3.1. Known Bugs and Issues

This section lists the known bugs and issues with SGD version 4.62.

3.1.1. 2205237 - Seamless Windows Display Problems When Restarting a Disconnected Session

Problem: Issues with seamless windows might be encountered when the user restarts a Windows application after closing it down. The problem is seen when the application is hosted on a Window Server 2008 R2 server.

Cause: A known problem with some versions of the SGD Enhancement Module.

Solution: Ensure that the version of the SGD Enhancement Module running on the Windows application server is the same as the SGD server version.

3.1.2. 6456278 - Integrated Mode Does Not Work for the Root User

Problem: On Solaris 10 OS x86 platforms, enabling Integrated mode when you are logged in as the root user does not add applications to the Solaris 10 Launch menu. You might also see the following warning:

gnome-vfs-modules-WARNING **: Error writing vfolder configuration file 
"//.gnome2/vfolders/applications.vfolder-info": File not found.

Cause: A known issue with the Gnome Virtual File System (VFS).

Solution: No solution is currently available.

3.1.3. 6482912 - SGD Client Not Installed Automatically

Problem: Using Internet Explorer 7 on Microsoft Windows Vista platforms, the SGD Client cannot be downloaded and installed automatically. The SGD Client can be installed manually and can be installed automatically using another browser, such as Firefox.

Cause: Internet Explorer has a Protected Mode that prevents the SGD Client from downloading and installing automatically.

Solution: Add the SGD server to the list of Trusted Sites in Internet Explorer's Security Settings.

3.1.4. 6555834 – Java™ Technology is Enabled For Browser But Is Not Installed On Client Device

Problem: If Java technology is enabled in your browser settings, but a Java Plugin tool is not installed on the client device, the SGD webtop does not display. The login process halts at the splash screen.

Cause: SGD uses the browser settings to determine whether to use Java technology.

Solution: Install the Java Plugin tool and create a symbolic link from the browser plug-ins directory to the location of the Java™ Virtual Machine ( JVM™ ) software. Refer to your browser documentation for more information.

3.1.5. 6598048 – French Canadian Keyboard Not Mapped Correctly for Windows Applications

Problem: When using a Canadian French (legacy) keyboard layout with Windows applications, some French characters are printed incorrectly.

Cause: A known issue with Canadian French (legacy) keyboard layouts.

Solution: No known solution. A compatible keymap file is not supplied with SGD at present.

3.1.6. 6665330 – Font Errors When Starting VirtualBox™ Software From a Java Desktop System Session Displayed Using MyDesktop

Problem: On Solaris 10 OS, font errors are reported and there are display problems when starting the VirtualBox software from a Java Desktop System desktop session that is displayed using MyDesktop. The problem is seen when using Xsession.jds as the Application Command for the MyDesktop application object.

Cause: Unavailable fonts on the SGD X server.

Solution: When starting the VirtualBox software from the Java Desktop System desktop session, use the -fn option to specify valid fonts. Alternatively, install the missing fonts on the SGD server. See the Oracle Secure Global Desktop 4.6 Administration Guide for more details about using fonts with SGD.

3.1.7. 6801579 – Kana Mode Unavailable for Solaris OS Applications on Microsoft Windows Client Devices

Problem: On Microsoft Windows client devices with Japanese locales, Kana mode is not available for Solaris OS applications.

Cause: On Microsoft Windows client devices, the SGD Client uses ASCII for Kana mode. Solaris OS applications use Unicode for Kana mode.

Solution: On the Microsoft Windows client device, add a new system variable TARANTELLA_KEYBOARD_KANA_SOLARIS. Set the value of this system variable to 1.

3.1.8. 6809365 – Application Start Failures and Quotation Marks in the User’s DN

Problem: When using LDAP to authenticate users, Windows applications can fail to start if the distinguished name (DN) of the user contains more than one single straight quotation mark (').

Cause: A known issue.

Solution: The workaround is to edit the wcpwts.exp login script. This script is in the /opt/tarantella/var/serverresources/expect directory on the SGD server.

Locate the following entry in the wcpwts.exp script:

regsub {'} $value {'"'"'} value

Edit the entry to read as follows:

regsub -all {'} $value {'"'"'} value

3.1.9. 6831480 – Backup Primaries List Command Returns an Error

Problem: Using the tarantella array list_backup_primaries command on an SGD server that has been stopped and then detached from an array returns a “Failed to connect” error.

Cause: A known issue.

Solution: Restart the detached SGD server before using the tarantella array list_backup_primaries command.

3.1.10. 6863153 – HyperTerminal Application Hangs in a Relocated Windows Desktop Session

Problem: Users running the HyperTerminal application in a Windows desktop session experience problems when they try to resume the desktop session from another client device. The HyperTerminal application is unresponsive and cannot be closed down.

Cause: A known issue with HyperTerminal when resuming Windows desktop sessions from another client device (also called “session grabbing”).

Solution: Close down the HyperTerminal application before you resume the Windows desktop session from another client device.

3.1.11. 6921995 – Load-Balancing JSP Does Not Work When Java Technology is Not Available

Problem: The load-balancing JavaServer Page (JSP) used by SGD for load balancing of user sessions does not work. A Java warning message might be shown.

Cause: To use the load-balancing JSP, Java technology must be enabled on the client device.

Solution: Do one of the following:

  • Enable Java technology in the browser on the client device.

  • Use the SGD Gateway to load balance user sessions. This is the preferred solution, as the load-balancing JSP might not be available in future releases. See the Oracle Secure Global Desktop 4.6 Gateway Administration Guide for details of how to install and configure the SGD Gateway.

3.1.12. 6937146 – Audio Unavailable for X Applications Hosted on 64-Bit Linux Application Servers

Problem: Audio might not play in X applications that are hosted on 64-bit Linux application servers. The issue is seen for X applications that are hard-coded to use the /dev/dsp or /dev/audio device, and the Audio Redirection Library (--unixaudiopreload) attribute is enabled.

Cause: A known issue. A 64-bit SGD Audio Redirection Library is not included in the SGD Enhancement Module.

Solution: No known solution at present.

3.1.13. 6942981 – Application Startup is Slow on Solaris 10 OS Trusted Extensions

Problem: On Solaris 10 OS Trusted Extensions platforms, startup times for Windows applications and X applications might be longer than expected.

Cause: By default, the X Protocol Engine attempts to connect to X display port 10. This port is unavailable when using Solaris 10 OS Trusted Extensions. After a period of time, the X Protocol Engine connects on another X display port and the application starts successfully.

Solution: Do either of the following:

  • Change the default minimum display port used by the SGD server.

    Configure the following setting in the xpe.properties file in the /opt/tarantella/var/serverconfig/local directory on the SGD server:

    tarantella.config.xpeconfig.defaultmindisplay=11

    Restart the SGD server after making this change.

  • Exclude the unavailable port from use by the X Protocol Engine.

    In the Administration Console, go to the Protocol Engines, X tab for each SGD server in the array and type -xport portnum in the Command-Line Arguments field, where portnum is the TCP port number to exclude.

    Alternatively, use the following command:

    $ tarantella config edit --xpe-args "-xport portnum"
    

    For example, to exclude X display port 10 from use by the X Protocol Engine:

    $ tarantella config edit --xpe-args "-xport 6010"

    The changes made take effect for new X Protocol Engines only. Existing X Protocol Engines are not affected.

3.1.14. 6957820 – SGD Client Hangs When Using Smart Card Authentication for Windows Applications

Problem: When using a smart card to log in to a Windows application session from a Ubuntu 10.04 Linux client device, the SGD Client hangs after the user exits the authenticated application session. The user might not be able to start any further applications or log out from SGD.

Cause: A known issue with version 1.5.3 of PCSC-Lite on Ubuntu client platforms.

Solution: Update to the latest version of PCSC-Lite on the client device.

3.1.15. 6961236 – Error Messages in Tomcat Log

Problem: Error messages about ThreadLocal memory leaks are written to the Tomcat JSP container log file at /opt/tarantella/webserver/tomcat/tomcat-version/logs/catalina.out. Operation of SGD is not affected.

Cause: A known issue with the memory leak detection feature of Tomcat.

Solution: No known solution. The issue will be fixed in future releases of Tomcat.

3.1.16. 6962970 – Windows Client Device Uses Multiple CALs

Problem: A Windows client device is allocated multiple client access licences (CALs). A CAL is incorrectly allocated each time a Windows application is started.

Cause: A known issue if the HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing key or any of its subkeys are missing from the Windows registry on a client device. This issue affects Microsoft Windows Vista and Microsoft Windows 7 platforms.

Solution: Recreate the missing keys, by starting the Remote Desktop Connection with administrator privileges. See Microsoft Knowledge Base article 187614 for more details.

3.1.17. 6963320 – Cannot Connect to SGD Using Version 4.5 of the SGD Gateway, or Using an Upgraded Version 4.6 Gateway

Problem: After 90 days, users cannot connect to SGD using a version 4.5 Gateway. After upgrading a Gateway to version 4.6, users cannot connect to SGD.

Cause: Version 4.5 of the SGD Gateway uses self-signed certificates that are valid for only 90 days. This affects the default self-signed SSL certificate used for client connections to the Gateway, as well as the Gateway certificate and the certificate used for the Reflection service.

After upgrading a Gateway to version 4.6, users cannot connect to SGD because the Gateway self-signed certificates have been replaced.

Solution: If you are using a version 4.5 Gateway, upgrade to version 4.6.

If you have upgraded a Gateway to version 4.6, you need to perform the standard configuration steps for authorizing a Gateway to SGD, as described in “How to Install SGD Gateway Certificates on the SGD Array” on page 16 of the Oracle Secure Global Desktop 4.6 Gateway Administration Guide.

In version 4.6, the Gateway certificate and the certificate for the Reflection service are valid for 3600 days. The default self-signed SSL certificate used for client connections to the Gateway is valid for 365 days. If you have installed your own SSL certificate for client SSL connections, this certificate is preserved when you upgrade.

3.1.18. 6969404 – PDF Printing Issue on Solaris 10 OS Platforms

Problem: Portable Document Format (PDF) printing might not work on Solaris 10 10/09 platforms. The PDF file displays PostScript™ error messages.

Cause: A known issue with some versions of Ghostscript. SGD uses Ghostscript to convert print jobs into PDF files.

Solution: Install the latest version of Ghostscript on the SGD server. Ensure that the symbolic link /opt/tarantella/var/info/gsbindir points to the directory where the new Ghostscript binaries are installed.

This fix has been verified using version 8.71 of Ghostscript.

3.1.19. 6970615 – SecurID Authentication Fails for X Applications

Problem: SecurID authentication for X applications fails when using the RSA Authentication Agent for PAM. The issue is seen with X applications that are configured to use telnet as the Connection Method.

Cause: A known issue when using the RSA Authentication Agent for PAM.

Solution: Configure the X application object to use SSH as the Connection Method.

3.1.20. 6974464 – Kiosk Mode Display Issue on Ubuntu Clients

Problem: On Ubuntu client platforms, applications displayed in kiosk mode are obscured by the Ubuntu desktop toolbars. The issue is seen when the Compiz window manager is used and visual effects are enabled for the Ubuntu desktop.

Cause: The Compiz window manager does not provide legacy full screen support by default.

Solution: Do either of the following:

  • Turn off visual effects for the Ubuntu desktop.

  • Install the Compiz Config Settings Manager and enable the Legacy Fullscreen Support option in the Workarounds plugin.

Changes made only take effect for new application sessions.

3.1.21. 6979110 – Localized Documentation Not Available

Problem: Localized HTML documentation is not available. English documentation is displayed instead.

Cause: A known issue.

Solution: PDF versions of the localized documentation are available from the SGD web server Welcome Page.

3.1.22. 7004887 – Print to File Fails for Windows Client Devices

Problem: When users select the Print to File menu option in a Windows application displayed through SGD, the print job remains on hold in the print queue on the client device. The issue is seen on Windows Vista and Windows 7 client devices.

Cause: A known issue with some versions of Windows.

Solution: A workaround for Windows Vista is described in Microsoft Knowledge Base article 2022748.

3.1.23. 7014475 – LDAP Login Filters Are Not Preserved on Upgrade

Problem: LDAP login filters are not preserved when you upgrade to version 4.6 of SGD.

Cause: Because of LDAP enhancements introduced in SGD 4.6, any customizations you have made to the LDAP login filters are not preserved on upgrade. See Section 1.1.3, “Active Directory and LDAP Enhancements” for more details of the enhancements.

Solution: Reconfigure your LDAP login filters after upgrading. See the “Filtering LDAP or Active Directory Logins” section in Chapter 2 of the Oracle Secure Global Desktop 4.6 Administration Guide for details of how to configure LDAP login filters.

3.1.24. 7020250 – Audio Module Install Fails on 64-Bit SUSE Linux Platforms

Problem: When installing the SGD Enhancement Module on 64-bit SUSE Linux platforms, installation of the UNIX audio module fails. The issue is seen when installing on SUSE Linux Enterprise Server 11.

Cause: A known issue on 64-bit SUSE Linux platforms.

Solution: The workaround is to edit the following files in the /opt/tta_tem/audio/src/sgdadem directory:

  • In the Makefile file, change all instances of CFLAGS to EXTRA_CFLAGS.

  • In the sgdadem.h file, replace the following line:

    #include <linux/ioctl32.h>

    Add the following lines:

    #include <linux/version.h>
    #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)
    #include <linux/ioctl32.h>
    #endif

After making the changes to the sgdadem.h file, run the following commands to install and start the audio module.

# cd /opt/tta_tem/audio/src/sgdadem
# make
# make install
# /opt/tta_tem/bin/tem startaudio

3.1.25. 7022104 – Automatic Configuration of Secure Connections Fails on an Upgraded Server

Problem: Using automatic configuration to reconfigure secure connections fails on an SGD server that has been upgraded to version 4.6. The issue is seen on upgraded servers that have previously been configured for secure connections automatically, using the tarantella config enable command.

Errors are reported when you use the tarantella security disable command to restore original security settings.

Cause: A known issue when using tarantella security disable on an upgraded server.

Solution: Run tarantella security disable on the server before you upgrade. Secure connections can then be configured automatically on the upgraded server, by running tarantella security enable.

3.1.26. 12309146 – Administrators Unable to Search Parent OUs in Active Directory

Problem: LDAP searches into parent organizational units (OUs) in Active Directory do not return any results. The issue is seen in the Administration Console when assigning applications to LDAP users using Directory Services Integration (DSI). LDAP searches into child OUs are unaffected.

Cause: A known issue with the LDAP search filter generated by the Administration Console.

Solution: The workaround is to modify the LDAP search filter.

In the Administration Console, go to the Assigned User Profiles tab for the application object.

In the Advanced Search section, append an (objectclass=*) entry to the LDAP search filter. For example:

ldap:///OU=Users,OU=Marketing,DC=example,DC=com,DC=uk??sub?(objectclass=*)

3.1.27. 12309185 – Cached LDAP Passwords Fail After an Upgrade

Problem: Cached passwords for some LDAP users may no longer work following an upgrade from version 4.50.

Cause: A known issue. The naming format for storing LDAP password cache entries has changed since SGD 4.50.

Solution: Contact Oracle Support or see https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1316990.1 for details of how to migrate password cache entries.

3.1.28. 12309385 – Gateway Protocol Translation Fails from HTTPS to HTTP

Problem: Users are unable to start applications, or to access the Administration Console. The issue is seen when the SGD Gateway is configured to use unencrypted HTTP connections between the Gateway and the SGD servers in the array.

Cause: A known issue when connections between the Gateway and the SGD servers in the array are not secure. By default, these connections are secure.

Solution: The workaround is to edit the Apache reverse proxy configuration file at /opt/SUNWsgdg/httpd/apache-version/conf/extra/gateway/httpd-gateway.conf.

Comment out the following entry:

ProxyPassReverse / https://gateway.example.com:443/

Add the following entries:

ProxyPassReverse / http://gateway.example.com/
ProxyPassReverse / http://gateway.example.com:80/

where gateway.example.com is the name of the SGD Gateway.

3.1.29. 12309559 – Java Detection Fails When Using Internet Explorer 9

Problem: The Java Plugin tool is installed on the client device and Java technology is enabled in your browser settings, but SGD reports that Java is not enabled or installed for the browser. The issue is seen when logging in to SGD using Internet Explorer 9 on Windows client platforms.

Cause: A known issue when using this version of Internet Explorer.

Solution: Use one of the following workarounds.

  • Before logging in to SGD, enable compatibility view for Internet Explorer. See Microsoft Knowledge Base article 956197 for details of how to do this.

  • When the Java detection error message is displayed, click the Back button on the browser. To use this workaround, the SGD Client icon must be present in the task bar and should indicate that a connection has been established.

3.1.30. 13117149 – Accented Characters in Active Directory User Names

Problem: Active Directory authentication fails for user names that contain accented characters, such as the German umlaut character (ü).

The following error is shown in the log output when using the server/login/info log filter:

javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31)

Cause: Active Directory authentication uses the Kerberos authentication protocol. This is a known issue when Kerberos authentication is configured to use DES encryption.

Solution: The workaround is to disable the use of DES encryption in the krb5.conf Kerberos configuration file on the SGD server.

Include the following lines in the [libdefaults] section of the krb5.conf file.

  [libdefaults]
    default_tgs_enctypes =  rc4-hmac des3-cbc-sha1 aes128-cts aes256-cts
    default_tkt_enctypes =  rc4-hmac des3-cbc-sha1 aes128-cts aes256-cts

3.1.31. 13242998 – Configuring Ciphers for the SGD Gateway

Problem: Secure connections to the Gateway using SSL do not alway use high grade ciphers.

Cause: By default, the Gateway supports a wide range of cipher suites, including some low and medium grade ciphers.

See Section 2.3.4, “Supported Cipher Suites for SSL Connections” for a list of supported cipher suites for SSL connections.

Solution: Configure the Gateway to use a specific set of ciphers, as follows:

  • Stop the Gateway.

    # /opt/SUNWsgdg/bin/gateway stop
  • In the /opt/SUNWsgdg/etc directory create a file called ciphersuites.xml that contains a list of the required ciphers. For example:

    <ciphersuites>
     <cipher>SSL_RSA_WITH_RC4_128_MD5</cipher>
     <cipher>SSL_RSA_WITH_RC4_128_SHA</cipher>
     <cipher>TLS_RSA_WITH_AES_128_CBC_SHA</cipher>
     <cipher>TLS_RSA_WITH_AES_256_CBC_SHA</cipher>
     <cipher>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</cipher>
     <cipher>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</cipher>
     <cipher>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</cipher>
     <cipher>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</cipher>
     <cipher>SSL_RSA_WITH_3DES_EDE_CBC_SHA</cipher>
     <cipher>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</cipher>
     <cipher>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</cipher>
    </ciphersuites>
  • Add the following entries to the /opt/SUNWsgdg/etc/gateway.xml file, so that it includes ciphersuites.xml.

    <service id="sgd-ssl-service" class="SSL">
                    ...
      <keystore file="/opt/SUNWsgdg/proxy/etc/keystore.client" 
       password="/opt/SUNWsgdg/etc/password"/>
       <xi:include href="ciphersuites.xml" parse="xml"/>
    </service>
                     ...
    <service id="http-ssl-service" class="SSL">
                     ...
      <keystore file="/opt/SUNWsgdg/proxy/etc/keystore.client" 
       password="/opt/SUNWsgdg/etc/password"/>
      <xi:include href="ciphersuites.xml" parse="xml"/>
    </service>
    
  • Restart the Gateway.

    # /opt/SUNWsgdg/bin/gateway start

3.1.32. Sun Type 7 Japanese Keyboard Issues

Problem: Users with Sun Type 7 Japanese keyboards cannot input characters correctly using SGD.

Cause: Missing Solaris OS keytable on the client device.

Solution: Install the appropriate patch to install the keytable on the client device.

Platform

Patch

Solaris 10 OS on SPARC platforms

121868

Solaris 10 OS on x86 platforms

121869

3.1.33. Start Menu Items Not Sorted Alphabetically

Problem: When using the SGD Client in Integrated mode on Microsoft Windows client devices, users might notice that the Start menu entries are not sorted alphabetically.

Cause: This is caused by a Windows feature that adds new items to end of a menu, rather than preserving the alphabetical sorting.

Solution: See Microsoft Knowledge Base article 177482 for details.

3.1.34. Microsoft Windows Server 2003 Applications Limited to 8-Bit Color Depth for Large Screen Resolutions

Problem: For Microsoft Windows Server 2003 applications, the display color depth on the client device is limited to 8-bit for large screen resolutions. The issue is seen when screen resolutions are higher than 1600 x 1200 pixels.

Cause: A known issue with Windows Server 2003 terminal services sessions.

Solution: See Microsoft Hotfix 942610 for details of how to increase the color depth to 16-bit.