450W001][#24623] 17. Occasionally, the Access Gateway connection cannot be established before the server running Advanced Access Control redirects the connection to the Access Interface. When this occurs, the Access Interface Web address is not resolved and users receive a "page not found" error. The Advanced Access Control option waits to redirect the connection based on the value that is in the logon point file Web.Config, which is five seconds. To change this value, modify AdvancedGatewayClientActivationDelay in Web.Config. [From AAC450W001][#24625] 18. If multiple files are attached to an email, users cannot forward the email using Email Companion. [From AAC450W001][#24664] 19. When users are logged on to Access Gateway Advanced Edition using Citrix Presentation Server Clients, users are asked for a client certificate when trying to open a Microsoft Office file attached to an email. [From AAC450W001][#24699] 20. If the policies in the database become corrupted, the policies cannot be edited or deleted. [From AAC450W001][#134736] 21. The Windows Firewall Endpoint Analysis Scan works only if Windows Firewall is manually configured in Windows Security Center on an individual computer basis. If Windows Firewall is configured using Group Policy, the scan does not detect Windows Firewall correctly. [From AAC450W001][#135412] 22. If 50 or more Web resources are configured and then added to one or more policies, Web proxy performance can deteriorate. [From AAC450W001][#135774] 23. If a connection to Access Gateway Advanced Edition is slow or is receiving a large amount of data, the Web proxy could time-out. To increase the time-out value, add the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MSAM\WebProxy Name: ReceiveTimeout Type: REG_DWORD Data: number of seconds [From AAC450W001][#136039] 24. When users are using Web Email and viewing email using Outlook Web Access through Advanced Access Control, if the user clicks Next, then Back in Outlook Web Access, and then replies to the email, the reply is to the previously viewed email, not the one that is selected. [From AAC450W001][#136673] 25. If Access Gateway Advanced Edition uses a Cisco RADIUS server for authentication, users cannot authenticate. [From AAC450W001][#142607] 26. The Access Gateway Advanced Edition Configuration tool fails if the access server farm is not available. [From AAC450W001][#144464] 27. When users are connecting to Access Gateway Advanced Edition using Citrix Presentation Server Clients, the client cannot be installed from the installation bar on the Access Interface page. [From AAC450W001][#145058] 28. For Web resources that allow users to download files using server scripts, the user is prompted to save the downloaded file with the script name instead of the name of the original file. [From AAC450W001][#146804] 29. When a user updates a file on a share, the share does not show the new file size and time stamp. [From AAC450W001][#147015] 30. When a user is using the Citrix email client with the German interface, the "Add to," "Add CC," and "Add BCC" buttons are missing text and do not work. [From AAC450W001][#148356] 31. If users try to access Web resources outside servers running Advanced Access Control, and if the logon credentials contain special characters in the password, authentication fails. [From AAC450W001][#149775] 32. Users receive an error message when downloading a file with zero bytes in length from a published file share. [From AAC450W001][#150081] 33. If users view a PowerPoint file using HTML Preview and full screen mode, the Access Gateway Advanced Edition reports an internal error. After applying the hotfix, remove all cached preview files, except cache.book, in the %ProgramFiles%\Citrix\Access Gateway\ActivationCache folder. This forces the cached files to regenerate. The PowerPoint files appear correctly in full screen mode. [From AAC450W001][#150505] 34. When a user tries to install Live Edit and is not logged on to the computer as a member of the Administrators or Power Users group on the computer, the installation of the ActiveX control fails. After this hotfix is applied, when users who are not administrators log on, they can install the ActiveX control. [From AAC450W001][#154622] 35. If a client computer is using a language other than English, Japanese, French, German, or Spanish, the Endpoint Analysis Client installation fails. [From AAC450W001][#154923] 36. When attempting to publish a file share that has an underscore (_) in the name, the file share is reported as invalid. [From AAC450W001][#155091] 37. PassGo RADIUS servers do not accept the Message Authenticator attribute. The Advanced Access Control option sends this option automatically causing authentication on the PassGo RADIUS server to fail. With this release, the Message Authenticator attribute is not sent automatically. If you are using a RADIUS server that requires this attribute, edit the CitrixAuthService Web.Config file and set the value to true. [From AAC450W001][#155387] 38. If the Web Interface is configured as a Web resource on Access Gateway Advanced Edition, Client for Java files cannot be cached. [From AAC450W001][#155440] 39. When a user logs on using a new system-generated RSA SecurID PIN, the user cannot be authenticated. [From AAC450W001][#156279] 40. If a Web resource is published that has links with multiple GET statements or variables in the Web address, the Advanced Access Control option inserts a second URL before the forward slash. For example, the Web address http://my.company.com/jibtest/simple/test.htm?V1=path&V2=path is rewritten to https://mycompany.com//CitrixWebProxy/aHR0cDovL2ppYnJoZS5hcGFjLmxhYg--/j ibtest/simple/test.htm?V1=path&V2=path. If a forward slash (/) is typed into the original Web address, such as http://my.company.com/jibtest/simple/test.htm?V1=/path&V2=/path the Web address is rewritten as https:// <https:///> my.company.com/CitrixWebProxy/aHR0cDovL2ppYnJoZS5hcGFjLmxhYg--/jibtest/s imple/test.htm?V1=/path/&V2=/CitrixWebProxy/aHR0cDovL2ppYnJoZS5hcGFjLmxh Yg--/path/. When a forward slash is inserted at a second or later variable, the Advanced Access Control option inserts /CitrixWebProxy/ a second time and the portal cannot interpret the Web address. [From AAC450W001][#156639] 41. When Web applications go through a proxy server, and POST HTTP actions are used, data is redirected to the Citrix activation service. When this occurs, users receive an error instead of the selection page. [From AAC450W001][#157656] 42. Users cannot log on to the server running Advanced Access Control using some versions of Pocket PC 2003 and Windows Mobile 5.0. [From AAC450W001][#157692] 43. Sorting files on a share by date does not work for some locales. [From AAC450W001][#159463] 44. Users experience a slow logon when connecting to Access Gateway Advanced Edition. [From AAC450W001][#159531] 45. The server running Advanced Access Control is not downloading files with the GIF extension. [From AAC450W001][#160321] 46. Logon point pages are limited to images with the GIF extension. You can now use images with the extensions JPEG, JPG, and PNG. [From AAC450W001][#160323] 47. If users have a not-for-resale license installed, and then try to logon to either the Access Gateway Standard Edition or Access Gateway Advanced Edition using a PDA device, the logon fails. [From AAC450W001][#161210] -- Jim Kenzig Microsoft MVP - Terminal Services http://www.thinhelp.com Citrix Technology Professional Provision Networks VIP CEO The Kenzig Group http://www.kenzig.com Blog: http://www.techblink.com ---------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. ----------------------------------------------------