Hotfix AG2000_v457 Rev B - Access Gateway Standard Edition 4.5.7

Readme Revision History

Important Note(s) about this Release

• To install this hotfix, see the installation instructions below.

• This hotfix updates the Access Gateway Standard Edition and Access Gateway Advanced Edition. This hotfix is applicable to the Model 2000 series appliances that support the Access Gateway Standard Edition, Version 4.5 and Access Gateway Advanced Edition, Version 4.5.

• Before installing this upgrade, save the Access Gateway configuration.

To save the configuration

1. In the Administration Portal, click Maintenance.

2. Next to Save entire system configuration, click Save Config and click Save.

3. Navigate to the location where you want to save the file and click Save.

To install this hotfix

1. Download the hotfix package from the Hotfixes and Service Packs page of the Citrix Web site at http://downloadns.citrix.com.edgesuite.net/3331/ag2000-V457-Bug25851-21_RevB.upgrade.

2. Copy the hotfix package to an empty folder on the hard drive of the computer that is running the Access Gateway Administration Tool.

3. Click Start › Programs › Citrix › Access Gateway Administration Tool 4.5 › Access Gateway Administration Tool 4.5.

4. Click the Access Gateway Cluster tab and expand the window for the Access Gateway.

5. Click the Administration tab.

6. Next to Upload an upgrade or saved configuration, click Browse.

7. Locate the upgrade file that you want to upload and click Open. The file is uploaded.

8. Restart the Access Gateway appliance and the server running Access Gateway Advanced Edition.

Where to Find Documentation

This document describes the issue(s) solved by this hotfix and includes installation instructions. For more information, see the Access Gateway Standard Edition Administrator's Guide that is located in the Access Gateway Administration Portal. To access the Administration Portal and the documentation, in a Web browser, type https://AccessGatewayIPAddress:9001 and then under Documentation, click Download Access Gateway 4.5 documentation. The guide is in an Adobe Portable Document (PDF) format file. To view, search, and print the documentation, you need Adobe Reader 5.0.5 or later with Search. You can download Adobe Reader for free from the Adobe Web site at http://www.adobe.com.

All product documentation is also available from the Citrix Web site at http://support.citrix.com.

New Features in this Hotfix

Password Caching

1. You can enable or disable password caching. When password caching is enabled and if users type an incorrect password, the password is cached for a specified amount of time. Password caching is enabled by default and the expiration period default is 10 minutes.

   To enable password caching and set the expiration period

   1. In the Administration Tool, on the Global Cluster Policies tab, click Enable incorrect password cache.
   2. In Incorrect password cache time-out, type the number of minutes before the cache is cleared and click Submit.

   To disable password caching, click to clear Enable incorrect password cache.

   When users try to log on using a password that is stored in the incorrect password cache, the Access Gateway rejects the logon attempt without sending that password to the external authentication server, such as LDAP or RADIUS.

   [From AG2000_v457][#24884, #25086]

Known Issues in this Hotfix

1. If Symantec AntiVirus Version 10.0.2.2000, Secure Access Client Version 4.5.6, and the WANScaler Client Version 4.2.19 are installed on a client device, when the Secure Access Client is upgraded to Version 4.5.7, the operating system stops unexpectedly and an error message appears on a blue screen. The error is caused by Symantec AntiVirus.

   When upgrading the Access Gateway to Version 4.5.7, have users uninstall the Secure Access Client Version 4.5.6 from the client device. When the Secure Access Client is uninstalled, users can install Version 4.5.7 using a Web browser.

   [From AG2000_v457][#25032]

2. When Norton Antivirus is installed on Windows Vista Home Premium, automatic upgrade of the Secure Access Client fails. To allow automatic upgrading, uninstall Norton Antivirus from the client device.

   [From AG2000_v457][#25363]

Issue(s) Resolved in this Hotfix

1. When client certificate criteria is added for a group, users do not get the settings for the group.

   [From AG2000_v457][#24448]

2. When users connect to a server running Advanced Access Control using the Secure Access Client, the Access Gateway appliance drops UDP and ICMP packets sent by the client device.

   [From AG2000_v457][#24718]

3. If multiple servers are running Advanced Access Control, creating new system-generated personal identification numbers (PIN) for RSA SecurID fail.

   [From AG2000_v457][#24740]

4. If multiple servers running the Secure Ticket Authority are configured on the Access Gateway and the appliance is configured to accept ICA connections only, the Access Gateway appliance fails.

   [From AG2000_v457][#24781, #24814, #24828]

5. When a client certificate is required for authentication and a pre-authentication policy is configured on the Access Gateway appliance or on the server running Advanced Access Control, the pre-authentication policy fails even when the client device meets the requirements.

   [From AG2000_v457][#24796]

6. If a large number of groups is configured on the Access Gateway, the group names are truncated and information for the groups are lost.

   [From AG2000_v457][#24844]

7. When users attempt to connect to file shares on Windows NT 4.0, users receive the error "HTTP 504 Gateway Time-out."

   [From AG2000_v457][#24853]

8. The Secure Access Client does not connect to the same fully qualified domain name (FQDN) from which the Secure Access Client is installed. When users log on several times, the Secure Access Client stays connected to the Access Gateway.

   [From AG2000_v457][#24913]

9. If the Access Gateway is configured to connect to the Web Interface, if the Access Gateway that acts as the license server is unavailable, user logon is slow.

   [From AG2000_v457][#24922]

10. If the Access Gateway is configured to use RSA SecurID for authentication, users can log on more than once with the same pass code until the number displayed on the token changes.

    [From AG2000_v457][#24966]

11. The Access Gateway fails after seven to 10 days and users cannot log on.

    [From AG2000_v457][#25016, #25041]

12. If Version 4.5.5 or later of the Access Gateway software is installed and IP pooling is configured, users cannot connect to the Internet or to internal network resources through the appliance.

    [From AG2000_v457][#25080]

13. When users connect using Secure Access Client, if the network connection is dropped, the Access Gateway might allow only ICMP network traffic when the connection is reestablished. Network traffic that uses TCP or UDP might be dropped.

    [From AG2000_v457][#25099]

14. When users log on with Secure Access Client and then synchronize with Microsoft Outlook, the Windows XP client device stops responding and users must restart the device.

    [From AG2000_v457][#25164]

15. When IP pooling is configured on the Access Gateway, after a certain number of IP addresses are assigned, users cannot connect using the assigned IP address.

    [From AG2000_v457][#25201]

16. This fix addresses a security vulnerability. For more information, see Knowledge Center article CTX116930.

    [From ag2000_V457][#25418]

17. This fix addresses a security vulnerability. For more information, see Knowledge Center article CTX118183.

    [From ag2000_V457][#25851]

Copyright © 2008 Citrix Systems, Inc. All rights reserved.
Citrix, MetaFrame, and MetaFrame XP are registered trademarks, and Presentation Server is a trademark of Citrix Systems, Inc. in the United States and other countries.
All other trademarks and registered trademarks are the property of their respective owners.