Alerts     Sign In
Rate this Article:
You must be signed in to rate again
 Article Feedback Print View
Alternate Languages: N/A

Access Gateway Enterprise Edition 8.0, Maintenance Build 49.2

Document ID: CTX115242   /   Created On: Nov 13, 2007   /   Updated On: Nov 13, 2007
Average Rating: not yet rated
Download Access Gateway readme.zip

Maintenance build readme name: AGEE_8_0_49_2.HTML
Maintenance build package name: build_andes_49_2.tgz
For: Access Gateway, 8.0 Enterprise Edition, Build 49.2
Replaces: Access Gateway, 8.0 Enterprise Edition, build_andes_48.7.tgz
Date: November, 2007
Language supported: English (US)
Readme version: 1.0

Installing this Maintenance Build

The latest version of the Access Gateway Enterprise Edition software can be downloaded from the MyCitrix Web site.

To download the Access Gateway software from MyCitrix.com

  1. Go to the Citrix Web site, click MyCitrix, and log on.
  2. At the top of the Web page, click Download and then click Product Software.
  3. Click Citrix Access Gateway > Enterprise Edition - Appliance Firmware to start the download.
  4. Follow the instructions on the screen.

When the software is downloaded to your computer, you can install the software using the Upgrade Wizard in the Configuration Utility or the command line interface.

To install the maintenance build using the Upgrade Wizard

  1. In the Configuration Utility, in the left pane, click System.
  2. In the right pane, click Upgrade Wizard.
  3. Click Next and follow the directions in the wizard.

To install this maintenance build using the command line interface

  1. To upload the software to the Access Gateway, use a secure FTP client to connect to the appliance.
  2. Copy the software from your computer to the /var/nsinstall directory on the appliance.
  3. Open an SSH client to open an SSH connection to the appliance.
  4. At a command prompt, type shell.
  5. At a command prompt, type cd /var/nsinstall to change to the nsinstall directory.
    To view the contents of the directory, type is.
  6. To unpack the software, type tar –xvzf build_X_XX.tgz where build_X_XX.tgz is the name of the build to which you want to upgrade.
  7. To start the installation, at a command prompt, type ./installns.
  8. When the installation is complete, restart the Access Gateway.
  9. When the Access Gateway restarts, at a command prompt type what or show version to verify successful installation.

Where to Find Documentation

This document describes the issue(s) solved by this build and includes installation instructions. For more information, see your product Administrator's Guide located on the product CD or installed on your servers. The guide is in an Adobe Portable Document (PDF) format file. To view, search, and print the documentation, you need Adobe Reader 5.0.5 or later with Search. You can download Adobe Reader for free from the Adobe Web site at http://www.adobe.com.

All product documentation is also available from the Citrix Web site at http://www.citrix.com/support.

New Features in this Release

Client Choices

With the client choices option, users have the option to log on using either the Secure Access Client or the WebInterface from one Web page after successful authentication to the Access Gateway. Users are presented with two icons andusers can choose which method they want to use to connect to the Access Gateway.

The Client Choices feature can be used without using endpoint analysis or implementing access scenario fallback. If a client security expression is not defined, users receive connection options for both the Secure Access and the Web Interface. If a client security expression exists for the user session and the client device fails the endpoint analysis scan, the choice page offers only the option to use the Web Interface.

Client choices are configured using a session profile and policy. It can then be bound globally, to a virtual server, to groups, or to specific users.

To configure client choices options globally

  1. In the Configuration Utility, in the left pane, click SSL VPN and click Global.
  2. Under General, click SSL VPN global settings.
  3. Under Client Experience, click Advanced.
  4. On the General tab, click Client Choices and click OK twice.

Access Scenario Fallback

SmartAccess allows the Access Gateway to determine automatically the methods of access that are allowed for a client device based on the results of an endpoint analysis scan. Access scenario fallback further extends this capability by allowing a client device to fall back from the Secure Access Client to the Web Interface (using Citrix Presentation Server Clients) if the client device does not pass the initial endpoint analysis scan.

To enable access scenario fallback, you configure a post-authentication endpoint analysis scan that decides whether or not users receive an alternative method of access when logging on to the Access Gateway. This post-authentication endpoint scan is defined as a client security expression that is configured either globally or as part of a session profile. If you are configuring a session profile, it is associated to a session policy that is then bound to a group. When this is enabled, the Access Gateway initiates an endpoint analysis scan after user authentication. The results for client devices that do not meet the requirements of a fallback post-authentication scan are as follows:

  • If Client Choices is enabled, users can log on using the Web Interface only.
  • If Client Choices is disabled, users can be quarantined into a group that provides access only to the Web Interface.

The following combination of settings must be configured for the access scenario fallback:

  • Define client security parameters for the fallback post-authentication scan
  • Define the Web Interface home page
  • Disable client choices

If client devices fail the client security check, users are placed into a quarantine group that allows access only to the Web Interface and published applications.

To create a quarantine group

  1. In the Configuration Utility, in the left pane, click Groups and in the right pane, click Add.
  2. In Group Name, type a name for the group, click Create and click Close.

Important:  The name of the quarantine group must not match the name of any domain group to which users might belong. If the quarantine group matches an Active Directory group name, users are quarantined even if the client device passes the endpoint analysis security scan.

After creating the group, configure the Access Gateway to fallback to the Web Interface if the client device fails the endpoint analysis scan.

To configure the Web Interface for quarantined user connections

  1. In the Configuration Utility, in the left pane, click SSL VPN and click Global.
  2. In the right pane, under General tab, click SSL VPN global settings.
  3. In the Global VPN Settings dialog box, under Secure Gateway Setting, next to ICA Proxy, select OFF.
  4. Next to WI Home Page, type the Web address for the Web Interface.
  5. Next to SmartAccess NT Domain, type the name of your Active Directory domain, and click OK.

After configuring the global settings, create a session policy that overrides the global ICA Proxy setting and then bind the session policy to the quarantine group.

To create a session policy

  1. In the Configuration Utility, click SSL VPN, click Policies and click Session.
  2. On the Policies tab, click Add.
  3. In Name, type a name for the policy.
  4. Next to Request Profile, click New.
  5. Under Secure Gateway Setting, next to ICA Proxy, click Override Global, and select On.
  6. In the Create Session Policy dialog box, next to Named Expressions, select General, select ns_true, click Create, and click Close.

After creating the session policy and profile enabling the Web Interface, create a global client security policy.

To create a global client security check policy

  1. In the Configuration Utility, in the left pane, click SSL VPN and click Global.
  2. In the right pane, under General, click SSL VPN global settings.
  3. Under Security Settings, click Advanced.
  4. Under Client Security, click New.
  5. In the Create Expression dialog box, click Add, configure the client security expression, click Create, and click Close.
  6. In the Quarantine Group dialog box,select the group you configured in the group procedure and click OK twice.

Notes

  • Using Client Choices or access scenario fallback requires the endpoint analysis client (an ActiveX control) for all users. If endpoint analysis cannot run, or if users select Skip Scan during the scan, users are denied access.
  • When Client Choices is enabled, if the client device fails the endpoint analysis, users are placed into the quarantine group. Users can continue to log on using either the Secure Access Client or the Web Interface. Citrix does not recommend creating a quarantine group if Client Choices is enabled.
  • You can use different Web addresses for the home page and the Web Interface. When both are configured, the home page takes precedence for Secure Access Client and the Web Interface home page takes precedence for Web Interface users.

[AGEE_8_0_49.2][#28341]

Secure Access Client for Vista

This release includes a beta version of the Secure Access Client for Microsoft Vista.

To install the Secure Access Client for Vista

  1. In a Web browser, type the Web address for the Access Gateway, such as https://gateway.mycompany.com.
  2. When the logon is successful, a message appears that says this is a beta version of the Secure Access Client for Windows Vista. Click the link in the message to install the Secure Access Client.

The installation program runs and when installation is complete, an icon appears in the notification area. After a few seconds, the Secure Access Client attempts a connection to the Access Gateway. A message stating that the connection is established appears.

The following is a list of known issues in this release. Read it carefully before installing the product.

Installation Issues

The Secure Access Client for Vista is installed using a Web browser, such as Internet Explorer. To install the Secure Access Client, users must be logged on to the computer as an administrator or be able to provide administrator credentials.

[AGEE_8_0_49.2] [#28474]

If you are using the Secure Access Client for Vista from Access Gateway Standard Edition, make sure it is not running before installing the Secure Access Client for Vista for the Access Gateway Enterprise Edition. If the Secure Access Client for Standard Edition is running, log off and then exit the Secure Access Client.

The Secure Access Client for Vista works only with Access Gateway 8.0. Build 48.7 or later.

When the Secure Access Client is installed, users could lose network connectivity temporarily. This is caused by the installation of network drivers. When the drivers are installed, network connectivity is restored.

[AGEE_8_0_49.2][#36429]

Other Known Issues

The following features are not currently supported with the Secure Access Client for Vista:

  • Single sign-on with Windows
  • Local LAN access
  • Voice over IP softphone support
  • Name-based application interception
  • Application name does not appear on the Configuration tab
  • MD5-based policies
  • Spoofing internal IP addresses
  • ActiveX plug-in
  • Reverse split tunneling
  • Client cache clean-up

[AGEE_8_0_49.2] [#28411, #28486]

When a user logs on using the Secure Access Client, and if a valid certificate is not installed on the Access Gateway, the user receives the certificate warning dialog twice before the connection is established.

[AGEE_8_0_49.2] [#28869]

When users are logging on using a Web browser using the Secure Access Client there is a long delay before the home page appears.

[AGEE_8_0_49.2][#29296]

The following items are not removed from or closed on the client device even though cleanup is configured:

  • History and Web addresses
  • File transfer
  • Applications
  • Client certificates
  • Autocomplete items

[AGEE_8_0_49.2][#29702]

When users are logged on using either the Web browser or Secure Access Client, connections can disconnect and then reconnect unexpectedly. This occurs in the following situations:

  • When eight to 10 simultaneous active or passive FTP connections are made and all the connections have active downloads. The activity across the network connection stops, the connection fails, and then reconnects after several seconds.
  • When local LAN is enabled, the user tries to connect to a local LAN computer and starts an FTP session.
  • When users log off from the Secure Access Client.
  • When a user downloads a file from the Internet with split tunneling enabled and then disables split tunneling and starts another download from the Internet. When the second download is started, the network connection disconnects and then reconnects after several seconds.

These issues occur intermittently with each of these scenarios.

[AGEE_8_0_49.2][#34926]

When user connections are configured with a forced time-out, the message notifying users that the connection is going to end does not appear automatically.

[AGEE_8_0_49.2] [#35340]

If the default Web browser on a client device is Netscape Navigator or Apple Safari for Windows Vista, and the user tries to start the home page using the menu from the Secure Access Client icon in the notification area, the Firefox Web browser starts instead of the default browser. [#35483]

When an IP address range is configured as part of an intranet application, the Access Gateway intercepts the first address and not the remainder of the IP addresses in the range.

[AGEE_8_0_49.2] [#35679]

When starting the Secure Access Client from the logon page in a Web browser and a pre-authentication policy is configured, if the user clicks Skip Scan, the user receives an error instead of the logon page.

[AGEE_8_0_49.2] [#35684]

When a proxy server is configured in Internet Explorer 7 and when split tunneling is configured for reverse, when the user connects using the Secure Access Client for Vista, the home page fails to appear. Users can start the home page from the Secure Access Client menu from the icon available in the notification area.

[AGEE_8_0_49.2] [#35792]

When reverse split tunneling is enabled and a proxy server is configured in Internet Explorer 7, when users log on to the Access Gateway through a Web browser, the connection to the internal network fails.

[AGEE_8_0_49.2] [#35917]

The local LAN destination IP address cannot be accessed even though local LAN access is enabled both on the Access Gateway and in the Secure Access Client.

[AGEE_8_0_49.2][#36042]

Messages in the notification area go outside the size of the message box.

[AGEE_8_0_49.2][#38628]

A pre-authentication endpoint analysis scan can take up to four minutes to complete.

[AGEE_8_0_49.2][#38668]

Client Documentation

The documentation for the Secure Access Client for Vista can be accessed from the Secure Access Client icon in the notification area.

To open the online help for Secure Access Client

On the desktop, right-click the Secure Access Client icon and click Help.

Miscellaneous

The Access Gateway software is enhanced to include an SNMP object identifier (OID) that differentiates the appliance as either NetScaler or Access Gateway Enterprise Edition. When an SNMP request is executed, it returns the value featureAGEE.

[AGEE_8_0_49.2] [#36506]

New Features from Previously Released Maintenance Builds

Endpoint Analysis

When configuring antivirus endpoint analysis, you can scan for the age of the last installed virus definitions. For example, if the virus definitions are older than five days, you can prevent the user from logging on until the virus definitions are updated. To do so, in the Add Expression dialog box, in Freshness, type the number of days.

The maximum length for an endpoint analysis expression is increased from 1500 bytes to 9600 bytes.

[AGEE_8_0_46.14][#30055]

Importing Certificates from a Windows Computer

Using the Configuration Utility, you can import PKCS#12 certificates to the Access Gateway from a Windows computer. You can import an existing certificate from a Windows computer running Internet Information Services (IIS) or from a computer running the Secure Gateway.

In some cases, the private key cannot be exported, which means you cannot install the certificate on the Access Gateway. If this occurs, use the Certificate Signing Request to create a new certificate.

Before installing the certificate on the Access Gateway, export the certificate using the Microsoft Management Console and the Export Certificate Wizard in Windows. For more information, see the Windows Online Help.

After exporting the certificate, use the Configuration Utility to convert the certificate to PEM format.

To convert the exported certificate to PEM format

  1. In the Configuration Utility, in the left pane, click Access Gateway > SSL > CA Tools.
  2. In the right pane, under Tools, click Import PKCS#12.
  3. In Output File Name, type the name of the new certificate, such as ag1.pem.
  4. In PKCS12 File Name, type the name of the exported certificate, such ag1.pfx.
  5. In Import Password, type the password for the private key.
  6. In Encoding Format, select DES3.
  7. In PEM Passphrase and Verify PEM Passphrase, type a new password for the private key.

When this procedure is complete, a message appears in the lower left status bar that the certificate is converted successfully. When the conversion is complete, you can install the certificate and private key on the Access Gateway.

To install the certificate and private key on the Access Gateway

  1. In the Configuration Utility, in the left pane, click Access Gateway > SSL > Certificates.
  2. In the right pane, click Add.
  3. In Certificate-Key Pair Name, type a new name for the certificate and private key.
  4. In File Location, select Appliance.
  5. In Certificate File Name, type the name of the converted certificate, such as ag1.pem.
  6. In Private Key File Name, type the name of the private key.
  7. In Password, type the password for the private key. This is the password you used when converting the certificate to PEM format.
  8. In Certificate Format, select PEM, click Install, and click Close.
When the certificate is installed on the Access Gateway, it appears in the list in the right pane.

[AGEE_8_0_48.7][#35629]

Miscellaneous

New Zealand Daylight Savings Time is supported.

[AGEE_8_0_48.7][#36263]

Single Sign-On with Windows

By default, Windows users open a connection by starting the Secure Access Client from the desktop. You can specify that the Secure Access Client start automatically when the user logs on to Windows by enabling single sign-on. When single sign-on is configured, users’ Windows logon credentials are passedto the Access Gateway for authentication.

Enable single sign-on only if users’ computers are logging on to your organization’s domain. If single sign-on is enabled and a user connects from acomputer that is not in your domain, the user is prompted to log on.

Single sign-on with Windows is supported only using Secure Access Client. It is not supported using the ActiveX Plug-in. Single sign-on with Windows is supported on Windows XP, Windows 2003 Server, Windows 2000 Server, Windows 2000 Professional, and Windows NT 4.0.

Single sign-on with Windows is disabled by default. To enable single sign-on, use either the Configuration Utility or the command line interface.

To configure single sign-on with Windows using the Configuration Utility

  1. In the Configuration Utility, in the navigation pane, click SSL VPN.
  2. In the right pane, click SSL VPN Policy Manager.
  3. In the SSL VPN Policy Manager, under Related Tasks, do one of the following:

    Click Create New Session Policy
    -or-
    Click Modify Session Policy

  4. Next to Request Profile, click Modify.
  5. Under Client Experience, click Windows Auto Logon and click OK.

To configure single sign-on with Windows using the command line interface

At a command prompt, type:
set vpn parameter [-windowsAutoLogon on|off]

[AGEE_8_0_46.14][#29295]

Supported Products

You can configure policies using the following products:

  • McAfee Version 11 and McAfee Version 8.5
  • Trend Micro OfficeScan Corporate Edition Version 7.3

[AGEE_8_0_46.14][#29828, #30036]

Known Issues in this Release

  1. When users are connected with the Secure Access Client for Vista and try to download large files over FTP, the download fails.

    [AGEE_8_0_49.2][#27447]

  2. Internet Control Message Protocol (ICMP) is not supported if users are logging on using the ActiveX plug-in.

    [AGEE_8_0_49.2][#38867]

  3. Single sign-on to Web applications is not supported for the Secure Access Client for Java.

    [AGEE_8_0_45.4][#26303]

  4. The Secure Access Client is not installed automatically on Windows 2003 Server.

    To install the Secure Access Client on Windows 2003 Server

    1. Click Start > Control Panel > Add or Remove Programs.
    2. Click Add New Programs and click CD or Floppy.
    3. Follow the instruction in the wizard, navigate to the file nsvpnc_setup.exe, and click Next.

    [AGEE_8_0_45.4][#26684]

New Fixes in this Release

  1. When the Access Gateway is configured to direct user requests to the Web Interface and connections are routed through a local load balancing virtual IP address, failover to a backup load balancing virtual server does not work.

    If the appliance is licensed as a NetScaler and the Web Interface is configured to fail over, users receive the error message "HTTP 500 Internal Server error."

    [AGEE_8_0_49.2][#35062]

  2. When a user logs on using the Secure Access Client and the pre-authentication policy fails, on the Secure Access Client menu, Login is not available. Users need to click Exit to end the Secure Access Client session and then log on again.

    [AGEE_8_0_49.2][#35400]

  3. When users establish a voice connection using Cisco IP Communicator through the Access Gateway and intranet IP addresses are configured, only one side hears the voice communication. When users attempt to make calls using either Cisco IP Communicator 2.1 or Avaya Softphone 5.2 with Service Pack 3 using the Secure Access Client, users connected through the Access Gateway cannot hear voice communications.

    [AGEE_8_0_49.2][#36074m #36673]

  4. When a file server authorization policy is created and if the expression qualifiers fs.dir.createtime, fs.dir.accesstime, fs.dir.writetime, or fs.dir.modifytime are used, Access Gateway administrators receive an invalid qualifier error message.

    [AGEE_8_0_49.2][#36429]

  5. When certificate authentication is configured on the Access Gateway and two-factor is turned off, the Access Gateway configuration cannot be saved.

    [AGEE_8_0_49.2][#36646]

  6. When a post-authentication endpoint analysis scan is configured and the client security expression is using the OR qualifier, users receive the post-authentication error page.

    [AGEE_8_0_49.2][#36868]

  7. When users log on to the Access Gateway and single sign-on with the Web Interface is configured, users receive a specified application set. When users log off from the Web Interface and then log on again, they receive an incorrect application set. In the Web Interface, set the Manage Access method to prompt users for their password before displaying the application list.

    [AGEE_8_0_49.2][#37669]

Fixes from Previously Released Maintenance Builds

Endpoint Analysis

  1. If the endpoint analysis fails on a client device, users receive a generic error message. Error messages are improved providing better descriptions of the problem.

    [AGEE_8_0_48.7][#26879]

  2. When an endpoint analysis scan is running, the Web Interface fails to redirect.

    [AGEE_8_0_45.4][#29411]

  3. The configuration parameter for configuring SmartAccess endpoint authentication is changed from set vpn param -wiMode [CSG|NONE] to set vpn param –icaProxy [ON|OFF].

    [AGEE_8_0_41.8][#26695]

  4. Client security string and client security group rules are not enabled for post-authentication endpoint analysis.

    [AGEE_8_0_41.8][#27960]

High Availability

When two Access Gateway appliances are configured as part of a high availability pair and the session action inherits the client security expression, the primary appliance fails.

[AGEE_8_0_46.14][#29705]

Installation Issues

When upgrading the Access Gateway using the Configuration Utility, the Secure Shell (SSH) connection might close during the upgrade, resulting in a failed upgrade. Try installing the upgrade again using the Upgrade Wizard or the command line interface.

[AGEE_8_0_45.4][#27573]

Logon and Authentication

  1. When users log on to the portal page using Internet Explorer 7 and the Access Gateway Web address is not in the Trusted Sites list, the ActiveX Plug-in is not installed.

    [AGEE_8_0_48.7][#34842, #36628]

  2. Connecting to a remote computer using Remote Desktop caused intermittent errors when used as an intranet application with the Java Plug-In. The remote desktop connection automatically disconnected after a period of time.

    [AGEE_8_0_47.8][#25708]

  3. If a client device is connecting from an external network and a proxy configuration script is configured in Internet Explorer, the script is not accessible until the Secure Access Client connection is established. When the client device connects from an external network, it can take one or two minutes for the connection to be established.

    [AGEE_8_0_47.8][#29841]

  4. After upgrading from Access Gateway Enterprise Edition Version 7.0 to Version 8.0, after users type the smart card personal identification number (PIN) and select a certificate, the user logon fails.

    [AGEE_8_0_47.8][#30109, #35262]

  5. When TACACS authentication is configured on the Access Gateway and then the Access Gateway restarts, logon to the appliance fails using the administrator password.

    [AGEE_8_0_46.14][#29143]

  6. If users log on to the Secure Access Client with a password that has an ampersand (&), the logon fails.

    [AGEE_8_0_46.14][#29509]

  7. If an intranet IP address is configured and users are logging on to an application using the UDP protocol, only one user can log on.

    [AGEE_8_0_46.14][#29590]

  8. When RADIUS and group extraction is configured on the Access Gateway and the configuration is then modified, administrators are prompted to change the group vendor ID to "1." When this value is changed, users are authenticated, but group extraction fails. When configuring the Access Gateway for RADIUS authentication, configure the RADIUS server first and then configure the Access Gateway.

    [AGEE_8_0_46.14][#30004]

  9. If JavaScript is disabled in Internet Explorer, the Access Gateway logon page does not appear correctly. Enable scripting in Internet Explorer for the logon page to appear correctly.

    [AGEE_8_0_45.4][#26695]

  10. When upgrading the Access Gateway, the LDAP bind password must be reset.

    [AGEE_8_0_45.4][#27488]

  11. The ActiveX Plug-in cannot be installed on newer versions of Windows. To allow installation of the ActiveX Plug-in, in Internet Explorer, enable automatic prompting for ActiveX controls.

    [AGEE_8_0_45.4][#28377]

Single Sign-On

When single sign-on to the Web Interface is configured and split tunneling is disabled, single sign-on to public Web sites fails.

[AGEE_8_0_47.8][#30049]

Web Interface

  1. When Web Interface failover is configured and users log on to the Access Gateway, redirection fails and users receive the error message "HTTP 500 Internal Server error."

    [AGEE_8_0_48.7][#35062]

  2. When ICAProxy mode and Web Interface mode are enabled, if the user logs on to the Web Interface, connects to other Web pages, and then returns to the fully qualified domain name (FQDN) of the virtual server, the IIS default home page appears.

    [AGEE_8_0_47.8][#30144]

  3. The Web Interface and the Secure Ticket Authority must be configured using the complete fully-qualified domain name (FQDN).

    [AGEE_8_0_45.4][#28268]

Miscellaneous

  1. The local LAN settings of the Secure Access Client are not persistent between Access Gateway sessions.

    [AGEE_8_0_48.7][#35041]

  2. When users connect using the Secure Access Client, DNS requests with host names exceeding six characters are not passed through the VPN tunnel.

    [AGEE_8_0_48.7][#35915]

  3. Applications that use UDP experience latency on the Access Gateway.

    [AGEE_8_0_48.7][#35921]

  4. If the Web proxy server IP address is specified in the Internet Explorer proxy settings and the user logs on using the Secure Access Client, the Access Gateway settings override the Internet Explorer proxy settings. In Internet Explorer, make sure you select the checkbox Use the same proxy server for all protocols.

    [AGEE_8_0_47.8][#34845]

  5. The Access Gateway fails when an external HTTP request is sent to an internal virtual server.

    [AGEE_8_0_47.8][#34991]

  6. If there are an unusually high number of user connections, CPU utilization goes to 100% and the Access Gateway fails.

    [AGEE_8_0_47.8][#35350, #35493]

  7. ICMP ping requests are not returned by the Access Gateway.

    [AGEE_8_0_46.14][#29938]

  8. When an intranet IP address is bound globally on the Access Gateway proxy in a double-hop deployment, users are assigned an IP address from the secure network.

    [AGEE_8_0_45.4][#26110]

  9. Attempts to download large files using the file transfer tool fail.

    [AGEE_8_0_45.4][#27439]

  10. If Norton Personal Firewall is installed on a client device, when users log on using the Secure Access Client, they receive a message from Norton Personal Firewall to allow or block the file nsload.exe. To establish the connection, select allow.

    [AGEE_8_0_45.4][#28709]

  11. A global pointer is not set to NULL after the Secure Ticket Authority (STA) renews the ticket.

    [AGEE_8_0_45.4][#29212]

  12. The debugging logs for Windows XP are stored in the folder %systemroot%\Document and Settings\All Users\Application Data\Citrix\AGEE.

    [AGEE_8_0_45.4][#29415]

  13. The command to view virtual server statistics is stat vpn vserver.

    [AGEE_8_0_41.8][#27936]

  14. If a mapped IP address is not defined, the user receives the error message "500 internal server error."

    [AGEE_8_0_41.8][#28287]

Copyright © 2007 Citrix Systems, Inc. All rights reserved.
Citrix, MetaFrame, and MetaFrame XP are registered trademarks, and Citrix Presentation Server is a trademark of Citrix Systems, Inc. in the United States and other countries.
All other trademarks and registered trademarks are the property of their respective owners.


This document applies to:

Search
Knowledge Center
Advanced Search
XenApp
XenApp Plugins (Clients)
XenServer
XenDesktop
NetScaler Application Delivery
Access Gateway
EdgeSight
Provisioning Server
WANScaler
Password Manager
>> View All Products
Browse and search our Beta library. Planning, installation, maintenance, and readme info merged into one collection.
©1999-2009 Citrix Systems, Inc. All rights reserved.