This section lists the known bugs and issues for the SGD 4.71 release.
Problem: Issues with seamless windows might be encountered when the user restarts a Windows application after closing it down. The problem is seen when the application is hosted on a Windows Server 2008 R2 server.
Cause: A known problem with some versions of the SGD Enhancement Module.
Solution: Ensure that the version of the SGD Enhancement Module running on the Windows application server is the same as the SGD server version.
Problem: If Java technology is enabled in your browser settings, but Java Plug-in software is not installed on the client device, the SGD webtop does not display. The login process halts at the splash screen.
Cause: SGD uses the browser settings to determine whether to use Java technology.
Solution: Install the Java Plug-in software and create a symbolic link from the browser plug-ins directory to the location of the Java Virtual Machine (JVM) software. Refer to your browser documentation for more information.
Problem: Using the tarantella array list_backup_primaries command on an SGD server that has been stopped and then detached from an array returns a "Failed to connect" error.
Cause: A known issue.
Solution: Restart the detached SGD server before using the tarantella array list_backup_primaries command.
Problem: Users running the HyperTerminal application in a Windows desktop session experience problems when they try to resume the desktop session from another client device. The HyperTerminal application is unresponsive and cannot be closed down.
Cause: A known issue with HyperTerminal when resuming Windows desktop sessions from another client device (also called “session grabbing”).
Solution: Close down the HyperTerminal application before you resume the Windows desktop session from another client device.
Problem: Audio might not play
in X applications that are hosted on 64-bit Linux application
servers. The issue is seen for X applications that are
hard-coded to use the /dev/dsp
or
/dev/audio
device, and the Audio
Redirection Library
(--unixaudiopreload
)
attribute is enabled.
Cause: A known issue. A 64-bit SGD Audio Redirection Library is not included in the SGD Enhancement Module.
Solution: No known solution at present.
Problem: On Oracle Solaris Trusted Extensions platforms, startup times for Windows applications and X applications might be longer than expected.
Cause: By default, the X Protocol Engine attempts to connect to X display port 10. This port is unavailable when using Solaris Trusted Extensions. After a period of time, the X Protocol Engine connects on another X display port and the application starts successfully.
Solution: Do either of the following:
Change the default minimum display port used by the SGD server.
Configure the following setting in the
xpe.properties
file in the
/opt/tarantella/var/serverconfig/local
directory on the SGD server:
tarantella.config.xpeconfig.defaultmindisplay=11
Restart the SGD server after making this change.
Exclude the unavailable port from use by the X Protocol Engine.
In the Administration Console, go to the Protocol Engines, X
tab for each SGD server in the array and type
-xport
portnum
in the Command-Line Arguments field, where
portnum
is the TCP port number to
exclude.
Alternatively, use the following command:
$ tarantella config edit --xpe-args "-xport portnum
"
For example, to exclude X display port 10 from use by the X Protocol Engine:
$ tarantella config edit --xpe-args "-xport 6010"
The changes made take effect for new X Protocol Engines only. Existing X Protocol Engines are not affected.
Problem: When using a smart card to log in to a Windows application session from a Ubuntu Linux 10.04 client device, the SGD Client hangs after the user exits the authenticated application session. The user might not be able to start any further applications or log out from SGD.
Cause: A known issue with version 1.5.3 of PCSC-Lite on Ubuntu client platforms.
Solution: Update to the latest version of PCSC-Lite on the client device.
Problem: A Windows client device is allocated multiple client access licences (CALs). A CAL is incorrectly allocated each time a Windows application is started.
Cause: A known issue if the
HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing
key or any of its subkeys are missing from the Windows registry
on a client device. This issue affects Microsoft Windows 7
platforms.
Solution: Recreate the missing keys, by starting the Remote Desktop Connection with administrator privileges. See Microsoft Knowledge Base article 187614 for more details.
Problem: SecurID authentication for X applications fails when using the RSA Authentication Agent for PAM. The issue is seen with X applications that are configured to use telnet as the Connection Method.
Cause: A known issue when using the RSA Authentication Agent for PAM.
Solution: Configure the X application object to use SSH as the Connection Method.
Problem: When users select the Print to File menu option in a Windows application displayed through SGD, the print job remains on hold in the print queue on the client device. The issue is seen on Windows Vista and Windows 7 client devices.
Cause: A known issue with some versions of Windows.
Solution: A workaround for Windows Vista is described in Microsoft Knowledge Base article 2022748.
Problem: When using client drive mapping in SGD, the name of the user's home directory may include unreadable characters. By default, a user's home directory is mapped to a drive called "My Home".
The issue has been seen on non-Windows client devices configured
with a non-English client locale, such as
ja_JP.UTF-8
.
Cause: A known issue for some client locales.
Solution: No known solution at present.
Problem: OpenGL applications, such as three-dimensional graphics programs, do not start or do not display correctly when published through SGD. The issue is seen when the X application object is configured with a 16-bit Color Depth setting.
Cause: A known issue when displaying OpenGL applications using 16-bit color.
Solution: The workaround is to display the application using a 24-bit Color Depth setting.
Problem: Active Directory
authentication fails for user names that contain accented
characters, such as the German umlaut character
(ü
). The issue has been seen when using
Windows Server 2003 R2.
The following error is shown in the log output when using the
server/login/info
log filter:
javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31)
Cause: Active Directory authentication uses the Kerberos authentication protocol. This is a known issue when Kerberos authentication is configured to use DES encryption.
Solution: The workaround is
to disable the use of DES encryption in the
krb5.conf
Kerberos configuration file on
the SGD server.
Include the following lines in the
[libdefaults]
section of the
krb5.conf
file.
[libdefaults] default_tgs_enctypes = rc4-hmac des3-cbc-sha1 aes128-cts aes256-cts default_tkt_enctypes = rc4-hmac des3-cbc-sha1 aes128-cts aes256-cts
Problem: The following display issues might be seen on client devices running Ubuntu Linux.
The kiosk mode minimize button does not work if you are not
using a window manager or if you are using a minimalist
window manager, such as evilwm
.
The button for toggling between kiosk mode and an Integrated Window display does not work.
The SGD Client task bar icon is not shown when using the Unity desktop.
A seamless windows application that should span multiple monitors is instead displayed with scroll bars on a single monitor.
Cause: Known issues when using a Ubuntu Linux client device.
Solution: Use one of the following workarounds.
To use the kiosk mode window decoration, the window manager must implement the change state protocol from Normal to Iconify. Ensure that you are running a suitable window manager.
Use the Ctrl+Alt+Break keyboard shortcut to toggle between kiosk mode and an Integrated Window display.
To show the SGD Client task bar icon, add the SGD Client application to the whitelist for the Unity desktop.
Start the dconf-editor
and go to the
Desktop → Unity → Panel dialog. Add
Oracle Secure Global Desktop
to the list
of applications.
There is no known solution for the seamless windows issue on multiple monitors.
Problem: SGD might not uninstall cleanly on Oracle Solaris 11 platforms. After uninstalling SGD, entries for SGD packages are still present in the Solaris package database.
Cause: A known issue when you are using the Image Packaging System (IPS) included with Oracle Solaris 11 and you remove SGD.
Solution: The workaround is
to use the SGD package database repair script
pkgdbfix.sh
after uninstalling
SGD. This script is included in the
/opt/tarantella/etc/data
directory on an
SGD server.
Log in as superuser (root) and do the following:
Uninstall SGD and check for SGD package entries in the Solaris package database.
# pkgchk -l tta # pkgchk -l tta.2
If any package entries are reported using either of the previous commands, repair the package database.
# sh pkgdbfix.sh package-instance
where package-instance
is the
reported package instance, either tta
or
tta.2
.
Problem: After an Oracle VDI host has been upgraded or reconfigured, users might not be able to connect to their Oracle VDI desktops using the VDI broker.
Cause: When using the VDI broker, connections to the Oracle VDI host are secured using a self-signed SSL certificate for the web services API.
Whenever you reconfigure or upgrade Oracle VDI on a host, the web services self-signed certificate is regenerated and the existing SSL certificate is not preserved. In addition, when you upgrade, the host name (subject) used in the web services SSL certificate might change.
Solution: Use one of the following workarounds:
Back up the web services certificate keystore on the Oracle VDI host before upgrading or reconfiguring. Restore the keystore from backup after you have made changes to the Oracle VDI installation.
This process is described in the Oracle VDI documentation.
Reconfigure the VDI broker as follows:
Import the web services SSL certificate for each Oracle VDI host into the certificate truststore on each SGD server. Depending on your configuration, the truststore is either the CA certificate truststore or a dedicated truststore.
Reconfigure the VDI broker to use the host names that appear in the web services SSL certificates.
Change the preferredhosts
and
failoverhosts
settings to use the new
host names.
Problem: Typically, users can select a preferred language from the list on the SGD Welcome Page. They then click Log in to access a webtop in that language.
After selecting a language at the SGD Welcome Page, users may not be able to select a different language for subsequent logins.
Cause: A known issue with caching of the preferred language selection.
Solution: Use one of the following workarounds:
Clear your browser cache before selecting a different language.
Locate the following text, at line 66 in the
localeutils.jsp
file:
prefLang = (String) pageContext.getAttribute(PREF_LANG, PageContext.SESSION_SCOPE);
The localeutils.jsp
file is in the
/opt/tarantella/webserver/tomcat/
directory on the SGD server.
tomcat-version
/webapps/sgd/resources/jsp
Edit the file, to read as follows:
if (httpServletRequest.getParameter(LANG_SELECTED) == null) prefLang = (String) pageContext.getAttribute(PREF_LANG, PageContext.SESSION_SCOPE);
Problem: Array resilience may fail if you change the primary server while the array is in a repaired state. The array is in a repaired state when the failover stage has completed.
After the recovery stage of array resilience, when uncontactable servers rejoin the array, communications to the other array members may not work.
The issue is seen when secure intra-array communication is enabled for the array.
Cause: A known issue with array resilience when secure intra-array communication is used. By default, secure intra-array communication is enabled for an SGD server.
Solution: No known solution. If possible, avoid changing the array structure during the array resilience process.
Problem: The KDE Konsole terminal emulator application fails to start when configured as an X application object in SGD.
The issue is seen when the application is hosted on an Oracle Linux 6 platform.
Cause: A known issue when running Konsole on Oracle Linux 6. The issue is caused by the application process forking on start up.
Solution: The workaround is
to use the --nofork
command
option when starting Konsole.
In the Administration Console, go to the Launch tab for the X
application object and enter
--nofork
in the Arguments
for Command field.
Problem: Print jobs are not delivered to the client printer in the correct page format. For example, a print job for an A4 page size document is delivered to the client printer as a Letter page size document. Depending on the client printer configuration, this might cause the print job to fail.
The issue is seen when using Linux and Mac OS X client devices.
Cause: A known issue when printing to some non-Windows client devices.
Solution: Some client printers can be configured to ignore the page size format.
A workaround is to use PDF printing when printing from SGD.
Problem: For Microsoft Windows Server 2003 applications, the display color depth on the client device is limited to 8-bit for large screen resolutions. The issue is seen when screen resolutions are higher than 1600 x 1200 pixels.
Cause: A known issue with Windows Server 2003 Remote Desktop Services sessions.
Solution: See Microsoft Hotfix 942610 for details of how to increase the color depth to 16-bit.
Problem: Error messages similar to the following might be seen when shadowing an application session from the command line, using the tarantella emulatorsession shadow command.
X Error: BadImplementation Request Major code 152 (RANDR) Request Minor code 8 () Error Serial #209 Current Serial #209
Shadowing works as expected, despite the error messages.
Cause: A known issue if the X server on the client device does not implement session resizing.
Solution: The errors are benign and can be ignored.
Problem: When a user attempts to enter authentication credentials using the SGD authentication dialog, some input characters might be unreadable. The issue is seen on non-Windows client devices where the user credentials contain multibyte characters, such as European language characters.
The SGD authentication dialog is shown when the user holds down the Shift key when clicking an application link on the webtop.
Cause: A known issue with how the SGD Client sets the font list on some client devices.
Solution: Use the following workaround.
On the client device, create a font specification file with the following contents:
*XmTextField*fontList: -*-*-medium-r-normal-*-*-120-*-*-*-*-*-*
Make the fonts available on the client device.
# xrdb -merge filename
where filename
is the name of the
font specification file.
Alternatively, you can add the font specification to an
.Xresources
file in your home
directory.
Problem: On Oracle Linux 6 platforms, SGD is not started automatically when the SGD host is started up.
When the SGD host is shut down, SGD services are not stopped cleanly.
Cause: The issue is caused by a change in system startup architecture introduced in Oracle Linux 6. This means that the required symbolic links are not created automatically when you install SGD.
Solution: Add a symbolic link as follows:
# ln -s /etc/init.d/sun.com-sgd-base /etc/rc3.d/S90sun.com-sgd-base
Problem: Users are unable to log in after upgrading the Gateway from version 4.6 to version 4.71. The issue has been seen on Oracle Solaris platforms.
Error messages such as the following may be seen in the Gateway
log file, at
/opt/SUNWsgdg/proxy/var/log/proxy.log
.
... Caused by: java.lang.RuntimeException: Could not parse key values at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:1000) at sun.security.pkcs11.P11Key$P11ECPublicKey.getParams(P11Key.java:1025) at com.sun.net.ssl.internal.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init> (HandshakeMessage.java:875) at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:698) at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:151) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952) at async.channel.ssl.AsyncSSLEngineRWChannel.unwrap(Unknown Source) ...
Cause: A known issue with elliptic curve cryptography (ECC) encryption and some versions of Oracle Java 1.6.
Solution: A workaround is to disable ECC encryption support for the Java Virtual Machine (JVM) used by the Gateway.
Edit the
/opt/SUNWsgdg/bin/script/gateway_start
script.
Add the following runtime parameter to the
JavaArgs
variable definition at the top of
the script.
-Dcom.sun.net.ssl.enableECC=false
Restart the Gateway.
# /opt/SUNWsgdg/bin/gateway restart
ECC cipher suites are not supported for the Gateway. See Section 2.3.5, “SSL Support” for a full list of supported cipher suites.