dabs
SmartAccessCentral Moderator
User Online: 
|
|
Posted:09/08/2005 3:37 PM |
|
Citrix have just released the new version of the Access Gateway code, version 4.1.2. The readme isn't included on the knowledge based yet (see http://knowledgebase.citrix.com/kb/entry!default.jspa?categoryID=715&externalID=CTX106192&fromSearchPage=true#P19_1153) but I have included a copy of it here so you can check out what is new with it and what is fixed. I have also posted the entire readme after the Issues resolved, below.
 **Issue(s) Resolved in this Hotfix**
Cached LDAP user group information was not deleted from the Access Gateway when the user logged off or intentionally disconnected. (bz948)
End users who were behind a proxy server could not connect to the Access Gateway. (bz862)
Connections through the Access Gateway to applications running on Citrix Presentation Server where the application contains an ampersand (&) in the application name would cause the connection to fail. The user would receive an SSL Error 38 error message. (bz945)
If the administrator configured a registry pre-authentication scan, and it was not applied to local users, the user can connect without completion of the scan. (bz919)
Voice over IP communication suffered degraded quality and performance when end users connected to the Access Gateway. Users experienced crackling, latency issues, and poor voice audio performance. (bz917)
LDAP authentication information disappeared from the Administration Tool when the Administration Tool was closed and then opened again. (bz916)
IP pooling did not function correctly unless the Administration Tool was connected to the external FQDN of the Access Gateway. (bz914)
Users might have experienced intermittent connection loss when the local network DHCP leases expired. Users would see the internal Microsoft default address of 169.x.x.x on their computer and then the connection to the Access Gateway was reestablished. (bz942)
An application policy was created for an application to have access to a specified network across the Access Gateway tunnel (10.10.x.x). By default other applications could also have access to the specified network. When an application policy was set to deny access to an application on a specified network, renaming the application allowed access to the restricted resources. (bz944)
Users that were not administrators on their computer would fail pre-authentication scans that used a specific process name. (bz931)
The Administration Tool might lose its connection after an idle period making multiple refreshes necessary and could make changes to the settings fail to update the configuration on the Access Gateway. (bz909)
The Administration Desktop logon would fail after the default password was changed. The Access Gateway no longer needs to be restarted for these changes to take effect. (bz915)
The sample logon pages were missing. (bz877)
 ** Entire readme: **
Hotfix readme name: V4_1_2_Upgrade.HTM
Hotfix package name: V4.1.2.upgrade
For: Citrix Access Gateway 4.1
Replaces: None
Date: August, 2005
Languages supported: English (US)
Readme version: 1.0
Note: Access Gateway 4.0 and Access Gateway 4.1 can be upgraded with this hotfix.
For more information, see the Citrix Knowledgebase Article CTX106192 at the Citrix support Web site.
Important This release includes a new version of the Access Gateway Administration Tool, used to administer an Access Gateway cluster from any Windows computer. After upgrading from version 4.0 or 4.1 to 4.1.2, remove and re-install the Administration Tool. Connections to Access Gateway 4.1.2 from an Access Gateway 4.0 or 4.1 Administration Tool fail with the error Server-Address is not responding where the server address is the FQDN or IP address of the Access Gateway.
To install Access Gateway version 4.1.2
In the Administration Tool, click the Access Gateway Cluster tab.
On the Administration tab, next to Upload a server Upgrade or saved config, click Browse.
Navigate to the upgrade file and then click Open.
After clicking Open, wait until the message Upgrade successful appears and then restart the appliance.
To uninstall and reinstall the Administration Tool
In the Add/Remove Control Panel uninstall the Administration Tool.
Open a Web browser and connect to the Administration Portal using the IP address and port number of the Access Gateway, typically https://IPaddress:9001.
On the Downloads tab, click Download Access Gateway Administration Tool installer.
Follow the instructions to complete the installation.
Where to Find Documentation
This document describes the issues solved by this hotfix and includes installation instructions. You can find more information about Citrix Access Gateway 4.1 in the Citrix Access Gateway Administrator's Guide. The guide is in the \Documentation directory on the Citrix Access Gateway CD. All product documentation is available from the Access Gateway Administration Portal and from the Citrix Web site at http://www.citrix.com/support.
The Citrix Access Gateway Administrator's Guide is in an Adobe Portable Document (PDF) format file. To view, search, and print the documentation, you need Adobe Reader (supported versions: Acrobat Reader 5.0.5 with Search through Adobe Reader 7.0). You can download the Reader for free from the Adobe Web site at http://www.adobe.com/.
Known Issue(s) in this Release
If the pre-authentication scan fails, and the user cannot log on, they are not provided with an error message.
User names that are configured on the Access Gateway are case-sensitive.
The Citrix Presentation Server Client running in kiosk mode is not available in this release of Access Gateway. On the User Groups tab, under Kiosk Mode Configuration, the check box for MetaFrame Presentation Server Client is grayed out.
If a user is not logged on as an administrator on a computer running Windows 2000 Professional, the Secure Access client must be installed locally on the client computer and then started using the Web address of https://FQDN/citrixsaclient.exe where FQDN is the address of the Access Gateway. The ActiveX applet does not have the rights to download the file to the normal file location. This does not happen on computers that are running Windows 2003 Server or Windows XP.
If a user that is not logged on as an administrator and connects using the Secure Access client, applications such as Microsoft Outlook might occasionally lose the network connection.
Dialup users do not receive DNS and WINS server assignments. To fix the problem, manually set the internal WINS address or use a Microsoft DNS server to set the domain to perform WINS lookups.(bz947)
Issue(s) Resolved in this Hotfix
Cached LDAP user group information was not deleted from the Access Gateway when the user logged off or intentionally disconnected. (bz948)
End users who were behind a proxy server could not connect to the Access Gateway. (bz862)
Connections through the Access Gateway to applications running on Citrix Presentation Server where the application contains an ampersand (&) in the application name would cause the connection to fail. The user would receive an SSL Error 38 error message. (bz945)
If the administrator configured a registry pre-authentication scan, and it was not applied to local users, the user can connect without completion of the scan. (bz919)
Voice over IP communication suffered degraded quality and performance when end users connected to the Access Gateway. Users experienced crackling, latency issues, and poor voice audio performance. (bz917)
LDAP authentication information disappeared from the Administration Tool when the Administration Tool was closed and then opened again. (bz916)
IP pooling did not function correctly unless the Administration Tool was connected to the external FQDN of the Access Gateway. (bz914)
Users might have experienced intermittent connection loss when the local network DHCP leases expired. Users would see the internal Microsoft default address of 169.x.x.x on their computer and then the connection to the Access Gateway was reestablished. (bz942)
An application policy was created for an application to have access to a specified network across the Access Gateway tunnel (10.10.x.x). By default other applications could also have access to the specified network. When an application policy was set to deny access to an application on a specified network, renaming the application allowed access to the restricted resources. (bz944)
Users that were not administrators on their computer would fail pre-authentication scans that used a specific process name. (bz931)
The Administration Tool might lose its connection after an idle period making multiple refreshes necessary and could make changes to the settings fail to update the configuration on the Access Gateway. (bz909)
The Administration Desktop logon would fail after the default password was changed. The Access Gateway no longer needs to be restarted for these changes to take effect. (bz915)
The sample logon pages were missing. (bz877)
Other Issue(s) in this Release
Setting network policies
To set up network policies, the most restrictive policy must be configured first and the least restrictive last. For example, you want to allow access to everything on the 10.0.x.x network, but need to deny access to the 10.0.20.x network. Configure the network policy restricting access to 10.0.20.x first and then configure access to the 10.0.x.x network.
Configuring Internet Explorer to work with a proxy server
Internet Explorer is not able to connect to any internal resource if there is a proxy setting in Internet Explorer. The Access Gateway network driver does not work with the network traffic from a proxy server because it is not defined in the access control list. A proxy server can be configured in Internet Explorer to connect and get access to internal resources on the remote network.
To configure Internet Explorer to use a locally defined proxy server
Open Internet Explorer.
On the Tools menu, click Internet Options.
On the Connections tab, click LAN Settings.
Under Proxy Server, click Use a proxy server for your LAN.
In Address type the IP address and in Port type the port number.
Click Advanced.
Under Servers, type the IP addresses and port numbers of the remote networks.
Click OK twice.
Copyright © 2005 Citrix Systems, Inc. All rights reserved.
Citrix and MetaFrame are registered trademarks of Citrix Systems, Inc. in the United States and other countries.
All other trademarks and registered trademarks are the property of their respective owners.
Brian DaBinett
brian@smartaccesscentral.com |
|