C H A P T E R 3 |
The following table lists the end-of-support dates for SGD products.
Software and Version | End of Full Support | End of Limited Support | End of Service Life |
---|---|---|---|
Sun Secure Global Desktop Software 4.3 | April 29, 2009 | April 29, 2013 | April 29, 2013 |
Sun Secure Global Desktop Software 4.2 | November 8, 2008 | November 8, 2012 | November 8, 2012 |
Secure Global Desktop Enterprise Edition 4.1 | March 31, 2007 | ||
Secure Global Desktop Enterprise Edition 4.0 | March 31, 2007 | ||
Secure Global Desktop Software Appliance 4.0 | March 31, 2007 | ||
Secure Global Desktop Enterprise Edition 3.44[1] | December 31, 2007 | ||
Secure Global Desktop Enterprise Edition 3.42 | March 31, 2007 | ||
Tarantella Enterprise 3 (including TASP) | March 31, 2007 |
For details of the Sun End of Service Life (EOSL) Policy, see http://www.sun.com/service/eosl/.
Customers with a valid support agreement can upgrade to the latest version of SGD free of charge.
This section lists the known bugs and issues with SGD version 4.40.
Problem: SGD X and character emulators cannot distinguish between the Return key and the keypad Enter key on the user’s client keyboard.
Solution: By default, the SGD Client maps the keypad Enter key to Return in both X and character application sessions. With additional configuration, this behavior can be changed.
To change the behavior of the keypad Enter key in a character application session, you need to set up a keymap for your character application object (--keymap) and add a mapping for KPENTER, for example:
To change the behavior of the keypad Enter key in a Windows or X application session, you need to modify your X keymap (for example, xuniversal.txt) and add a mapping for the KP_Enter key, for example:
92 KP_Enter KP_Enter NoSymbol NoSymbol 0x801c
Problem: Proxy server automatic configuration scripts can specify a list of proxy servers to try. If the first proxy server in the list is unavailable, the browser tries the other proxy servers in turn until it finds one that is available.
If you are using Microsoft Internet Explorer with Sun Java Plug-in tool version 1.5.0, only the first proxy server in the list is used. If that proxy server is not available, the connection fails.
Problem: When using Japanese PC 106 or Sun Type 7 Japanese keyboards with Windows applications running through SGD, the Yen and Backslash keys produce the same result.
Cause: A known issue with key handling.
Solution: Modify the Xsun keytable or the Xorg keytable on the client device.
For example, change the /usr/openwin/etc/keytables/Japan7.kt file as follows:
... #137 RN XK_backslash XK_bar XK_prolongedsound 137 RN XK_yen XK_bar XK_prolongedsound ... #39 RN XK_0 XK_asciitilde XK_kana_WA XK_kana_WO 39 RN XK_0 XK_0 XK_kana_WA XK_kana_WO ...
For example, change the /usr/X11/lib/X11/xkb/symbols/sun/jp file as follows:
... # key <AE13> { [ backslash, bar ], [ prolongedsound ] }; key <AE13> { [ yen, bar ], [ prolongedsound ] }; ... # key <AE10> { [ 0, asciitilde ], [ kana_WA, kana_WO ] }; key <AE10> { [ 0, 0], [ kana_WA, kana_WO ] }; ...
After making these changes, you must restart dtlogin:
# /etc/init.d/dtlogin stop # /etc/init.d/dtlogin start |
Problem: On Solaris 10 x86 platforms, enabling Integrated mode when you are logged in as the root user does not add applications to the Solaris 10 Launch menu. You might also see the following warning:
gnome-vfs-modules-WARNING **: Error writing vfolder configuration file "//.gnome2/vfolders/applications.vfolder-info": File not found.
Cause: A known issue with the Gnome Virtual File System (VFS).
Problem: On client devices running SUSE Linux Enterprise Server 10, the Gnome Main Menu crashes when using the SGD Client in Integrated mode. The crash usually occurs on login or logout.
Cause: A known problem with the Gnome Main Menu applet on SUSE Linux Enterprise Server 10 (Novell bug reference 186555).
Solution: Install the latest version of the gnome-main-menu.rpm package for SUSE Linux Enterprise Server 10.
Alternatively, disabling the Recently Used Applications functionality improves the stability of the Gnome Main Menu. Run the following commands on the client device:
$ gconftool-2 --set --type=list --list-type=int \ /desktop/gnome/applications/main-menu/lock‐down/showable_file_types [0,2] $ pkill main-menu $ pkill application-browser |
Problem: After enabling Automatic Client Login or Integrated mode, the SGD Client does not start automatically when you log in to the Gnome Desktop and the Start menu is not updated with webtop content when you log in to SGD. This problem affects SUSE Linux Enterprise Server 9 and Red Hat Enterprise Linux 4.
Cause: The directories containing the .menu files are not monitored and so changes to the Start menu are not detected.
Solution: The workaround is run the pkill gnome-panel command to restart the gnome-panel and pick up new menu information.
Note - You must run the pkill gnome-panel command to update the menu each time the menu changes. |
Problem: After starting a Gnome session on Solaris 10 OS on Sparc platforms, users are unable to input anything with the keyboard. The mouse, however, does work.
Cause: A known bug with remote Gnome sessions. The Sun Microsystems bug reference is 6239595.
Solution: This problem was fixed in patch number 119542. This patch was also included in a cumulative patch ID 122212 for the Gnome Desktop.
The workaround is to create a Gnome configuration file /etc/gconf/gconf.xml.defaults/apps/gnome_settings_daemon/keybindings/%gconf.xml with the following content:
<?xml version="1.0"?> <gconf> <entry name="volume_up" mtime="1110896708" type="string"> <stringvalue></stringvalue> </entry> <entry name="volume_mute" mtime="1110896705" type="string"> <stringvalue></stringvalue> </entry> <entry name="volume_down" mtime="1110896702" type="string"> <stringvalue></stringvalue> </entry> <entry name="help" mtime="1110896698" type="string"> <stringvalue></stringvalue> </entry> </gconf>
Problem: When you compile your own Apache modules for use with the SGD Web Server, the compilation fails because of a missing egcc compiler.
Cause: The configuration file for the Apache eXtenSion tool (apxs) that is used to build extension modules for the SGD Web Server uses the egcc compiler and this might not be available on your system.
Solution: Either modify the apxs configuration file to use a compiler that is available on your system, or create a symlink for egcc that links to the compiler on your system. The apxs configuration file is located at /install‐dir/webserver/apache/version/bin/apxs.
Problem: Shortcuts for the SGD Client do not display on the KDE Desktop Menu on SUSE Linux Enterprise Server 10.
Cause: SUSE-specific configuration of the KDE menu system means that if a menu contains only one application entry, then that single application is used in the main menu instead of the menu. If menu entry is a sub-menu, the sub-menu does not display at all. This causes the Login menu for the SGD Client in Integrated mode not to display.
Solution: The workaround is to add the following line to the [menus] section of the $HOME/.kde/share/config/kickerrc file:
ReduceMenuDepth=false
Then run the following command for the KDE panel to immediately pick up the changes:
# dcop kicker kicker restart |
Problem: Client drive mapping fails if the Client for Microsoft Networks is not enabled on a Microsoft Windows application server.
Cause: The Client for Microsoft Networks must be enabled to allow remote access to files and folders.
Problem: After upgrading to version 4.40, a server that was configured to accept only secure connections now accepts standard and secure connections.
Solution: Reconfigure the server to accept only secure connections. In the Administration Console, display the Secure Global Desktop Servers ⇒ Security tab for the SGD server and deselect the Standard check box in the Connection Types field. Alternatively, run the following command:
$ tarantella config edit --security-connectiontypes ssl |
Problem: Using Internet Explorer 7 on Microsoft Windows Vista platforms, the SGD Client cannot be downloaded and installed automatically. The SGD Client can be installed manually and can be installed automatically using another browser, such as Firefox.
Cause: Internet Explorer has a Protected Mode that prevents the SGD Client from downloading and installing automatically.
Solution: Add the SGD server to the list of Trusted Sites in Internet Explorer's Security Settings.
Problem: Users in Simplified Chinese and Traditional Chinese locales cannot display non-ASCII characters in the candidate and status windows of the input method when running applications on a Solaris OS application server. This affects Solaris 8 OS, 9 OS, 10 OS, and 10 OS update 1 platforms.
Cause: Missing font path configuration on the SGD server.
Solution: If the application server is running on Solaris 10 OS or Solaris 10 OS update 1, do one of the following:
For SPARC platforms, install patches 120410, 120412 and 120414.
For x86 platforms, install patches 120411, 120413 and 12041.
If the application server is running on Solaris 8 OS or Solaris 9 OS, do one of the following:
Problem: When using an IME in seamless windows mode, the IME does not work correctly.
Cause: A known issue. In seamless windows mode, the client IME is not disabled correctly.
Solution: Seamless windows mode is not supported for languages that require an IME. Use the Independent Window display mode instead.
Problem: Users cannot change their expired passwords when using Active Directory authentication. An error message is shown when a user attempts to authenticate using an expired password. A dialog allowing the user to change the password is not shown.
Cause: A known issue
with Java runtime environment (JRE)
software version 1.6 update 2.
Solution: No known solution at present. The issue is fixed in JRE software version 1.6 update 4. This JRE software version will be included in future SGD releases when it becomes available. Alternatively, users can contact their Active Directory administrator and request a new password.
Problem: The Firefox web browser terminates unexpectedly when using Sun Java Plug-in tool version 1.5.0.
Cause: The path to the
Java virtual machine (JVM)
software changed with release 1.5.0 of the Sun Java Plug-in tool.
Solution: Ensure that there is a symbolic link from the Firefox plug-ins directory to the JVM software location at /usr/local/jre‐version/plugin/i386/ns7/libjavaplugin_oji.so, where jre‐version is the JRE software version.
Problem: If Java technology is enabled in your web browser settings, but a Sun Java Plug-in tool is not installed on the client device, the SGD webtop does not display. The login process halts at the splash screen.
Cause: SGD uses the web browser settings to determine whether to use Java technology.
Solution: Install the Sun Java Plug-in tool and create a symbolic link from the web browser plug-ins directory to the location of the JVM. Refer to your web browser documentation for more information.
Problem: With certain versions of Symantec Client Firewall, such as Version 8.7.4.79, you might experience login problems when using Internet Explorer. The log in process halts at the splash screen and the SGD webtop is not shown.
Cause: The firewall intercepts some JavaScript operations.
Solution: Configure the SGD server as a safe host. Refer to your Symantec documentation for more information.
Problem: The online help for the Administration Console is disabled when HTTPS connections to the SGD Web Server are enabled.
Cause: The Administration
Console uses the JavaHelp software
to display the online help. Additional configuration is required
to run JavaHelp over an HTTPS connection.
Solution: Import the
certificate used to secure the SGD Web Server into the JDK software keystore. Use the Java
software keytool application as follows:
$ keytool -import \ -keystore /install‐dir/bin/jdk‐version/jre/lib/security/cacerts \ -storepass changeit -file /install-dir/var/tsp/ca.pem |
Where changeit is the password for the keystore and jdk-version is the version of the JDK installed on the SGD server.
If you have more than one certificate in your ca.pem file, separate each certificate and add them individually.
Problem: When using a Canadian French (legacy) keyboard layout with Windows applications, some French characters are printed incorrectly.
Cause: A known issue with Canadian French (legacy) keyboard layouts.
Solution: No known solution. A compatible keymap file is not supplied with SGD at present.
Problem: After upgrading to version 4.40, you might experience problems configuring secure SOAP connections.
Cause: The Resources.properties resource file has been relocated for this release. This file is needed when securing SOAP connections to the Tomcat JSP container. The location of this file for version 4.31 was as follows:
/install‐dir/webserver/tomcat/version/webapps/sgd/WEB‐INF/classes/com/tarantella/tta/webservices/client/apis/Resources.properties
The location of this file for version 4.40 is as follows:
/install‐dir/webserver/tomcat/version/shared/classes/com/tarantella/tta/webservices/client/apis/Resources.properties
Solution: Locate and edit the Resources.properties file. Restart the Tomcat JSP container.
Problem: If a secondary server is down, you cannot remove it from the SGD array using the Administration Console. Detach operations using the tarantella array detach command are not affected.
Cause: In this release, using the Administration Console to detach a secondary server that is down is not supported.
Solution: Restart the secondary server that is down and use the Administration Console to detach it from the SGD array. Alternatively, use the tarantella array detach command to remove the secondary server that is down.
Problem: You cannot add a new secondary server to an SGD array when the Administration Console is running on an existing secondary server.
Cause: In this release, it is not possible to supply credentials for more than one secondary server.
Solution: Run the Administration Console on the primary server, or on the server that is to be joined into the array.
Problem: Custom PDF printer settings are not applied when printing from Windows applications.
For example, if you enable the SGD Universal PDF Printer and Universal PDF Viewer printers for an organizational unit (OU) object. Then, you override the parent objects setting and disable the Universal PDF Printer and Universal PDF Viewer printers for a user in the OU. The custom printer settings are not inherited by the user.
Cause: A known issue when inheriting PDF printer settings.
Solution: No known solution. Configure PDF printer settings at OU or organization level wherever possible, rather than at user level.
Problem: Creating or modifying objects when running the Administration Console on a secondary SGD server returns the following error message: “Object could not be created”.
Cause: The creation or modification of the object is successful, but the Administration Console proceeds before the replicated data has come back from the primary server.
Solution: Wait for a couple of seconds and then repeat the operation.
Problem: When accessing the SGD Administration Console over HTTPS using Internet Explorer 6 or later, messages warning that the page contains secure and non-secure items are shown.
Cause: A known problem when using Internet Explorer to access the SGD Administration Console over HTTPS.
Solution: In Internet Explorer, disable the “Warn if changing between secure and not secure mode” setting in the Tools ⇒ Internet Options ⇒ Advanced dialog.
Problem: When using a Mac OS X client device to access SGD, the SGD Client exits unexpectedly.
Cause: A known issue with Mac OS X versions 10.4.11 and later.
Problem: Following upgrade to version 4.40.907, some users might not be able to access some or all of their assigned applications.
Cause: The SGD datastore hierarchy in version 4.40 differs from previous releases. Group information can be lost when upgrading to version 4.40.907.
Solution: Upgrade from the original release, for example version 4.31, to SGD version 4.40.917. Alternatively, contact Sun Support.
Problem: For full-screen Microsoft Windows Vista desktop sessions, the display color depth on the client device is limited to 16-bit.
Cause: A known issue when using SGD to display Microsoft Windows Vista desktop sessions.
Problem: Users with Sun Type 7 Japanese keyboards cannot input characters correctly using SGD.
Cause: Missing Solaris OS keytable on the client device.
Solution: Install the appropriate patch to install the keytable on the client device:
Platform | Patch |
---|---|
Solaris 10 OS on SPARC platforms | 121868 |
Solaris 9 OS on SPARC platforms | 113764 |
Solaris 8 OS on SPARC platforms | 111075 |
Solaris 10 OS on x86 platforms | 121869 |
Solaris 9 OS on x86 platforms | 113765 |
Solaris 8 OS on x86 platforms | 114539 |
Problem: When using the SGD Client in Integrated mode on Microsoft Windows client devices, users might notice that the Start menu entries are not sorted alphabetically.
Cause: This is caused by a Windows feature that adds new items to end of a menu rather than preserving the alphabetical sorting.
Solution: See Microsoft KB article 177482 for details.
Problem: On Sun Java Desktop Systems, users might find that Launch menu entries are not created for SGD when they enable Integrated mode. The Launch menu entries are added when they log out of their desktop and log in again.
Cause: A known issue with the Gnome panel.
Solution: The solution is to install the following patches:
The workaround is to log out of the desktop and log in again.
The following table lists the additional bugs that are fixed in the 4.40.917 release.
Reference | Description |
---|---|
6499184 | Support for Windows 2003 Session Directory required. |
6613733 | SGD printing causes core dumps, for Solaris OS on SPARC platforms. |
6624122 | Copy and paste issues with Windows applications for SGD on Solaris 10 OS Trusted Extensions. |
6632816 | Mac OS X client platform issues. |
6632864, | Datastore issues following upgrade to SGD version 4.40.907. |
6638874 | SGD Client exits unexpectedly due to network packet fragmentation. |
6639655 | SGD X server security vulnerabilities. |
6641522 | Administration Console errors when specifying an application server DNS name that begins with a number. |
6642603 | Upgrade of SGD Enhancement Module fails. |
6644678, | Upgrade issues when using a nonstandard installation directory. |
The following table lists the significant bugs that are fixed in the 4.40.907 release.
Reference | Description |
---|---|
2144612 | Active Directory authentication does not failover to the next global catalog. |
2147536 | ttaxpe command does not exit if an incorrect password is entered. |
2148699 | CDM fails with multiple external DNS names. |
2148700 | SGD Client fails when an X application opens a specific window. |
2148811 | Printer preferences on Terminal Services not set permanently with Zebra bar code printer. |
2149630 | Korean keyboard does not work correctly with SSGD 4.30.915. |
2150849 | Intermittent problems with serial COM port redirection. |
2151274 | Accented characters fail in French locale windows. |
6469935 | SGD Client should be able to match hostname to DNS item in certificate subjectAltName extension. |
6478585 | Java virtual machine SSL key and certificate store destroyed on upgrade. |
6520742 | The tarantella security peerca --show command fails on primary SGD server. |
6525004 | Extend client device access logging in the SGD Client. |
6527507 | Better error reporting for web service failures. |
6532425 | UNIX CDM fails if tta_tem is installed in non-standard directory. |
6532764 | LDAP failover is not seamless when multiple LDAP servers are configured. |
6537643 | SGD Client crashes if application exited while dialog displayed. |
6541478 | SGD session hangs if audio played from SGD while local audio is playing on Sun Ray Client. |
6541914 | CDM does not work in Windows Vista in certain scenarios. |
6542533 | Webtop does not update to display launched applications in Safari on MacOS X 10.4.9. |
6544350 | Webtop print controls are unstable in an array. |
6546840 | Integrated mode is not enabled on SUSE Linux Enterprise Server 9. |
6547337 | Using -preferredlanguage option for ttatcc command does not open page in appropriate locale. |
6550172 | Launch fails if offline server selected in a load balanced group. |
6552038 | Improvements to ttaxpe debug logging. |
6553252 | SGD Client exits with segmentation faults and is terminated by Electric Fence application. |
6558691 | Secondary licenses are removed when primary stopped or array breaks apart. |
6561306 | Check ssh version before updating ssh arguments. |
6563481 | Improve error messages in execpe log files. |
6571826 | Command line for creating 3270 and 5250 objects does not accept all arguments correctly. |
6574469 | Update Java Platform, Standard Edition to 1.6.0_01 or later (third party) for Solaris and Linux platforms. |
6583316 | CDM cannot be disabled on a per-client basis for SGD clients. |
6583333 | ssh launch failure when sshhelper is setuid, and SGD user has no home directory. |
6597576 | SGD Enhancement Module for Linux platforms does not get installed in non‐default path. |
6598686 | Application title is garbaged on locales. |
6601084 | In Integrated mode, the folder specified in the “Start In” box is invalid. |
The following table lists the significant bugs that are fixed in the 4.31 release.
Reference | Description |
---|---|
2140625 | Time zone redirection is fixed for clients on UNIX platforms. |
2145026 | Licensing information is not copied to all the secondaries until after a restart. |
2145602 | X application launch is slow or times out. Possible error in the Input Method handling in the procs.exp script. |
2145932 | Windows key functionality is being held when returning to SGD session. |
2146043 | Using client drive mapping, you cannot overwrite a larger file. |
2146285 | Tomcat fails and icons do not appear on the webtop. |
6440254 | The proxy server authentication dialog does not display realm information. |
6443192 | Upgrading using the pkgadd command on Solaris OS reports hundreds of file conflicts. |
6443840 | The SGD Client does not understand proxy failover from proxy server configuration (PAC) files. |
6474180 | The HARD_SERVER_LIMIT of the SGD Web Server is increased to 1024. |
6480225 | In Integrated mode, applications fail to resume on UNIX client platforms. |
6494450 | Client drive mapping cannot handle files larger than 2 gigabytes. |
6499639 | A recursive directory request causes a segmentation fault when using client drive mapping on UNIX and Linux platforms. |
6503627 | The xfrbelgian.txt keyboard map file contains a mistake. |
6518152 | Start menu is not updated on a using Integrated mode on Microsoft Windows Vista client devices. |
6518638 | The tarantella print cancel command deletes all print jobs instead of just the selected job. |
6525384 | XRDP does not work with SGD. |
6528037 | Page Not Found displays on the webtop when a group containing hosts is deployed by mistake to a webtop. |
6506222 | A user’s .Xdefaults file is not used when launching an application. |
This section lists the significant bugs that are fixed in the 4.30 release. The bug fixes are divided into the following areas:
The following bugs with the SGD administration tools are fixed.
Reference | Description |
---|---|
6433525 | /usr/bin owner is changed to ttasys on startup. |
6436735 | The tarantella object new_xapp command does not accept the --accel argument. |
6437203 | Object Manager shows a warning message after renaming an ENS object. |
6445405 | Shadowing from the command line takes an invalid session ID. |
6447937 | X authority cookies must not be passed using environment. |
6450323 | Attributes cannot be specified in object creation but can be set in object edit. |
6451537 | tarantella license commands and Array Manager display obsolete software components. |
The following bugs with launching applications are fixed.
Reference | Description |
---|---|
6357003 | The Native Client cannot launch a web browser on Solaris OS. |
6357022 | Native Client shifts up the full-screen webtop on Java Desktop System. |
6392279 | X authorization issue causes launch failure. |
6401949 | With optimizelaunch enabled in the unix.exp login script, the expired password handler does not work. |
6405808 | The filtering script (runsubscript.exp) is not being called during the launch process. |
6416951 | Error message is displayed when a new browser window application is ended with the X button. |
6419574 | The authentication dialog returns corrupted data if the password has more than eight characters. |
6427189 | Launch failure occurs when the host is not known to SSH. |
6434660 | Password expiry handling on application launch is broken. |
6447551 | There should only be one ttacpe process created for each webtop session. |
6455378 | Launch failure when SSH used over su for an application running on the SGD host. |
6464809 | # characters in system login banner cause automated launch process to fail. |
6470173 | Add support for SecurID ACE agent for PAM. |
6475303 | Custom Certificate Authority certificates are not recognized and cause a prompt when launching in-place applications. |
6476180 | Root window stays around when logging out of a kiosk Gnome session. |
The following bugs with the SGD clients and webtop are fixed.
Reference | Description |
---|---|
6408157 | Local X server application does not launch from the JSP software webtop. |
6417140 | The webtop frame is blank after launching an application. |
6417575 | UNIX Native Client using a proxy server: log in, log out, log in again and the Native Client hangs. |
6417631 | UNIX Native Client: redraw problems with kiosk applications. |
6424776 | SGD Client produces errors and exits when logging out of the webtop. |
6432133 | The SGD Native Client causes a segmentation fault if you close the connection progress window. |
6465959 | When SGD restarts, the SGD Client spins and sends out hundreds of network packets. |
6468173 | On Sun Ray thin clients, the wait cursor is no longer set permanently. |
The following emulation bugs are fixed.
Reference | Description |
---|---|
6381531 | Edited colormap.txt intermittently ignored when security is enabled. |
6386091 | SGD Native Client for Windows and Citrix ICA X Client: possible key event incompatibility. |
6415498 | Character terminal session closes unexpectedly when function keys are pressed. |
6417698 | Scalable windows applications do not toggle when scroll lock pressed on Java Desktop System on Solaris 10 OS. |
6426355 | ttaxpe exits with a segmentation fault. |
6427789 | Copy (ctrl+insert) causes X applications to hang. |
6433273 | Using the Native Client on Solaris OS, kiosk mode does not display correctly. |
6435437 | Child window sometimes comes up below the parent window using seamless windows. |
6435489 | Performance improvements for Windows applications. |
6435527 | Segmentation fault in the ttaxpe when running the HP monitoring tool. |
6445467 | Windows Logo keys do not work in a Terminal Services session. |
6446469 | Problems with the French locale and keymap. |
6467368 | Letter repeated twice in Remote Desktop Protocol session. |
6471395 | Timezone redirection fails to set correct time during daylight saving time. Time always out by one hour. |
6472959 | ESC-NumLock does not work as expected from Solaris OS client and Sun Ray thin clients. |
The following installation and upgrade bugs are fixed.
Reference | Description |
---|---|
6355269 | The default configuration for a Java Desktop System session loses some important configuration parameters. |
6368390 | Upgrade from 4.20.909 to later builds requires a maintenance or right to upgrade license. |
6368675 | Root certificates for secure LDAP servers are not retained during an upgrade. |
6396629 | Install fails during bean creation and server does not start. |
6407985 | SGD incorrectly handles large amount of free disk space at install. |
6430913 | Web server configuration file (httpd.conf) is not upgraded correctly. |
6446020 | Unable to uninstall SGD if the external DNS name is incorrect. |
6453638 | Cannot log in to an SGD server after an upgrade. |
6462429 | SGD is uninstalled even though user selects No. |
The following internationalization and localization bugs are fixed.
Reference | Description |
---|---|
6354105 | In Configuration Wizard, the application list shows corrupt strings with multi‐byte characters. |
6355226 | The Connection Progress dialog cannot display multi‐byte characters. |
6357040 | Cannot copy and paste from Microsoft Windows to Solaris OS. |
6357075 | Cannot copy and paste from Microsoft Windows to Microsoft Windows. |
6357606 | Cannot copy and paste from Java Desktop System to Common Desktop Environment. |
6362374 | Client drive mapping daemon crashes with a localized native-cdm-config file. |
6419511 | Windows applications should have Unicode as the Euro symbol default. |
6419523 | Server LANG environment overrides client locale setting. |
6447594 | Client window mode should be accessed with an IP address instead of UNIX platform socket |
6450008 | Cannot generate an apostrophe with a Swedish keyboard. |
The following miscellaneous bugs are fixed.
Reference | Description |
---|---|
6375600 | Authentication fails with ActivCard - Cyberflex 64k Smart Card (also bug ref 607218). |
6384746 | Able to read Common Gateway Interface Files (.cgi) files using a web browser. |
6390126 | A large number of users logging in in quick succession hangs the SGD server. |
6393623 | New browser window gets launched when new browser windows applications are launched with the CTRL key pressed. |
6407855 | SGD server exits with error code 129, signal 0. |
6408159 | New blank browser window opens on exiting the application opened in new browser window mode. |
6409117 | SGD Enhancement Module for Solaris OS x86 platforms appears to fail. |
6409765 | Error copying large files from client to server over a slow network in RDP sessions. |
6410161 | Using telnet to connect to localhost port 1023 causes the Protocol Engine Manager to use 100% CPU. |
6416384 | RDP-based audio output stops playing when using a Sun Ray thin client. |
6418965 | Client window manager applications display Minimize and Maximize buttons that are not present in original application. |
6430243 | SGD Apache includes development private paths and configurations. |
6430396 | Unable to copy paste to and from a WCP IWM session from the classic webtop. |
6436155 | Setting the keepalive to 0 causes keepalives to be sent continuously. |
6442142 | Quitting Gnome session causes ttaxpe to use 100% CPU. |
6446271 | SGD Web Server starts but remains attached to the console. |
6466415 | Secure LDAP does not work without security licenses installed. |
The following printing bugs are fixed.
Reference | Description |
---|---|
6376221 | Printer properties (such as paper size) do not appear to be stored between RDP sessions. |
6406292 | Driver name duplicated if printing is configured at OU and user level. |
6421283 | Windows Native Client detects DEFAULT_PRINTER_UNKNOWN when no printer is configured on the client device. |
6427852 | Login delay induced by inaccessible network printer attached to client device. |
The following security bugs are fixed.
Reference | Description |
---|---|
6419520 | LDAP searches of Active Directory contacts AD servers in other regions for information. |
6446338 | The prompt for password change does not appear after a password expires. |
6446437 | Cannot create an array after enabling SSL connections between array members. |
6457984 | Validate user input to the login box to prevent cross-site scripting attacks. |
6468699 | SSL daemon core dumps due to sigsegv, signal 11. |
6469123 | OpenSSL security patch secadv_20060905.txt needs to applied. |
6476728 | OpenSSL security patch secadv_20060928.txt needs to be applied. |
6478735 | Fixed a vulnerability with the SGD Cascading Stylesheets. |
The following bugs with SGD servers and arrays are fixed.
Reference | Description |
---|---|
6379743 | tarantella status command report is incorrect when SSL connections between array members is enabled. |
6392365 | Array problems when one of the array members is not contactable. |
6393745 | Cannot successfully promote a secondary server to a primary if the primary server is down. |
6445200 | Array behavior when joining and detaching members of an array that is licensed. |
The following bugs with user authentication are fixed.
Reference | Description |
---|---|
6383417 | If the krb5.conf file has errors, user login hangs and the server continuously writes exceptions to jserver.log. |
6400123 | Ambiguous login is not allowed if invalid credentials are provided the first time. |
6415709 | Active Directory authentication fails silently if one tree of a forest is not configured in the krb5.conf file. |
6439688 | SGD Native Client for Windows does not display an error message if an Active Directory password change fails. |
6454261 | Expect script updated for German Solaris OS applications. |
6460263 | Oberthur AuthentIC card is not recognized when using SGD (fixed for Windows Clients only). |
6465569 | Active Directory PKI infrastructure does not failover to the next global catalog server. |
6471877 | SecurID login authority does not work correctly. |
This section lists the known documentation issues for release 4.40.
The following documentation issues are covered:
Errors When Creating and Modifying Objects From a Secondary Server
Corrections to the “Securing the SOAP Connections to an SGD Server” Page
Invalid Characters When Naming Objects in the Administration Console
Corrections to the “Securing Connections to Active Directory and LDAP Directory Servers” Page
Corrections to the “Working With Users in Different Locales” Page
Corrections to the “Applications Fail to Start When X Authorization is Enabled” Page
Corrections to the “Relocating the Webtop to Your Own JSP Container” Page
Corrections to the “Trusted Users and Third-Party Authentication” Page
The tables in the Applications ⇒ Assigned User Profiles tab of the Administration Console have changed as follows:
Effective User Profiles table. The Repository column in this table has been removed. User profiles from the local repository are listed in the Local Assignments area of this table. Users and groups from an LDAP directory are listed in the LDAP Assignments area of this table. The LDAP Assignments area of this table is only shown if the Local + LDAP setting is selected for the Repository field in the User Profiles tab. You can click the Load LDAP Assignments link to refresh this area of the table.
Editable Assignments table. The Repository column in this table has been renamed to “Assignment Type”.
The “Assigned User Profiles Tab” section on page 119 of the Sun Secure Global Desktop 4.4 Reference Manual does not document these changes.
The Resources.properties resources file has been relocated for version 4.40. This file is needed when securing SOAP connections to the Tomcat JSP container.
The location of this file for release 4.40 is as follows:
/install‐dir/webserver/tomcat/version/shared/classes/com/tarantella/ tta/webservices/client/apis/Resources.properties
Details of the file location change are missing from the released documentation. The following pages in the Sun Secure Global Desktop 4.4 Administration Guide are affected:
Details of how to configure the user session idle timeout are missing from the released documentation.
This attribute specifies a value for automatic timeout of inactive user sessions. User sessions are suspended if there has been no application session or webtop activity for the specified period.
You can specify this attribute using the following command:
$ tarantella config edit \ ‐‐tarantella-config-array-webtopsessionidletimeout secs |
Replace secs with the timeout value, measured in seconds.
A setting of 0 turns off the user session idle timeout feature. This is the default setting.
Page 214 of the Sun Secure Global Desktop 4.4 Reference Manual incorrectly states that the following command-line options are available when specifying the Window Type (--displayusing) attribute:
Problems might be experienced in creating or modifying objects when running the Administration Console on a secondary SGD server. This is due to the Administration Console not waiting long enough for data replication from the primary server to complete before proceeding.
The Administration Console can be configured to wait for a certain period of time after an object has been created or modified. The time period is defined by the com.sun.tta.confmgr.ArraySyncPeriod setting in the web.xml configuration file for the Administration Console. The web.xml file is located in the /install‐dir/webserver/tomcat/version/webapps/sgdadmin/WEB-INF/ directory on an SGD server.
Details of this setting are missing from the released documentation.
The following information about using the Administration Console to create entries in the password cache is missing from the released documentation.
The Global Settings ⇒ Caches ⇒ Passwords tab is used to manage password cache entries. You can also add password cache entries at this tab, using the Create New Password Cache Entry page. This is equivalent to using the tarantella passcache new command.
It is important that you enter a valid name in the User Identity or Server fields on the Create New Password Cache Entry page. The Administration Console supports several ways that you can enter a name in the User Identity or Server field, as follows:
Browse button. If the selected User Identity Type option is Local or LDAP/Active Directory, you can use the Browse button next to the User Identity or Server field to browse for object names. Using the Browse button in this way avoids errors when typing in object names.
Full Name. Type the full name into the field. For example, you can type in the full name for an application server from the local repository as follows:
.../_ens/o=appservers/cn=boston
Partial Name. Type a partial name, without the namespace prefix, into the field. Depending on the selected User Identity Type option, the Administration Console adds the relevant namespace prefix when the password cache entry is saved. For example, you can type in the partial name for a user identity from the UNIX repository as follows:
o=organization/cn=indigo-jones
The Administration Console adds the .../_user namespace prefix when the password cache entry is saved.
The following table shows the namespace prefixes that the Administration Console adds for the selected User Identity Type option.
User Identity Type | Namespace Prefix |
---|---|
Local | .../_ens |
UNIX (User/Group) | .../_user |
Windows Domain Controller | .../_wns |
LDAP/Active Directory | .../service/sco/tta/ldapcache |
SecurID | .../service/sco/tta/securid |
Anonymous | None |
Third Party | .../service/sco/tta/thirdparty |
If you specify a partial name in the Server field, the Administration Console adds the .../_ens/o=appservers namespace prefix when the password cache entry is saved.
LDAP names must be typed in using the SGD naming format. The following example shows a partial name for a user identity from an LDAP repository:
dc=com/dc=example/cn=indigo-jones
This name is converted to the correct LDAP format when the password cache entry is saved, as follows:
.../_service/sco/tta/ldapcache/cn=indigo-jones,dc=example,dc=com
The “Securing the SOAP Connections to an SGD Server” page in the Sun Secure Global Desktop 4.4 Administration Guide contains errors.
In Step 2, the following paragraph is incorrect:
“You must add the X.509 certificate for each SGD server in the array. The certificate for each server is stored in /install-dir/var/tsp/cert.pem.”
The corrected paragraph is as follows:
“You must add the X.509 certificates to enable the SGD server to be able to form a trusted certificate chain. The certificate chain for each server is stored in /install‐dir/var/tsp/ca.pem.”
In Step 2, the paragraph describing the keytool command line is incorrect. The corrected paragraph is as follows:
$ /install-dir/bin/jre/bin/keytool -importcert \ -keystore /install‐dir/bin/jre/lib/security/cacerts \ -storepass changeit -file /install-dir/var/tsp/ca.pem -alias hostname |
“Where changeit is the password for the keystore and hostname is a name used to identify the certificate.
If you have more than one certificate in your ca.pem file, separate each certificate and add them individually.”
In the Remote Hosts section, the paragraph describing how to use the keytool command line to install the root certificate for the remote host is incorrect. The corrected paragraph is as follows:
$ /install-dir/bin/jre/bin/keytool -importcert \ -keystore /install‐dir/bin/jre/lib/security/cacerts \ -storepass changeit -file certificate-path -alias remote-hostname |
“Where changeit is the password for the keystore, certificate-path is the path to the root certificate for the remote host, and remote-hostname is a name used to identify the certificate.”
The Sun Secure Global Desktop 4.4 Reference Manual contains errors regarding the characters you can use when naming SGD objects in the Administration Console.
On page 183, the following paragraph is incorrect:
“In the Administration Console, names can include any characters, except the backslash character (\).”
The corrected paragraph is as follows:
“In the Administration Console, names can include any characters, except the backslash (\), plus (+), or straight quotation marks (") characters.”
The “Naming Objects in the Organizational Hierarchy” page in the Sun Secure Global Desktop 4.4 Administration Guide contains similar errors. Replace the first paragraph of this page with the following:
“When you create an object in the SGD Administration Console, you can use any characters you want for the name of the object, apart from backslash (\), plus (+), or straight quotation marks (").”
The “Securing Connections to Active Directory and LDAP Directory Servers” page in the Sun Secure Global Desktop 4.4 Administration Guide contains errors.
In Step 4, the procedure is incorrect. The corrected procedure is as follows:
“On each SGD server in the array, enable SGD security services, then restart the SGD server and the SGD Web Server.
# tarantella security start |
# tarantella webserver restart |
# tarantella restart |
In the Creating Client Certificates for Use With Active Directory Authentication section, the paragraph in Step 5, describing how to use the keytool command line to install the client certificate, is incorrect. The corrected paragraph is as follows:
$ /install-dir/bin/jre/bin/keytool -importcert \ -keystore /install‐dir/var/info/certs/sslkeystore \ -file certificate-path -alias alias \ -storepass "$(cat /opt/tarantella/var/info/key)" \ -keypass "$(cat /opt/tarantella/var/info/key)" |
“Where certificate-path is the path to the client certificate and alias must be the same as the alias used when generating the key pair.”
The “Working With Users in Different Locales” page in the Sun Secure Global Desktop 4.4 Administration Guide contains errors. In the “Setting the Language for the Webtop” section, the following paragraphs are incorrect:
“When users log in using a web browser at the http://SGD-server/sgd URL, the default language used for messages displayed by the login dialog and the webtop is controlled by the m_defaultLang = "en"; line in the following file: /install‐dir/webserver/tomcat/version/webapps/sgd/resources/jsp/localeutils.jsp
To change the default language, edit this line and replace "en" with the language identifier for one of the following supported languages:”
The corrected paragraphs are as follows:
“When users log in using a web browser at the http://server.example.com/sgd URL, where server.example.com is an SGD server, the default language used for messages displayed by the login dialog and the webtop is controlled by the defaultlanguage parameter setting in the following file: /install‐dir/webserver/tomcat/version/webapps/sgd/WEB-INF/web.xml.
To change the default language, edit this file and replace the parameter value en with the language identifier for one of the following supported languages:”
After the table of supported languages, add the following paragraph:
“Save changes to the web.xml file and restart the SGD Web Server.”
The “Applications Fail to Start When X Authorization is Enabled” page in the Sun Secure Global Desktop 4.4 Administration Guide contains errors.
In the table on this page, step 3 in the “Does the user have a UNIX account on the application server” section is incorrect. Replace step 3 with the following:
Edit configuration files on the application server, so that the cookie is stored in a temporary directory.
Add the following lines to the /etc/profile file on the application server:
XAUTHORITY=/tmp/.Xauthority.$LOGNAME export XAUTHORITY |
Add the following lines to the SSH daemon configuration file, /etc/ssh/sshd_config, on the application server:
HOME=/tmp XAUTHORITY=$HOME/.Xauthority.$USER export XAUTHORITY if read proto cookie && [ -n "$DISPLAY" ] then if [ ‘echo $DISPLAY | cut -c1-10‘ = ’localhost:’ ] then # X11UseLocalhost=yes echo add unix:‘echo $DISPLAY | cut -c11-‘ $proto $cookie else # X11UseLocalhost=no echo add $DISPLAY $proto $cookie fi | /usr/openwin/bin/xauth -q - fi |
The “Relocating the Webtop to Your Own JSP Container” page in the Sun Secure Global Desktop 4.4 Administration Guide contains errors.
Add the following information to step 2:
“Copy all the files in the /install‐dir/webserver/tomcat/version/shared/lib directory to the shared library directory on the new container.”
In step 3, some of the JAR file names are incorrect. The corrected list of JAR files is as follows:
In step 3, delete the paragraph about copying the class file SSHListener.class to the container.
In step 4, the location for the Resources.properties file is incorrect. The corrected list item in step 4 is as follows:
“On the new host, edit the Resources.properties file in the /install‐dir/webserver/tomcat/version/shared/classes/com/tarantella/tta/webservices/client/apis directory. Replace http://localhost:port with http://server.example.com:port, where server.example.com is the DNS name of an SGD server and port is the port that the SGD Web Server listens on. Do this for each of the web services listed in the Resources.properties file.”
The “Trusted Users and Third-party Authentication” page in the Sun Secure Global Desktop 4.4 Administration Guide contains errors.
In step 4a, the directory name is incorrect. The corrected step 4a is as follows:
“Change to the /install-dir/webserver/tomcat/version/shared directory.”
In step 4b, the command used to encode the user name and password of the trusted user is incorrect. The correct command is as follows:
# /install-dir/bin/jre/bin/java -cp lib/sgd-webservices.jar \ com.tarantella.tta.webservices.client.views.SgdPasswd \ --encode trusted_username:password |
In step 4d, the file location is incorrect. The corrected step 4d is as follows:
“Edit the /install‐dir/webserver/tomcat/version/shared/classes/com/tarantella/tta/webservices/client/views/Resources.properties file.”
The “Configuring Microsoft Windows Terminal Services for Use With SGD” page in the Sun Secure Global Desktop 4.4 Administration Guide does not include details on using Session Directory for Windows Terminal Services.
Add the following paragraphs to the “Session Resumability” section on this page:
“If you are using Session Directory to handle Windows application resumability, configure SGD as follows:
Set the Window Close Action attribute for Windows application objects to End Application Session.
If you are using Session Directory to handle Windows application resumability, configure the Microsoft Windows Server 2003 server as follows:
For the When Session Limit Is Reached Or Connection Is Broken option, choose Suspend Session. (If necessary, deselect the Override User Settings check box to do this.)
Changes to these settings only apply to new Windows Terminal Services sessions.
For more details about the setup, configuration, and operation of Session Directory, see Microsoft’s documentation, for instance at:
http://www.microsoft.com/windowsserver2003/techinfo/overview/sessiondirectory.mspx”
Copyright © 2008, Sun Microsystems, Inc. All rights reserved.