Access

CTX-Blog

powered by Ecki's Place

March 24, 2009

AAC and IE 8.0

Some days ago, Microsoft officialy released IE 8.0. Since IE 8.0 will be available trough Windows Update soon, more and more users will hit existing AAC deployments with this browser. Unfortunately this is not working as expected. This is, how an AAC portal page looks like in IE 8.0 with default settings:

Portal
OWA

The layout is crushed, links are missing and OWA is nearly unusable 🙁

A small change in the file C:\Inetpub\wwwroot\CitrixSessionInit\NUI.aspx solves the display issue by forcing IE 8.0 into IE 7.0 compatibility mode.

It is sufficient to add the following line in the header of the NUI.aspx file:

<meta http-equiv=”X-UA-Compatible” content=”IE=EmulateIE7″ />

Your header might look like this after the change:

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Citrix Access Gateway</title>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
<meta name="CODE_LANGUAGE" content="C#" />
<meta name="vs_defaultClientScript" content="JavaScript" />
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5" />
<link rel="SHORTCUT ICON" href="themes/default/images/favicon.ico" type="image/vnd.microsoft.icon" />
<base id="baseElement" href="" runat="server" />
<link id="cssElement" rel="stylesheet" href="" runat="server" />
<!--[if IE]>
<style type="text/css">

Immediately your portal is rendered again as it should be 🙂

Portal
OWA

This is not a final solution for the problem, but until Citrix releases a fix for this issue it will do…

Regards
Ecki

May 15, 2008

CAG hotfix 4.5.7 Rev. A available

A few days ago, Citrix released the hot fix AG2000_v457 Rev. A. This release fixes a security issue found in all 4.5 releases of the Access Gateway. Fixes for Access Gateway 4.5.5, 4.5.6 and 4.5.7 are available for download.

Especially if you use the SSL VPN feature of the Access Gateway, it is recommended to install this fix as soon as possible.

The download and readme for CAG 4.5.7 Rev. A can be found here: CTX117123, Hot fix AG2000_v457 Rev. A

Regards
Ecki

May 7, 2008

AAC hotfix AAC450W003 and CAG hotfix 4.5.7 available

A few days ago, Citrix released the hotfixes AAC450W003 and hotfix AG2000_v457. Beside a couple of bug fixes, there are some really interesting things in these releases:

Hotfix AAC450W003 invalidates some parts of my last posting in “AAC tuning, part 3”. A couple of months ago, i asked Citrix to allow customers to change the caption of the RADIUS input box on the logon page. In my last article i showed a way to change the caption easily for RSA and SafeWord deployments and pointed out a way to change the text with a little script in case of another RADIUS solution. However this solution had some unwanted side effects and so i’m glad that Citrix came up with a solution for all deployments. The procedure described in the first section of “AAC tuning, part 3” stays valid but is now applicable for all RADIUS deployments too, given you installed hotfix AAC450W003 correctly.

Vista is now supported with AAC 4.5, but it is still beta. This means, that you are now able to check Vista clients through EPA-scans, provided by Citrix. My first tests have been successfull. CAUTION: If you use EPA-scans from EPAFactory/Accario you have to wait for an update from Accario to support AAC 4.5 HF03. This should be available around the 20th of Mai.

The list of supported AV scanner and personal firewalls has become a little longer. McAfee 8.5i, Symantec AVE 10.0, Symantec Endpoint Protection 11.0 and Trend Micro 8.0 are now officially supported at last.

The download and readme for AAC can be found here: CTX117123, AAC45W003

The download and readme for CAG 4.5.7 can be found here: CTX117123, Hotfix AG2000_v457

Regards
Ecki

November 15, 2007

Access Gateway hotfix 4.5.6

Citrix released HotFix 4.5.6 of the Access Gateway Standard, which eliminates another couple of bugs. Before the update to version 4.5.6 the number of connections from the Secure Access Client and Citrix Presentation Server Clients could be different in the Real-Time Monitor or on the Statistics tab in the Administration Tool. Another fix adresses this issue: When users are logged on to the Advanced Access Control option through the Access Gateway, when users logoff, the session is not disconnected. Users must manually disconnect by right-clicking the Secure Access Client and selecting Disconnect.

If the Access Gateway appliance is upgraded to version 4.5.6, and Access Gateway Advanced Edition with hotfix AAC450W001 is installed on a server in the internal network, users are prompted to install the ActiveX control each time a connection is created. Currently, the file web.config has the following at the end of the file:

<add key="SACCodebase" value="net6helper.cab#version=4,5,0,122" />
</appSettings/>
</configuration/>

The version number needs to be changed to the correct version and build number for 4.5.6, which is 4,5,6,111.

The full list of fixes and the download can be found here.

Regards
Ecki

September 17, 2007

Access Gateway hotfix 4.5.5 Rev. B

After the summer holidays and several very busy weeks, i have found the time again to carry on with these pages 🙂

Citrix released Revision B of the Access Gateway HotFix 4.5.5 today, which eliminates a couple of bugs. After the update to version 4.5.5 some CAG Standard installations experienced a freeze every 10 to 20 minutes or even worse 2 to 3 crashes/reboots a day. The “reason” for this behavior was the configuration of more than one STA on the CAG Standard. After the update to Rev. B this bug should be eliminated.

Additional fixes for the SAC roll out and the EPA download are included. Furthermore the SAC should close now more reliably in AAC deployments. The full list of fixes and the download can be found here.

Regards
Ecki

July 21, 2007

First Hotfix Rollup Pack for Presentation Server 4.5 available

On July 19th Citrix released the first Hotfix Rollup Pack for Citrix Presentation Server 4.5. This update comprises a couple of new features and options. Beside others, the main improvements are IMHO the following issues:

  • Microsoft Windows Vista/Office 2007 Compatibility Updates
  • Enhanced (16-, 32-, and 48-bit) Icon Support
  • Microsoft Office Live Preview Support

To get the fulll benefit of these compatibilityupdates, you must also deploy Version 10.100 or later of the Presentation ServerClient.

The download and aditional informations can be found here.

Regards
Ecki

AAC 4.5 update available

July 20.: Citrix yesterday released the Hotfix AAC450W001 for Citrix Access Gateway Advanced. This update comprises a couple of new features and options. Beside others, the main improvements are IMHO the following issues:

  • WANScaler integration (protocol and TCP optimizations through the SSL VPN client)
  • Support for Web-enabled Mobile Devices

Since a couple of security updates are comprised in this Package, administrators shouldn’t wait with installing this update.

The download and aditional informations can be found here.

Regards
Ecki

July 18, 2007

CAG 4.5.5 Update available

July 18.: Citrix released a Hotfix for Citrix Access Gateway. This hotfix is applicable to the Model 2000 and the Model 2010 appliance that supports the Access Gateway Standard Edition, Version 4.5 and Access Gateway Advanced Edition, Version 4.5. This update comprises a couple of new features and options. Beside others, the main improvements are IMHO the following issues:

  • Caching of one time passwords can now be disabled
  • WANScaler integration (protocol and TCP optimizations through the SSL VPN client)
  • Vista client support

Since a couple of security updates are comprised in this Package, administrators shouldn’t wait with installing this update.

The download and aditional informations can be found here.

Regards
Ecki

May 25, 2007

Vulnerability in Citrix Session Reliability service, CTX112964

A security flaw in the Citrix Presentation Server Session Reliability service has been found recently. The Session Reliability service is used by some Citrix products to improve user experience when connecting over unreliable networks. By sending a specifically crafted request to this service, an attacker could establish a TCP connection to any port on the local machine. This could be used by the attacker to bypass network security policies and remotely access local ports on the target machine.

This vulnerability is present in the following versions of Citrix products:

  • Citrix MetaFrame Presentation Server 3.0
  • Citrix MetaFrame Presentation Server 4.0
  • Citrix Access Essentials 1.0
  • Citrix Access Essentials 1.5

No other versions of Citrix Presentation Server, Citrix Access Essentials or Citrix Desktop Server are affected by this issue.

Customers running an affected product with the Session Reliability feature disabled are not affected by this issue.

Downloads for all languages are available here (CTX112964).

Regards
Ecki

April 20, 2007

Citrix Access Gateway v4.5.2 released

April 18. Citrix released Citrix Access Gateway (Standard and Advanced) v4.5.2. This update comprises a couple of interesting fixes. Beside others, the main improvements are IMHO the fixes of the following issues:

  • When the Secure Access Client is started from the desktop icon, the taskbar button displays “Shutting Down,” and the portal page is not displayed for a significant amount of time
  • Downloading files larger than 512 megabytes through the Access Gateway fail
  • When users attempt to log on using the Endpoint Analysis Client, they cannot log on if the Web site is not trusted
  • The Access Gateway fails when an invalid certificate is installed using the Administration Portal

A complete list of fixes and the download can be found here.

Regards
Ecki

|