3.1 Known Bugs and Issues

This section lists the known bugs and issues for the SGD 5.3 release.

3.1.1 12200816 – Java Technology is Enabled For Browser But Is Not Installed On Client Device

Problem: If Java technology is enabled in your browser settings, but Java Plug-in software is not installed on the client device, the SGD workspace does not display. The login process halts at the splash screen.

Cause: SGD uses the browser settings to determine whether to use Java technology.

Solution: Install the Java Plug-in software and create a symbolic link from the browser plug-ins directory to the location of the Java Virtual Machine (JVM) software. Refer to your browser documentation for more information.

3.1.2 12268127 – Backup Primaries List Command Returns an Error

Problem: Using the tarantella array list_backup_primaries command on an SGD server that has been stopped and then detached from an array returns a "Failed to connect" error.

Cause: A known issue.

Solution: Restart the detached SGD server before using the tarantella array list_backup_primaries command.

3.1.3 12275351 – HyperTerminal Application Hangs in a Relocated Windows Desktop Session

Problem: Users running the HyperTerminal application in a Windows desktop session experience problems when they try to resume the desktop session from another client device. The HyperTerminal application is unresponsive and cannot be closed down.

Cause: A known issue with HyperTerminal when resuming Windows desktop sessions from another client device (also called “session grabbing”).

Solution: Close down the HyperTerminal application before you resume the Windows desktop session from another client device.

3.1.4 12290728 – Audio Unavailable for X Applications Hosted on 64-Bit Linux Application Servers

Problem: Audio does not play in X applications that are hosted on 64-bit Linux application servers. The issue is seen for X applications that are hard-coded to use the /dev/dsp or /dev/audio device, and the Audio Redirection Library (--unixaudiopreload) attribute is enabled.

Cause: A known issue. A 64-bit SGD Audio Redirection Library is not included in the SGD Enhancement Module.

Solution: On Oracle Linux 6 platforms, you can use the padsp PulseAudio OSS wrapper script to ensure compatibility with PulseAudio.

3.1.5 12292281 – Application Startup is Slow on Solaris Trusted Extensions

Problem: On Oracle Solaris Trusted Extensions platforms, startup times for Windows applications and X applications may be longer than expected.

Cause: By default, the X Protocol Engine attempts to connect to X display port 10. This port is unavailable when using Solaris Trusted Extensions. After a period of time, the X Protocol Engine connects on another X display port and the application starts successfully.

Solution: Do either of the following:

  • Change the default minimum display port used by the SGD server.

    Configure the following setting in the xpe.properties file in the /opt/tarantella/var/serverconfig/local directory on the SGD server:

    tarantella.config.xpeconfig.defaultmindisplay=11
    

    Restart the SGD server after making this change.

  • Exclude the unavailable port from use by the X Protocol Engine.

    In the Administration Console, go to the Protocol Engines, X tab for each SGD server in the array and type -xport portnum in the Command-Line Arguments field, where portnum is the TCP port number to exclude.

    Alternatively, use the following command:

    $ tarantella config edit --xpe-args "-xport portnum"
    

    For example, to exclude X display port 10 from use by the X Protocol Engine:

    $ tarantella config edit --xpe-args "-xport 6010"
    

    The changes made take effect for new X Protocol Engines only. Existing X Protocol Engines are not affected.

3.1.6 12296955 – Windows Client Device Uses Multiple CALs

Problem: A Windows client device is allocated multiple client access licences (CALs). A CAL is incorrectly allocated each time a Windows application is started.

Cause: A known issue if the HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing key or any of its subkeys are missing from the Windows registry on a client device. This issue affects Microsoft Windows 7 platforms.

Solution: Recreate the missing keys, by starting the Remote Desktop Connection with administrator privileges. See Microsoft Knowledge Base article 187614 for more details.

3.1.7 12298582 – SecurID Authentication Fails for X Applications

Problem: SecurID authentication for X applications fails when using the RSA Authentication Agent for PAM. The issue is seen with X applications that are configured to use telnet as the Connection Method.

Cause: A known issue when using the RSA Authentication Agent for PAM.

Solution: Configure the X application object to use SSH as the Connection Method.

3.1.8 12300549 – Home Directory Name is Unreadable For Some Client Locales

Problem: When using client drive mapping in SGD, the name of the user's home directory may include unreadable characters. By default, a user's home directory is mapped to a drive called "My Home".

The issue has been seen on non-Windows client devices configured with a non-English client locale, such as ja_JP.UTF-8.

Cause: A known issue for some client locales.

Solution: No known solution at present.

3.1.9 12304903 – Print to File Fails for Windows Client Devices

Problem: When users select the Print to File menu option in a Windows application displayed through SGD, the print job remains on hold in the print queue on the client device. The issue has been seen on Windows 7 client devices.

Cause: A known issue with some versions of Windows.

Solution: A workaround is described in Microsoft Knowledge Base article 2022748.

3.1.10 13354844, 14032389, 13257432, 13117470, 16339876 – Display Issues on Ubuntu Client Devices

Problem: The following display issues may be seen on client devices running Ubuntu Linux.

  • The kiosk mode minimize button does not work if you are not using a window manager or if you are using a minimalist window manager, such as evilwm.

  • The button for toggling between kiosk mode and an Integrated Window display does not work.

  • The SGD Client task bar icon is not shown when using the Unity desktop.

  • A seamless windows application that should span multiple monitors is instead displayed with scroll bars on a single monitor.

  • Terminal windows, such as a VT420 application, may not be sized correctly.

Cause: Known issues when using a Ubuntu Linux client device.

Solution: Use one of the following workarounds.

  • To use the kiosk mode window decoration, the window manager must implement the change state protocol from Normal to Iconify. Ensure that you are running a suitable window manager.

  • Use the Ctrl+Alt+Break keyboard shortcut to toggle between kiosk mode and an Integrated Window display.

  • There is no known workaround for the issue where the SGD Client task bar icon is not shown when using the Unity desktop.

  • There is no known workaround for the seamless windows issue on multiple monitors.

  • To ensure that VT420 terminal windows are sized correctly, you may need to install the required fonts. Install font packages as shown in the following example.

    $ sudo apt-get install xfonts-traditional
    $ sudo apt-get install xfonts-100dpi
    $ sudo apt-get install xfonts-75dpi

3.1.11 14147506 – Array Resilience Fails if the Primary Server is Changed

Problem: Array resilience may fail if you change the primary server while the array is in a repaired state. The array is in a repaired state when the failover stage has completed.

After the recovery stage of array resilience, when uncontactable servers rejoin the array, communications to the other array members may not work.

The issue is seen when secure intra-array communication is enabled for the array.

Cause: A known issue with array resilience when secure intra-array communication is used. By default, secure intra-array communication is enabled for an SGD server.

Solution: No known solution. If possible, avoid changing the array structure during the array resilience process.

3.1.12 14221098 – Konsole Application Fails to Start on Oracle Linux

Problem: The KDE Konsole terminal emulator application fails to start when configured as an X application object in SGD.

The issue is seen when the application is hosted on an Oracle Linux 6 platform.

Cause: A known issue when running Konsole on Oracle Linux 6. The issue is caused by the application process forking on start up.

Solution: The workaround is to use the --nofork command option when starting Konsole.

In the Administration Console, go to the Launch tab for the X application object and enter --nofork in the Arguments for Command field.

3.1.13 14237565 – Page Size Issue When Printing on Non-Windows Client Devices

Problem: Print jobs are not delivered to the client printer in the correct page format. For example, a print job for an A4 page size document is delivered to the client printer as a Letter page size document. Depending on the client printer configuration, this may cause the print job to fail.

The issue is seen when using Linux and Mac OS X client devices.

Cause: A known issue when printing to some non-Windows client devices.

Solution: Some client printers can be configured to ignore the page size format.

A workaround is to use PDF printing when printing from SGD.

3.1.14 14287730 – X Error Messages When Shadowing From the Command Line

Problem: Error messages similar to the following may be seen when shadowing an application session from the command line, using the tarantella emulatorsession shadow command.

X Error:  BadImplementation
  Request Major code 152 (RANDR)
  Request Minor code 8 ()
  Error Serial #209
  Current Serial #209 

Shadowing works as expected, despite the error messages.

Cause: A known issue if the X server on the client device does not implement session resizing.

Solution: The errors are benign and can be ignored.

3.1.15 14690706 – Display Issues on a Tablet Device When the RANDR X Extension is Disabled

Problem: The user experience on a tablet device may be poor if the RANDR X extension is disabled for the application. For example, you may notice that a desktop application does not fill the screen if you rotate the display.

Cause: A known issue if the RANDR X extension is disabled for the application. The RANDR extension provides enhanced display support for applications.

Solution: Enable the RANDR extension for the application object. This is described in the Enabling the RANDR Extension for Applications section in the Oracle Secure Global Desktop Administration Guide.

3.1.16 15903850 – Printing From a Tablet Device Fails Sometimes

Problem: Tablet device users may not be able to print from some applications.

Error messages such as the following may be seen:

Nov 27, 2012 11:56:59 AM com.oracle.sgd.webserver.printing.PrintServlet processRequest
SEVERE: Exception occurred in servlet javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid 
certification path to requested target

The issue is seen when the print job and the user session are hosted on different SGD servers in the array. This situation may occur in the following scenarios:

  • When an SGD server in the array is also used as an application server.

  • When application session load balancing is used for the array.

Cause: This is a certificate trust issue. One or more SGD servers in the array are secured using an untrusted SSL certificate, such as a self-signed certificate.

Solution: On each SGD server, import the SSL certificates from the other array members into the CA certificate truststore. This process is described in the The CA Certificate Truststore section in the Oracle Secure Global Desktop Administration Guide.

The SSL certificate for an SGD server is at /opt/tarantella/var/tsp/cert.pem.

The CA certificate truststore for an SGD server is at /opt/tarantella/bin/jre/lib/security/cacerts.

3.1.17 16003643, 17043257 – Currency Symbols Are Not Displayed Correctly on a Tablet Device

Problem: When running SGD applications on an iPad or Android tablet, currency symbols such as pound (£), euro (€), and yen (¥) may not display correctly.

Cause: A known issue with displaying extended characters, such as currency symbols, on a tablet device.

Solution: No known solution. Where possible, use characters that are available on a US English keyboard.

3.1.18 16244748 – SGD Client Does Not Install When Using a Sun Ray Client

Problem: When using a Sun Ray Client to log in to SGD, the SGD Client may not install. The issue has been seen when the Sun Ray server is using the scbus v2 smart card bus protocol.

Cause: A known issue if the Sun Ray server is using the scbus v2 protocol.

Solution: A workaround is to disable smart card services on the Sun Ray server host. For example, on Oracle Solaris platforms use the following command:

# svcadm disable pcscd

3.1.19 16275930 – Unable to Access SGD Servers When Using the SGD Gateway

Problem: When connecting through an SGD Gateway, users are unable to access the SGD servers in the array. When they attempt to log in to an SGD server or use the Administration Console, their browser is redirected to an error page.

The issue is seen when the Gateway is configured as follows:

  • The port used for incoming connections is not the default port, port 443.

  • Connections between the Gateway and the SGD servers in the array are not secure.

These settings are usually configured during installation of the Gateway.

Cause: A known issue with this specific Gateway configuration.

Solution: Use the following workaround.

On the Gateway host, edit the opt/SUNWsgdg/httpd/apache-version/conf/extra/gateway/httpd-gateway.conf file.

Locate the ProxyPassReverse directive. For example:

ProxyPassReverse / http://gw.example.com:80/

Change the port number for the ProxyPassReverse directive, as follows:

ProxyPassReverse / http://gw.example.com:port-num/

where port-num is the port number used by the Gateway for incoming connections.

3.1.20 16310420 – External Keyboard Issue for iPad Tablets

Problem: When using an external keyboard with an iPad tablet, some keys may have no effect in SGD applications.

Examples of keys that may not work include modifier keys such as Alt and Ctrl, and function keys.

Cause: A known issue when using an external keyboard with an iPad tablet.

Solution: Use the on-screen keyboard to enter the missing keystroke.

For example, to enter the key combination Ctrl+C:

  • Display the on-screen keyboard and tap the Ctrl key.

    This key is shown when you tap the main key.

  • Use the external keyboard to enter the C character.

3.1.21 16420093, 17559489 – Log In Process Fails for Mac OS X Users

Problem: Users on Mac OS X platforms are unable to log in to SGD. Downloading of the SGD Client fails and the login process does not complete.

Cause: The issue is seen when Mac OS X users have not enabled Java Plug-in software for their browser. On other client platforms, warning prompts are usually shown in this case.

On some Safari browsers, the issue may still be seen after enabling Java Plug-in software. This is due to the Safe Mode feature of Safari.

Solution: Users must enable Java plug-in software on the client browser before logging in to SGD.

For example, on Safari browsers ensure that the Enable Java content in browser option is checked. This option is disabled by default on Safari browsers.

On some Safari browsers, additional configuration may be required. Enable the Run in Unsafe Mode option in the Manage Website Settings section of the Security tab.

3.1.22 16613748 – Unable to Generate Mobile Configuration Profiles For Some SGD Gateway Deployments

Problem: For some SGD Gateway deployments, Administrators may not be able to generate the .mobileconfig configuration profiles used for secure connections to tablet devices. The mobile_profile_create.sh script used to generate the configuration profiles fails.

The issue is seen when unencrypted connections are used between the SGD Gateway and the SGD servers in the array. In this scenario, the SGD servers are configured to use standard, unencrypted connections.

Cause: When security is disabled on an SGD server, the following directories required for the .mobileconfig configuration profiles are deleted:

  • /opt/tarantella/var/tsp/certs. When generating configuration profiles, SSL certificates must be copied to this directory.

  • /opt/tarantella/var/docroot/certs. The generated configuration profiles are stored in this directory.

Solution: Create the required directories manually on the primary SGD host:

# mkdir -p /opt/tarantella/var/tsp/certs/gateway
# mkdir -p /opt/tarantella/var/tsp/certs/array
# chown -R  ttasys:ttaserv /opt/tarantella/var/tsp/certs
# mkdir /opt/tarantella/var/docroot/certs
# chown root:ttaserv /opt/tarantella/var/docroot/certs

You can then generate the configuration profiles as described in How to Configure the SGD Gateway for Connections From Tablet Devices Using Untrusted Certificates in the Oracle Secure Global Desktop Gateway Administration Guide.

3.1.23 16814553 – Multiple Authentication Prompts When Accessing My Desktop Using a Safari Browser

Problem: Users may see multiple authentication prompts when they try to access the My Desktop application, either from the SGD web server Welcome page or by going to the My Desktop URL.

The issue is seen when the following apply:

  • Web authentication is the authentication mechanism for SGD.

  • A Safari browser is used to access SGD, from a Mac OS X or iOS client device.

Cause: A known issue with the Safari browser.

Solution: No known solution. The user is logged in to SGD after negotiating the authentication prompts.

3.1.24 16854421 – Unexpected Text Characters When Using Android Client

Problem: When using an Android tablet to enter text in an application displayed through SGD, the displayed text may sometimes not match the input character.

For example, the character following a period (.) may always be displayed in upper case.

Cause: This issue is caused by the predictive text features of Android. By default, auto-capitalization and auto-correction are enabled for an Android keyboard.

Solution: Turn off Auto-Capitalization and Auto-Correction for the Android keyboard. See your Android documentation for details of how to do this.

3.1.25 17601578 – Poor User Experience When Displaying Applications on Mac OS X Platforms

Problem: Users on some Mac OS X platforms may experience screen refresh and other performance issues when displaying SGD applications.

Cause: This issue is caused by the App Nap power-saving feature introduced in Mac OS X 10.9.

Solution: Turn off the App Nap feature for the SGD Client, as follows:

  • Locate the SGD Client application in Finder and Command-click the application name.

  • Choose the Get Info option, then select the Prevent App Nap check box.

3.1.26 19875716 – Application Close Issues When Using Safari Browser on iOS 8

Problem: On the tablet workspace, the following user interface features for closing an application may not work correctly when using the Safari browser on iOS 8 client devices:

  • The Close icon on the drop-down toolbar.

  • The Close button on the Application Disconnected dialog. This dialog is shown when you tap the close window decoration on an application window.

Cause: A known issue with some versions of the Safari browser.

Solution: A workaround is to close the browser tab that displays the running application.

3.1.27 19996614 – Audio is Not Played on a Linux Client Device

Problem: Audio output from applications is not played on a Linux client device.

Cause: This issue is due to missing ESD library dependencies on some Linux client platforms.

Solution: The workaround is to install the required libraries and restart the pulseaudio daemon, as follows:

Oracle Linux 6 platforms:

# yum install pulseaudio-esound-compat esound-libs.i686
$ pulseaudio -k

Ubuntu Linux 14.04 platforms:

$ sudo apt-get install pulseaudio-esound-compat libesd0:i386
$ pulseaudio -k

3.1.28 20421590 – Lock File Issues With Oracle Access Manager WebGate

Problem: Single sign-on authentication does not work when using some versions of the Oracle Access Manager WebGate 11gR2.

Cause: The WebGate is unable to create lock files on the SGD host.

This is caused by changes in the file locking implementation, introduced in version 11.1.2.2.0 of the WebGate.

Solution: In the webgate.conf configuration file for the WebGate, set the value of the WebGateLockFileDir directive. This directive specifies the location to create WebGate lock files.

The value must be a directory that is writeable by the ttaserv system user. For example, /opt/tarantella/webserver/apache/apache-version/logs.

3.1.29 20220383 – Proxy Authentication Dialog Issue

Problem: When users connect to SGD through a proxy server, the proxy authentication dialog does not display the authentication method or authentication realm used by the proxy server. This can cause confusion when the proxy server supports multiple authentication methods, and users have different credentials for different authentication methods.

Cause: A known issue when using a proxy server that is configured to use multiple authentication methods.

Solution: No known solution at this time.

3.1.30 20463642 – Credential Caching Issues for HTTP Proxy Authentication on Windows Clients

Problem: When users connect to SGD through an HTTP proxy server from a Windows client device, cached credentials are not used as expected.

The following issues have been seen:

  • For Basic or Digest authentication methods, cached credentials are not used. The user is always prompted to enter credentials, regardless of whether credentials have previously been cached.

  • For NTLM or Negotiate methods, cached domain credentials are not used. If the domain requested by the proxy server does not match the domain used to log in to Windows, the user is prompted for credentials. The SGD Client does not attempt to use alternative domain credentials stored in Windows Credential Manager.

Cause: Known issues when connecting to SGD through an HTTP proxy server from a Windows client device.

Solution: No known solution at this time.

3.1.31 20676754 – Legacy Settings Present in SGD Gateway Setup Program

Problem: In this release, the SGD Gateway setup program incorrectly shows an option on whether to configure secure connections between the Gateway and the SGD servers in the array. The same option is shown when using the gateway config create command.

This is a legacy option that is no longer required. In release 5.2 or later, the Gateway selects the required security level automatically for connections to SGD servers in the array.

Cause: A known issue with the release version of SGD 5.3.

Solution: Accept the default setting for the secure connections option in the Gateway setup program. The issue will be fixed in a future software update.

3.1.32 20693954 – Audio Recording Issue for Linux Clients

Problem: Audio recorded from a Linux client device by the audiorecord command running on an Oracle Solaris application server is not recorded correctly. White noise is heard on playback.

Cause: The default audio format for audiorecord is u-law. When recording from a Linux client device, this audio format is not recorded correctly by the SGD UNIX audio input service.

Solution: Change the audio format used by the audiorecord command. Specify the linear encoding option, as follows:

audiorecord -e linear audio-file

where audio-file is the output file name.

3.1.33 20506611 – Enhancement Module Installation Issue on Oracle Linux UEK R3

Problem: Installation of the SGD Enhancement Module may fail on Oracle Linux versions which use the Unbreakable Enterprise Kernel Release 3 (UEK R3) kernel.

The error message Unable to locate source tree is shown during installation.

Cause: The Enhancement Module installation program is unable to locate the kernel headers for the UEK R3 kernel.

Solution: Use the following command to install the required kernel header packages:

# yum install kernel-uek-devel-$(uname -r)

3.1.34 20678796 – Mac OS X Client Device Uses Multiple CALs

Problem: Connections to a Windows application server from a Mac OS X client device may use more client access licenses (CALs) than expected. The issue is seen when using both the SGD Client and the Microsoft Remote Desktop Client on the same Mac OS X client device.

Cause: A known issue when using SGD with some versions of the Microsoft Remote Desktop Client that are downloaded from the Mac App Store.

Such versions of the Microsoft Remote Desktop Client may not store CALs in the default shared directory location used by the SGD Client: /Users/Shared/Microsoft/Crucial RDC Server Information.

Solution: No known solution at present.

3.1.35 20821979 – tarantella status Command Returns Parser Errors

Problem: When running the tarantella status --byserver command to display detailed status information for each SGD server in an array, the command fails. Error messages such as the following are seen:

parser error : Start tag expected, '<' not found 

Cause: A timeout issue for a web service which is used by the tarantella status command. The default connection timeout for the web service is 10 seconds. In some deployments, this may be too low.

Solution: The workaround is to change the default setting for the connection timeout.

Edit the /opt/tarantella/bin/scripts/status.soap file. Change the following entry:

set env(TTA_SOAP_CONNECT_TIMEOUT) "10"

to read as follows:

set env(TTA_SOAP_CONNECT_TIMEOUT) "20"

Note that there are multiple TTA_SOAP_CONNECT_TIMEOUT entries within this file.

3.1.36 21478016 – Mac OS X SGD Client Issues

Problem: Users may see the following issues when using the SGD Client from this release on Mac OS X client devices:

  • On the Client Connection Settings dialog, using the Tab key to move between fields may not work as expected.

  • The pull-down header in Kiosk mode applications looks different, compared to when using earlier SGD releases.

Cause: Known issues when using the Mac OS X version of the SGD Client included in release 5.3.

Solution: Use one of the following workarounds.

  • The tabbing issue is a known issue for Mac OS X client devices. On the Mac OS X client device, enable the following setting in System Preferences:

    System Preferences, Keyboard, Shortcuts, Full Keyboard Access Radio Button.

  • For this release, the Kiosk mode pull-down header has been integrated with the standard Mac OS X toolbar.

3.1.37 21530993 – ABRT Errors When Closing Oracle Linux 7 Applications

Problem: The ABRT (Automatic Bug Reporting Tool) reports errors when applications hosted on Oracle Linux 7 application servers are closed down from the SGD workspace.

Cause: A known issue with some versions of ABRT on Oracle Linux 7 platforms.

Solution: The workaround is to update to the latest version of ABRT, as follows:

# yum update abrt

3.1.38 22563362 – OSS Audio Driver Module Issue on Oracle Linux Platforms

Problem: An error message such as the following is seen when using the SGD Enhancement Module on Oracle Linux platforms:

Starting OSS audio.
modprobe: FATAL: Module sgdadem not found.

This error message indicates that the Enhancement Module is unable to locate the Open Sound System (OSS) audio driver module.

Cause: This issue occurs when the Linux kernel is updated on the application server host. The installed OSS audio driver module is then incompatible with the new kernel version.

Solution: The workaround is to rebuild and reinstall the audio driver module, using the new kernel source. Enter the following commands:

# cd /opt/tta_tem/audio/sgdadem/src/
# make clean
# make
# make install

Restart the SGD Enhancement Module, as follows:

# /opt/tta_tem/bin/tem restart

3.1.39 22639281 – UNIX Authentication Issue on Oracle Linux Platforms When Using the Kerberos PAM Module

Problem: UNIX system authentication on Oracle Linux 6 platforms may fail. Users see the error message "Invalid Credentials".

The issue is seen when the SGD host is configured to authenticate using the Kerberos Pluggable Authentication Module (PAM) module.

Cause: A known issue when using the Kerberos PAM module on some Oracle Linux 6 platforms.

Solution: Ensure that the 32-bit version of the pam_krb5 PAM package is present. This package can be installed as follows:

# yum install pam_krb5.i686

3.1.40 22915586 – Upgrade Issue for Apache Web Server on Oracle Solaris Platforms

Problem: When upgrading from some patched versions of SGD 5.2 on Oracle Solaris, the Apache web server component of SGD may not be upgraded correctly. The httpd.conf configuration file is not replaced with the upgraded version, as expected.

The issue is seen when the patched version of SGD 5.2 has the same version of Apache as the version you are upgrading to. This scenario will only apply for an SGD 5.2 host that has the following specific patch status:

  • The July 2016 SGD web server update is the latest web server update that has been installed. The issue does not occur if a later web server update is present.

    SGD uses the following name for the July 2016 web server update:

    Apache version: apache-2.2.31_openssl-1.0.2h_jk1.2.41_64

  • The SGD patch set update (PSU) version is Patch_52p4 or earlier. The issue does not occur if the installed PSU version is Patch_52p5 or later.

Use the tarantella patch list command to check the patch status for your SGD 5.2 host.

Cause: A known issue when upgrading from some patched versions of SGD 5.2 on Oracle Solaris.

Solution: Apply all current patches before upgrading from SGD 5.2 on Oracle Solaris.

If this is not possible, the workaround is to manually edit the httpd.conf file after the upgrade.

Add the following entries at the end of the SSLCipherSuite directive:

:!EXPORT:!DES:!RC2:!RC4:!SEED

Restart the SGD web server after making these changes.

3.1.41 23151133 – Password Expiry Message Issue When Using Enhanced Network Security

Problem: SGD does not display an appropriate error message when a user attempts to log in to a Windows application with an expired password. An invalid user credential error message is shown, rather than the expected password expiry message.

The issue is seen when the Windows application object is configured to use Enhanced Network Security, and the Windows application server uses Network Level Authentication (NLA).

Cause: A known issue with password expiry messages when using NLA with Enhanced Network Security.

Solution: The workaround is to configure Kerberos authentication for the SGD array.

This change means that more specific error messages are returned when using NLA.

3.1.42 23232908 – Issue With Context Parameter for Disabling Use of Java Plug-in Software

Problem: The context parameter disallowjavauseragentmatch may not work as expected for some browsers. This parameter enables Administrators to specify which browsers should not use Java Plug-in software to download and install the SGD Client automatically.

Cause: A known issue when using an upper case character in the context parameter string. For example:

<context-param>
     <param-name>disallowjavauseragentmatch</param-name>
     <param-value>.*Firefox.*</param-value>
</context-param>

Solution: The workaround is to use a lower case character. For example:

<context-param>
     <param-name>disallowjavauseragentmatch</param-name>
     <param-value>.*firefox.*</param-value>
</context-param>

3.1.43 23305143 – Diffie-Hellman Parameter Generation is Slow During SGD Install

Problem: During installation of SGD, Diffie-Hellman (DH) parameters are generated for the SGD server. On some hosts with slow processors, this process may take much longer than expected.

Cause: A known issue when generating DH parameters on slower legacy hardware.

Solution: The workaround is to generate the DH parameters using another machine and install them manually on the SGD host. Use the following steps.

  1. Generate a set of DH parameters on an alternative machine. Where possible, use a faster machine.

    The DH parameters you generate cannot be used for more than one SGD host.

    Use the openssl command to generate a set of 2048-bit parameters, as follows:

    $ openssl dhparam -check -outform PEM -out dhparams.pem 2048
    Note

    You can change the length of the parameters generated, by specifying a different numerical value. Note that larger parameters will take longer to generate and will increase the time it takes to establish client connections with the SGD server.

  2. Install the SGD package on the SGD host.

    Do not run the tarantella start command.

  3. Copy the DH parameters file to the following location on the SGD host:

    /opt/tarantella/var/tsp/dhparams.pem

    If required, create a tsp/ subdirectory:

    # mkdir /opt/tarantella/var/tsp
    # chown ttasys:ttaserv /opt/tarantella/var/tsp

    Set the ownership and permissions of the DH parameters file:

    # chmod 600 /opt/tarantella/var/tsp/dhparams.pem
    # chown ttasys:ttaserv /opt/tarantella/var/tsp/dhparams.pem
  4. Complete the SGD installation process.

    Run the following command, to start the SGD server:

    # USE_EXISTING_DHPARAMS=t;export USE_EXISTING_DHPARAMS;tarantella start

    The SGD installation process will skip the generation of DH parameters. Provided you have generated a unique set of DH parameters for the SGD host, any security warning messages can be ignored.

3.1.44 23592020 – Key Mapping Issues on Oracle Linux 7 Platforms

Problem: Key mapping issues may be seen for applications published through an Oracle Linux 7 SGD server. Some displayed characters may not match the key press.

Cause: A known issue with the default settings for ibus (Intelligent Input Bus) on Oracle Linux 7 platforms.

Solution: Run the ibus-setup command and display the Advanced tab.

Ensure that the Use System Keyboard Layout check box is selected. By default, this check box is not selected.

3.1.45 24311356 – Browser Workarounds for Using Untrusted Certificates with the HTML5 Client on Desktop Platforms

Problem: Issues may be seen when you connect using the HTML5 client from a desktop client platform and the SGD server uses an untrusted certificate, such as a self-signed certificate. For example, you may not be able to log in to the SGD server or applications may not start as expected.

These issues do not apply for SGD deployments which use an SGD Gateway.

Cause: These are browser trust issues caused by using untrusted certificates.

Solution: If possible, use a certificate that is signed by a Certificate Authority that is trusted by the browser.

Alternatively, configure the browser to trust the certificate.

The following are examples of workarounds for some supported browsers:

  • Firefox: Add two permanent security exceptions for the SGD server URL. One for port 443 (HTTPS), one for port 5307 (AIP).

  • Internet Explorer and Edge: Import the SGD server certificate into the Trusted Root Certification Authorities store.

  • Safari: Set the trust policy for the SGD server certificate to "Always Trust".

3.1.46 25687260 – Locate Pointer Issue on Linux Client Platforms

Problem: For some applications displayed through SGD, pressing the Ctrl key on the client device has no effect. For example, using the Ctrl + C key combination in a terminal window does not work as expected.

The issue is seen on Linux client platforms.

Cause: This is caused by the Locate Pointer feature of GNOME desktop. This feature indicates the position of the mouse pointer when the Ctrl key is pressed.

The Locate Pointer feature is disabled by default.

Solution: Disable the Locate Pointer setting in the Mouse Preferences dialog for the GNOME desktop.