CTX121844
Secure Gateway 3.0
Secure Gateway 3.0
Hotfixes
Software Update
2012-03-10
2012-03-10
Hotfix package name: SGE300W010.MSI For: Secure Gateway 3.0 Replaces: SGE300W001, SGE300W002, SGE300W003, SGE300W004 ...

Hotfix package name: SGE300W010.MSI
For: Secure Gateway 3.0
Replaces: SGE300W001, SGE300W002, SGE300W003, SGE300W004, SGE300W005, SGE300W006, SGE300W007, SGE300W008, SGE300W009
Date: January, 2010
Languages supported: English (US), German, Spanish, French
Readme version: 1.00

Note: You can apply this hotfix only to Secure Gateway 3.0.

Readme Revision History

Version DateChange Description
1.00 January, 2010 Initial release

Important Note(s) about This Release

  • Before installing this hotfix, you must obtain and install the Microsoft Visual C++ 2005 Redistributable Package (x86), availbale from the Microsoft Web site. The package installs runtime components of Visual C++ libraries that are necessary to run Visual C++ applications on computers that do not have Visual C++ 2005 installed. The installation of this hotfix will fail unless the redistributable package is installed.

  • The Support Information entry for this hotfix under Add/Remove Programs contains an invalid link (http://supoprt.citrix.comhttp://support.ctx.org.cn/CTX121844.citrix). The correct link is http://support.ctx.org.cn/CTX121844.citrix.

  • Caution! This hotfix may require you to edit the registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

Finding Documentation

This document describes the issue(s) resolved by this release and includes installation instructions. For additional product information, see Citrix eDocs, the Citrix Product Documentation Library.

New Fixes in This Release

  1. The Web Interface is unable to connect to SSL Relay due to SSL Relay selecting incorrect certificates.

    [From SGE300W010][#190473]

  2. Under certain circumstances, the Citrix XTE Service does not properly disconnect a Terminal Services session. Specifically, the issue occurs when the network connection between the XTE Service and the client is interrupted and servers stop sending ICA KeepAlives to check the network connection status.

    [From SGE300W010][#205371]

  3. Single sign-on from the Web Interface over SSL can fail for users who are members of a large number of Active Directory domain local groups.

    [From SGE300W010][#206220]

  4. This fix addresses a security vulnerability. For more information, see Knowledge Center article CTX121172.

    [From SGE300W010][#206695]

  5. The Citrix XTE Service can exit unexpectedly at random, disconnecting all users.

    [From SGE300W010][#211650]

  6. After upgrading to Version 3.1.1. of the Secure Gateway, the Secure Gateway process can consume extensive memory, eventually using up all available memory.

    [From SGE300W010][#212358]

  7. The Citrix XTE Service can exit unexpectedly at random, disconnecting all users.

    [From SGE300W010][#214855]

  8. This fix addresses a security vulnerability. For more information, see Knowledge Center article CTX123359.

    [From SGE300W010][#223200]

Fixes from Replaced Hotfixes

  1. During periods of increased demand, computers running Secure Gateway 3.0 sometimes experience an exception.

    [From SGE300W001][#117177]

  2. If the fully qualified domain name (FQDN) for the Access Gateway Enterprise server is configured using all uppercase letters, users are redirected directly to the Access Gateway Enterprise server rather than being proxied by the Secure Gateway. This occurs because the Apache code used in Secure Gateway 3.0 does case-sensitive comparisons for URLs.

    [From SGE300W001][#117311]

  3. In deployments where the Secure Gateway and the Web Interface are installed on the same server, Web Interface traffic cannot be secured through the Secure Gateway. This occurs because the Secure Gateway Configuration wizard hard-codes the computer name to "localhost" in the configuration file if the FQDN matches the local computer name. As a result, the indirect access option on the Web Interface server details page of the Secure Gateway Configuration wizard, though available, does not work in such deployments.

    [From SGE300W001][#118900]

  4. When using a wildcard certificate with Secure Gateway 3.0 and the Advanced Access Control Option, the redirection URL to the Web Interface or Secure Gateway Servers might be set incorrectly. To enable this fix, you must set the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Citrix Secure Gateway\3.0
    Name: RedirectServerNameForWildcardCert
    Type: String
    Data: <FQDN of the SG server>

    [From SGE300W002][#128442]

  5. Connections made through Secure Gateway are broken if a reconnect ticket cannot be refreshed. This fix resolves the issue for environments where Secure Gateway is configured to secure Presentation Server farms only. It does not apply to Advanced Access Control environments, which may include Presentation Server farms.

    [From SGE300W002][#129533]

  6. With Session Reliability enabled, users of Version 9.3 of the ICA Java Client or Version 9.200 of the Presentation Server Client might not be able to connect to published applications through Version 3.0 of Secure Gateway.

    [From SGE300W002][#133443]

  7. With Session Reliability disabled, Secure Gateway 3.0 shows degraded information in event logs compared with Version 2.0.

    [From SGE300W003][#137490]

  8. When using a wildcard certificate with Secure Gateway 3.0 and the Advanced Access Control Option, the redirection URL to the Web Interface or Secure Gateway Servers might be set incorrectly. To enable this fix, you must set the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Citrix Secure Gateway\3.0
    Name: RedirectServerNameForWildcardCert
    Type: String
    Data: <FQDN of the SG server>

    [From SGE300W003][#143301]

  9. If a user account is a member of more than 70 groups, the Web Interface returns the error "Page cannot be displayed." The Secure Gateway does not have large Kerberos ticket support when users log on to the Web Interface through the Secure Gateway using passthrough authentication.

    [From SGE300W004][#141655]

  10. This fix allows you to show the server, resource, and time idle columns in the session information table. To configure these columns, edit the registry with the following values and then restart the Secure Gateway Management Console. When the specified registry values are set, the server, resource, and/or time idle columns are shown under session information.

    Use the following procedures to set the registry key for these values:

    To show the server and resource columns in the session information
    HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Citrix Secure Gateway\3.0
    Name: ShowServerAndAppForSession
    Type: DWORD
    Data: 1

    To show the time idle column in the session information
    HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Citrix Secure Gateway\3.0
    Name: ShowTimeIdleForSession
    Type: DWORD
    Data: 1

    [From SGE300W004][#144863]

  11. This fix adds the resource name to the connection start and stop event log messages.

    [From SGE300W004][#147054]

  12. The link between the Secure Gateway and Citrix Presentation Server cannot be secured through secure sockets layer (SSL) Relay if the Secure Gateway is configured to secure only Citrix Presentation Server. This fix adds support to the Secure Gateway to retrieve SSL Relay information from the Secure Ticket Authority (STA) ticket validation response and secures the link between the Secure Gateway and Citrix Presentation Server through SSL Relay. To fully implement this fix, Web Interface Version 4.5 must also be installed.

    [From SGE300W005][#149586]

  13. Ticket verification requests sent by the Secure Gateway to the Secure Ticket Authority might contain a blank space at the end. The blank space is incompatible with the traffic monitoring mechanisms used by certain third-party software.

    [From SGE300W007][#161150]

  14. After installing Hotfix SGE300W007, users can no longer launch ICA connections when session reliability is turned on.

    [From SGE300W008][#164564]

  15. Secure Gateway diagnostics might report the following error when requesting information from STA over SSL Relay: "An unclassified SSL/TLS error occurred. (error code: 0x80100308 - The token supplied to the function is invalid)."

    [From SGE300W009][#174283]

Installation Instructions

Note: This hotfix is packaged with Microsoft Windows Installer. You can deploy the hotfix package to a group of servers using Microsoft Active Directory Group Policy Object. For more information, see the Secure Gateway Administrator's Guide.

  1. Download the hotfix package from the Hotfixes and Service Packs page of the Citrix Web site at http://www.citrix.com.
  2. Copy the hotfix package to an empty directory on the hard drive of the computer running the Secure Gateway.
  3. Close all applications.
  4. Run the executable.
  5. Restart the server.

Note: To install this hotfix silently, use the /q option after the executable. For example:

msiexec /I SGE300W010.MSI /q

Using the /q option without additional options automatically restarts the server. For additional information about msiexec, see the Microsoft Web site at http://www.microsoft.com. Search on keyword msiexec.

Uninstallation Instructions

  1. From the Start menu, select Settings > Control Panel.
  2. In Control Panel, double-click Add/Remove Programs.
  3. Highlight the hotfix you want to uninstall and click Remove.
  4. Follow the directions on-screen.

Files Updated (All Dates/Times UTC)

File Name

Date

Time

Size

SGE300W010.MSI
11/18/2009
03:52
1,518,592
SGE300W010.zip
11/18/2009
03:54
1,302,777
CgpCore.dll
11/17/2009
20:36
116,040
CSGmc.dll
08/10/2009
14:59
566,616
CSGMcUI.dll
08/10/2009
14:57
86,016
CtxSecGwyCfg.exe
08/10/2009
14:59
542,040
CtxSGMsg.dll
08/10/2009
14:57
3,584
libapriconv.dll
11/17/2009
20:29
23,040
libhttpd.dll
11/17/2009
20:31
270,336
mod_async_engine.so
11/17/2009
20:35
21,504
mod_auth_as.so
08/10/2009
14:59
31,064
mod_auth_sta.so
08/10/2009
14:59
42,840
mod_cgp.so
11/17/2009
20:31
98,304
mod_multiplexer.so
11/17/2009
20:32
15,872
mod_proxy.so
11/17/2009
20:31
27,136
mod_proxy_http.so
11/17/2009
20:32
16,384
mod_session.so
08/10/2009
14:59
23,384
mod_socks.so
11/17/2009
20:35
61,440
sslsdkui.dll
11/17/2009
20:22
17,248
sslsdk_b.dll
11/17/2009
20:22
652,640
support.dll
08/10/2009
14:59
87,384
xte.dbm.dir
08/10/2009
14:57
4,096
xte.dbm.pag
08/10/2009
14:57
118,784
 
File Name

MD5 Checksum

SGE300W010.MSI
BC090D4DC9E449989B13F96AB6766ED1
SGE300W010.zip
9E92C44F57D6B7F4759DDFEFAD424F68
CgpCore.dll
0736F822EF2EADCEC60F3316B5EC25EF
CSGmc.dll
6536E91555C64CF67F36F91938AB9896
CSGMcUI.dll
911FB76C4381F1CE68C05BC4BBEDA022
CtxSecGwyCfg.exe
B1DCCB74C541AD3A3264BF0EEDA13F38
CtxSGMsg.dll
6F18168DD0AD748EAA3CCDE86A21C06C
libapriconv.dll
CC187FBB18983178E9041BD4B9EC54AC
libhttpd.dll
ABF28D4CD61A6324C68836A78071DDA9
mod_async_engine.so
0E39E37F45AD1584CBCA0108863B2D2E
mod_auth_as.so
B8FB1A2ACF6DAA033B73018D31D173CF
mod_auth_sta.so
3304559FAF75502A8A82A5E433E62B57
mod_cgp.so
B1C75B6326E72CE66994B23762125DE2
mod_multiplexer.so
D15BF6DCA1F406E47DFD81F620EE0788
mod_proxy.so
AABBC0C8A583EC1963CFD8BB0C699E87
mod_proxy_http.so
F0819E61186801338C859D90D8F2B7BE
mod_session.so
E75B4B4923418B37528FF5EEC41B6687
mod_socks.so
485169BEB3A2904B31ADFEA1862698A9
sslsdkui.dll
DD731EAB8C4FD1741EC13B21876099AD
sslsdk_b.dll
73986693D8955804E30D8677F3091F8E
support.dll
82F6E488F3146B3A3DA926D75C847233
xte.dbm.dir
4FC414889999A46E7EF5605196F9D81F
xte.dbm.pag
2AE9B18EDE09FDF3AE9BC39F2E562F27

Copyright © 2010 Citrix Systems, Inc. All rights reserved.
Citrix, MetaFrame, and MetaFrame XP are registered trademarks, and Citrix Presentation Server is a trademark of Citrix Systems, Inc. in the United States and other countries.
All other trademarks and registered trademarks are the property of their respective owners.


Applicable Products

特别说明


本文来源为Citrix.com所有,翻译后版权归翻译者所有.如需转载请注明出处.

文档版本


.

广告招租


最新留言


.

广告招租


.