[THIN] Re: Hotfix AAC450W001 - Bug in "your password is about to expire"
- From: "Robert Perrett" <robert_perrett@xxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 26 Jul 2007 09:56:28 +1000
AAC logon. I put the below hotfix on the AAC, and now you are unable to
choose skip on any of the logonpoints. You can still change your
password ok, however if you 'skip' you are returned to the logon page of
that logonpoint.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Joe Shonk
Sent: Wednesday, 25 July 2007 12:52 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Hotfix AAC450W001 - Bug in "your password is about
to expire"
Are you getting this with the GINA or Web Interface?
Joe
On 7/23/07, Robert Perrett <robert_perrett@xxxxxxxxxxxxx > wrote:
Has anyone else applied this hotfix yet?
There seems to be a bug on the "your password is about to
expire" screen. If you select 'skip' you are returned to the login page
instead of being logged in.
Rob
Rob Perrett
Systems Administrator
Information Technology
Tel: 02 9030 1674
Fax: 02 9030 6262
Tower 1 Darling Park
201 Sussex Street
Sydney, NSW 2000
www.commander.com <http://www.commander.com/>
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:
thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig ThinHelp.com
Sent: Saturday, 21 July 2007 11:49 AM
To: THIN
Subject: [THIN] KB: CTX112803 - Hotfix AAC450W001 - For Access
Gateway Advanced Edition 4.5
CTX112803 - Hotfix AAC450W001 - For Access Gateway Advanced
Edition 4.5
This document was published at:
http://support.citrix.com/article/CTX112803
Document ID: CTX112803, Created on: Jul 19, 2007, Updated: Jul
20, 2007
Products: Citrix Access Gateway 4.5 Advanced Edition
<http://support.citrix.com/servlet/KbServlet/download/13949-102-17043/AG
AE%20Zip%20file.zip> Attachment: AGAE Zip file.zip
<http://support.citrix.com/servlet/KbServlet/download/13949-102-17043/AG
AE%20Zip%20file.zip> (15.1 K)
Hotfix readme name: AACE450W001.HTML
Hotfix package name: AAC450W001.EXE
For: Access Gateway Advanced Edition 4.5
Replaces: None
Date: July, 2007
Languages supported: English (US), French, German, Japanese, Spanish
Readme version: 1.0
Note: You can apply this hotfix only to computers running Access Gateway
Advanced Edition 4.5.
Installing and Uninstalling this Hotfix
Caution:
Before installing this hotfix, use Windows Explorer to create a backup
of configured logon point folders because the logon points are not
preserved when this hotfix is applied. After the hotfix is installed,
configure your logon points again. Any customized logon points that are
configured must also be recreated. When this hotfix is installed, all
customized logon points are erased.
To configure logon points
1. Click Start > Programs > Citrix > Access Gateway > Server
Configuration.
2. Click Configured Logon Points.
3. For each logon point, click Remove and click Deploy.
4. When all of your logon points are deployed, click OK.
Notes:
This hotfix may or might not prompt you to restart the server when the
installation or uninstallation is complete.
To install this hotfix:
1. Download the hotfix package from the Hotfixes and Service Packs
page of the Citrix Web site at
<http://downloadns.citrix.com.edgesuite.net/2397/AAC450W001.zip>
http://downloadns.citrix.com.edgesuite.net/2397/AAC450W001.zip
2. Copy the hotfix package to an empty folder on the hard drive of
the server you want to update.
3. Close all applications.
4. Run the executable.
5. Restart the server.
To uninstall this hotfix:
1. On the server running Advanced Access Control, click Start >
Administration Tools > Component Services.
2. Expand COM+ Services.
3. Right-click Access Gateway Server and click Shut down.
4. Click Start > Settings > Control Panel.
5. In Control Panel, double-click Add or Remove Programs.
6. Highlight the hotfix you want to uninstall and click Remove.
7. Follow the directions.
Where to Find Documentation
This document describes the issues solved by this hotfix and includes
installation instructions. You can find more information about Citrix
Access Gateway Advanced Edition 4.5 in the Citrix Access Gateway
Advanced Edition Administrator's Guide . The guide is in the
\Documentation directory on the Citrix Access Gateway Advanced Edition
CD. All product documentation is also available from the Citrix Web site
at <http://www.citrix.com/support> http://www.citrix.com/support.
The Administrator's Guide is in an Adobe Portable Document (PDF) format
file. To view, search, and print the documentation, you need Adobe
Reader 5.0.5 or later with Search. You can download Adobe Reader for
free from the Adobe Web site at <http://www.adobe.com/>
http://www.adobe.com/.
New in this Release
Access Gateway and Citrix WANScaler Support
The Access Gateway works with Citrix WANScaler to support TCP
optimization. WANScaler enhances Common Internet File System (CIFS) and
HTTP connections and accelerates traffic through the Access Gateway. The
Access Gateway is installed in the DMZ and the WANScaler is installed
behind the Access Gateway in the secure network. Clients connect through
the Access Gateway and WANScaler to resources in the secure network.
Two settings must be configured to support TCP optimization:
* Preserve TCP options for each network that is configured on the
Access Gateway. You configure network resources and then for each
network that is to have the TCP settings preserved, you apply the policy
for that network.
* Configure the Access Gateway to communicate with the WANScaler
Client. When this is configured, the Access Gateway sends a filter list
to the WANScaler Client with the settings for TCP optimization.
To configure TCP optimization on Access Gateway Advanced Edition
1. In the Access Management Console, in the left pane, click Citrix
Resources > Access Gateway > Gateway Appliances > Appliance name.
2. Under Common Tasks, click Edit Gateway appliance properties.
3. Click Accessible Networks, click Enable TCP Acceleration, and
then click OK.
4. In the Access Management Console, click Citrix Resources >
Access Gateway > Network Resources and select a network resource.
5. Under Common Tasks, click Edit network resource.
6. In Network Resource Properties, select Server and Port Settings,
select a network resource from the list, and click Edit.
7. Select TCP, select TCP Acceleration, and click OK.
[From AAC450W001][#24472]
Support for Web-enabled Mobile Devices
Access Gateway Advanced Edition supports Web access for Web-enabled
mobile devices. User can connect using Clientless Access to applications
such as the Web Interface, Microsoft Outlook Web Access, and Microsoft
SharePoint.
When users log on to Access Gateway Advanced Edition using a Web-enabled
mobile device, they can click My Applications that displays a list of
configured resources in the Access Management Console.
Known Issue(s) in this Release
Caution! Several items in this hotfix may require you to edit the
registry. Using Registry Editor incorrectly can cause serious problems
that may require you to reinstall your operating system. Citrix cannot
guarantee that problems resulting from the incorrect use of Registry
Editor can be solved. Use Registry Editor at your own risk.
* Do not interrupt the install/uninstall process of this hotfix by
clicking Cancel. Interrupting the process prevents a clean rollback and
leaves your original installation corrupted.
* You must apply this hotfix to all servers, including Management
Console-only systems.
* You might be prompted for your Access Gateway Advanced Edition
4.5 CD when attempting to install or uninstall this hotfix. The issue is
caused by unversioned files that were part of the original installation
that might not be cached. If this happens, without canceling the
uninstall process, point to the location and click OK to continue.
* Silent installation of this hotfix is not supported.
* Installing this hotfix will first attempt to uninstall any
previous Access Gateway Advanced Edition 4.5 hotfixes on the system
before continuing with the hotfix install. On systems that have both the
Server and Management Console components installed, there might be an
intermittent issue where the uninstall of the previous hotfix ends
prematurely. If the hotfix you are attempting to install is not
displayed in Add/Remove Programs in the Control Panel, install the
hotfix again.
* If you are configuring Access Gateway Advanced Edition in a
double-hop deployment, the Access Gateway appliance in the first DMZ and
the appliance in the second DMZ communicate using port 9005.
Issue(s) Resolved in this Hotfix
1. Attempts to download files larger than 12 megabytes fail when
using Clientless Access through the Web proxy.
[From AAC450W001][#24047, #160178]
2. If a Web site uses UTF-16 encoded Web pages and users access the
site through the Web Proxy, blank pages appear.
[From AAC450W001][#24071]
3. Users who log on through the Access Gateway to the Advanced
Access Control option are not notified when an updated version of the
Secure Access Client is available. To have the version number of the
Net6Helper.cab sent automatically to Advanced Edition, Hotfix 4.5.5 must
be installed on the Access Gateway appliance and Hotfix AACE450W001 on
the server running Advanced Edition. When these versions are installed,
users are notified to update the Secure Access Client. If the Access
Gateway cannot be upgraded to Version 4.5.5, verify that the value for
SACCodebase in the Web.Config file in your default logon point contains
the correct version number for the file Net6Helper.cab.
[From AAC450W001][#24191]
4. Windows Firewall Scan might report that the firewall is enabled
even when the Windows Firewall Service (Internet Connection
Firewall/Internet Connection Service service) is stopped. If this
occurs, reinstall the Endpoint Analysis Client on the client device.
[From AAC450W001][#24275]
5. If the logon point session time-out, mouse and keyboard
inactivity time-out, and network activity time-out are all set with a
value of 1440, the Secure Access Client disconnects after 23 minutes.
[From AAC450W001][#24317]
6. If a user connects to a Web page containing JavaScript that
defines the text used in a Web application and the application uses a
character set other UTF-8, Japanese, or Western European (iso-8859-1),
the character set might not display correctly when the user connects
through Access Gateway Advanced Edition. On the client device that
connects to the Access Gateway, clear the browser cache. When the cache
is cleared, the JavaScript files are acquired from the server running
the Advanced Access Control option with the correct character set
encoding.
[From AAC450W001][#24318]
7. Content for logon points, session initialization, or the portal
page are not cached. This can cause the perceived load time of Web pages
to be longer than it actually is.
[From AAC450W001][#24349]
8. The Endpoint Analysis Client fails to start if the user who
installs the client is different from the user who is logging on. Before
installing this hotfix, uninstall the Endpoint Analysis Client from
client devices. The issue is not resolved if you try to override the
default behavior (per-user installation) by forcing a per-computer
installation through another method, such as using the command
ALLUSERS=1.
[From AAC450W001][#24362]
9. This fix addresses a security vulnerability. For more
information, see Knowledge Center article CTX113814
<http://support.citrix.com/article/CTX113814> .
[From AAC450W001][#24373]
10. When a user logs off from the Advanced Access Control option,
sessions on the file server are not closed.
[From AAC450W001][#24415]
11. Users trying to connect to sites that are redirected to another
page with a Web address longer than one kilobyte (kb) cannot connect
through the Web Proxy. The limit for a Web address is increased to 2100
characters.
[From AAC450W001][#24424]
12. On a server running the German version of Access Gateway
Advanced Edition, when users are required to change their RSA SecurID
personal identification number (PIN) users could have one generated by
the RSA server. Users receive a message indicating that when OK is
clicked, a new PIN should appear in 10 seconds. Instead, users receive
an error message that says "An internal system error has occurred."
[From AAC450W001][#24466]
13. The Access Gateway Advanced Edition does not display Web
applications on small form factor devices.
[From AAC450W001][#24471]
14. New logon points do not show images until the logon point is
refreshed in the Access Management Console.
[From AAC450W001][#24513]
15. Access Gateway Advanced Edition supports Citrix Presentation
Server Client for Windows, Version 10, which includes support for
Windows Vista.
[From AAC450W001][#24601]
16. When a PowerPoint file is attached to an email, it cannot be
opened or worked on in LiveEdit.
[From AAC450W001][#24623]
17. Occasionally, the Access Gateway connection cannot be
established before the server running Advanced Access Control redirects
the connection to the Access Interface. When this occurs, the Access
Interface Web address is not resolved and users receive a "page not
found" error.
The Advanced Access Control option waits to redirect the
connection based on the value that is in the logon point file
Web.Config, which is five seconds. To change this value, modify
AdvancedGatewayClientActivationDelay in Web.Config.
[From AAC450W001][#24625]
18. If multiple files are attached to an email, users cannot forward
the email using Email Companion.
[From AAC450W001][#24664]
19. When users are logged on to Access Gateway Advanced Edition
using Citrix Presentation Server Clients, users are asked for a client
certificate when trying to open a Microsoft Office file attached to an
email.
[From AAC450W001][#24699]
20. If the policies in the database become corrupted, the policies
cannot be edited or deleted.
[From AAC450W001][#134736]
21. The Windows Firewall Endpoint Analysis Scan works only if
Windows Firewall is manually configured in Windows Security Center on an
individual computer basis. If Windows Firewall is configured using Group
Policy, the scan does not detect Windows Firewall correctly.
[From AAC450W001][#135412]
22. If 50 or more Web resources are configured and then added to one
or more policies, Web proxy performance can deteriorate.
[From AAC450W001][#135774]
23. If a connection to Access Gateway Advanced Edition is slow or is
receiving a large amount of data, the Web proxy could time-out. To
increase the time-out value, add the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MSAM\WebProxy
Name: ReceiveTimeout
Type: REG_DWORD
Data: number of seconds
[From AAC450W001][#136039]
24. When users are using Web Email and viewing email using Outlook
Web Access through Advanced Access Control, if the user clicks Next,
then Back in Outlook Web Access, and then replies to the email, the
reply is to the previously viewed email, not the one that is selected.
[From AAC450W001][#136673]
25. If Access Gateway Advanced Edition uses a Cisco RADIUS server
for authentication, users cannot authenticate.
[From AAC450W001][#142607]
26. The Access Gateway Advanced Edition Configuration tool fails if
the access server farm is not available.
[From AAC450W001][#144464]
27. When users are connecting to Access Gateway Advanced Edition
using Citrix Presentation Server Clients, the client cannot be installed
from the installation bar on the Access Interface page.
[From AAC450W001][#145058]
28. For Web resources that allow users to download files using
server scripts, the user is prompted to save the downloaded file with
the script name instead of the name of the original file.
[From AAC450W001][#146804]
29. When a user updates a file on a share, the share does not show
the new file size and time stamp.
[From AAC450W001][#147015]
30. When a user is using the Citrix email client with the German
interface, the "Add to," "Add CC," and "Add BCC" buttons are missing
text and do not work.
[From AAC450W001][#148356]
31. If users try to access Web resources outside servers running
Advanced Access Control, and if the logon credentials contain special
characters in the password, authentication fails.
[From AAC450W001][#149775]
32. Users receive an error message when downloading a file with zero
bytes in length from a published file share.
[From AAC450W001][#150081]
33. If users view a PowerPoint file using HTML Preview and full
screen mode, the Access Gateway Advanced Edition reports an internal
error. After applying the hotfix, remove all cached preview files,
except cache.book, in the %ProgramFiles%\Citrix\Access
Gateway\ActivationCache folder. This forces the cached files to
regenerate. The PowerPoint files appear correctly in full screen mode.
[From AAC450W001][#150505]
34. When a user tries to install Live Edit and is not logged on to
the computer as a member of the Administrators or Power Users group on
the computer, the installation of the ActiveX control fails. After this
hotfix is applied, when users who are not administrators log on, they
can install the ActiveX control.
[From AAC450W001][#154622]
35. If a client computer is using a language other than English,
Japanese, French, German, or Spanish, the Endpoint Analysis Client
installation fails.
[From AAC450W001][#154923]
36. When attempting to publish a file share that has an underscore
(_) in the name, the file share is reported as invalid.
[From AAC450W001][#155091]
37. PassGo RADIUS servers do not accept the Message Authenticator
attribute. The Advanced Access Control option sends this option
automatically causing authentication on the PassGo RADIUS server to
fail. With this release, the Message Authenticator attribute is not sent
automatically. If you are using a RADIUS server that requires this
attribute, edit the CitrixAuthService Web.Config file and set the value
to true.
[From AAC450W001][#155387]
38. If the Web Interface is configured as a Web resource on Access
Gateway Advanced Edition, Client for Java files cannot be cached.
[From AAC450W001][#155440]
39. When a user logs on using a new system-generated RSA SecurID
PIN, the user cannot be authenticated.
[From AAC450W001][#156279]
40. If a Web resource is published that has links with multiple GET
statements or variables in the Web address, the Advanced Access Control
option inserts a second URL before the forward slash. For example, the
Web address
http://my.company.com/jibtest/simple/test.htm?V1=path&V2=path is
rewritten to
https://mycompany.com//CitrixWebProxy/aHR0cDovL2ppYnJoZS5hcGFjLmxhYg--/j
ibtest/simple/test.htm?V1=path&V2=path.
If a forward slash (/) is typed into the original Web address,
such as http://my.company.com/jibtest/simple/test.htm?V1=/path&V2=/path
the Web address is rewritten as https:// <https:///>
my.company.com/CitrixWebProxy/aHR0cDovL2ppYnJoZS5hcGFjLmxhYg--/jibtest/s
imple/test.htm?V1=/path/&V2=/CitrixWebProxy/aHR0cDovL2ppYnJoZS5hcGFjLmxh
Yg--/path/.
When a forward slash is inserted at a second or later variable,
the Advanced Access Control option inserts /CitrixWebProxy/ a second
time and the portal cannot interpret the Web address.
[From AAC450W001][#156639]
41. When Web applications go through a proxy server, and POST HTTP
actions are used, data is redirected to the Citrix activation service.
When this occurs, users receive an error instead of the selection page.
[From AAC450W001][#157656]
42. Users cannot log on to the server running Advanced Access
Control using some versions of Pocket PC 2003 and Windows Mobile 5.0.
[From AAC450W001][#157692]
43. Sorting files on a share by date does not work for some locales.
[From AAC450W001][#159463]
44. Users experience a slow logon when connecting to Access Gateway
Advanced Edition.
[From AAC450W001][#159531]
45. The server running Advanced Access Control is not downloading
files with the GIF extension.
[From AAC450W001][#160321]
46. Logon point pages are limited to images with the GIF extension.
You can now use images with the extensions JPEG, JPG, and PNG.
[From AAC450W001][#160323]
47. If users have a not-for-resale license installed, and then try
to logon to either the Access Gateway Standard Edition or Access Gateway
Advanced Edition using a PDA device, the logon fails.
[From AAC450W001][#161210]
--
Jim Kenzig
Microsoft MVP - Terminal Services
http://www.thinhelp.com
Citrix Technology Professional
Provision Networks VIP
CEO The Kenzig Group
http://www.kenzig.com
Blog: http://www.techblink.com
----------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
system manager. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent
those of the company. The recipient should check this email and any
attachments for the presence of viruses. The company accepts no
liability for any damage caused by any virus transmitted by this email.
----------------------------------------------------
Other related posts:
