IGEL Linux ========== Version 5.09.100 Release date 2016-03-16 Last update of this document 2016-03-16 The online Release Notes can be found at http://edocs.igel.com/index.htm#10204657.htm Registry Keys of parameters are listed there. Supported devices: IZ2-RFX, IZ2-HDX, IZ2-HORIZON IZ3-RFX, IZ3-HDX, IZ3-HORIZON UD2-LX 40, UD2-LX 31, UD2-LX 30 UD3-LX 50, UD3-LX 42, UD3-LX 41, UD3-LX 40, UD3-LX 31 UD5-LX 50, UD5-LX 40, UD5-LX 30 UD6-LX 51 UD9-LX Touch 41, UD9-LX 40, UD9-LX Touch 31, UD9-LX 30 UD10-LX Touch 10, UD10-LX 10 ============================================================================= Versions: ============================================================================= Clients: - Citrix Access Gateway Standard Plug-in 4.6.3.0800 - Citrix HDX Realtime Media Engine 1.8.0-258 - Citrix Receiver 12.1.8.250715 - Citrix Receiver 13.1.4.322630 - Citrix Receiver 13.2.1.328635 - Dell vWorkspace Connector for Linux 8.5.0 - Ekiga VoIP client 4.0.1 - Ericom PowerTerm 10.2.0.0.20150802.1-_dev_-34574 - Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848 - Ericom Webconnect 5.6.0.4000-rel.20413 - Evidian AuthMgr 1.4.5888 - FabulaTech USB for Remote Desktop 5.1.0_20151106 - Firefox 38.6.1 - IBM iSeriesAccess 7.1.0-1.0 - IGEL Legacy RDP Client 1.0 - IGEL RDP Client 2.2 - Imprivata OneSign ProveID Embedded - Leostream Java Connect 3.0.57.0 - NCP Secure Client (Enterprise) 3.25-rev23310-i686 - NX Client 4.6.16 - Open VPN 2.3.2 - Oracle JRE 1.8.0_74 - Parallels 2X Client 14.1.3452 - Remote Viewer 2.0 for RedHat Enterprise Virtualization Desktops - Systancia AppliDis 4.0.0.14 - Thinlinc Client 4.5.0-4930 - ThinPrint Client 7.0.65 - Totem Media Player 2.30.2 - Nimboxx VERDE Client 8.0.0-rel.25568 - VMware Horizon client 3.5.0-2999900 Dictation: - Driver for Grundig Business Systems dictation devices - Nuance Audio Extensions for dictation 7.47.0 - Driver for Olympus dictation devices - Legacy Philips Speech Driver 5.0.10 - Philips Speech Driver 12.3.21 Signature: - signotec VCOM Daemon 2.0.0 - Softpro/Kofax Citrix Virtual Channel 3.1.33.2 - StepOver TCP Client 1.0.0 Smartcard: - PKCS#11 Library A.E.T SafeSign 3.0.93 - PKCS#11 Library Athena IDProtect 623.07 - PKCS#11 Library Gemalto IDPrime 1.2.1 - PKCS#11 Library SecMaker NetID 6.3.0.50 - Reader Driver ACS CCID 1.1.1 - Reader Driver HID Global Omnikey CCID 4.0.5.5 - Reader Driver Identiv / SCM Microsystems CCID 5.0.35 - Reader Driver MUSCLE CCID 1.4.22 - Reader Driver Omnikey CCID legacy-3.6.0 - Reader Driver Omnikey RFID legacy-2.7.2 - Reader Driver REINER SCT cyberJack 3.99.5final.SP08 - Reader Driver Safenet / Aladdin eToken 8.1.0-4 - Reader Driver SCM Microsystems CCID Legacy 5.0.21 - Reader Driver SCM Microsystems SDI011 5.0.18 - Resource Manager PC/SC Lite 1.8.15 System Components: - Graphics Driver ATI lts-xenial-7.6.1 - Graphics Driver INTEL lts-xenial-2.99.917 - Graphics Driver VIA lts-vivid-5.76.52.92-009-005f78-20150730 - Kernel 3.19.8-ckt12 #49.55-ud-r1427 - Xorg X11 Server lts-wily-1.17.2 - Xorg Xephyr lts-wily-1.17.2 ============================================================================= Information: ============================================================================= IMPORTANT: This release integrates three Citrix Receiver versions: 12.1.8, 13.1.4 and 13.2.1. Only one of these versions can be active at a time. The Receiver version can be selected in IGEL Setup/UMS on page "Sessions->Citrix XenDesktop / XenApp->Citrix Receiver Selection". Citrix Receiver version 13.2.1 is used by default. ============================================================================= Known Issues: ============================================================================= [Citrix Receiver 13] - Randomly seamless application windows are displayed twice in a dual monitor setup. - Issues with Self-Service and Receiver 13.2.1: - After creating icons of published apps in the Self-Service window within a session to a XenApp server, they're not appearing anymore in a new session after logout. - It can happen that a blank Self-Service window appears after logon to a XenApp 6.5 server, when "Multi User" option is disabled. - Self-Service does not reconnect to apps and desktops. Workaround: Enable Receiver 13.1.4 [Citrix] - It can happen that the window of a published Firefox can get unusable when the window is maximized, then minimized and maximized again. This can also happen to other applications. Workaround: enable registry key ica.wfclient.twisetfocusbeforerestore with Citrix Receiver 13.2.1 [Firefox] - If socks- and http/ssl proxy is defined in the system wide setup, the browser uses the socks proxy. If it is defined in session specific setup, the browser prefers http/ssl proxy. - The checkbox „Do not prompt for proxy authentication if credentials are saved“ at IGEL Setup -> Sessions -> Browser -> Browser Global -> Proxy and IGEL Setup -> Sessions -> Browser -> Browser Sessions -> [Browser Session] -> Settings -> Proxy isn’t visible if the proxy configuration is set to “Auto-detect proxy settings for this network”. The corresponding setting can be either altered via the registry browserglobal.app.conv_proxy_autologin and sessions.browser[#Session].app.conv_proxy_autologin or by selecting another proxy configuration on which the checkbox is visible, changing the value and when switching back to “Auto-detect proxy settings for this network”. [VMware Horizon] - Remote Applications are not seamless in the strict sense. These are rather displayed in an extra window decorated by the TC's window manager. - If more applications defined and started in the same session, all are displayed inside this window. The default size of this window can be defined in the Window section of the Horizon session. - PCoIP user input language synchronization is currently broken. [Dell vWorkspace Connector] - Seamless applications exported from Win8/8.1 desktops show display errors when dragged to the screen edges. - With a dual monitor configuration flash redirected windows can appear on wrong screen. - After the start of a seamless session the window is initially maximized before being resized to the correct size. - Windows XP sessions might not work properly anymore. - Only standard 105 keys PC keyboards are supported. Not supported anymore: Trimodal, Sun Type 6 or IBM 122 keys. - Mapping of drives to a dedicated drive letter is not possible anymore. - If Com-port redirection is enabled all linux serial ports (/dev/ttySx) will be mapped. - If printer mapping is enabled all printers configured in CUPS are mapped. - For Multimedia Redirection sound redirection with WMV/WMA streams is not working. - USB Redirection may not work reliable. - Session starts only if RDP Local Logon Window (IGEL Setup->Sessions->RDP->RDP Global->Local Logon) is active. [Evidian AuthMgr] - Active Directory users with a password containing special characters may have problems to authenticate with the configured session. Known special characters which results in errors are: ` (grave accent, ASCII code 96) ´ (acute accent, ASCII code 239) [Universal MultiDisplay] - X-Sessions don't work with UMD currently. [Multimedia] - No Hardware Video Acceleration while playback of MPEG-1 videos on IGEL UD3-LX 50 (M340C) ============================================================================= Security issues: ============================================================================= - Fixed CVE-2016-0777 and CVE-2016-0778 by config option - Fixed glibc security issue CVE-2015-7547 - Fixed openssl security issues: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2016-0702, CVE-2016-0705, CVE-2016-0798 and CVE-2016-0799 - Fixed openssl0.9.8 issues: CVE-2015-3197, CVE-2015-3195, CVE-2016-0797 and CVE-2016-0800 (aka DROWN) ============================================================================= New features: ============================================================================= [Citrix] - Added Kerberos credential passthrough to the local browser proxy settings. You can now use the cached local logon user and the corresponding password for session-, global- and system-wide proxy authentication. Activation of this new feature at: Sessions -> Browser -> Browser Sessions -> [Browser Session] -> Settings -> Proxy, Sessions -> Browser -> Browser Global -> Proxy or Network -> Proxy, respectively. Note that a valid proxy realm needs to be registered to successfully activate the automatic proxy authentication. Please refer to http://edocs.igel.com/index.htm#5315.htm for more information on the manual proxy configuration. Registry keys: sessions.browser.app.conv_proxy_preset_cred.passthrough, default: disabled browserglobal.app.conv_proxy_preset_cred.passthrough, default: disabled. - Added parameter "Input Language" at IGEL Setup -> Sessions -> Citrix XenDesktop / XenApp -> HDX / ICA Global -> Keyboard to define the input language used within Citrix sessions. If this parameter is set to "default" (which is the case by default), the system-wide input language configurable at IGEL Setup -> User Interface -> Language is used. Note that this parameter has no effect if "ica.wfclient.useserverlocale" is active. Registry key: ica.wfclient.input_language [Citrix Receiver 13] - New Appliance Mode option: Citrix Self-Service NOTE: Self-Service needs at least Citrix Receiver version 13 - Self-Service delivery server URL: URL of the Self-Service Delivery server - Multi User: This allows the self-service UI to use one system user account for multiple users by removing user data from the device when users log off or close the UI. (works only with Citrix XenApp/XenDesktop 7.x Store) - Allow user to select sessions: Availability of the selection panel for sessions. - Reconnect after logon: Determines whether the self-service UI tries to reconnect to all sessions (for the selected store) immediately after logon or not. - Reconnect to apps after starting an application: Determines whether the Self-Service UI tries to reconnect to running sessions when an application is launched, otherwise the store will be refreshed. - Enable on-screen keyboard: If this option is enabled and the screen is a touchscreen, an on-screen keyboard will be shown. - x coordinate of on-screen keyboard: Specifies the X position of the on-screen keyboard. - y coordinate of on-screen keyboard: Specifies the Y position of the on-screen keyboard. - Width of on-screen keyboard in pixels: It is recommended that either the width or the height is specified. - Height of on-screen keyboard in pixels: It is recommended that either the width or the height is specified. Registry keys: xen.selfservice.* - New Session Mode: Citrix Self-Service Menu path: Setup -> Sessions -> Citrix -> Self-Service With the Self-Service , the user can find and launch published applications and desktops in a custom self-service GUI. NOTE: Self-Service needs at least Citrix Receiver version 13 Menu path: Setup -> Sessions -> Citrix -> Self-Service -> Server Use IGEL Setup for Citrix Self-Service : If this option is enabled, the Self-Service on this and the following setup pages can be configured. Configurable sessions are - Citrix XenApp 6.x or older (registry keys: ica.selfservice.browseraddress.*) - Citrix XenApp/XenDesktop 7.x Store (registry keys: ica.selfservice.browseraddress_store.*) - Citrix XenApp/XenDesktop 7.x Legacy Mode (registry keys: ica.selfservice.browseraddress_store_legacy.*) Menu path: Setup -> Sessions -> Citrix -> Self-Service -> Options Available options are: - Display Mode: Windowed or fullscreen. - Multi User: This allows the self-service UI to use one system user account for multiple users by removing user data from the device when users log off or close the UI. (runs only with Citrix XenApp/XenDesktop 7.x Store) - Allow user to select sessions: Availability of the selection panel for sessions. - Reconnect after Logon: Determines whether the self-service UI tries to reconnect to all sessions (for the selected store) immediately after logon. - Reconnect to apps after starting an application: Determines whether the Self-Service UI tries to reconnect to running sessions when an application is launched, otherwise the store will be refreshed. Registry keys for options: ica.selfservice.* Menu path: Setup > Sessions > Citrix > Self-Service > Desktop Integration - Login Session Name: Set the name of the session which shall be shown. - Starting Methods for Session: In the Launch options can be specified, how the session shall be made accessible. - As an option, a hotkey for starting the session can be specified. - Enable Autostart to start this session immediately after the system starts. Specify by how many seconds the session start shall be delayed when Autostart is used. Registry keys for the start session: sessions.selfservice0.* - Citrix HDX Hardware Acceleration for H.264-enhanced SuperCodec (i.e. used by Citrix HDX 3D Pro) - Added experimental support for hardware accelerated H.264 decoding: The hardware acceleration can be enabled with registry key ica.hw-accelerated-h264-codec. See http://edocs.igel.com/#10201440.htm for the list of supported devices. Limited functionality on UD3-LX 40/41/42 and UD10-LX: - HDX Hardware Acceleration does only work with 256 MB Video Memory or more. Video Memory must be adjusted in System Bios. The default is 128 MB. - Seamless window mode not supported. - Desktop sessions expanded over 2 monitors are not supported. - Desktop sessions on rotated screens may flicker. For the other devices: - Seamless windows flicker when placed between 2 monitors - Desktop sessions expanded over 2 monitors may show screen artefacts after the session was covered by another window. Prerequisites for the HDX Hardware Acceleration: - Usage of Citrix Receiver 13.1.4.322630 or 13.2.1.328635 - Licensed IGEL Multimedia Codec-Pack - Enabled "Hardware Video Acceleration" at IGEL Setup -> System -> Firmware Customization -> Features - Enabled "H.264 Deep Compression Codec" at IGEL Setup -> Sessions -> Citrix XenDesktop / XenApp -> HDX / ICA Global -> Codec -> Graphical Codec - Connect to a XenApp/XenDesktop server with active H.264 Display Mode: See http://support.citrix.com/article/CTX200370 how to determine the Display Mode. [XEN] - Improved Citrix XenDesktop appliance mode: Firefox browser loads initial XenDesktop page more reliably. [RDP/IGEL RDP Client 2] - Added possibility to use the In-Session Control Bar in a multi monitor session. [RD Web Access] - Added an autostart mechanism for Remote Apps at Setup -> Sessions -> RDP -> Remote Desktop Web Access -> Authentication -> Start following applications automatically, after server connection is established The mechanism accepts * as placeholder, and matches case insensitive. Registry key: rdp.rd_web_access.app_config.autostart_list (session names separated by |) [Firefox] - Updated Firefox to ESR 38.6.1. - Added registry key "browserglobal.app.ntlm.v1_legacy" to enable the NTLMv1 authentication scheme. This authentication scheme has been disabled with Firefox 30 due to security risks. Enable this parameter if you still need the old implementation of the NT LAN Manager network authentication, e.g. if your intranet application demands it. Registry key: browserglobal.app.ntlm.v1_legacy, default: disabled. - The local browser can now be even further customized. Simply add any parameter known to Firefox to the custom preferences table at: Sessions -> Browser -> Browser Global -> Advanced These custom preferences affect all browser sessions. Note that adding a custom preference which already got configured somewhere else in the IGEL Setup overrides the latter. An extensive list of possible parameters can be found in the Mozilla knowledge base: http://kb.mozillazine.org/About:config_entries. Registry keys: browserglobal.app.custom_config.* - Added parameter "Do not prompt for proxy authentication if credentials are saved" at: "Sessions -> Browser -> Browser Global -> Proxy" and "Sessions -> Browser -> Browser Sessions -> [Browser Session] -> Settings -> Proxy" to enable/disable auto-login for proxy authentication. If proxy credentials (realm, username and password) have been preconfigured either in the IGEL Setup or manually filled out within the local browser,<br> the browser won't bring up the authentication dialog for this particular proxy server again. This feature is activated by default. Turn this feature off to always ask the user for proxy credentials, e.g. in a multi-user setup. Registry keys: sessions.browser.app.conv_proxy_autologin, browserglobal.app.conv_proxy_autologin - Added possibility to let the local browser auto-detect proxy settings for the current network. See "Sessions -> Browser -> Browser Global -> Proxy" and "Sessions -> Browser -> Browser Sessions -> [Browser Session] -> Settings -> Proxy" For more information on this feature, please refer to the specification of the Web Proxy Autodetect (WPAD) Protocol. Registry keys: sessions.browser.app.conv_proxy_type, browserglobal.app.conv_proxy_type - Updated Flash Player download URL to version 11.2.202.577 [ThinLinc] - Updated ThinLinc Client to version 4.5 - Added parameter "Lock Local Devices Tab" in ThinLinc Session tab Registry: sessions.thinlinc.options.locklocaldevices, bool, default: true - Added parameter "Lock Security Tab" in ThinLinc Session tab: Registry: sessions.thinlinc.options.locksecurity, bool, default: true - Added parameter "Enable Smartard Readers" in ThinLinc General and Session tabs: Registry: thinlinc.smartcard_export_enabled, bool, default: false Registry: sessions.thinlinc.config.smartcard_export_enabled, bool, default: false [Genucard VPN] - Added wifi support for Genucard which includes creating, editing and deleting WPA/WPA2 wifi connections [Caradigm Appliance] - Integrated Caradigm Appliance Mode. Caradigm Appliance can be configured at IGEL Setup -> Appliance Mode -> Caradigm (registry keys: caradigm) New registry keys: - caradigm.custom_logo, default: None - caradigm.enabled, default: false - caradigm.log, default: false - caradigm.log_level: error - caradigm.session_type: ctx - caradigm.session_type_params.ctx_logout, default: user - caradigm.session_type_params.default_domain, default: None - caradigm.tapclient.ca_certs, default: /etc/ssl/certs/ca-certificates.crt - caradigm.tapclient.client_cert, default: /wfs/ca-certs/tc_ca.crt - caradigm.tapclient.client_key, default: /wfs/ca-certs/tc_pk.pem - caradigm.tapclient.disable_validation, default: true - caradigm.tapclient.disconnect_timeout, default: 30 - caradigm.tapclient.egp_group, default: EGPGroup - caradigm.tapclient.enable_logoff, default: false - caradigm.tapclient.force_exception_to_status_code, default: false - caradigm.tapclient.http_timeout, default: 30 - caradigm.tapclient.logger_conf, default: /services/caradigm/etc/tapclient/logging.conf - caradigm.tapclient.poll_interval, default: 2000 - caradigm.tapclient.vault_port, default: 8443 - caradigm.tapclient.vautl_vip, default: None - Added support for Citrix HDX/ICA A Citrix server must be configured at IGEL Setup -> Sessions -> Citrix XenDesktop/XenApp -> Citrix Storefront/Web Interface -> Server - Added support for On-Screen Keyboard in Caradigm Appliance Mode. On-Screen Keyboard can be configurated at IGEL Setup -> Appliance -> Caradigm (registry keys: caradigm.touchscreen) New registry keys: - caradigm.touchscreen.enable_sw_kbd, default: false - caradigm.touchscreen.softkeyboard_h, default: 300 - caradigm.touchscreen.softkeyboard_w, default: 0 - caradigm.touchscreen.softkeyboard_x, default: -1 - caradigm.touchscreen.softkeyboard_y, default: -1 [Evidian AuthMgr] - Updated Evidian AuthMgr to version 1.4.5888. Evidian AuthMgr sessions can be configured at IGEL Setup→Evidian AuthMgr→Evidian AuthMgr Sessions Registry keys: sessions.rsuserauth.* - Added support for RFID badge with PIN authentification. - Changed defaults: - An Evidian AuthMgr session starts automatically by default sessions.rsuserauth.autostart, default: enabled / disabled - No session icon will appear on the desktop by default sessions.rsuserauth.desktop, default: disabled / enabled [VoIP] - Updated VoIP client Ekiga to version 4.0.1. - New parameter: Sessions -> VoIP Client -> Preferences -> Save configuration changes made in the application registry: voip.ekiga.save_settings, default: true If this parameter is set, configuration changes made in the application at runtime are saved to IGEL Setup after application termination. [Remote Management] - Added Wake-on-LAN proxy functionality. A dedicated machine e.g. in a branch office can now act as a proxy for UMS WOL packets. This is useful if network boundaries prevent these packets from being delivered directly. New registry key: system.remotemanager.wol_proxy.enabled Type: bool, default: false If true the system is supposed to act as WOL proxy and therefore to run permanently. It then refuses to be suspended/shut down by the user and by UMS. [Network] - Support for mobile broadband connections has been added. This is currently restricted to the Huawei E3531 HSPA+ USB Stick. The stick is made to act as a modem. I.e. the stick's Huawei HiLink feature is not relevant. After plug-in the stick it takes about half a minute until it is ready for use. After configuration a connection is established and kept until the stick is removed, the thin client is shut down or set to standby. Connecting/disconnecting manually is not supported yet. The mobile broadband tray icon currently only indicates whether a connection has been established or not. I.e. the bars do not reflect signal strength. The stick seems to work better with a USB 2 connector than with a USB 3 connector. In this context it is important to ensure security, e.g. -by using a private APN supplied by the mobile broadband provider -or by using OpenVPN over the mobile broadband connection and by blocking traffic, that would bypass the VPN, with firewall rules. New registry keys: - network.interfaces.mobile_broadband.enabled Type: bool, default: false For security reasons the default is false. This must be set to true if mobile broadband shall be used. So far this is only accessible via Setup/System/Registry. At the moment at most one instance (=0) of the template parameters of network.interfaces.mobile_broadband.connection% is used. So far these parameters can be set via Setup/System/Registry (create instance 0 and set values there) or the context menu of the mobile broadband tray icon (see below) The parameters are similar to those offered by Ubuntu for a mobile broadband connection. - network.interfaces.mobile_broadband.connection%.sim.crypt_password Type: string, default: empty The PIN for the SIM card. If the PIN is not necessary the value should be set to "-". If this is left empty it can be entered later, just before a connection attempt is made. Other necessary connection parameters must be specified in advance. - network.interfaces.mobile_broadband.connection%.gsm.active Type: bool, default: false This must be set to true if the instance shall be used. - network.interfaces.mobile_broadband.connection%.gsm.user_defined Type: bool, default false This must be set to true if the instance shall be editable by the connection editor that can be accessed via the tray icon's context menu. - network.interfaces.mobile_broadband.connection%.gsm.connection_name Type: string, default: empty This is a string for information purposes (to distinguish connections when more than one is supported in the future). - network.interfaces.mobile_broadband.connection%.gsm.apn Type: string, default: empty The APN (Access point name) Ask the provider if this isn´t known. - network.interfaces.mobile_broadband.connection%.gsm.network_id Type: string, default: empty The Network ID. Ask the provider if this isn´t known. - network.interfaces.mobile_broadband.connection%.gsm.number Type: string, default: empty This is the number to dial, e.g. "*99#". Ask the provider if you don't know that. - network.interfaces.mobile_broadband.connection%.gsm.username Type: string, default: empty Ask the provider if this isn´t known. - network.interfaces.mobile_broadband.connection%.gsm.crypt_password Type: string, default: empty Ask the provider if this isn´t known. The following registry keys determine the behaviour of the tray icon and its context menu: - network.applet.modem.enable_trayicon Type: bool, default: true A network icon for a mobile broadband connection is shown only if this is true. - network.applet.modem.enable_context_menu Type: bool, default: true The context menu as a whole is shown if this is true. - network.applet.modem.enable_network_info_dialog Type: bool, default: true The context menu contains an entry for showing detailed information about the connection if this is true. - network.applet.modem.enable_connection_editor Type: bool, default: false The context menu offers an entry for configuring a mobile broadband connection if this is true. [Smartcard] - Improved IGEL Smartcard mode "without Locking Desktop": there is a new parameter IGEL Setup -> Security -> Logon -> IGEL Smartcard -> On Smartcard Removal, terminate: "all Sessions" or "Sessions originating from Smartcard" default value: all Sessions Previously always all sessions were terminated. Now with setting "Sessions originating from Smartcard" only those sessions will be terminated which are specified on the smart card. However for some session types always all sessions will be terminated. Registry key: scard.scardd.session_termination - Updated Smartcard Resource Manager PC/SC Lite to version 1.8.15 - Changed default value of parameter scard.pcscd.noserial to true. Serial numbers in reader names are suppressed resulting in shorter names. This prevents some applications failing with very long reader names. - Updated Open Source CCID smart card reader driver to version 1.4.22 newly supported readers: 0x03F0 0x114A Chicony HP USB Smartcard CCID Keyboard KR 0x03F0 0x124A Chicony HP USB Smartcard CCID Keyboard JP 0x03F0 0x164A Liteon HP SC Keyboard - Apollo (Liteon) 0x03F0 0x174A Liteon HP SC Keyboard - Apollo KR (Liteon) 0x03F0 0x184A Liteon HP SC Keyboard - Apollo JP (Liteon) 0x048D 0x1366 Generic MultiCard Device 0x04A4 0x00C7 Hitachi, Ltd. Hitachi Biometric Reader 0x04A4 0x00D4 Hitachi, Ltd. Hitachi Portable Biometric Reader 0x08E6 0x3440 GEMALTO CT1100 0x096E 0x0619 FEITIAN iR301 0x096E 0x061C FEITIAN iR301 0x096E 0x0624 Feitian bR301 BLE 0x096E 0x080A FT ePass2003Auto 0x0A89 0x0082 Aktiv Rutoken PINPad 2 0x0DB5 0x0160 Access IS NFC Smart Module 0x0DC3 0x1007 Athena ASEDrive IIIe KB Bio PIV 0x0DC3 0x1008 Athena ASEDrive IIIe Combo Bio PIV 0x1050 0x0404 Yubico Yubikey 4 CCID 0x1050 0x0405 Yubico Yubikey 4 OTP+CCID 0x1050 0x0406 Yubico Yubikey 4 U2F+CCID 0x1050 0x0407 Yubico Yubikey 4 OTP+U2F+CCID 0x14CD 0x8166 Rocketek RT-SCR1 0x163C 0x0406 WatchCNPC USB CCID Key 0x1976 0x0001 THURSBY SOFTWARE TSS-PK1 0x1A44 0x0875 VASCO DIGIPASS 875 0x1B0E 0x1079 BLUTRONICS BLUDRIVE II CCID 0x1FC9 0x0107 NXP Pegoda 2 N 0x20A0 0x4230 Nitrokey Nitrokey HSM 0x23A0 0x0003 BIFIT iToken 0x24DC 0x0101 Aladdin R.D. JaCarta 0x24DC 0x0102 Aladdin R.D. JaCarta LT 0x24DC 0x0201 Aladdin R.D. JCR-770 0x24DC 0x0401 Aladdin R.D. JC-WebPass (JC600) 0x24DC 0x0501 Aladdin R.D. JaCarta U2F (JC602) 0x24DC 0x100F Aladdin R.D. JaCarta Flash - Updated Identive / SCM Microsystems smart card reader driver to version 5.0.35 newly supported readers: 0x04E6 0x5701 Identive STC4 Dfu Adapter 0x04E6 0x5712 Identive SCR331 uTrust 2700 F 0x04E6 0x5723 Identive uTrust 4000 F DTC 0x04E6 0x5725 Identive uTRust 4711 F CL + SAM Reader 0x04E6 0x5726 Identive uTrust 4701 F CT_CL Reader 0x04E6 0x5813 Identive SCR3310 uTrust 2700 R 0x04E6 0x5814 Identive SCR3500 A Contact Reader 0x04E6 0x5815 Identive SCR3500 B Contact Reader 0x04E6 0x5818 Identive @MAXX Light2 token 0x04E6 0x5819 Identive @MAXX ID-1 Smart Card Reader 0x04E6 0x581B Identive uTrust 2910 R Taglio SC Reader 0x04E6 0x581C Identive SCR35xx USB Smart Card Reader - Updated REINER SCT smart card reader driver to version 3.99.5final.SP08. newly supported readers: 0x0c4b 0x0504 REINER SCT cyberJack go / go plus 0x0c4b 0x0505 REINER SCT cyberJack wave 0x0c4b 0x0506 REINER SCT cyberJack RFID cv 0x0c4b 0x0507 REINER SCT cyberJack RFID SoliSYSTEMS 0x0c4b 0x0412 REINER SCT cyberJack secoder TLS 0x0c4b 0x0485 REINER SCT cyberJack syonic 0x0c4b 0x0525 REINER SCT cyberJack wave BDr - Updated ACS CCID smart card driver to version 1.1.1 newly supported readers: 0x072f 0xb301 ACS ACR32 ICC Reader 0x072f 0xb304 ACS ACR3201 ICC Reader 0x072f 0x2232 ACS ACR1251K Dual Reader 0x072f 0x2242 ACS ACR1251 1S Dual Reader 0x072f 0x2238 ACS ACR1251 Reader 0x072f 0x223b ACS ACR1252 1S CL Reader 0x072f 0x223e ACS ACR1252 CL Reader 0x072f 0x223d ACS ACR1252 USB FW_Upgrade v100 0x072f 0x2244 ACS ACR1252U BADANAMU MAGIC READER 0x072f 0x223f ACS ACR1255U-J1 PICC Reader 0x072f 0x2239 ACS ACR1256U PICC Reader 0x072f 0x2211 ACS ACR1261 1S Dual Reader 0x072f 0x8205 ACS APG8201Z 0x072f 0xb200 ACS CryptoMate (T1) 0x072f 0xb106 ACS CryptoMate (T2) - Added HID Global Omnikey smart card reader driver BETA version 4.2.4 for testing. Note: This is a BETA driver for evaluation only and has not been fully qualified. To enable the driver, activate parameter scard.pcscd.omnikey_test_beta_driver in IGEL Setup Registry. [base system] - Updated IGEL system to Ubuntu version 14.04.3. - Updated kernel to Ubuntu version 3.19 49.55. - Updated IGEL Setup to version 5.1.28. - Passphrase for WPA(2) Personal is no longer visible in the setup when it has been provided by the UMS. - Added logging of Active Directory/Kerberos login and logoff events to Universal Management Suite. To enable this feature, activate parameter System -> Remote management -> Logging -> Log login and logoff events For this feature UMS version 5.02.100 or newer is required. Currently Active Directory/Kerberos login and logoff events and Shared Workplace logoff events are reported to UMS. - Added English(Australia) and English(New Zealand) keyboard layout and localization. - Added Welsh keyboard layout and localization. - Reworked mouse configuration in IGEL Setup: Now there are sliders for Double Click Interval and Double Click Distance configuration. - Enhanced In-Session Control Bar functionality (formerly known as "Common Toolbar"). It is possible now to select on which monitor the toolbar should appear. Additionally it is possible to enable/disable the toolbar globally or only for a specific session type. See Setup Page: Setup -> User Interface -> Desktop -> In-Session Control Bar - parameter: Start Monitor, default: automatic (show control bar on the monitor on which the session is located) Registry key: userinterface.igel_toolbar.xineramamonitor - new parameters: - Control Bar for RDP sessions (registry key: rdp.winconnect.enable-toolbar) - Control Bar for Citrix sessions (registry key: ica.enable-toolbar) - Control Bar for ThinLinc sessions (registry key: thinlinc.enable-toolbar) - Control Bar for NX sessions (registry key: userinterface.igel_toolbar.nx-enable) - Control Bar for Parallels 2X sessions (registry key: userinterface.igel_toolbar.2x-enable) [WiFi] - Updated driver for VIA VT6656 WiFi adapter. - WPA supplicant upgraded to v2.5 version. Added new configuration parameters: - Frequency Band: network.interfaces.wirelesslan.device0.band and network.interfaces.wirelesslan.device0.alt_ssid%.band - BSSID Whitelist: network.interfaces.wirelesslan.device0.bssid_whitelist and network.interfaces.wirelesslan.device0.alt_ssid%.bssid_whitelist The BSSID whitelist contains list of BSSID which were never marked in the blacklist. BSSIDs are separated by space characters. The new parameter are available in registry in the IGEL Setup Registry. [X11 system] - Enhanced Display Switch tool when used in "Minimal Dialog" mode, configurable at IGEL Setup -> Accessories -> Display Switch -> Options: - Made "Mirror" button configurable. Registry key: sessions.user_display0.options.show_mirror, default: enabled. - Made "Extend to the right" button configurable. Registry key: sessions.user_display0.options.show_extend_right, default: enabled. - Added "Extend to left" function. To disable this additional feature, use "Extend to the left" parameter. Registry key: sessions.user_display0.options.show_extend_left, default: enabled. - Added pivot function for display rotation. To enable this additional feature, use "Pivot buttons" parameter. Registry key: sessions.user_display0.options.show_pivot, default: disabled. - Added basic mouse options. It is now possible to quickly switch to lefthand mode or alter the mouse speed and double click time. To enable this additional feature, use "Mouse Options" parameter. Registry key: sessions.user_display0.options.show_mouse_options, default: disabled. [X server] - Updated Xorg server to Ubuntu Wily version 1.17.2 - Updated INTEL graphic driver to Ubuntu Xenial version 2.99.917 - Updated ATI/Radeon graphic driver to Ubuntu Xenial version 7.6.1 - Updated MESA (OpenGL drivers) to Ubuntu Wily version 11.0.2 [Multimedia] - Added support for AAC decoding. The AAC codec must be activated by Addon License. - Added Fluendo Video Acceleration plugin using Hardware Video Acceleration. The Hardware Video Acceleration is activated by default and can be disabled at IGEL Setup -> System -> Firmware Customization -> Features. See http://edocs.igel.com/#10201440.htm for the list of supported devices. - Updated H.264 decoder and MP3 decoder Fluendo plugins for Gstreamer 0.10: - fluh264dec 0.10.47 - flump3dec new 0.10.34 [Driver] - Updated Philips Speech Driver to version 12.3.21. - Updated signotec VCOM daemon for signature pads to version 2.0.0. - Added Synaptics Touchpad support to IGEL Linux firmware. [Hardware] - Added hardware support for IGEL UD3-LX 50 (M340C) - Added hardware support for IGEL UD9-LX 40 and UD9-LX Touch 41 (TC215B) [Java] - Updated Java Runtime Environment to 1.8.0_74 ============================================================================= Resolved issues: ============================================================================= [Citrix] - Fixed Citrix seamless windows not getting activated from the tasklist if they own a transient popup, e.g. a nested "Save" or "Open" dialog. - Fixed local logon appears with sepcified credentials for Citrix Sessions. - Fixed keyboard shortcut labels on page IGEL Setup -> Sessions -> Citrix XenDesktop / XenApp-> HDX / ICA Global -> Keyboard [Citrix Receiver 13] - Workaround for audio problem with Citrix Receiver 13: new parameter ica.module.clientaudiousethread in IGEL Setup Registry (default: true). Disable to switch back to audio redirection architecture of Receiver 12. This might help to workaround the following problems: - After few seconds the recorded voice is slowed down. - Playable sound gets stucked or misses parts. [RDP/IGEL RDP Client 2] - Fixed a drawing issue which affected multi-core CPUs in combination with RemoteFX. - Fixed setting RDP Custom Client Name. Previously the specified name was surrounded by quotes (') and names with space characters did not work. - Fixed text copy & paste issue in RDP Win7 sessions - Fixed a problem with keyboard input. The parameter "Override local window manager keyboard shortcuts" at: Setup -> Sessions -> RDP -> RDP Global -> Keyboard did not grab the keyboard as intended, and therefor no keyboard input was possible. Now everything should work like before. - Fixed reliability of Remote Apps over a TS Gateway connection. Previously some connection errors happened sometimes. - Fixed RDP clipboard when local TC clipboard is empty - Fixed a problem with server redirection on a 2012r2 Server, if RDP Security was used on a server collection and redirection happened. Previously there was an error message inside the session which stated: "The task that you are trying to perform can't be completed because Remote Desktop Services is currently busy" [RD Web Access] - Fixed parameter evaluation for Web Access sessions and Multipoint sessions. Previously some parameters appeared in the session configuration, even if the corresponding Setup parameter was disabled. - Fixed maximized window bounds for RD Web Access sessions with Win2008R2 servers. - Fixed missing windows in RD Web Access sessions with Win2008R2 - Fixed auto-reconnection for RDP remote apps. - Fixed connection sharing for different remote app collections. - Fixed Ctrl+Alt+Del for RDP remote apps. - Fixed NumLock function for RDP remote apps. - Fixed RDP remote app title bar double-click for maximization/unmaximization. [VMware Horizon] - Fixed bug in configuration tool which discarded device rules for USB redirection in Horizon View Client. [Quest vWorkspace] - Fixed printer redirection in app-portal sessions. [Firefox] - Fixed Firefox not to use fall back method 'Safe mode' anymore if it crashed three times in a row. This behavior led to a corrupt Firefox profile. - Fixed: If either the URL Input or the Navigation Toolbar is disabled (see IGEL Setup -> Sessions -> Browser -> Browser Sessions -> [Browser Sessions] -> Menus & Toolbars), the navigation arrows within the right-click context menu didn't work anymore. The same applied to the corresponding keyboard shortcuts for navigating back and forth. This has been fixed. - Fixed setting "Proxy Realm" to be internally preconfigured with "moz-proxy://[HTTP-Proxy]:[Port]" if the corresponding field in the IGEL Setup is left empty (see Sessions -> Browser -> Browser Sessions -> [Browser Session] -> Settings -> Proxy or Sessions -> Browser -> Browser Global -> Proxy or Network -> Proxy, respectively). - Fixed a bug where the automatic proxy configuration URL was not configured correctly. - Fixed handling of multiple tab browser start pages. - Removed parameters "Hide the status bar" and "Change status bar text" under IGEL Setup -> Sessions -> Browser -> Browser Global -> Content, or: IGEL Setup -> Sessions -> Browser -> [Browser Session] -> Settings -> Content Since Firefox 29, the status bar can't be manipulated anymore due to security concerns. Hence, these deprecated options have been removed. - Removed parameter "Hide status bar" at IGEL Setup -> Sessions -> Browser -> [Browser Session] -> Menus & Toolbars - Removed parameter "session.browser%.app.addon_bar_hidden" since addon bar has been removed in Firefox 38 ESR. - Fixed bug which allowed flash player installation from the UMS in cases where the license hadn't been accepted. [Network] - Fixed annoying network notification: When eth0 and wlan0 are activated and eth0 has no link and network.global.waitfor_interfaces is false then a final notification "No Link" should appear and disappear automatically (after a few seconds). The problem was: After that often there was another notification saying "No connection". This has been fixed. - Fixed wrong no-link-notification regarding second LAN-interface after resume from standby. [Smartcard] - IGEL Smartcard without Locking Desktop now is active only if none of the Logon modes is activated. Previously a combination of these modes caused malfunction in some situations. - Fixed termination of some session types when removing IGEL Smartcard in mode "without Locking Desktop". Some types of sessions like Task Manager, SSH Session etc. were not terminated before. - Fixed: RD Web Access sessions are not shown now in session list during IGEL Smartcard Personalization. - Fixed crash in smart card resource manager PC/SC Lite: when plugging a reader off and in again, in some cases the program crashed. This e.g. occurred with reader OMNIKEY CardMan 5021 CL. [Desktop] - Fixed 'Advanced startmenu' crashing upon opening it for the very first time. In some cases, the 'Advanced startmenu' remained empty if it was clicked too early. [base system] - IZ2 products running on an IGEL-D210 device limited to 5.09 firmware version. An update to firmware version 5.10.100 or higher is not possible anymore. - Fixed wake up from S3 system state by USB mouse: registry key system.acpi_wakeup.enabled must be enabled. The USB wake up from S3 feature must be also enabled in System BIOS. - Fixed wake up from S3 system state by USB mouse and keyboard on IGEL UD3-LX 42 (M330C), when connected to USB 3 port. - Fixed: When changing an expired password in the Active Directory/Kerberos logon mask, pressing Enter or Return key now will confirm the dialog. Previously these keys had no effect. - Fixed caps lock indicator in the login dialogs of the lock screen and the local login of RDP and VMware Horizon based sessions. In former images the caps lock indicator did not show the initial caps lock state. - Fixed: eGalax touchscreen devices can now be calibrated in multi-monitor setups without manually unpluging all additional monitors for the duration of the calibration. - Fixed high CPU load caused by VIA graphic driver. - Fixed missing localshell binary. [Driver] - Updated Philips Speech Driver to version 12.3.21. The following changes have been applied: - Volume Control in SEE also works for 3.5mm headphones - DPM4 works if USB Audio is disabled on the device - DPMMountd (with -u parameter) works on all devices - Updated signotec VCOM daemon for signature pads to version 2.0.0. The changes are: - support for signature pad "Gamma" - fixed a problem where in some situations the communication with the pad was disturbed [Storage Devices] - Fixed disk utility problem: Some devices, that the kernel marks not removable, were not displayed. - Improved handling of UniCard Reader New registry keys: - devices.hotplug.usb-storage.nodetach - devices.hotplug.usb-storage.messageconfig.silent Type: string, default: empty Both may contain a comma-separated list of hotplug product names. If unsure do "grep product: /var/log/messages" to find these names. The first parameter may be useful in situations where undesired effects occur when a device is selected for safe removal. When a device is in the list the operation is restricted to unmounting its volumes (i.e. no ejecting, detaching from the system, etc) The second parameter suppresses hotplug messages for products in the list. [X11 system] - Fixed a bug where touchscreen inputs were incorrect after the monitor configuration (e.g. rotations and multi-screen extensions) has changed. - Touchscreen devices now properly work in multi-head configurations with additional standard monitors. For IGEL devices like the UD9 and UD10 this works out of the box. For third party devices the correct connector of the touchscreen monitor must be configured in the Setup at IGEL Setup -> User Interface -> Input -> Touchscreen. The default value of this parameter is "Automatic". In this mode, the touchscreen connector is automatically set to the last entry in the internal list of connected output devices, which may not be always correct for all possible constellations. - Fixed caps lock indicator in the login dialogs of the lock screen and the local login of RDP and VMware Horizon based sessions. In former images the caps lock indicator did not show the initial caps lock state. - Fixed 180° rotation issue on some intel devices. - Fixed not showing newer XDMCP servers in XDMCP chooser. [X server] - Fixed Xephyr session crash when changing bell volume to 0 under Solaris 10. - Fixed missing character fonts problem with some Intel devices. - Fixed VIA slow performance with rotated screen (for example on UD3-LX40 & 41). [Windowmanager] - Fixed autostarted sessions loosing the focus directly after start. [Java] - Fixed: UMS-assigned java certificates are now restored at system start if needed [Remote Management] - Fixed unnecessary terminal settings transfer to the UMS which discards new settings if transfered at boot time. - Fixed: The UMS registry tool sends the "Structure Tag" correctly - Fixed: update flashplayer version while booting