IGEL Universal Desktop LX / IGEL Zero ===================================== Version 10.02.120 Release date 2017-04-25 Last update of this document 2017-04-25 Supported devices: IZ2-RFX, IZ2-HDX, IZ2-HORIZON IZ3-RFX, IZ3-HDX, IZ3-HORIZON UD2-LX 40 UD3-LX 50, UD3-LX 42, UD3-LX 41, UD3-LX 40 UD5-LX 50, UD5-LX 40 UD6-LX 51 UD9-LX Touch 41, UD9-LX 40 UD10-LX Touch 10, UD10-LX 10 ============================================================================= Versions: ============================================================================= Clients: - Citrix HDX Realtime Media Engine 2.2.100-949 - Citrix Receiver 13.3.2.366713 - Citrix Receiver 13.4.2.10146724 - Citrix Receiver 13.5.0.10185126 - Ericom PowerTerm 12.0.1.0.20170219.2-_dev_-34574 - Evidian AuthMgr 1.4.6132 - FabulaTech USB for Remote Desktop 5.1.3 - Firefox 45.8.0 - IBM iAccess Client Solutions 1.1.5.0 - IGEL RDP Client 2.2 - Leostream Java Connect 3.3.7.0 - NX Client 5.2.11 - Oracle JRE 1.8.0_121 - Parallels Client (32 bit) 15.5.2.16129 - Remote Viewer 5.0 for RedHat Enterprise Virtualization Desktops - Systancia AppliDis 4.0.0.17 - Thinlinc Client 4.7.0-5280 - ThinPrint Client 7.0.78 - Totem Media Player 2.30.2 - VMware Horizon client 4.3.0-4710754 Dictation: - Driver for Grundig Business Systems dictation devices - Philips Speech Driver 12.4.15 Signature: - signotec VCOM Daemon 2.0.0 - StepOver TCP Client 1.0.4 Smartcard: - PKCS#11 Library A.E.T. SafeSign 3.0.101 - PKCS#11 Library Athena IDProtect 623.07 - PKCS#11 Library cryptovision sc/interface 6.6.3.502 - PKCS#11 Library Gemalto IDPrime 1.2.3 - PKCS#11 Library SecMaker NetID 6.5.2.37 - Reader Driver ACS CCID 1.1.3 - Reader Driver Gemalto eToken 9.0.43 - Reader Driver HID Global Omnikey 4.2.4 - Reader Driver Identiv CCID 5.0.35 - Reader Driver Identiv eHealth200 1.0.5 - Reader Driver MUSCLE CCID 1.4.25 - Reader Driver REINER SCT cyberJack 3.99.5final.sp09 - Resource Manager PC/SC Lite 1.8.20 System Components: - Graphics Driver INTEL 2.99.917+git20160706-1ubuntu1 - Graphics Driver ATI/RADEON 7.7.1-1 - Graphics Driver ATI/AMDGPU 1.1.2-1 - Graphics Driver VIA 5.76.52.92-009-005f78-20150730 - Graphics Driver FBDEV 0.4.4-1build5 - Graphics Driver VESA 2.3.4-1build2 - Input Driver Evdev 2.10.1-1ubuntu2 - Input Driver Elographics 1.4.1-1build5 - Input Driver eGalax 2.5.5814 - Input Driver Synaptics 1.8.2-1ubuntu3 - Input Driver Vmmouse 13.1.0-1ubuntu2 - Input Driver Wacom 0.32.0-0ubuntu3 - Kernel 4.4.49 #67.88-ud-r1726 ============================================================================= Information: ============================================================================= The following clients and features are not supported anymore: ============================================================================= - Citrix Receiver 12.1 and 13.1 - Citrix Access Gateway Standard Plug-in - Dell vWorkspace Connector for Linux - Ericom PowerTerm Emulation 9 and 11 - Ericom Webconnect - IGEL Legacy RDP Client (rdesktop) - Virtual Bridges VERDE Client - PPTP VPN Support - IGEL Upgrade License Tool with IGEL Smartcard Token - Remote Management by setup.ini file transfer (TFTP) - XC Font Service - Remote Access via RSH - Legacy Philips Speech Driver - Digital Persona Support - Sane Scanner Support - Softpro/Kofax Citrix Virtual Channel - t-Systems TCOS Smartcard Support - DUS Series touch screens - Elo serial touch screens - Hampshire TSHARC touch screens - IGEL Smartcard without locking desktop - Video Hardware Acceleration Support is discontinued on UD3-LX 42, UD3-LX 41, UD3-LX 40 (M320C/M330C) and UD10-LX Touch 10, UD10-LX 10 - H.264 Hardware Acceleration Support is discontinued on UD3-LX 42, UD3-LX 41, UD3-LX 40 (M320C/M330C) and UD10-LX Touch 10, UD10-LX 10 - Storage Hotplug devices are not automatically removed anymore, instead they must be always ejected manually: - by panel tray icon - by an icon in the "In-Session Control Bar" ("In-Session Control Bar" configurable at IGEL Setup -> User Interface -> Desktop) - by a "Safely Remove Hardware" session (configurable at IGEL Setup -> Accessories) ============================================================================= The following clients and features are not available in 10.02.120: ============================================================================= - Imprivata Appliance - Voip Client Ekiga - X session (Xorg Xephyr) - XDMCP - Olympus dictation devices (does not apply to pedals and mobile devices) - Nuance Audio Extensions for dictation - Diktamen - Cherry eGK Channel - Open VPN Smartcard Support - NCP Secure Client - LTE / Mobile Broadband Support - TCP/IP Printing - Asian Input Methods - Composite Manager - VIA fallback driver ============================================================================= Known Issues: ============================================================================= [Citrix] - Flash redirection is not working. [RDP/IGEL RDP Client 2] - EVOR video redirection does not work in 10.02.100: Workaround the issue by disabling: Sessions -> RDP -> RDP Sessions -> [session name] -> Multimedia -> Enable Video Redirection or by disabling: Sessions -> RDP -> RDP Global -> Multimedia -> Enable Video Redirection [Smartcard] - Active Directory Logon with Smartcard: Smartcard Removal Action "Lock Thin Client" does not work. ============================================================================= IGEL Linux 10.02.120 (stable build based on 10.02.100) ============================================================================= ============================================================================= New features: ============================================================================= [Applidis] - Enhanced option handling ============================================================================= Resolved issues: ============================================================================= [Base system] - Fixed problem with bootorder setting (EFI only) on mmc block based devices. - Fixed device not booting if no network connection is available and no settings have been made yet (i.e. after first boot or reset to factory defaults). [X11 system] - Fixed non working touchscreen calibration. - Fixed not saved touchscreen calibration over reboot. [Remote Management] - Added download of custom wallpaper and bootsplash in ICG agent. ============================================================================= IGEL Linux 10.02.100 ============================================================================= ============================================================================= New features: ============================================================================= [Citrix] - Updated Citrix HDX RTME (Skype for Business Optimization) to 2.2.100-949. - Added basic support for CID (Certificate Identity Declaration) with SecMaker smartcards. For this feature Citrix Receiver 13.4 or newer is required. To enable the feature activate the following parameter in the registry: parameter name: ica.authman.cid default value: false - Added SecMaker Net iD browser plugin. Activate in IGEL Registry, parameter: browser_plugin.secmaker.netid default value: false [Citrix Receiver 13] - Support for lossless features in hardware accelerated Citrix deep compression codec: "Text tracking" and "small frames" - Integrated Citrix Receiver 13.4.2 - Integrated Citrix Receiver 13.5.0 [RDP/IGEL RDP Client 2] - Added the Desktop Scale Factor option to change the RDP session scale: * "Sessions -> RDP -> RDP Global -> Window -> Desktop Scale Factor" * "Sessions -> RDP -> RDP Sessions -> (session) -> Window -> Desktop Scale Factor" [NX client] - NoMachine NX Client updated to version 5.2.11 [VMware Horizon] - Updated Horizon Client to version 4.3.0 - Added possibility to prevent the user from editing the (predefined) user name in the local login window for Horizon. Parameter: vmware.login.username_editable default: true [Parallels Client] - Updated Parallels 2X Client to version 15.5.2 * Added new setup parameter "Adaptive RemoteFX (RDP 8.1)" at "Setup -> Sessions -> Parallels Client Sessions -> [session name] -> Experience". Registry key: sessions.twox.experience.remotefx_adaptive (bool, default: true) This parameter enables the RemoteFX Progressive and H.264 (RDP 8.1) Parallel 2X options to enhance end-user experience. * Added new registry parameter "Use all monitors for Desktop session (if applicable)" Registry key: sessions.twox.advanced.all_monitor_for_desktop (bool, default:false) This parameter enable the extend to all monitor feature when connection to remote desktops. [Power Term] - New Ericom PowerTerm version 12.0.1.0.20170219.2-_dev_-34574. [IBM_5250] - Added IBM iAccess Client Solutions 5250 emulation version 1.1.5.0. Configuration can be done in IGEL Setup under "Sessions->IBM iAccess Client". For further information, please refer to the edocs section or the documentation provided in the client at "Help -> Information Center". [Leostream Java Connect] - Integrated Leostream Connect Client version 3.3.7.0. [Firefox] - Updated Firefox to version 45.8.0 ESR. - Updated Adobe Flash Player to version 25.0.0.148. - Added restart-after-idle configuration for browser sessions: configurable at "Setup -> Sessions -> Browser -> Browser Sessions -> [session name] -> Settings -> Restart". It's possible to configure the idle timeout in minutes or seconds. Registry keys: * sessions.browser.app.restart_timeout_enabled * sessions.browser.app.restart_timeout * sessions.browser.app.restart_timeout_unit [Network] - Added registry keys to influence EAP authentication attributes. These settings are for experts only. * network.interfaces.wirelesslan.device0.wpa.phase1_direct * network.interfaces.wirelesslan.device0.wpa.phase2_direct * network.interfaces.wirelesslan.device0.alt_ssid%.wpa.phase1_direct * network.interfaces.wirelesslan.device0.alt_ssid%.wpa.phase2_direct * network.interfaces.ethernet.device%.ieee8021x.phase1_direct * network.interfaces.ethernet.device%.ieee8021x.phase2_direct These are all of type string and their default value is empty. The values directly affect the phase1/phase2 settings for wpa_supplicant. Documentation can be found here: https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf Radius server vendors should be able to advise users about what they might try. In some customer environments wpa_supplicant 2.1 has worked but later versions 2.5 and 2.6 have not. The main goal of these keys is to enable the customer to make the new wpa_supplicant behave like the 2.1 version. One major difference is usage of TLS 1.2 in authentication involving PEAP. In order to enforce a different version of TLS, phase1-direct can e.g. be set to "tls_disable_tlsv1_2=1" - SCEP: OpenSSL's default behaviour regarding encoding of CSRs has changed. Therefore a new registry key has been added to explicitly specify the string_mask option for CSR creation: network.scepclient.cert%.string_mask Type: string Default: "default" (This currently results in the traditional behaviour.) See OpenSSL documentation concerning CSR creation for possible alternative settings. [WiFi] - New registry keys: * network.interfaces.wirelesslan.device0.wpa.passphrase_crypt_password * network.interfaces.wirelesslan.device0.alt_ssid%.wpa.passphrase_crypt_password These are used for storing encrypted WPA Personal passphrases. The keys without _crypt_password suffix, that have stored cleartext passphrases, still exist to preserve compatibility with old UMS versions. New software will use the new keys and delete values of the old keys, when changes are made. Usage of UMS 5.06.100 or higher is needed. - Added driver support for TPLink ArcherT4U. - Added driver ath10k. This supports various QCA98xx devices (not tested). [AppliDis] - Intergated Systancia AppliDis client version 4.0.0.17. [Smartcard] - The feature "IGEL Smartcard without locking desktop" will not be supported in Linux 10 any more. - Added IGEL Smartcard personalization tool. - Added driver for smartcard reader Elatec TWN4 CCID (USB 0x09D8:0x0425) - Added domain white list for certificates on smartcard. This list is used to filter certificates for login with smartcard to Legacy ICA sessions when the local login window is active. Parameter (in Registry): scard.pkcs11.domain_whitelist default value: (empty) The value is a comma separated list of domains. If the first character of the domain is '*', then all domains which end with the given name match, e.g. example.com, *.example2.com - Updated SecMaker Net iD to version 6.5.2.37. This version supports Citrix CID (Certificate Identity Declaration). - Updated PC/SC Lite to version 1.8.20. [CUPS Printing] - Added support for cups lpd. [Application Launcher] - The Application Launcher now shows the username of the logged-in user. This new feature is enabled by default if 'Local Logon' is configured and can be disabled by switching off the parameter 'auth.login.show_username'. - Added capability to copy values from the about page by performing a right mouse click. - Updated the Application Launcher's 'About' page. This includes several UI changes and improved functionality. It is now possible to lookup the network status on this page. [Base system] - Added IGEL Setup Assistant for configuring the device initially. This tool allows to set the UI language, keyboard layout, timezone, date and time, establish an ICG connection and in case that the underlying device is an UD pocket demo stick, to retrieve an evaluation license. The agent only shows up if the device hasn't been configured so far, e.g. neither has the local IGEL Setup been used so far nor has a connection to the UMS been established. - Updated kernel to Ubuntu version 4.4.0-67.88. - Added notification after a successful bootcode update. - Reworked custom bootsplash: It is now possible to define the style of the custom bootsplash. If it is set to "Original", the custom bootsplash image is display in the center of the primary display with its original resolution. The other options behave similar to the desktop wallpaper style. Moreover, the former hidden registry keys for the background color and progress indicator size have been added to the corresponding setup section. - Custom wallpaper and/or custom bootsplash are restored automatically in case of absence, e.g. after a system recovery. - Removed "UDC automatic license deployment server" feature. - Changed session network notification from dialogue to pop-up notification. - Added option to completely disable the session related network notification. Configurable at Setup -> Sessions -> Global Session Options -> Network notification on session start. Registry key: userinterface.sessions.network-notification-enabled - Bluetooth Tray enhanced with new icon states: * bluetooth device paired * bluetooth scan for devices - Some devices were affected by a license issue before being able to upgrade to IGEL Linux 10. These devices can't be downgraded to a firmware version lower than 10.02.100. A corresponding error message is shown in case that the particular device is affected by this downgrade lock. - New registry key: "custom_partition.%source.crypt_password" This is used for storing encrypted password. The key without crypt_ prefix, that have stored cleartext password, still exist to preserve compatibility with old UMS versions. New software will use the new key and delete value of the old key, when changes are made. Usage of UMS 5.06.100 or higher is needed. - Added setup option to delay session start until new UMS settings have been applied. This behavior can be configured at Setup -> Sessions -> Global Session Options or Setup -> System -> Remote management -> Options: * Parameter "Delay session start at boot time to apply new UMS settings", registry key: userinterface.sessions.wait-for-ums-config (default: disabled) * Timeout parameter, registry key: userinterface.sessions.wait-for-ums-config-timeout (default: 10s, only relevant if option above is enabled) - Removed AVAHI daemon. - Removed vWorkspace post session command selection, this client is not supported anymore in Linux 10. - Instead of IBM iSeriesAccess client the new iAccess client is now supported in post session command configuration. [Driver] - Added Citrix and RDP Virtual Channels for DriveLock USB Device Control. Enable for Citrix in IGEL Setup page Sessions->Citrix XenDesktop/XenApp->HDX/ICA Global->Mapping->Device Support, parameter DriveLock Channel. Enable for RDP in IGEL Setup page Sessions->RDP->RDP Global->Mapping->Device Support, parameter DriveLock Channel. - Added Philips Dictation Driver 12.4.15. Enable Philips Speech Channel for Dictation in IGEL Setup page "Sessions -> Citrix XenDesktop/XenApp -> HDX/ICA Global -> Mapping -> Device Support (Citrix)" or "Sessions -> RDP -> RDP Global -> Mapping -> Device Support (RDP)". Also supports SpeechMike Premium Touch and SpeechAir. [X11 system] - Active notifications get now arranged after a notification has been closed. - Updated Mesa to current xenial version 12.0.6. - Added registry key x.drivers.intel.use_tear_free (default false) which can be activated to avoid tearing artefacts. [Window manager] - The IGEL start menu now shows the username of the logged-in user. This new feature is enabled by default if 'Local Logon' is configured and can be disabled by switching off the parameter 'windowmanager.wm0.variables.startmenu.show_username'. - Active section in start menu is now colored dynamically based on the configured theme. If the theme is optimized for dark color, the active section is highlighted slightly lighter and vice versa in case of a light theme. [Multimedia] - Updated Fluendo multimedia codecs. [Java] - Updated Oracle JRE to 1.8U121. [Remote Management] - Added setup option for configuring notifications regarding new UMS settings. If new settings from UMS are available during boot, the user was prompted if the settings shall be applied or not. This behavior is now configurable with the following registry keys: * userinterface.rmagent.enable_usermessage_on_boot (default: enabled) * userinterface.rmagent.message_timeout_on_boot (default: no timeout) * userinterface.rmagent.message_default_action (default: apply) These settings may also be modified on the setup page "Sessions -> Global Session Options" or alternatively "System -> Remote Management -> Options". - Implemented the new IGEL Cloud Gateway protocol version 2. The implementation isn't compatible with the old protocol and requires UMS 5.06.100 or higher. [IGEL Cloud Gateway] - Added support for IGEL Cloud Gateway. - Implemented the new IGEL Cloud Gateway protocol version 2. The implementation isn't compatible with the old protocol and requires UMS 5.06.100 or higher. ============================================================================= Resolved issues: ============================================================================= [Citrix] - Fixed changing citrix receiver in appliance mode - Hardware accelerated H.264 deep compression codec is working properly with Citrix Receiver 13.4.1. See http://edocs.igel.com/#10205128.htm how to enable hardware acceleration. - Fixed: The logoff dialog (which shows up when logging off while a session is still running) has three buttons (Cancel, Disconnect, Logoff). Instead of the expected behavior, clicking on the logoff button had no effect, i.e. the session just continued running. Now the parameter "ica.wfclient.logoffdesktopthrotwi" in setup's registry is set to true by default. This means that the logoff button will log the user off and end the running session, just as it should. To retain the old behavior, set the parameter back to false. This parameter has no effect on the disconnect button, which just continues to do what the name suggests. - Fixed an issue with audio bandwidth limit, new registry parameter ica.wfclient.audiobandwidthlimit - Fixed power button function while in the local login screen, the screen is locked and in XenDesktop Appliance Mode login screen. - Citrix StoreFront / Web Interface: Fixed application autostart. - Fixed logging of logoff events to UMS User Login History at shutdown or suspend. - Citrix session login window with smartcard authentication translated correctly to german. - Fixed password change over Netscaler. - Fixed local logon with disabled show domain. Local logon uses domain entries from ica session or Citrix global config correctly. - Fixed problem with user names containing '. They are now handled correctly in Citrix XenApp/StoreFront logon. - Fixed reading Gemalto IDPrime smartcards with IDGo800 User Tool inside Citrix ICA sessions. [Citrix Receiver 13] - Fixed StoreFront logon with smartcard - Fixed application startup failure with Citrix StoreFront / Web Interface: 20-30 minutes after logon application startup failed with error message "no server connection configured". [RDP/IGEL RDP Client 2] - RDP multi monitor sessions now also work, when the multiple screens are configured via the "Display Switch" dynamically. - Fixed printer mapping: a mapped printer is set as default printer inside the session, if and only if it is the default printer on the thin client. Before this fix the first mapped printer was set as default printer. - Fixed RDP multipoint server scan. - Fixed problem with graphical window fragments in RDP sessions to server 2012R2. - Fixed logon with smartcard or token. Before this fix reconnecting to a disconnected session could fail sporadically. - Fixed RDP drawing issues with non-RemoteFX remote app sessions. - Fixed RDP desktop scaling setting: The server side desktop scaling setting takes precedence, if the TC desktop scaling setting is set to 100%. [VMware Horizon] - Fixed Onscreen keyboard configuration in VMware Horizon appliance mode. - Fixed Thinprint printer redirection support. - Fixed crash when using Windows Media MMR. - Fixed issue where FIPS-mode was not properly enabled in Horizon Client. - Fixed Horizon logon with smartcard. [Power Term] - Fixed host name substitution when specifying %h in parameter 'Device Name' in IBM 5250 emulation and parameter 'LU Name' in IBM 3270 emulation. Before this fix the substituted value was "localhost" after boot. - Fixed input of Euro sign in IBM 5250 Display emulation with 'Host Code Page' supporting Euro, e.g. 1141. [Firefox] - Fixed the use of smartcards in Firefox browser. [Network] - Fixed ssh sessions not working after reboot. - Fixed not being able to specify the port for SSH sessions. [WiFi] - Improved support for D-Link "dwa171 rtl8821au" [genucard VPN] - Fixed incorrect network status on the client when using the genucard without having another physical connection. E.g. this happened when only the genucard was connected via USB, but no other ethernet cable was connected to the client. In this case, sessions that need network could not be started. [Smartcard] - Fixed a problem with Kerberos Logon with smartcard, where logon was failing with message "Invalid Logon". - Added missing parameter "scard.pcscd.omnikey_mhz_required". Configuration of this parameter is necessary e.g. for DATEV smartcards. - PC/SC Lite: Improved stability and fixed protocol errors. - Fixed detection of smartcard readers (e.g. Kobil mIdentity) to be useable with DATEV Sicherheitspaket V4.3 and DATEV Sicherheitspaket compact V3.2 within RDP sessions. [Application Launcher] - Fixed Application Launcher starting multiple times if the restart option was set. [Base system] - Fixed post session command configuration and handling. - Fixed start of screen lock in legacy start menu. - Fixed an issue where a previously configured custom bootsplash couldn't be deactivated while a custom wallpaper was set. - Fixed USB access control crashing systems which were booted from USB device, when new settings were applied. - Fixed a bug where active windows could be seen through the border of the lock screen. - Fixed delayed start of some applications in some situations, e.g. application launcher. - Fixed emergency boot. - Fixed In-Session Control Bar positioning for single screen sessions on second monitor of multi monitor setups. - Fixed In-Session Control Bar after display resolution or monitor placement changes. - Fixed the In-Session Control Bar not shown for some session types. - Fixed a bug where changes to the taskbar background haven't been applied instantly. - Fixed automatic update of custom partition at boot time. [Storage Devices] - Fixed memory hotplug devices only working for the first user of a local logon session. [Appliance Mode] - Ctrl+Alt+F2 now starts the IGEL setup also in the RDP Multipoint appliance mode. - Fixed toolbar not appearing in Citrix Self-Service appliance mode. - Fixed startup of various appliance mode sessions. [X11 system] - Fixed showing folder structure in the legacy start menu, when the first folder contains no application. - Fixed undecorated softkeyboard when it was switched off and on again. - Fixed login and lock screen focus issues when the screensaver + DPMS is activated. - Fixed wrong focus of Citrix fullscreen session when returning from screen lock. - Fixed the softkeyboard tray icon look. - Fixed desktop not being shwon on Dell P2217 monitor. [Window manager] - Fixed unfunctional panel with active screen lock. - Fixed issues with focus setting after booting. - Fixed IGEL start menu while a message or info dialog is shown. - Fixed start menu not opening on the first click after "Show Desktop" was used. - Fixed panel behavior when it is enabled in login and lock screen, but disabled on normal desktop - Fixed missing 'Safely remove USB hardware' icon in the IGEL Light theme. - Fixed layout of action buttons within popup notifications. - Fixed window focus issues which disabled the power button or any other keyboard shortcut to function as expected. - Fixed missing translations of some tooltips (e.g. 'About', 'Reboot', 'Shutdown') in the start menu. - Fixed workarea mode for Citrix sessions. - Removed top highlight border from maximized windows. [Shadowing/VNC] - Fixed start of VNC Server for shadowing, if remote management is disabled. [Audio] - Fixed Playback Volume Control in UD3/IZ3 (IGEL M340C). - Fixed headphone output in IGEL UD6/UD5 (IGEL H830C) [Caradigm] - Fixed Caradigm disconnect timeout handler for Horizon View and RDP sessions. [Evidian] - Fixed an issue where a VMware Horizon session via the RDP protocol automatically tried to reestablish the connection after terminating intendedly. - Fixed an issue where a VMware Horizon session always used 'Autoconnect' independent of the connection setting under the corresponding Horizon session. [Java] - Fixed Java (webstart) applications not being able to launch the local browser by using the desktops url-handler. [Remote Management] - Fixed CPU speed detection when CPU power management is active. - Fixed status reporting for downloaded files. [IGEL Cloud Gateway] - Improved check of the SSL certficate chain in ICG agent.