IGEL Universal Desktop LX ========================= Version 4.12.100 May 02 2013 Supported devices: UD2-xxx LX,UD3-xxx LX,UD5-xxx LX,UD9-xxx LX Versions ======== - Citrix Receiver 12.1.6.231670 - Citrix Access Gateway Standard Plug-in 4.6.3.0800 - IGEL RDP Client 1.0 - FabulaTech USB for Remote Desktop 3.1.2 - VMware View client 2.0.0-1049726 - Quest vWorkspace Client 7.6 - Leostream Java Connect 2.3.47.0 - Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848 - Ericom Webconnect 5.6.0.4000-rel.20413 - IBM iSeriesAccess 7.1.0-1.0 - Firefox 17.0.5 - Totem Media Player 2.30.2 - Voip Client Ekiga 3.2.7 - Thinlinc Client 3.2.0 - NX Client 3.5.0-7 - Cisco VPN Client 4.8.02.0030-k9 - NCP Secure Client (Enterprise) 323_038.i686 - ThinPrint Client 7.0.54 - Xorg X11 Server 1.11.4 - Xorg Xephyr 1.7.6 - PC/SC Lite 1.8.1 - MUSCLE CCID Driver 1.4.5 - Omnikey CCID Driver 3.6.0 - Omnikey RFID Driver 2.7.2 - SCM Microsystems CCID Driver 5.0.21 - Safenet / Aladdin eToken Driver 8.0.5-0 - A.E.T SafeSign PKCS#11 Library 3.0.1785 - Gemalto .NET PKCS#11 Library 2.1.0 - SecMaker NetID PKCS#11 Library 5.6.0.44 - Client 0.8 for RedHat Enterprise Virtualization Desktops 3 - INTEL Graphics Driver 2.17.0 - ATI Graphics Driver 6.14.99_git20111219 - VIA Graphics Driver 5.75.32.87a-59172 - VIA Legacy Graphics Driver 4.1.83 - SAP GUI java710rev6 - 2X Client 10.1-1263 ============================================================================= Known issues: ============================================================================= [Client for RedHat Enterprise Virtualization for Desktops 3] - USB Redirection is not supported in this firmware [Quest vWorkspace] - Multimedia Redirection: Sound redirection is not working with WMV/WMA streams - USB Redirection does not work reliable ============================================================================= New features: ============================================================================= [RDP] - RDP RemoteApp: Improved icon handling - A certificate verification error is shown now in the certificate dialog during RDP session startup. [ICA] - Updated Citrix Receiver to version 12.1.6.231670 - Updated Citrix HDX Realtime Media Engine to version 1.2.0-39, used for webcam redirection in Microsoft Lync Client. - New high color icons in XenApp/Program Neighborhood - Citrix XenApp/Program Neighborhood enhancements: - If a user is logged in, the icons to start a new login window are now hidden. - If a disconnect session is configured on desktop, start menu, application launcher or desktop context menu, the logoff session forces a logoff now. The "disconnect" session can be configured by registry keys: sessions.pndisconnect0.settings.in_startmenu sessions.pndisconnect0.settings.in_applaunch sessions.pndisconnect0.settings.on_desktop sessions.pndisconnect0.settings.in_pulldown. - It is now possible to use UPN notation (e.g. "user@domain.com") in XenApp/PN login windows. The following applies ONLY when using alternative domain suffixes (for example if the domain is called "domain.com", but a user should be able to login with "user@othername.local"): Due to a bug in the Citrix Receiver it is currently not possible to use alternative domain suffixes without providing the "real" domain name as well. I.e. the user name entry field may contain an alterative domain suffix in UPN notation (like "user@alternativename.com"), but the domain entry field may not be empty in this case. Instead it has to contain the real domain ("domain.com"). To make this less confusing for the user, it is now possible to lock or even remove the domain entry field in PN/XenApp login windows. If the domain field is hidden, the first entry in the domain list is used for login. To use UPN notation with alternative domain suffixes, do the following: 1. In the setup or in UMS go to the page Sessions > ICA > Citrix XenApp/Program Neighborhood > Server 2. Add the real domain name to the "Domains" list. It should be the first entry. 3. (optional) Change the parameter "Handling of domain in login windows" from "normal" to either "locked" or "hidden". 4. (optional) If you choose "locked", it is probably useful to deactivate the parameter "Remember username and domain" on the "Logon" page. This will avoid problems if the last login was done with a domain name that differs from the real domain name. [Fabulatech] Improved USB remoting mechanism using Fabulatech USB Remote: - HID devices (Class 03), USB HUBs (Class 04), USB network and communication controllers (Classes 02, 0a and e0) and VIA VNT-6656 WLAN controller (VID=160a, PID=3184) are excluded by default, thus such devices always require an explicit allowing rule. [VMware View] - New VMware Horizon View Client 2.0.0. - New support for RDP Multimedia Redirection in Windows 7 RDP sessions. [Quest vWorkspace] - Updated Quest vWorkspace to version 7.6 [Java] - Updated JRE to version 1.6.0 update 43. [Firefox] - Updated Firefox to version 17.0.5 For blocked plug-ins it is possible to add exceptions for certain hosts or domains: In IGEL Setup Registry create new instances of the template browserglobal.app.plugins%. Hosts and/or domains on which execution of plug-ins is explicitly allowed or forbidden can be specified there. For any other host the user can choose at runtime. [Smartcard] - ICA Local Login window can now handle custom PKCS#11 libraries for smart card logon, see new setup page Sessions->ICA->ICA Global->Local Logon->Smartcard. - Active Directory/Kerberos Logon with Smart Card: In IGEL Setup on page Security->Logon->Active Directory/Kerberos now the new login method "Smart Card" can be activated to enable Kerberos logon with smart card. Only certain types of smart cards are supported. The type can be chosen on page Security->Logon->Active Directory/Kerberos->Smartcard. With parameter "Smart Card Removal Action" it can be controlled whether the user is logged off or the thin client is locked if the smart card is removed. [Desktop] - New parameter for mouse double click distance: IGEL Setup -> User Interface -> Input -> Mouse Registry key: windowmanager.wm0.variables.doubleclickdist. Increase the value, if you have problems - Enabled multi monitor setup with autodetection of monitor resolutions. Limitation with VIA VX900 chipsets (IGEL UD5-X30): display port resolutions of 2560x1440/2560x1600 can not be detected correctly, if the resolution of the 2nd monitor is 1920x1080/1920x1200. - Replaced the clock plugin in the task bar with the datetime plugin, which is able to show a calendar. [Base System] - New default USB access control rule to allow HID devices, if USB access control is enabled. (IGEL Setup -> Devices -> USB access control). - Added automatic logoff feature: Executes logoff after the main session is closed. Configuration in IGEL Setup -> Security -> Logon -> Auto Logoff Registry keys: auth.login.autologoff auth.login.autologoff_cmd . - There are two new custom commands: The command configured with registry key auth.login.custom_command_sclogin is executed at the time when a user logged in with IGEL or Kerberos smart card, auth.login.custom_command_login is executed at the time when a user logged in with user/password. - Support for new UMS file transfer types: - Common Certificate (all purpose) - SSL Certificate - Java Certificate - New Remote Administration of the TC by DHCP tags: It is now possible to configure a FTP server/path by DHCP tags, from where a "setup.ini" configuration is downloadable. This feature is enabled by default and should be disabled, if it is not used. Following tags are used: ID 161 server name or ip address of the FTP server ID 162 custom subdirectory: with empty DHCP tag 162 the setup.ini file must be placed under "igel/ud" directory, if specified the setup.ini file must be placed under "subdirectory/igel/ud" directory Authentication: ID 184 username and ID 185 password. - Updated timezone data to version tzdata-2013b. [Network] - New driver for Realtek 8168/8111 ethernet chips: Realtek vendor driver version 8.035.00 (IGEL UD5-X30, UD9-73X) - New support for EAP-GTC wireless WPA/WPA2 Enterprise authentication. - New driver support for D-Link Wireless-USB-Adapter DWA-131 HW-Version B1 based on Realtek RTL8192CU chip. - Wired 802.1X authentication can be canceled now - Added ethernet link status monitoring: registry keys: network.interfaces.ethernet.device0.ifplugd.* network.interfaces.ethernet.device1.ifplugd.* To hide messages the registry keys network.interfaces.ethernet.device0.hide_progress and network.interfaces.ethernet.device1.hide_progress can be used. - Wireless roaming: only messages are shown, instead of stopping and starting the complete network interface. Registry key: network.interfaces.wirelesslan.device0.reconnect_action To hide messages at all use the registry key network.interfaces.wirelesslan.device0.hide_progress - Added new setup parameters to specify a systemwide proxy. This proxy is used by the ICA/HDX Flash-PluginContainer for Flash-Redirection. IGEL Setup -> Network -> Proxy Registry keys: network.proxy.settings.* In case of Flash-Redirection set the parameter "sys_proxy_type" to manual. Also fill in the server and port parameters for the specific protocols http, ssl (=https), ftp and SOCKS type proxies. Note that the parameter sys_proxy_autoconfig_url can only be used by the local browser and is not applicable for ICA/Flash-redirected sessions. Note that the local browser (Firefox) also has proxy settings either for all browser sessions or specific to each session. If local browser rather use the systemwide proxy, go to the Registry and set browserglobal.app.conv_proxy_type to systemwide. [Printing] - Updated ThinPrint Client to version 7.0.54. - It is now possible to specify CUPS printer names which contain environment variables. Set "Enable variable substitution in session" on IGEL Setup page System->Firmware Customization->Environment Variables. These variables are evaluated when the printer is created (at boot or reconfiguration time). As an example, to insert the host name specify e.g. ${HOSTNAME}_PRT1. [Hardware] - New support for IGEL UD3-X40 and UD5-X40 hardware. - New eGalax touch screen support: Choose eGalax touch screen type in IGEL Setup -> User Interface -> Input -> Touch Screen For IGEL UD9-732 this type must be used. ============================================================================= Fixed bugs: ============================================================================= [RDP] - Fixed sporadic RDP session redirection crashes. - Fixed session redirection with enabled data compression. - Fixed RDP Token Redirection. - Improved implementation of the audio channel (MS-RDPEA). Audio channel now works flawless with Windows 2008 server. - Strong CA certificate digests are now supported. - Do not show connection message anymore if the server isn't available. [ICA] - Citrix Receiver 12.1.6 reconnects properly to sessions that have been started with a different color depth. This should also fix some problems with the Citrix cshadow program, when a session should be shadowed from another session running a different color depth. - Citrix Receiver 12.1.6 fixed crashes when Com Port mapping is used. - XenApp/Program Neighborhood with passthrough authentication: Only use short domain name for logon instead of FQDN. [Firefox] -.Fixed permanent storage of Firefox smart card certificate selections. - Fixed permanent storage of Java-Applet configurations: enable registry key java.deployment.save_certificates - Fixed Firefox certificate installation, when certificate is assigned by UMS file transfer. - Autohide function of the toolbars (menu/navigation) can now be controlled by registry keys: Globally by registry key: browserglobal.app.browser_fullscreen_autohide or Session-wise by registry key: sessions.browser0.app.browser_fullscreen_autohide When hiding the tabs-bar (registry key sessions.browser0.app. tabs_bar_hidden) Ctrl-Left clicks in the browser content window (which would open a new tab) are now disabled, because displaying tabs without tabs-bar would cause display freezes. [2X Client] - Window Manager hotkeys can be used now with 2X sessions. [Media Player] - Totem media player: Fixed repeating mode. [Smartcard] - IGEL smartcard: characters & < > [ ] in settings on smartcard are now taken over correctly. Previously e.g. & was modified to &. - Password change of IGEL smartcards is working again. [Desktop] - Fixed rotation bug with 1680x1050 and 1400x1050 resolution. - Fixed non-native resolution scaling on IGEL UD9-73X. [Universal MultiDisplay] - STRG + ALT + Q won't restart the X-Server any longer as well as STRG + ALT + MULTIPLY. [Base System] - Fixed hanging boot process if an administrator password is set and appliance mode is active. - Fixed hanging boot process, when a Kerberos logon configuration is rolled out by an UMS profile - Fixed hanging boot process, if an automatic firmware update check is rolled out by an UMS profile. - Eliminated sampling rate limit on the sound chip VIA VT8233 (IGEL UD2-X20, UD3-X20). Now the chip provides all supported sampling rates from 8kHz to 48kHz - Fixed Kerberos logon and password change with UPN names. - Fixed video player crash, if monitors are switched off by DPMS during video playback on VIA graphics chips (IGEL UD2, UD3, UD5-X20,UD5-X30). - New registry key "sessions.mixer0.grundig_config" to force alsa configuration for grundig dictation devices. - In IGEL Setup on page ICA->ICA Global->Keyboard the hotkey configuration now is only active when "Keyboard Mapping File" is set to "linux", which is needed for the hotkeys to work. - Client VNC application is not allowed anymore to darken the screen and to forbid input of target VNC server. - Custom bootsplash/wallpaper via SFTP fixed. - Fixed right ALT key in English(US) keyboard layout. - Fixed wake up from suspend by usb mouse activity. [Network] - Fixed wake on lan problems with Realtek RTL-8111D/8168D chip (IGEL UD5-X30) - Improved stability of the driver for wireless USB adapter D-Link DWA-131 HW-Version A1 based on Realtek RTL8192SU chip. - The Fibre network card AT-2711FX is now working in IGEL UD5-X30 hardware. - Cisco VPN: prompt for certificate password is now configurable. IGEL Setup -> Network -> VPN -> Cisco -> Cisco VPN connection -> Authentication Registry key: sessions.ciscovpn.profile.nocertpwd. - SCEP client: fix renewal of certificate (do not include challenge password in certificate request for renewal). - New registry key "network.interfaces.wirelesslan.device0.wpa.eapol_version" to configure WPA supplicant IEEE 802.1X/EAPOL version