3.1 Known Bugs and Issues

This section lists the known bugs and issues for the SGD 5.4 release.

3.1.1 12268127 – Backup Primaries List Command Returns an Error

Problem: Using the tarantella array list_backup_primaries command on an SGD server that has been stopped and then detached from an array returns a "Failed to connect" error.

Cause: A known issue.

Solution: Restart the detached SGD server before using the tarantella array list_backup_primaries command.

3.1.2 12275351 – HyperTerminal Application Hangs in a Relocated Windows Desktop Session

Problem: Users running the HyperTerminal application in a Windows desktop session experience problems when they try to resume the desktop session from another client device. The HyperTerminal application is unresponsive and cannot be closed down.

Cause: A known issue with HyperTerminal when resuming Windows desktop sessions from another client device (also called “session grabbing”).

Solution: Close down the HyperTerminal application before you resume the Windows desktop session from another client device.

3.1.3 12290728 – Audio Unavailable for X Applications Hosted on 64-Bit Linux Application Servers

Problem: Audio does not play in X applications that are hosted on 64-bit Linux application servers. The issue is seen for X applications that are hard-coded to use the /dev/dsp or /dev/audio device, and the Audio Redirection Library (--unixaudiopreload) attribute is enabled.

Cause: A known issue. A 64-bit SGD Audio Redirection Library is not included in the SGD Enhancement Module.

Solution: On Oracle Linux platforms, you can use the padsp PulseAudio OSS wrapper script to ensure compatibility with PulseAudio.

3.1.4 12292281 – Application Startup is Slow on Solaris Trusted Extensions

Problem: On Oracle Solaris Trusted Extensions platforms, startup times for Windows applications and X applications may be longer than expected.

Cause: By default, the X Protocol Engine attempts to connect to X display port 10. This port is unavailable when using Solaris Trusted Extensions. After a period of time, the X Protocol Engine connects on another X display port and the application starts successfully.

Solution: Do either of the following:

  • Change the default minimum display port used by the SGD server.

    Configure the following setting in the xpe.properties file in the /opt/tarantella/var/serverconfig/local directory on the SGD server:

    tarantella.config.xpeconfig.defaultmindisplay=11
    

    Restart the SGD server after making this change.

  • Exclude the unavailable port from use by the X Protocol Engine.

    In the Administration Console, go to the Protocol Engines, X tab for each SGD server in the array and type -xport portnum in the Command-Line Arguments field, where portnum is the TCP port number to exclude.

    Alternatively, use the following command:

    $ tarantella config edit --xpe-args "-xport portnum"
    

    For example, to exclude X display port 10 from use by the X Protocol Engine:

    $ tarantella config edit --xpe-args "-xport 6010"
    

    The changes made take effect for new X Protocol Engines only. Existing X Protocol Engines are not affected.

3.1.5 12296955 – Windows Client Device Uses Multiple CALs

Problem: A Windows client device is allocated multiple client access licences (CALs). A CAL is incorrectly allocated each time a Windows application is started.

Cause: A known issue if the HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing key or any of its subkeys are missing from the Windows registry on a client device. This issue affects Microsoft Windows 7 platforms.

Solution: Recreate the missing keys, by starting the Remote Desktop Connection with administrator privileges. See Microsoft Knowledge Base article 187614 for more details.

3.1.6 12300549 – Home Directory Name is Unreadable For Some Client Locales

Problem: When using client drive mapping in SGD, the name of the user's home directory may include unreadable characters. By default, a user's home directory is mapped to a drive called "My Home".

The issue has been seen on non-Windows client devices configured with a non-English client locale, such as ja_JP.UTF-8.

Cause: A known issue for some client locales.

Solution: No known solution at present.

3.1.7 12304903 – Print to File Fails for Windows Client Devices

Problem: When users select the Print to File menu option in a Windows application displayed through SGD, the print job remains on hold in the print queue on the client device. The issue has been seen on Windows 7 client devices.

Cause: A known issue with some versions of Windows.

Solution: A workaround is described in Microsoft Knowledge Base article 2022748.

3.1.8 13354844, 14032389, 13257432, 13117470, 16339876 – Display Issues on Ubuntu Client Devices

Problem: The following display issues may be seen on client devices running Ubuntu Linux.

  • The kiosk mode minimize button does not work if you are not using a window manager or if you are using a minimalist window manager, such as evilwm.

  • The button for toggling between kiosk mode and an Integrated Window display does not work.

  • The SGD Client task bar icon is not shown when using the Unity desktop.

  • A seamless windows application that should span multiple monitors is instead displayed with scroll bars on a single monitor.

  • Terminal windows, such as a VT420 application, may not be sized correctly.

Cause: Known issues when using a Ubuntu Linux client device.

Solution: Use one of the following workarounds.

  • To use the kiosk mode window decoration, the window manager must implement the change state protocol from Normal to Iconify. Ensure that you are running a suitable window manager.

  • Use the Ctrl+Alt+Break keyboard shortcut to toggle between kiosk mode and an Integrated Window display.

  • There is no known workaround for the issue where the SGD Client task bar icon is not shown when using the Unity desktop.

  • There is no known workaround for the seamless windows issue on multiple monitors.

  • To ensure that VT420 terminal windows are sized correctly, you may need to install the required fonts. Install font packages as shown in the following example.

    $ sudo apt-get install xfonts-traditional
    $ sudo apt-get install xfonts-100dpi
    $ sudo apt-get install xfonts-75dpi

3.1.9 14147506 – Array Resilience Fails if the Primary Server is Changed

Problem: Array resilience may fail if you change the primary server while the array is in a repaired state. The array is in a repaired state when the failover stage has completed.

After the recovery stage of array resilience, when uncontactable servers rejoin the array, communications to the other array members may not work.

The issue is seen when secure intra-array communication is enabled for the array.

Cause: A known issue with array resilience when secure intra-array communication is used. By default, secure intra-array communication is enabled for an SGD server.

Solution: No known solution. If possible, avoid changing the array structure during the array resilience process.

3.1.10 14221098 – Konsole Application Fails to Start on Oracle Linux

Problem: The KDE Konsole terminal emulator application fails to start when configured as an X application object in SGD.

The issue is seen when the application is hosted on an Oracle Linux 6 platform.

Cause: A known issue when running Konsole on Oracle Linux 6. The issue is caused by the application process forking on start up.

Solution: The workaround is to use the --nofork command option when starting Konsole.

In the Administration Console, go to the Launch tab for the X application object and enter --nofork in the Arguments for Command field.

3.1.11 14237565 – Page Size Issue When Printing on Non-Windows Client Devices

Problem: Print jobs are not delivered to the client printer in the correct page format. For example, a print job for an A4 page size document is delivered to the client printer as a Letter page size document. Depending on the client printer configuration, this may cause the print job to fail.

The issue is seen when using Linux and Mac OS X client devices.

Cause: A known issue when printing to some non-Windows client devices.

Solution: Some client printers can be configured to ignore the page size format.

A workaround is to use PDF printing when printing from SGD.

3.1.12 14287730 – X Error Messages When Shadowing From the Command Line

Problem: Error messages similar to the following may be seen when shadowing an application session from the command line, using the tarantella emulatorsession shadow command.

X Error:  BadImplementation
  Request Major code 152 (RANDR)
  Request Minor code 8 ()
  Error Serial #209
  Current Serial #209 

Shadowing works as expected, despite the error messages.

Cause: A known issue if the X server on the client device does not implement session resizing.

Solution: The errors are benign and can be ignored.

3.1.13 14690706 – Display Issues on a Tablet Device When the RANDR X Extension is Disabled

Problem: The user experience on a tablet device may be poor if the RANDR X extension is disabled for the application. For example, you may notice that a desktop application does not fill the screen if you rotate the display.

Cause: A known issue if the RANDR X extension is disabled for the application. The RANDR extension provides enhanced display support for applications.

Solution: Enable the RANDR extension for the application object. This is described in the Enabling the RANDR Extension for Applications section in the Oracle Secure Global Desktop Administration Guide.

3.1.14 15903850 – Printing From a Tablet Device Fails Sometimes

Problem: Tablet device users may not be able to print from some applications.

Error messages such as the following may be seen:

Nov 27, 2012 11:56:59 AM com.oracle.sgd.webserver.printing.PrintServlet processRequest
SEVERE: Exception occurred in servlet javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid 
certification path to requested target

The issue is seen when the print job and the user session are hosted on different SGD servers in the array. This situation may occur in the following scenarios:

  • When an SGD server in the array is also used as an application server.

  • When application session load balancing is used for the array.

Cause: This is a certificate trust issue. One or more SGD servers in the array are secured using an untrusted SSL certificate, such as a self-signed certificate.

Solution: On each SGD server, import the SSL certificates from the other array members into the CA certificate truststore. This process is described in the The CA Certificate Truststore section in the Oracle Secure Global Desktop Administration Guide.

The SSL certificate for an SGD server is at /opt/tarantella/var/tsp/cert.pem.

The CA certificate truststore for an SGD server is at /opt/tarantella/bin/jre/lib/security/cacerts.

3.1.15 16003643, 17043257 – Currency Symbols Are Not Displayed Correctly on a Tablet Device

Problem: When running SGD applications on an iPad or Android tablet, currency symbols such as pound (£), euro (€), and yen (¥) may not display correctly.

Cause: A known issue with displaying extended characters, such as currency symbols, on a tablet device.

Solution: No known solution. Where possible, use characters that are available on a US English keyboard.

3.1.16 16244748 – SGD Client Does Not Install When Using a Sun Ray Client

Problem: When using a Sun Ray Client to log in to SGD, the SGD Client may not install. The issue has been seen when the Sun Ray server is using the scbus v2 smart card bus protocol.

Cause: A known issue if the Sun Ray server is using the scbus v2 protocol.

Solution: A workaround is to disable smart card services on the Sun Ray server host. For example, on Oracle Solaris platforms use the following command:

# svcadm disable pcscd

3.1.17 16275930 – Unable to Access SGD Servers When Using the SGD Gateway

Problem: When connecting through an SGD Gateway, users are unable to access the SGD servers in the array. When they attempt to log in to an SGD server or use the Administration Console, their browser is redirected to an error page.

The issue is seen when the Gateway is configured as follows:

  • The port used for incoming connections is not the default port, port 443.

  • Connections between the Gateway and the SGD servers in the array are not secure.

These settings are usually configured during installation of the Gateway.

Cause: A known issue with this specific Gateway configuration.

Solution: Use the following workaround.

On the Gateway host, edit the opt/SUNWsgdg/httpd/apache-version/conf/extra/gateway/httpd-gateway.conf file.

Locate the ProxyPassReverse directive. For example:

ProxyPassReverse / http://gw.example.com:80/

Change the port number for the ProxyPassReverse directive, as follows:

ProxyPassReverse / http://gw.example.com:port-num/

where port-num is the port number used by the Gateway for incoming connections.

3.1.18 16310420 – External Keyboard Issue for iPad Tablets

Problem: When using an external keyboard with an iPad tablet, some keys may have no effect in SGD applications.

Examples of keys that may not work include modifier keys such as Alt and Ctrl, and function keys.

Cause: A known issue when using an external keyboard with an iPad tablet.

Solution: Use the on-screen keyboard to enter the missing keystroke.

For example, to enter the key combination Ctrl+C:

  • Display the on-screen keyboard and tap the Ctrl key.

    This key is shown when you tap the main key.

  • Use the external keyboard to enter the C character.

3.1.19 16613748 – Unable to Generate Mobile Configuration Profiles For Some SGD Gateway Deployments

Problem: For some SGD Gateway deployments, Administrators may not be able to generate the .mobileconfig configuration profiles used for secure connections to tablet devices. The mobile_profile_create.sh script used to generate the configuration profiles fails.

The issue is seen when unencrypted connections are used between the SGD Gateway and the SGD servers in the array. In this scenario, the SGD servers are configured to use standard, unencrypted connections.

Cause: When security is disabled on an SGD server, the following directories required for the .mobileconfig configuration profiles are deleted:

  • /opt/tarantella/var/tsp/certs. When generating configuration profiles, SSL certificates must be copied to this directory.

  • /opt/tarantella/var/docroot/certs. The generated configuration profiles are stored in this directory.

Solution: Create the required directories manually on the primary SGD host:

# mkdir -p /opt/tarantella/var/tsp/certs/gateway
# mkdir -p /opt/tarantella/var/tsp/certs/array
# chown -R  ttasys:ttaserv /opt/tarantella/var/tsp/certs
# mkdir /opt/tarantella/var/docroot/certs
# chown root:ttaserv /opt/tarantella/var/docroot/certs

You can then generate the configuration profiles as described in Configuring the SGD Gateway for Connections From Tablet Devices Using Untrusted Certificates in the Oracle Secure Global Desktop Gateway Administration Guide.

3.1.20 16814553 – Multiple Authentication Prompts When Accessing My Desktop Using a Safari Browser

Problem: Users may see multiple authentication prompts when they try to access the My Desktop application, either from the SGD web server Welcome page or by going to the My Desktop URL.

The issue is seen when the following apply:

  • Web authentication is the authentication mechanism for SGD.

  • A Safari browser is used to access SGD, from a Mac OS X or iOS client device.

Cause: A known issue with the Safari browser.

Solution: No known solution. The user is logged in to SGD after negotiating the authentication prompts.

3.1.21 16854421 – Unexpected Text Characters When Using Android Client

Problem: When using an Android tablet to enter text in an application displayed through SGD, the displayed text may sometimes not match the input character.

For example, the character following a period (.) may always be displayed in upper case.

Cause: This issue is caused by the predictive text features of Android. By default, auto-capitalization and auto-correction are enabled for an Android keyboard.

Solution: Turn off Auto-Capitalization and Auto-Correction for the Android keyboard. See your Android documentation for details of how to do this.

3.1.22 17601578 – Poor User Experience When Displaying Applications on Mac OS X Platforms

Problem: Users on some Mac OS X platforms may experience screen refresh and other performance issues when displaying SGD applications.

Cause: This issue is caused by the App Nap power-saving feature introduced in Mac OS X 10.9.

Solution: Turn off the App Nap feature for the SGD Client, as follows:

  • Locate the SGD Client application in Finder and Command-click the application name.

  • Choose the Get Info option, then select the Prevent App Nap check box.

3.1.23 19996614 – Audio is Not Played on a Linux Client Device

Problem: Audio output from applications is not played on a Linux client device.

Cause: This issue is due to missing ESD library dependencies on some Linux client platforms.

Solution: The workaround is to install the required libraries and restart the pulseaudio daemon, as follows:

Oracle Linux 6 platforms:

# yum install pulseaudio-esound-compat esound-libs.i686
$ pulseaudio -k

Ubuntu Linux 14.04 platforms:

$ sudo apt-get install pulseaudio-esound-compat libesd0:i386
$ pulseaudio -k

3.1.24 20421590 – Lock File Issues With Oracle Access Manager WebGate

Problem: Single sign-on authentication does not work when using some versions of the Oracle Access Manager WebGate 11gR2.

Cause: The WebGate is unable to create lock files on the SGD host.

This is caused by changes in the file locking implementation, introduced in version 11.1.2.2.0 of the WebGate.

Solution: In the webgate.conf configuration file for the WebGate, set the value of the WebGateLockFileDir directive. This directive specifies the location to create WebGate lock files.

The value must be a directory that is writeable by the ttaserv system user. For example, /opt/tarantella/webserver/apache/apache-version/logs.

3.1.25 20220383 – Proxy Authentication Dialog Box Issue

Problem: When users connect to SGD through a proxy server, the proxy authentication dialog box does not display the authentication method or authentication realm used by the proxy server. This can cause confusion when the proxy server supports multiple authentication methods, and users have different credentials for different authentication methods.

Cause: A known issue when using a proxy server that is configured to use multiple authentication methods.

Solution: No known solution at this time.

3.1.26 20463642 – Credential Caching Issues for HTTP Proxy Authentication on Windows Clients

Problem: When users connect to SGD through an HTTP proxy server from a Windows client device, cached credentials are not used as expected.

The following issues have been seen:

  • For Basic or Digest authentication methods, cached credentials are not used. The user is always prompted to enter credentials, regardless of whether credentials have previously been cached.

  • For NTLM or Negotiate methods, cached domain credentials are not used. If the domain requested by the proxy server does not match the domain used to log in to Windows, the user is prompted for credentials. The SGD Client does not attempt to use alternative domain credentials stored in Windows Credential Manager.

Cause: Known issues when connecting to SGD through an HTTP proxy server from a Windows client device.

Solution: No known solution at this time.

3.1.27 20506611 – Enhancement Module Installation Issue on Oracle Linux UEK R3

Problem: Installation of the SGD Enhancement Module may fail on Oracle Linux versions which use the Unbreakable Enterprise Kernel Release 3 (UEK R3) kernel.

The error message Unable to locate source tree is shown during installation.

Cause: The Enhancement Module installation program is unable to locate the kernel headers for the UEK R3 kernel.

Solution: Use the following command to install the required kernel header packages:

# yum install kernel-uek-devel-$(uname -r)

3.1.28 20676754 – Legacy Settings Present in SGD Gateway Setup Program

Problem: The SGD Gateway setup program incorrectly shows an option on whether to configure secure connections between the Gateway and the SGD servers in the array. The same option is shown when using the gateway config create command.

This is a legacy option that is no longer required. In release 5.2 or later, the Gateway selects the required security level automatically for connections to SGD servers in the array.

Cause: A known issue with this release version of SGD.

Solution: Accept the default setting for the secure connections option in the Gateway setup program. The issue will be fixed in a future software update.

3.1.29 20678796 – Mac OS X Client Device Uses Multiple CALs

Problem: Connections to a Windows application server from a Mac OS X client device may use more client access licenses (CALs) than expected. The issue is seen when using both the SGD Client and the Microsoft Remote Desktop Client on the same Mac OS X client device.

Cause: A known issue when using SGD with some versions of the Microsoft Remote Desktop Client that are downloaded from the Mac App Store.

Such versions of the Microsoft Remote Desktop Client may not store CALs in the default shared directory location used by the SGD Client: /Users/Shared/Microsoft/Crucial RDC Server Information.

Solution: No known solution at present.

3.1.30 20693954 – Audio Recording Issue for Linux Clients

Problem: Audio recorded from a Linux client device by the audiorecord command running on an Oracle Solaris application server is not recorded correctly. White noise is heard on playback.

Cause: The default audio format for audiorecord is u-law. When recording from a Linux client device, this audio format is not recorded correctly by the SGD UNIX audio input service.

Solution: Change the audio format used by the audiorecord command. Specify the linear encoding option, as follows:

audiorecord -e linear audio-file

where audio-file is the output file name.

3.1.31 20821979 – tarantella status Command Returns Parser Errors

Problem: When running the tarantella status --byserver command to display detailed status information for each SGD server in an array, the command fails. Error messages such as the following are seen:

parser error : Start tag expected, '<' not found 

Cause: A timeout issue for a web service which is used by the tarantella status command. The default connection timeout for the web service is 10 seconds. In some deployments, this may be too low.

Solution: The workaround is to change the default setting for the connection timeout.

Edit the /opt/tarantella/bin/scripts/status.soap file. Change the following entry:

set env(TTA_SOAP_CONNECT_TIMEOUT) "10"

to read as follows:

set env(TTA_SOAP_CONNECT_TIMEOUT) "20"

Note that there are multiple TTA_SOAP_CONNECT_TIMEOUT entries within this file.

3.1.32 21478016 – Mac OS X SGD Client Issues

Problem: Users may see the following issues when using the SGD Client from this release on Mac OS X client devices:

  • On the Client Connection Settings dialog box, using the Tab key to move between fields may not work as expected.

  • The pull-down header in Kiosk mode applications looks different, compared to when using earlier SGD releases.

Cause: Known issues when using the Mac OS X version of the SGD Client included in this release.

Solution: Use one of the following workarounds.

  • The tabbing issue is a known issue for Mac OS X client devices. On the Mac OS X client device, enable the following setting in System Preferences:

    System Preferences, Keyboard, Shortcuts, Full Keyboard Access Radio Button.

  • For this release, the Kiosk mode pull-down header has been integrated with the standard Mac OS X toolbar.

3.1.33 21530993 – ABRT Errors When Closing Oracle Linux 7 Applications

Problem: The ABRT (Automatic Bug Reporting Tool) reports errors when applications hosted on Oracle Linux 7 application servers are closed down from the SGD workspace.

Cause: A known issue with some versions of ABRT on Oracle Linux 7 platforms.

Solution: The workaround is to update to the latest version of ABRT, as follows:

# yum update abrt

3.1.34 22563362 – OSS Audio Driver Module Issue on Oracle Linux Platforms

Problem: An error message such as the following is seen when using the SGD Enhancement Module on Oracle Linux platforms:

Starting OSS audio.
modprobe: FATAL: Module sgdadem not found.

This error message indicates that the Enhancement Module is unable to locate the Open Sound System (OSS) audio driver module.

Cause: This issue occurs when the Linux kernel is updated on the application server host. The installed OSS audio driver module is then incompatible with the new kernel version.

Solution: The workaround is to rebuild and reinstall the audio driver module, using the new kernel source. Enter the following commands:

# cd /opt/tta_tem/audio/sgdadem/src/
# make clean
# make
# make install

Restart the SGD Enhancement Module, as follows:

# /opt/tta_tem/bin/tem restart

3.1.35 22639281 – UNIX Authentication Issue on Oracle Linux Platforms When Using the Kerberos PAM Module

Problem: UNIX system authentication on Oracle Linux 6 platforms may fail. Users see the error message "Invalid Credentials".

The issue is seen when the SGD host is configured to authenticate using the Kerberos Pluggable Authentication Module (PAM) module.

Cause: A known issue when using the Kerberos PAM module on some Oracle Linux 6 platforms.

Solution: Ensure that the 32-bit version of the pam_krb5 PAM package is present. This package can be installed as follows:

# yum install pam_krb5.i686

3.1.36 23232908 – Issue With Context Parameter for Disabling Use of Java Plug-in Software

Problem: The context parameter disallowjavauseragentmatch may not work as expected for some browsers. This parameter enables Administrators to specify which browsers should not use Java Plug-in software to download and install the SGD Client automatically.

Cause: A known issue when using an upper case character in the context parameter string. For example:

<context-param>
     <param-name>disallowjavauseragentmatch</param-name>
     <param-value>.*Firefox.*</param-value>
</context-param>

Solution: The workaround is to use a lower case character. For example:

<context-param>
     <param-name>disallowjavauseragentmatch</param-name>
     <param-value>.*firefox.*</param-value>
</context-param>

3.1.37 23305143 – Diffie-Hellman Parameter Generation is Slow During SGD Install

Problem: During installation of SGD, Diffie-Hellman (DH) parameters are generated for the SGD server. On some hosts with slow processors, this process may take much longer than expected.

Cause: A known issue when generating DH parameters on slower legacy hardware.

Solution: The workaround is to generate the DH parameters using another machine and install them manually on the SGD host. Use the following steps.

  1. Generate a set of DH parameters on an alternative machine. Where possible, use a faster machine.

    The DH parameters you generate cannot be used for more than one SGD host.

    Use the openssl command to generate a set of 2048-bit parameters, as follows:

    $ openssl dhparam -check -outform PEM -out dhparams.pem 2048
    Note

    You can change the length of the parameters generated, by specifying a different numerical value. Note that larger parameters will take longer to generate and will increase the time it takes to establish client connections with the SGD server.

  2. Install the SGD package on the SGD host.

    Do not run the tarantella start command.

  3. Copy the DH parameters file to the following location on the SGD host:

    /opt/tarantella/var/tsp/dhparams.pem

    If required, create a tsp/ subdirectory:

    # mkdir /opt/tarantella/var/tsp
    # chown ttasys:ttaserv /opt/tarantella/var/tsp

    Set the ownership and permissions of the DH parameters file:

    # chmod 600 /opt/tarantella/var/tsp/dhparams.pem
    # chown ttasys:ttaserv /opt/tarantella/var/tsp/dhparams.pem
  4. Complete the SGD installation process.

    Run the following command, to start the SGD server:

    # USE_EXISTING_DHPARAMS=t;export USE_EXISTING_DHPARAMS;tarantella start

    The SGD installation process will skip the generation of DH parameters. Provided you have generated a unique set of DH parameters for the SGD host, any security warning messages can be ignored.

3.1.38 23592020 – Key Mapping Issues on Oracle Linux 7 Platforms

Problem: Key mapping issues may be seen for applications published through an Oracle Linux 7 SGD server. Some displayed characters may not match the key press.

Cause: A known issue with the default settings for ibus (Intelligent Input Bus) on Oracle Linux 7 platforms.

Solution: Run the ibus-setup command and display the Advanced tab.

Ensure that the Use System Keyboard Layout check box is selected. By default, this check box is not selected.

3.1.39 24311356 – Browser Workarounds for Using Untrusted Certificates with the HTML5 Client on Desktop Platforms

Problem: Issues may be seen when you connect using the HTML5 client from a desktop client platform and the SGD server uses an untrusted certificate, such as a self-signed certificate. For example, you may not be able to log in to the SGD server or applications may not start as expected.

These issues do not apply for SGD deployments which use an SGD Gateway.

Cause: These are browser trust issues caused by using untrusted certificates.

Solution: If possible, use a certificate that is signed by a Certificate Authority that is trusted by the browser.

Alternatively, configure the browser to trust the certificate.

The following are examples of workarounds for some supported browsers:

  • Firefox: Add two permanent security exceptions for the SGD server URL. One for port 443 (HTTPS), one for port 5307 (AIP).

  • Internet Explorer and Edge: Import the SGD server certificate into the Trusted Root Certification Authorities store.

  • Safari: Set the trust policy for the SGD server certificate to "Always Trust".

3.1.40 25687260 – Locate Pointer Issue on Linux Client Platforms

Problem: For some applications displayed through SGD, pressing the Ctrl key on the client device has no effect. For example, using the Ctrl + C key combination in a terminal window does not work as expected.

The issue is seen on Linux client platforms.

Cause: This is caused by the Locate Pointer feature of GNOME desktop. This feature indicates the position of the mouse pointer when the Ctrl key is pressed.

The Locate Pointer feature is disabled by default.

Solution: Disable the Locate Pointer setting in the Mouse Preferences dialog box for the GNOME desktop.

3.1.41 26273352 – Client Certificate Authentication Issues for Tablet Client Devices

Problem: Issues may be seen when using client certificate authentication with tablet client devices.

Users may be able to log in to the SGD workspace with a client certificate, but applications may not start up as expected.

The issue has been seen when using the required mode of operation for client certificates. This mode of operation means that all client devices must use a client certificate to authenticate to SGD.

Cause: A known issue when using client certificate authentication with tablet devices.

Solution: A workaround is to configure the optional mode of operation for client certificate authentication.

# /opt/SUNWsgdg/bin/gateway config edit --services-clientcerts optional

3.1.42 26495194 – Seamless Window Issues for Adobe Reader

Problem: Issues may be seen when displaying Adobe Reader in seamless windows mode. Users may not be able to minimize, move, or resize the application window.

The issues have been seen with Windows Server 2012, but may apply to other supported Windows application servers.

Cause: A known issue when using the Protected Mode feature of Adobe Reader. This feature was introduced in Adobe Reader 10.

Solution: The workaround is to disable the Protected Mode feature of Adobe Reader. Seamless windows mode then works as expected.

3.1.43 26928040 – Using Custom Certificates with iOS 10 Client Devices

Problem: Users on iOS 10 client devices may not be able to start applications if they connect to an SGD array which uses a custom certificate. A custom certificate is an SSL certificate signed by a custom CA.

The issue has been seen for devices using iOS 10.3 and later.

Cause: This issue is caused by changes to certificate handling introduced in iOS version 10.3.

Solution: For best results, use trusted certificates to secure the SGD array.

The following workaround is available.

  1. On the iOS device, install and trust the CA certificate chain.

    1. Install the CA root certicate and intermediate CA certificate, if required.

    2. Go to Settings > General > About > Certificate Trust Settings and mark the CA root certificate as trusted.

  2. On the SGD server, modify the security configuration.

    1. Stop the SGD server.

      # tarantella stop
    2. Manually edit the SSL certificate file on the SGD server, at /opt/tarantella/var/tsp/cert.pem.

      Append the CA certificate chain to the existing cert.pem file. The order of certificates must be as follows:

      -----BEGIN CERTIFICATE-----
      ...SGD Server SSL certificate...
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      ...Intermediate CA's certificate...
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      ...CA root certificate...
      -----END CERTIFICATE-----
      
    3. Start the SGD server.

      # tarantella start

3.1.44 27356306 – JKS Keystore Warning Messages

Problem: Warning messages about the format of the certificate keystores used by SGD may be displayed when using the command line to access or modify a keystore.

Cause: The warning messages are a feature introduced in JDK 8 update 151. They advise users to migrate keystores from using the proprietary JKS (Java Key Store) format to the PKCS12 format. See the JDK 8u151 Release Notes.

Keystores in legacy versions of the SGD server and SGD Gateway use the JKS format.

Solution: The warning messages are benign and can be ignored.

A workaround is to install the latest version of SGD. PKCS12 format keystores are created automatically during installation and the warning messages are not displayed.

3.1.45 27498836 – x3270 Terminal Emulator Installation on Solaris 11 Platforms

Problem: Administrators may see issues when installing the x3270 terminal emulator application on Solaris 11 platforms. x3270 can be used as an alternative to the TeemTalk application, which was supplied with earlier releases of SGD.

Cause: The Solaris 11 version of x3270 has a required dependency on libXaw5.

Solution: Install the libXaw5 package manually.

# pkg install pkg:/x11/library/toolkit/libxaw5