Problem: Using the tarantella array list_backup_primaries command on an SGD server that has been stopped and then detached from an array returns a "Failed to connect" error.

Cause: A known issue.

Solution: Restart the detached SGD server before using the tarantella array list_backup_primaries command.

Problem: Users running the HyperTerminal application in a Windows desktop session experience problems when they try to resume the desktop session from another client device. The HyperTerminal application is unresponsive and cannot be closed down.

Cause: A known issue with HyperTerminal when resuming Windows desktop sessions from another client device (also called “session grabbing”).

Solution: Close down the HyperTerminal application before you resume the Windows desktop session from another client device.

Problem: Audio does not play in X applications that are hosted on 64-bit Linux application servers. The issue is seen for X applications that are hard-coded to use the /dev/dsp or /dev/audio device, and the Audio Redirection Library (--unixaudiopreload) attribute is enabled.

Cause: A known issue. A 64-bit SGD Audio Redirection Library is not included in the SGD Enhancement Module.

Solution: On Oracle Linux platforms, you can use the padsp PulseAudio OSS wrapper script to ensure compatibility with PulseAudio.

Problem: On Oracle Solaris Trusted Extensions platforms, startup times for Windows applications and X applications may be longer than expected.

Cause: By default, the X Protocol Engine attempts to connect to X display port 10. This port is unavailable when using Solaris Trusted Extensions. After a period of time, the X Protocol Engine connects on another X display port and the application starts successfully.

Solution: Do either of the following:

Problem: A Windows client device is allocated multiple client access licences (CALs). A CAL is incorrectly allocated each time a Windows application is started.

Cause: A known issue if the HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing key or any of its subkeys are missing from the Windows registry on a client device. This issue affects Microsoft Windows 7 platforms.

Solution: Recreate the missing keys, by starting the Remote Desktop Connection with administrator privileges. See Microsoft Knowledge Base article 187614 for more details.

Problem: When using client drive mapping in SGD, the name of the user's home directory may include unreadable characters. By default, a user's home directory is mapped to a drive called "My Home".

The issue has been seen on non-Windows client devices configured with a non-English client locale, such as ja_JP.UTF-8.

Cause: A known issue for some client locales.

Solution: No known solution at present.

Problem: When users select the Print to File menu option in a Windows application displayed through SGD, the print job remains on hold in the print queue on the client device. The issue has been seen on Windows 7 client devices.

Cause: A known issue with some versions of Windows.

Solution: A workaround is described in Microsoft Knowledge Base article 2022748.

Problem: The following display issues may be seen on client devices running Ubuntu Linux.

Cause: Known issues when using a Ubuntu Linux client device.

Solution: Use one of the following workarounds.

Problem: Array resilience may fail if you change the primary server while the array is in a repaired state. The array is in a repaired state when the failover stage has completed.

After the recovery stage of array resilience, when uncontactable servers rejoin the array, communications to the other array members may not work.

The issue is seen when secure intra-array communication is enabled for the array.

Cause: A known issue with array resilience when secure intra-array communication is used. By default, secure intra-array communication is enabled for an SGD server.

Solution: No known solution. If possible, avoid changing the array structure during the array resilience process.

Problem: The KDE Konsole terminal emulator application fails to start when configured as an X application object in SGD.

The issue is seen when the application is hosted on an Oracle Linux 6 platform.

Cause: A known issue when running Konsole on Oracle Linux 6. The issue is caused by the application process forking on start up.

Solution: The workaround is to use the --nofork command option when starting Konsole.

In the Administration Console, go to the Launch tab for the X application object and enter --nofork in the Arguments for Command field.

Problem: Print jobs are not delivered to the client printer in the correct page format. For example, a print job for an A4 page size document is delivered to the client printer as a Letter page size document. Depending on the client printer configuration, this may cause the print job to fail.

The issue is seen when using Linux and Mac OS X client devices.

Cause: A known issue when printing to some non-Windows client devices.

Solution: Some client printers can be configured to ignore the page size format.

A workaround is to use PDF printing when printing from SGD.

Problem: Error messages similar to the following may be seen when shadowing an application session from the command line, using the tarantella emulatorsession shadow command.

X Error:  BadImplementation
  Request Major code 152 (RANDR)
  Request Minor code 8 ()
  Error Serial #209
  Current Serial #209 

Shadowing works as expected, despite the error messages.

Cause: A known issue if the X server on the client device does not implement session resizing.

Solution: The errors are benign and can be ignored.

Problem: The user experience on a tablet device may be poor if the RANDR X extension is disabled for the application. For example, you may notice that a desktop application does not fill the screen if you rotate the display.

Cause: A known issue if the RANDR X extension is disabled for the application. The RANDR extension provides enhanced display support for applications.

Solution: Enable the RANDR extension for the application object. This is described in the Enabling the RANDR Extension for Applications section in the Oracle Secure Global Desktop Administration Guide.

Problem: Tablet device users may not be able to print from some applications.

Error messages such as the following may be seen:

Nov 27, 2012 11:56:59 AM com.oracle.sgd.webserver.printing.PrintServlet processRequest
SEVERE: Exception occurred in servlet javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid 
certification path to requested target

The issue is seen when the print job and the user session are hosted on different SGD servers in the array. This situation may occur in the following scenarios:

Cause: This is a certificate trust issue. One or more SGD servers in the array are secured using an untrusted SSL certificate, such as a self-signed certificate.

Solution: On each SGD server, import the SSL certificates from the other array members into the CA certificate truststore. This process is described in the The CA Certificate Truststore section in the Oracle Secure Global Desktop Administration Guide.

The SSL certificate for an SGD server is at /opt/tarantella/var/tsp/cert.pem.

The CA certificate truststore for an SGD server is at /opt/tarantella/bin/jre/lib/security/cacerts.

Problem: When running SGD applications on an iPad or Android tablet, currency symbols such as pound (£), euro (€), and yen (¥) may not display correctly.

Cause: A known issue with displaying extended characters, such as currency symbols, on a tablet device.

Solution: No known solution. Where possible, use characters that are available on a US English keyboard.

Problem: When using a Sun Ray Client to log in to SGD, the SGD Client may not install. The issue has been seen when the Sun Ray server is using the scbus v2 smart card bus protocol.

Cause: A known issue if the Sun Ray server is using the scbus v2 protocol.

Solution: A workaround is to disable smart card services on the Sun Ray server host. For example, on Oracle Solaris platforms use the following command:

# svcadm disable pcscd

Problem: When connecting through an SGD Gateway, users are unable to access the SGD servers in the array. When they attempt to log in to an SGD server or use the Administration Console, their browser is redirected to an error page.

The issue is seen when the Gateway is configured as follows:

These settings are usually configured during installation of the Gateway.

Cause: A known issue with this specific Gateway configuration.

Solution: Use the following workaround.

On the Gateway host, edit the opt/SUNWsgdg/httpd/apache-version/conf/extra/gateway/httpd-gateway.conf file.

Locate the ProxyPassReverse directive. For example:

ProxyPassReverse / http://gw.example.com:80/

Change the port number for the ProxyPassReverse directive, as follows:

ProxyPassReverse / http://gw.example.com:port-num/

where port-num is the port number used by the Gateway for incoming connections.

Problem: When using an external keyboard with an iPad tablet, some keys may have no effect in SGD applications.

Examples of keys that may not work include modifier keys such as Alt and Ctrl, and function keys.

Cause: A known issue when using an external keyboard with an iPad tablet.

Solution: Use the on-screen keyboard to enter the missing keystroke.

For example, to enter the key combination Ctrl+C:

Problem: For some SGD Gateway deployments, Administrators may not be able to generate the .mobileconfig configuration profiles used for secure connections to tablet devices. The mobile_profile_create.sh script used to generate the configuration profiles fails.

The issue is seen when unencrypted connections are used between the SGD Gateway and the SGD servers in the array. In this scenario, the SGD servers are configured to use standard, unencrypted connections.

Cause: When security is disabled on an SGD server, the following directories required for the .mobileconfig configuration profiles are deleted:

Solution: Create the required directories manually on the primary SGD host:

# mkdir -p /opt/tarantella/var/tsp/certs/gateway
# mkdir -p /opt/tarantella/var/tsp/certs/array
# chown -R  ttasys:ttaserv /opt/tarantella/var/tsp/certs
# mkdir /opt/tarantella/var/docroot/certs
# chown root:ttaserv /opt/tarantella/var/docroot/certs

You can then generate the configuration profiles as described in Configuring the SGD Gateway for Connections From Tablet Devices Using Untrusted Certificates in the Oracle Secure Global Desktop Gateway Administration Guide.

Problem: Users may see multiple authentication prompts when they try to access the My Desktop application, either from the SGD web server Welcome page or by going to the My Desktop URL.

The issue is seen when the following apply:

Cause: A known issue with the Safari browser.

Solution: No known solution. The user is logged in to SGD after negotiating the authentication prompts.

Problem: When using an Android tablet to enter text in an application displayed through SGD, the displayed text may sometimes not match the input character.

For example, the character following a period (.) may always be displayed in upper case.

Cause: This issue is caused by the predictive text features of Android. By default, auto-capitalization and auto-correction are enabled for an Android keyboard.

Solution: Turn off Auto-Capitalization and Auto-Correction for the Android keyboard. See your Android documentation for details of how to do this.

Problem: Users on some Mac OS X platforms may experience screen refresh and other performance issues when displaying SGD applications.

Cause: This issue is caused by the App Nap power-saving feature introduced in Mac OS X 10.9.

Solution: Turn off the App Nap feature for the SGD Client, as follows:

Problem: Audio output from applications is not played on a Linux client device.

Cause: This issue is due to missing ESD library dependencies on some Linux client platforms.

Solution: The workaround is to install the required libraries and restart the pulseaudio daemon, as follows:

Oracle Linux 6 platforms:

# yum install pulseaudio-esound-compat esound-libs.i686
$ pulseaudio -k

Ubuntu Linux 14.04 platforms:

$ sudo apt-get install pulseaudio-esound-compat libesd0:i386
$ pulseaudio -k

Problem: Single sign-on authentication does not work when using some versions of the Oracle Access Manager WebGate 11gR2.

Cause: The WebGate is unable to create lock files on the SGD host.

This is caused by changes in the file locking implementation, introduced in version 11.1.2.2.0 of the WebGate.

Solution: In the webgate.conf configuration file for the WebGate, set the value of the WebGateLockFileDir directive. This directive specifies the location to create WebGate lock files.

The value must be a directory that is writeable by the ttaserv system user. For example, /opt/tarantella/webserver/apache/apache-version/logs.

Problem: When users connect to SGD through a proxy server, the proxy authentication dialog box does not display the authentication method or authentication realm used by the proxy server. This can cause confusion when the proxy server supports multiple authentication methods, and users have different credentials for different authentication methods.

Cause: A known issue when using a proxy server that is configured to use multiple authentication methods.

Solution: No known solution at this time.

Problem: When users connect to SGD through an HTTP proxy server from a Windows client device, cached credentials are not used as expected.

The following issues have been seen:

Cause: Known issues when connecting to SGD through an HTTP proxy server from a Windows client device.

Solution: No known solution at this time.

Problem: Installation of the SGD Enhancement Module may fail on Oracle Linux versions which use the Unbreakable Enterprise Kernel Release 3 (UEK R3) kernel.

The error message Unable to locate source tree is shown during installation.

Cause: The Enhancement Module installation program is unable to locate the kernel headers for the UEK R3 kernel.

Solution: Use the following command to install the required kernel header packages:

# yum install kernel-uek-devel-$(uname -r)

Problem: The SGD Gateway setup program incorrectly shows an option on whether to configure secure connections between the Gateway and the SGD servers in the array. The same option is shown when using the gateway config create command.

This is a legacy option that is no longer required. In release 5.2 or later, the Gateway selects the required security level automatically for connections to SGD servers in the array.

Cause: A known issue with this release version of SGD.

Solution: Accept the default setting for the secure connections option in the Gateway setup program. The issue will be fixed in a future software update.

Problem: Connections to a Windows application server from a Mac OS X client device may use more client access licenses (CALs) than expected. The issue is seen when using both the SGD Client and the Microsoft Remote Desktop Client on the same Mac OS X client device.

Cause: A known issue when using SGD with some versions of the Microsoft Remote Desktop Client that are downloaded from the Mac App Store.

Such versions of the Microsoft Remote Desktop Client may not store CALs in the default shared directory location used by the SGD Client: /Users/Shared/Microsoft/Crucial RDC Server Information.

Solution: No known solution at present.

Problem: Audio recorded from a Linux client device by the audiorecord command running on an Oracle Solaris application server is not recorded correctly. White noise is heard on playback.

Cause: The default audio format for audiorecord is u-law. When recording from a Linux client device, this audio format is not recorded correctly by the SGD UNIX audio input service.

Solution: Change the audio format used by the audiorecord command. Specify the linear encoding option, as follows:

audiorecord -e linear audio-file

where audio-file is the output file name.

Problem: When running the tarantella status --byserver command to display detailed status information for each SGD server in an array, the command fails. Error messages such as the following are seen:

parser error : Start tag expected, '<' not found 

Cause: A timeout issue for a web service which is used by the tarantella status command. The default connection timeout for the web service is 10 seconds. In some deployments, this may be too low.

Solution: The workaround is to change the default setting for the connection timeout.

Edit the /opt/tarantella/bin/scripts/status.soap file. Change the following entry:

set env(TTA_SOAP_CONNECT_TIMEOUT) "10"

to read as follows:

set env(TTA_SOAP_CONNECT_TIMEOUT) "20"

Note that there are multiple TTA_SOAP_CONNECT_TIMEOUT entries within this file.

Problem: Users may see the following issues when using the SGD Client from this release on Mac OS X client devices:

Cause: Known issues when using the Mac OS X version of the SGD Client included in this release.

Solution: Use one of the following workarounds.

Problem: The ABRT (Automatic Bug Reporting Tool) reports errors when applications hosted on Oracle Linux 7 application servers are closed down from the SGD workspace.

Cause: A known issue with some versions of ABRT on Oracle Linux 7 platforms.

Solution: The workaround is to update to the latest version of ABRT, as follows:

# yum update abrt

Problem: An error message such as the following is seen when using the SGD Enhancement Module on Oracle Linux platforms:

Starting OSS audio.
modprobe: FATAL: Module sgdadem not found.

This error message indicates that the Enhancement Module is unable to locate the Open Sound System (OSS) audio driver module.

Cause: This issue occurs when the Linux kernel is updated on the application server host. The installed OSS audio driver module is then incompatible with the new kernel version.

Solution: The workaround is to rebuild and reinstall the audio driver module, using the new kernel source. Enter the following commands:

# cd /opt/tta_tem/audio/sgdadem/src/
# make clean
# make
# make install

Restart the SGD Enhancement Module, as follows:

# /opt/tta_tem/bin/tem restart

Problem: UNIX system authentication on Oracle Linux 6 platforms may fail. Users see the error message "Invalid Credentials".

The issue is seen when the SGD host is configured to authenticate using the Kerberos Pluggable Authentication Module (PAM) module.

Cause: A known issue when using the Kerberos PAM module on some Oracle Linux 6 platforms.

Solution: Ensure that the 32-bit version of the pam_krb5 PAM package is present. This package can be installed as follows:

# yum install pam_krb5.i686

Problem: The context parameter disallowjavauseragentmatch may not work as expected for some browsers. This parameter enables Administrators to specify which browsers should not use Java Plug-in software to download and install the SGD Client automatically.

Cause: A known issue when using an upper case character in the context parameter string. For example:

<context-param>
     <param-name>disallowjavauseragentmatch</param-name>
     <param-value>.*Firefox.*</param-value>
</context-param>

Solution: The workaround is to use a lower case character. For example:

<context-param>
     <param-name>disallowjavauseragentmatch</param-name>
     <param-value>.*firefox.*</param-value>
</context-param>

Problem: During installation of SGD, Diffie-Hellman (DH) parameters are generated for the SGD server. On some hosts with slow processors, this process may take much longer than expected.

Cause: A known issue when generating DH parameters on slower legacy hardware.

Solution: The workaround is to generate the DH parameters using another machine and install them manually on the SGD host. Use the following steps.

Problem: Key mapping issues may be seen for applications published through an Oracle Linux 7 SGD server. Some displayed characters may not match the key press.

Cause: A known issue with the default settings for ibus (Intelligent Input Bus) on Oracle Linux 7 platforms.

Solution: Run the ibus-setup command and display the Advanced tab.

Ensure that the Use System Keyboard Layout check box is selected. By default, this check box is not selected.

Problem: Issues may be seen when you connect using the HTML5 client from a desktop client platform and the SGD server uses an untrusted certificate, such as a self-signed certificate. For example, you may not be able to log in to the SGD server or applications may not start as expected.

These issues do not apply for SGD deployments which use an SGD Gateway.

Cause: These are browser trust issues caused by using untrusted certificates.

Solution: If possible, use a certificate that is signed by a Certificate Authority that is trusted by the browser.

Alternatively, configure the browser to trust the certificate.

The following are examples of workarounds for some supported browsers:

Problem: For some applications displayed through SGD, pressing the Ctrl key on the client device has no effect. For example, using the Ctrl + C key combination in a terminal window does not work as expected.

The issue is seen on Linux client platforms.

Cause: This is caused by the Locate Pointer feature of GNOME desktop. This feature indicates the position of the mouse pointer when the Ctrl key is pressed.

The Locate Pointer feature is disabled by default.

Solution: Disable the Locate Pointer setting in the Mouse Preferences dialog box for the GNOME desktop.

Problem: Issues may be seen when using client certificate authentication with tablet client devices.

Users may be able to log in to the SGD workspace with a client certificate, but applications may not start up as expected.

The issue has been seen when using the required mode of operation for client certificates. This mode of operation means that all client devices must use a client certificate to authenticate to SGD.

Cause: A known issue when using client certificate authentication with tablet devices.

Solution: A workaround is to configure the optional mode of operation for client certificate authentication.

# /opt/SUNWsgdg/bin/gateway config edit --services-clientcerts optional

Problem: Issues may be seen when displaying Adobe Reader in seamless windows mode. Users may not be able to minimize, move, or resize the application window.

The issues have been seen with Windows Server 2012, but may apply to other supported Windows application servers.

Cause: A known issue when using the Protected Mode feature of Adobe Reader. This feature was introduced in Adobe Reader 10.

Solution: The workaround is to disable the Protected Mode feature of Adobe Reader. Seamless windows mode then works as expected.

Problem: Users on iOS 10 client devices may not be able to start applications if they connect to an SGD array which uses a custom certificate. A custom certificate is an SSL certificate signed by a custom CA.

The issue has been seen for devices using iOS 10.3 and later.

Cause: This issue is caused by changes to certificate handling introduced in iOS version 10.3.

Solution: For best results, use trusted certificates to secure the SGD array.

The following workaround is available.

Problem: Warning messages about the format of the certificate keystores used by SGD may be displayed when using the command line to access or modify a keystore.

Cause: The warning messages are a feature introduced in JDK 8 update 151. They advise users to migrate keystores from using the proprietary JKS (Java Key Store) format to the PKCS12 format. See the JDK 8u151 Release Notes.

Keystores in legacy versions of the SGD server and SGD Gateway use the JKS format.

Solution: The warning messages are benign and can be ignored.

A workaround is to install the latest version of SGD. PKCS12 format keystores are created automatically during installation and the warning messages are not displayed.

Problem: Administrators may see issues when installing the x3270 terminal emulator application on Solaris 11 platforms. x3270 can be used as an alternative to the TeemTalk application, which was supplied with earlier releases of SGD.

Cause: The Solaris 11 version of x3270 has a required dependency on libXaw5.

Solution: Install the libXaw5 package manually.

# pkg install pkg:/x11/library/toolkit/libxaw5