Hotfix readme name: SGE300W008.HTM
Hotfix package name: SGE300W008.MSI
For: Secure Gateway 3.0
Replaces: SGE300W001, SGE300W002, SGE300W003, SGE300W004, SGE300W005, SGE300W006, SGE300W007
Date: August, 2007
Languages supported: English (US), German, Spanish, French
Readme version: 1.0
Note: You can apply this hotfix only to Secure Gateway 3.0.
Where to Find Documentation
This document describes the issues solved by this hotfix and includes installation instructions. You can find more information about Secure Gateway in the Secure Gateway Administrator's Guide. All product documentation is also available from the Citrix Web site at http://www.citrix.com/support. Click the link for Product Documentation.
The Administrator's Guides are in an Adobe Portable Document (PDF) format file. To view, search, and print the documentation, you need Acrobat Reader 4 or above. You can download Acrobat Reader for free from the Adobe Web site at http://www.adobe.com/.
Issue(s) Resolved in this Hotfix
1. During periods of increased demand, computers running Secure Gateway 3.0 sometimes experience an exception.
[From SGE300W001][#117177]
2. If the fully qualified domain name (FQDN) for the Access Gateway Enterprise server is configured using all uppercase letters, users are redirected directly to the Access Gateway Enterprise server rather than being proxied by the Secure Gateway. This occurs because the Apache code used in Secure Gateway 3.0 does case-sensitive comparisons for URLs.
[From SGE300W001][#117311]
3. In deployments where the Secure Gateway and the Web Interface are installed on the same server, Web Interface traffic cannot be secured through the Secure Gateway. This occurs because the Secure Gateway Configuration wizard hard-codes the computer name to "localhost" in the configuration file if the FQDN matches the local computer name. As a result, the indirect access option on the Web Interface server details page of the Secure Gateway Configuration wizard, though available, does not work in such deployments.
[From SGE300W001][#118900]
4. Connections made through Secure Gateway are broken if a reconnect ticket cannot be refreshed. This fix resolves the issue for environments where Secure Gateway is configured to secure Presentation Server farms only. It does not apply to Advanced Access Control environments, which may include Presentation Server farms.
[From SGE300W002][#129533]
5. With Session Reliability enabled, users of Version 9.3 of the ICA Java Client or Version 9.200 of the Presentation Server Client might not be able to connect to published applications through Version 3.0 of Secure Gateway.
[From SGE300W002][#133443]
6. With Session Reliability enabled, event IDs 184 and 185 do not show in logs.
[From SGE300W003][#137034]
7. With Session Reliability disabled, Secure Gateway 3.0 shows degraded information in event logs compared with Version 2.0.
[From SGE300W003][#137490]
8. When using a wildcard certificate with Secure Gateway 3.0 and the Advanced Access Control Option, the redirection URL to the Web Interface or Secure Gateway Servers might be set incorrectly. To enable this fix, you must set the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Citrix Secure Gateway\3.0
Name: RedirectServerNameForWildcardCert
Type: String
Data: <FQDN of the SG server>
[From SGE300W003][#128442, #143301]
9. If a user account is a member of more than 70 groups, the Web Interface returns the error "Page cannot be displayed." The Secure Gateway does not have large Kerberos ticket support when users log on to the Web Interface through the Secure Gateway using passthrough authentication.
[From SGE300W004][#141655]
10. This fix allows you to show the server, resource, and time idle columns in the session information table. To configure these columns, edit the registry with the following values and then restart the Secure Gateway Management Console. When the specified registry values are set, the server, resource, and/or time idle columns are shown under session information.
Use the following procedures to set the registry key for these values:
To show the server and resource columns in the session information
HKEY_LOCAL_MACHINE\Software\Citrix\Citrix Secure Gateway\3.0\
Name: ShowServerAndAppForSession Type: DWORD
Data: 1
To show the time idle column in the session information
HKEY_LOCAL_MACHINE\Software\Citrix\Citrix Secure Gateway\3.0\
Name: ShowTimeIdleForSession Type: DWORD
Data: 1
[From SGE300W004][#144863]
11. This fix adds the resource name to the connection start and stop event log messages.
[From SGE300W004][#147054]
12. The link between the Secure Gateway and Citrix Presentation Server cannot be secured through secure sockets layer (SSL) Relay if the Secure Gateway is configured to secure only Citrix Presentation Server. This fix adds support to the Secure Gateway to retrieve SSL Relay information from the Secure Ticket Authority (STA) ticket validation response and secures the link between the Secure Gateway and Citrix Presentation Server through SSL Relay. To fully implement this fix, Web Interface Version 4.5 must also be installed.
[From SGE300W005][#149586]
13. Installing and uninstalling Secure Gateway hotfixes fails if the base product was installed on a drive other than C:.
[From SGE300W006][#158387]
14. Ticket verification requests sent by the Secure Gateway to the Secure Ticket Authority might contain a blank space at the end. The blank space is incompatible with the traffic monitoring mechanisms used by certain third-party software.
[From SGE300W007][#161150]
15. After installing Hotfix SGE300W007, users can no longer launch ICA connections when session reliability is turned on.
[From SGE300W008][#164564]
Installation Instructions
Note: This hotfix is packaged with Microsoft Windows Installer. You can deploy the hotfix package to a group of servers using Microsoft Active Directory Group Policy Object. For more information, see the Secure Gateway Administrator's Guide.
1. | Download the hotfix package from the Hotfixes and Service Packs page of the Citrix Web site at http://www.citrix.com. |
2. | Copy the hotfix package to an empty directory on the hard drive of the computer running the Secure Gateway. |
3. | Close all applications. |
4. | Run the executable. |
5. | Restart the server. |
Note: To install this hotfix silently, use the /q option after the executable. For example:
msiexec /I SGE300W008.MSI /q
Using the /q option without additional options automatically restarts the server.
For additional information about msiexec, see the Microsoft Web site at http://www.microsoft.com. Search on keyword msiexec.
Uninstallation Instructions
1. | From the Start menu, select Settings > Control Panel. |
2. | In Control Panel, double-click Add/Remove Programs. |
3. | Highlight the hotfix you want to uninstall and click Remove. |
4. | Follow the directions on-screen. |
Files Updated
File Name | Date | Time | Size |
SGE300W008.MSI | 07/30/2007 | 11:00a | 1,131,008 |
CgpCore.dll | 07/27/2007 | 03:01p | 116,032 |
CSGmc.dll | 07/17/2007 | 05:11p | 566,616 |
CSGMcUI.dll | 07/17/2007 | 05:10p | 86,016 |
CtxSecGwyCfg.exe | 07/17/2007 | 05:11p | 542,040 |
CtxSGMsg.dll | 07/17/2007 | 05:10p | 3,584 |
libapriconv.dll | 07/27/2007 | 02:54p | 23,040 |
libhttpd.dll | 07/27/2007 | 02:55p | 270,336 |
mod_auth_as.so | 07/17/2007 | 05:11p | 31,064 |
mod_auth_sta.so | 07/17/2007 | 05:11p | 42,840 |
mod_cgp.so | 07/27/2007 | 02:56p | 98,304 |
mod_proxy.so | 07/27/2007 | 02:55p | 27,136 |
mod_proxy_http.so | 07/27/2007 | 02:57p | 16,384 |
mod_session.so | 07/17/2007 | 05:11p | 23,384 |
mod_socks.so | 07/27/2007 | 03:00p | 61,440 |
xte.dbm.dir | 07/17/2007 | 05:10p | 4,096 |
xte.dbm.pag | 07/17/2007 | 05:10p | 118,784 |
MD5 Checksum | File Name |
9657F01A7000FAE5E2C99BF3143B44F3 | SGE300W008.MSI |
933372A17E5D3BB0EC7766B8F830B444 | CgpCore.dll |
EDB904647BADECA2C93BA3EDAB58E03E | CSGmc.dll |
BD66145BB29A7325D16B42ECF46BAF30 | CSGMcUI.dll |
C7246827B6DB54C2E41A3300A2734E57 | CtxSecGwyCfg.exe |
9B471FC53487679BA82D2E3F331158DA | CtxSGMsg.dll |
E265FEA178023B11E754DDB57528E0F7 | libapriconv.dll |
C37457F36A62649675AA681B3F11ED55 | libhttpd.dll |
0B30FB4803F96100BAAE0F7A0C2BC5FD | mod_auth_as.so |
925D71A1C6406036A6375959C72D4D8C | mod_auth_sta.so |
9920ED83A7E331CDA3388C117F894755 | mod_cgp.so |
ED4E2EFA75AB2D627135B5110F2947A4 | mod_proxy.so |
401836E028314CC67F2E5D5B3A93852C | mod_proxy_http.so |
C31D7DD9A4175D077D8728A49898ADBF | mod_session.so |
E85373AA43856F4F92F035B16EA6EDE1 | mod_socks.so |
4FC414889999A46E7EF5605196F9D81F | xte.dbm.dir |
2AE9B18EDE09FDF3AE9BC39F2E562F27 | xte.dbm.pag |
Copyright © 2007 Citrix Systems, Inc. All rights reserved.
Citrix, MetaFrame, and MetaFrame XP are registered trademarks, and Citrix Presentation Server is a trademark of Citrix Systems, Inc. in the United States and other countries.
All other trademarks and registered trademarks are the property of their respective owners
