Hotfix package name: ag2000-V458-19.upgrade
For: Access Gateway Standard Edition and Access Gateway Advanced Edition, Version 4.5, Model 2000 Series Appliance
Replaces: None
Date: September, 2008
Language supported: English (US)
Readme version: 1.0

Important Note(s) about this Release

• This hotfix updates the Access Gateway Standard Edition and Access Gateway Advanced Edition. This hotfix is applicable to the Model 2000 series appliances that support the Access Gateway Standard Edition, Version 4.5 and Access Gateway Advanced Edition, Version 4.5.

Where to Find Documentation

This document describes the issue(s) solved by this hotfix and includes installation instructions. For more information, see the Access Gateway Standard Edition Administrator's Guide that is located in the Access Gateway Administration Portal. To access the Administration Portal and the documentation, in a Web browser, type https://AccessGatewayIPAddress:9001 and then under Documentation, click Download Access Gateway 4.5 documentation.

All product documentation is also available from the Citrix Web site at http://support.citrix.com.

Downloading and Installing this Hotfix

You can install this hotfix using either the Administration Portal or Administration Tool.

To download this hotfix

1. Click the Download button on the top of this Web page and log on to My Citrix.

2. Under Maintenance, in AG 4.5.8 Standard - Upgrade Software, click Get Software and follow the instructions.

Note: When you download your product software, there might be multiple choices for the Access Gateway. If you are updating the Access Gateway appliance, you can select the appliance software, which has a filename extension of .iso. If you are upgrading the appliance or installing a hotfix on the server running Advanced Access Control, download the correct upgrade software for the editon, which has a filename extension of .upgrade.

To install the hotfix using the Administration Tool

1. Click Start › Programs › Citrix › Access Gateway Administration Tool 4.5 › Access Gateway Administration Tool 4.5.

2. Click the Access Gateway Cluster tab and expand the window for the Access Gateway.

3. Click the Administration tab.

4. Next to Upload an upgrade or saved configuration, click Browse.

5. Locate the upgrade file that you want to upload and click Open. The file is uploaded.

6. Restart the Access Gateway appliance and the server running Access Gateway Advanced Edition.

Access Gateway Standard Edition 4.5.8 Compatibility with Citrix Products

The following table provides the Citrix product names and versions that Access Gateway Standard Edition is compatible with.

Citrix Product	Release Version
XenApp	4.5 (Windows Server 2003 ) and 5.0 (Windows Server 2003 and 2008)
Web Interface	4.5, 4.6, and 5.0
XenDesktop	2.0
NetScaler	8.0 and 8.1
WANScaler	4.3.26 and 4.3.27
Access Gateway Advanced Edition	4.5 AAC450W003 and 4.5 AAC450W004

New Features in this Release

With this release, the Access Gateway provides several new features including a new user experience, new home page customizations, and new upgrade options.

New User Experience

The Access Gateway provides a new user experience for connecting through the appliance. The new user interface provides an updated, modern look. If you have client choices configured on the Access Gateway, users are presented with the same logon options with new icons and text to help them make the correct choice. For more information about the new user interface, see Citrix article CTX118208 on the Citrix Support Web site.

The following table provides an easy guide to the new client software names introduced in this release of the Access Gateway and the upcoming release of Citrix XenApp 5.0.

Previous Name	New Name
Secure Access Client	Access Gateway Plugin
Citrix Presentation Server	Citrix XenApp
Citrix Presentation Server Clients	Citrix XenApp Plugin for Hosted Apps
Citrix Presentation Server Console	Citrix XenApp Advanced Configuration
Web Client	Citrix XenApp Web Plugin
Program Neighborhood Agent	Citrix XenApp Plugin

Home Page Customizations

Customizations to the home page, which include primary logo image, secondary logo image, HTML footer text, and the CSS (background color, font style, and so on), are documented in the Access Gateway Standard Edition Administrator’s Guide, the Administration Tool online Help, and the Citrix article CTX118206 on the Citrix Support Web site.

When users upgrade to version 4.5.7 or an earlier version of the Access Gateway, all customizations are retained.

When users upgrade to version 4.5.8 of the Access Gateway, the following items apply:

• Primary and secondary logo images remain on the page, but a scroll bar may appear beside the primary image (For more details, see the Known Issues in this Release section below.)
• The new user interface overrides any customizations
• The HTML footer text remains on the logon page

New Upgrade Options

In earlier versions of the Access Gateway, at logon, users are forced to upgrade to the new plugin even when administrators selected the "Prompt to upgrade earlier versions of Secure Access Client" check box. For information about the new drop-down menu which offers administrators more specific upgrade options in version 4.5.8, see the Citrix Access Gateway Standard Edition Administrator’s Guide.

[From AG_458][#25278]

Known Issues in this Release

1. When users upgrade from Access Gateway Plugin version 4.5.7 to version 4.5.8 on Windows XP computers, the previous Access Gateway icon sometimes appears on the desktop instead of the new padlock icon. To get the new icon to appear, users should delete the Access Gateway Plugin and then navigate to %systemroot%\Documents and Settings\username\Local Settings\Application Data and delete the file IconCache.db. Next, users should install the plugin using the Web browser.

   [From AG_458][#25522]

2. When administrators log on to the Administration Portal using FireFox 3, administrators must log on three times to be fully authenticated.

   [From AG_458][#25809]

Documentation Errata

1. Chapter 9 of the Access Gateway Standard Edition Administrator's Guide, "Configuring Logon and Portal Pages for Citrix Access Gateway Plugin," states the incorrect size and dimensions for the primary logo image file. The correct information is as follows:

   The dimensions of the image and size of the image file used for the primary logo on the customized logon page may cause scroll bars to appear next to and/or below the logo on the page. To remove the scroll bars, decrease the dimensions of the image or the size of the image file.

   [From AG_458][#25745]

Issue(s) Resolved in this Hotfix

1. If the client device loses network connectivity, users cannot reestablish a connection for 10 minutes.

   [From AG2000_v457][#24665]

2. When the Web Interface is configured with session reliability and an application name contains an ampersand (&) symbol, if the network connection is disconnected and then reconnected, the session does not reconnect.

   [From AG_458][#25285]

3. When the primary RADIUS server becomes unavailable, the Access Gateway takes from three to five minutes to connect to the secondary RADIUS server before users can log on again. In this release, the failover time is significantly reduced.

   [From AG_458][#25336]

4. When users are connected through the Access Gateway Plugin and are using desktop sharing, the screen does not refresh when users cancel the desktop sharing session until the user on the remote computer moves the cursor or presses any key on the keyboard.

   [From AG_458][#25376]

5. The maximum number of access control lists (ACLs) supported by the Access Gateway increased from 512 to 1024.

   [From AG_458][#25397]

6. When users log on directly to the Web Interface and the Access Gateway portal page is not configured for log on, the message, “Evicting Unexpired User Session” appears in the log files even though user sessions are not disconnected.

   [From AG_458][#25419]

7. When the IP address or fully qualified domain name (FQDN) of the Advanced Access Control server is set to any port other than 80, the Access Gateway displays the “port number is an invalid FQDN” message.

   [From AG_458][#25492]

8. Because FIPS 140-2 is not supported on Access Gateway Standard Edition, all references to FIPS were removed in the user interface and product documentation.

   [From AG_458][#25494]

9. When IP pooling is configured on the Access Gateway, depending on the IP pooling configuration, sometimes users are assigned IP addresses outside the range configured for the IP pool. In addition, when the IP pool is configured with just one IP address, sometimes no IP address is allocated to a user.

   [From AG_458][#25519]

10. When users disconnect from published applications and wait for 10 minutes or more to reconnect to the applications through the Web Interface, the session times out and users receive the message “The supplied credentials were invalid. Please try again or contact your system administrator for help.” even when the logon credentials are correct.

    [From AG_458][#25527]

11. This fix addresses a security vulnerability. For more information, see Knowledge Center article CTX118183.

    [From AG_458][#25851]

Copyright © 2008 Citrix Systems, Inc. All rights reserved.
Citrix and ICA (Independent Computing Architecture) are registered trademarks. Citrix Access Gateway, Citrix Delivery Center, and Citrix XenDesktop are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries.
All other trademarks and registered trademarks are the property of their respective owners.