820-4905 SSGD 4.41 Release Note

Sun Secure Global Desktop 4.
41
Release Notes
Sun Microsystems, Inc.

www.sun.com
Part No. 820-4905-12

August 2008, Revision 01
Submit comments about this document at: http://docs.sun.com/app/docs/form/comments

Copyright 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved.
Sun Microsystems, Inc. has intellectual property rights relating to technology that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or
more additional patents or pending patent applications in the U.S. and in other countries.
This document and the product to which it pertains are distributed under licenses restricting their use, copying, distribution, and
decompilation. No part of the product or of this document may be reproduced in any form by any means without prior written authorization of
Sun and its licensors, if any.
Third-party software, including font technology, is copyrighted and licensed from Sun suppliers.
Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in
the U.S. and in other countries, exclusively licensed through X/Open Company, Ltd.
Sun, Sun Microsystems, the Sun logo, Java, JavaScript, SunSolve, JavaServer, JSP, JDK, JRE, Sun Ray, and Solaris are trademarks or registered
trademarks of Sun Microsystems, Inc. in the U.S. and in other countries.
All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and in other
countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
Adobe is the registered trademark of Adobe Systems, Incorporated.
The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges
the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun
holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPEN
LOOK GUIs and otherwise comply with Sun’s written license agreements.
U.S. Government Rights—Commercial use. Government users are subject to the Sun Microsystems, Inc. standard license agreement and
applicable provisions of the FAR and its supplements.
DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
Copyright 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, Californie 95054, États-Unis. Tous droits réservés.
Sun Microsystems, Inc. possède les droits de propriété intellectuels relatifs à la technologie décrite dans ce document. En particulier, et sans
limitation, ces droits de propriété intellectuels peuvent inclure un ou plusieurs des brevets américains listés sur le site
http://www.sun.com/patents, un ou les plusieurs brevets supplémentaires ainsi que les demandes de brevet en attente aux les États-Unis
et dans d’autres pays.
Ce document et le produit auquel il se rapporte sont protégés par un copyright et distribués sous licences, celles-ci en restreignent l’utilisation,
la copie, la distribution, et la décompilation. Aucune partie de ce produit ou document ne peut être reproduite sous aucune forme, par quelque
moyen que ce soit, sans l’autorisation préalable et écrite de Sun et de ses bailleurs de licence, s’il y en a.
Tout logiciel tiers, sa technologie relative aux polices de caractères, comprise, est protégé par un copyright et licencié par des fournisseurs de
Sun.
Des parties de ce produit peuvent dériver des systèmes Berkeley BSD licenciés par l’Université de Californie. UNIX est une marque déposée
aux États-Unis et dans d’autres pays, licenciée exclusivement par X/Open Company, Ltd.
Sun, Sun Microsystems, le logo Sun, Java, JavaScript, SunSolve, JavaServer, JSP, JDK, JRE, Sun Ray, et Solaris sont des marques de fabrique ou
des marques déposées de Sun Microsystems, Inc. aux États-Unis et dans d’autres pays.
Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc.
aux États-Unis et dans d’autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun
Microsystems, Inc.
Adobe est une marque enregistree de Adobe Syatems, Incorporated.
L’interface utilisateur graphique OPEN LOOK et Sun™ a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun
reconnaît les efforts de pionniers de Xerox dans la recherche et le développement du concept des interfaces utilisateur visuelles ou graphiques
pour l’industrie informatique. Sun détient une license non exclusive de Xerox sur l’interface utilisateur graphique Xerox, cette licence couvrant
également les licenciés de Sun implémentant les interfaces utilisateur graphiques OPEN LOOK et se conforment en outre aux licences écrites de
Sun.
LA DOCUMENTATION EST FOURNIE "EN L’ÉTAT" ET TOUTES AUTRES CONDITIONS, DÉCLARATIONS ET GARANTIES EXPRESSES
OU TACITES SONT FORMELLEMENT EXCLUES DANS LA LIMITE DE LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE
GARANTIE IMPLICITE RELATIVE À LA QUALITÉ MARCHANDE, À L’APTITUDE À UNE UTILISATION PARTICULIÈRE OU À
L’ABSENCE DE CONTREFAÇON.
Please
Recycle
Contents
Preface ix
1. New Features and Changes 1

New Features in Version 4.41 1
New Command for Securing an SGD Server 1
Pull-Down Header for Kiosk Mode Applications 2
Service Tag Support 3
Active Directory Authentication Log Filter 3
Active Directory SSL Security Without Client Certificates 3
SGD Administration Console 4
Terminology Changes 4
Attribute Name Changes 5
The My Desktop URL 5
Support for Roaming Profiles 6
Automatic Timeout of Idle User Sessions 7
Netmask Filters for Specifying Network Addresses 8
Window Management Keys 8
Support for Solaris 10 OS Trusted Extensions 8
Global Management of Passwords and Tokens 9
iii
Subject Alternative Names for Server Certificates 9
Time Zone Map File Attribute 9
Session Directory for Windows Terminal Services 10
Audio Support in X Applications 10
Support for the Remote Desktop on Microsoft Windows Vista 11
SSH Client Settings 11
Changes in Version 4.41 11
Changes to Supported Platforms 11
SGD Server Command-Line Changes 12
Changes to SGD Web Server Component Versions 13
JDK Version Change 13
My Desktop Link 13
Changes to tarantella security start and tarantella security
stop Commands 14
Changes to tarantella status Command 14
Enabling Secure Intra-Array Communications 14
Replacing an SGD Server Certificate 14
Performance Improvements for tarantella array Commands 15
Retirement of Classic Clients 15
Login and Authentication Sequence 15
Server Certificates and Multiple External DNS Names 16
Web Services Changes 16
Authentication Model Changes 16
Renaming of Methods 16
New Web Service Operations 18
Document/Literal SOAP Message Encoding 18
Querying Device Data 19
iv Sun Secure Global Desktop 4.41 Release Notes • August 2008

Flushing the Kerberos Cache 19
tem status Command 19
SGD Client Does Not Assume Java Technology by Default 20
SGD Client Logs Client Device Information 20
Renamed Command Line Arguments 20
Windows NT Domain Attribute 21
PDF Printers Renamed 21
Window Closure Warning 21
SOCKS Proxy Removed From Client Profile 21
Administration Tools Removed From The Administrator Webtop 22
Login Script Changes 22
Enabling Input Methods for Locales 23
SGD Client Termination Timeouts 23
SecurID Authentication on Solaris x86 Platforms 23
Support for Multiple SGD Servers in Integrated Mode 24
Array Routes 24
SGD Startup Scripts 24
Untrusted Initial Connection Message 25
2. Support Statements, Known Issues, Bug Fixes, and Documentation Issues 27

End-Of-Support Statements 27
Changes to Supported Platforms for The Next Release 28
Known Bugs and Issues 30
602423 - Return Key and Keypad Enter Key Issues 30
6443840 - Automatic Proxy Server Configuration Scripts Fail 30
6456278 - Integrated Mode Does Not Work for the Root User 31
6458111 - Gnome Main Menu Crashes Using Integrated Mode 31
Contents v
6461864 and 6476661 - Automatic Login and Integrated Mode Fails With the
Gnome Desktop 32
6476194 - No KDE Desktop Menu Item for the SGD Client 32
6481312 - Upgrading Resets the Available Connection Types 33
6482912 - SGD Client Not Installed Automatically 33
6493374 - Non-ASCII Characters in Input Method Windows 33
6503530 – No Launch Menu Entries on Sun Java™ Desktop Systems 34
6555834 – Java Technology is Enabled For Browser But Is Not Installed On
Client Device 34
6592560 – Administration Console Online Help Not Available Over HTTPS
35
6598048 – French Canadian Keyboard Not Mapped Correctly for Windows
Applications 35
6609518 – Array Joining When Running the Administration Console From a
Secondary Server 35
6610760 – Custom PDF Printer Settings Not Applied For Windows
Applications 36
6611502 – Errors When Creating and Modifying Objects From a Secondary
Server 36
6616290 – Integrated Mode Issues When Using the SGD Load-Balancing JSP
36
6618698 – Blank Webtop When Using LDAP Authentication 37
6631991 – High CPU Usage When Using the SGD Enhancement Module 37
6634243 – Microsoft Windows Vista Applications Limited to 16-Bit Color
Depth 37
6654307 – Slow Log In When Using Active Directory Authentication 38
6665330 – Font Errors When Starting VirtualBox™ Software From a JDS
Session Displayed Using MyDesktop 38
6702234 – tarantella security start Command Errors When SGD
Server is Stopped 38
6711479 – Audio Unavailable on Linux Platform Client Devices 39
6711001 – SGD Server Will Not Start 39
vi Sun Secure Global Desktop 4.41 Release Notes • August 2008

6712191 – Active Directory Password Expiry Dialog Issues 39
6716771 – Default Printer Not Created for Windows 2008 Applications 40
6726403 – Active Directory Authentication Fails With SSL Connections to
Microsoft Windows Server 2008 40
6734906 – “Network is Unreachable” Messages in Apache Log File 41
6742027 – Installation of SGD Appears to Hang 41
6742916 – Issues With Routing Token Redirection for Session Directory 41
6744107 – Applications Fail to Start When Using SSL Connections 42
Sun Type 7 Japanese Keyboard Issues 42
Start Menu Items Not Sorted Alphabetically 43
Microsoft Windows Server 2003 Applications Limited to 8-Bit Color Depth for
Large Screen Resolutions 43
Bug Fixes in Version 4.41 43
Documentation Issues in Version 4.41 51
Correction to the “Selecting a Cipher Suite for Secure Intra-Array
Communication” Section 51
Correction to the “Keep Alive Configuration for Windows Terminal Servers”
Section 52
Correction to the “How to Configure SSL Connections to Active Directory”
Section 52
Contents vii
viii Sun Secure Global Desktop 4.41 Release Notes • August 2008
Preface
The Sun Secure Global Desktop 4.41 Release Notes provide information about the
system requirements and support, and the new features and changes, for this
version of Sun Secure Global Desktop (SGD). This document is written for system
administrators.
Using System Commands

This document might not contain information on basic UNIX® system commands
and procedures such as shutting down the system, booting the system, and
configuring devices. Refer to your system documentation for this information. This
document does, however, contain information about specific SGD commands.
ix
Shell Prompts
Shell Prompt
C shell machine-name%
C shell superuser machine-name#
Bourne shell and Korn shell $
Bourne shell and Korn shell superuser #
Typographic Conventions
Typeface* Meaning Examples
AaBbCc123 The names of commands, files, Edit your .login file.

and directories; on-screen Use ls -a to list all files.
computer output % You have mail.
AaBbCc123 What you type, when % su
contrasted with on-screen Password:
computer output
AaBbCc123 Book titles, new words or terms, Read Chapter 6 in the User’s Guide.
words to be emphasized. These are called class options.
Replace command-line To delete a file, type rm filename.
variables with real names or
values.
* The settings on your browser might differ from these settings.
Related Documentation
The following table lists the documentation for this product. The online
documentation is available at:
x Sun Secure Global Desktop 4.41 Release Notes • August 2008

http://docs.sun.com/app/docs/coll/1706.3
Application Title Part Number Format Location
Installation Sun Secure Global Desktop 4.41 820-4906-10 HTML Online

Installation Guide PDF Software CD and online
Administration Sun Secure Global Desktop 4.41 820-4907-10 HTML Online
Administration Guide PDF
User Sun Secure Global Desktop 4.41 820-4908-10 HTML Online
User Guide PDF
Third-Party Web Sites

Sun is not responsible for the availability of third-party web sites mentioned in this
document. Sun does not endorse and is not responsible or liable for any content,
advertising, products, or other materials that are available on or through such sites
or resources. Sun will not be responsible or liable for any actual or alleged damage
or loss caused by or in connection with the use of or reliance on any such content,
goods, or services that are available on or through such sites or resources.
Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and
suggestions. You can email your comments to Sun at:
docfeedback@sun.com
Please include the following document title and part number in the subject line of
your email:
Sun Secure Global Desktop 4.41 Release Notes, part number 820-4905-12.
Preface xi
xii Sun Secure Global Desktop 4.41 Release Notes • August 2008
CHAPTER 1
New Features and Changes
This chapter describes the new features and changes in Sun Secure Global Desktop
(SGD) versions 4.41, 4.40, and 4.31.
Topics in this chapter include the following:

■ “New Features in Version 4.41” on page 1
■ “Changes in Version 4.41” on page 11
New Features in Version 4.41

This section describes the features that are new in the SGD version 4.41 release.
New Command for Securing an SGD Server

SGD Administrators can now configure security automatically for an SGD server,
using a single tarantella command. The following commands are now available:
■ tarantella security enable – Makes an SGD server secure.
■ tarantella security disable – Restores the security settings of an SGD
server, to the state before running tarantella security enable.
The tarantella security enable command performs the following

configuration:
1
■ Installs a server certificate
■ Enables HTTPS connections to the SGD Web Server
■ Configures the SGD server for firewall traversal
■ Secures the SOAP connections to the SGD server
■ Enables SGD security services
■ Restarts the SGD server and SGD Web Server
The following limitations apply for these commands:

■ The SGD server must not be in an array.
■ The SGD server must have a fresh installation of SGD. The commands cannot be
used if you are upgrading the software on an SGD server.
See the Sun Secure Global Desktop 4.41 Administration Guide for more details about the
tarantella security enable and tarantella security disable
commands.
Pull-Down Header for Kiosk Mode Applications

A new attribute (--allowkioskescape) enables a pull-down header for Windows
applications and X applications running in kiosk mode.
The pull-down header includes icons for minimizing and closing the application
window.
To display the pull-down header when this attribute is enabled, move the mouse to
the top of the application window.
To enable or disable the pull-down header, configure the attribute for the Windows
application or X application object. For example:
$ tarantella object edit \

--name "o=applications/cn=IndigoProject" --allowkioskescape true
Note – Currently, this attribute is only configurable from the command line.
2 Sun Secure Global Desktop 4.41 Release Notes • August 2008

Service Tag Support
SGD version 4.41 includes support for Sun Service Tags. If the Sun Service Tags
software is present on the SGD host, SGD creates and registers a new service tag
automatically during installation.
Registration of service tags is attempted on every instance of tarantella start

until successful, after which registration does not take place again. This means that
even if the Service Tags software is not present when SGD is installed, SGD will still
register with it if you install the Service Tags software on the SGD host at a later
date.
For more information about Sun Service Tags, see

http://www.sun.com/bigadmin/hubs/connection/tasks/register.jsp.
Active Directory Authentication Log Filter

There is a new server/ad log filter, which enables logging of errors related to
Active Directory authentication.
For example, you can use this log filter to find out why an Active Directory user
cannot log in to SGD.
Active Directory SSL Security Without Client

Certificates
SGD version 4.41 enables you to use Secure Sockets Layer (SSL) security when
connecting to an Active Directory server, without using client certificates. This
means that an SGD server can meet security requirements in an environment where
client certificates are not required, or are not a viable option.
The Sun Secure Global Desktop 4.41 Administration Guide provides details of how to
configure this feature.

Chapter 1 New Features and Changes 3

SGD Administration Console
The SGD administration tools, Object Manager, Array Manager, Configuration
Wizard, and Session Manager have been replaced by the SGD Administration
Console. The SGD Administration Console is a web application. The Administration
Console can be used by SGD Administrators to configure SGD.
The Administration Console is localized into the languages supported by SGD:

English, French, Japanese, Korean, Simplified Chinese, and Traditional Chinese.
To use the Administration Console, your browser must have JavaScript enabled.
Wherever possible, run the Administration Console on the primary server in the
SGD array. Some operations, for example, creating new objects or editing object
attributes, are best done on the primary server. If you perform these operations on a
secondary server and the primary server is not running, your changes are not
implemented.
Note – The SGD distribution includes a web archive (WAR) file for the
Administration Console, sgdadmin.war. Using this file to deploy the
Administration Console on another web application server is not supported.
You can start the Administration Console in one of the following ways:
■ Click the Administration Console link on the webtop of an SGD Administrator.
■ Click the Launch the Sun Secure Global Desktop Administration Console link on
the SGD Web Server Welcome Page at http://server.example.com, where
server.example.com is the name of an SGD server.
■ Go to http://server.example.com/sgdadmin, where server.example.com is the
name of an SGD server.
See the Sun Secure Global Desktop 4.41 Administration Guide for more details about the
Administration Console.
Terminology Changes
The Administration Console uses different terminology compared to previous SGD
releases.

The following table lists some common terms used in version 4.31 and the
corresponding term used in the Administration Console.
SGD Version 4.31 Administration Console
array member SGD server

browser-based webtop webtop
emulator session application session
Enterprise Naming Scheme (ENS) local repository
ENS equivalent name user profile
Fully Qualified Name user identity
host application server
intelligent array routing load balancing group
login authority system authentication
login profile user profile
person object user profile object
Tarantella Federated Naming (TFN) Not used
webtop session user session
Attribute Name Changes

Some attributes have been renamed for the Administration Console. The Sun Secure
Global Desktop 4.41 Administration Guide includes the attribute names used in the
Administration Console, along with the previous attribute name used in Object
Manager and Array Manager.
The My Desktop URL

The My Desktop Uniform Resource Locator (URL) enables users to log in and
display a full-screen desktop without displaying a webtop.
To be able to use the My Desktop URL, the user must be assigned an application
object called My Desktop (cn=My Desktop). This object is created automatically
when SGD is installed. By default, the object is configured to run the default desktop
application available on the SGD server, for example, the Sun Java Desktop System.
You can reconfigure this object to run any application you want, but it works best

with full-screen desktop applications. If users require different desktop applications,
you can create additional My Desktop objects as required. However, users must be
assigned only one My Desktop application.
Note – Users can be assigned any number of applications, but the My Desktop URL
only gives users access to the My Desktop application.
The My Desktop URL is http://server.example.com/sgd/mydesktop, where

server.example.com is the name of an SGD server. This URL displays the SGD Login
page. Once the user has logged in, the desktop session displays and the web browser
can be closed.
Note – There are no controls for suspending or resuming the desktop application.
Users must log out of the desktop application as normal.
Support for Roaming Profiles

Users with Microsoft Windows client devices can have roaming user profiles.
Roaming user profiles provide the user with the same working environment, no
matter which Microsoft Windows computer they use. If Microsoft Windows users
have roaming user profiles, the SGD client profile is automatically adjusted to allow
for this, as follows:
■ Settings specific to the user’s client device, for example the proxy server
configuration, are stored on the client device.
By default, this is homedrive\Documents and Settings\username\
Local Settings\Application Data\Sun\SSGD\profile.xml
Settings specific to the user, for example the preferred language, are stored in the
location of the roaming user profile.
■ Usually, this is homedrive\Documents and Settings\username\
Application Data\Sun\SSGD\profile.xml
Note – This location also contains the user’s hostsvisited and certstore.pem
files.

The following settings from the SGD client profile are stored in the location of the
user’s roaming profile:
Client Profile Setting Roaming Profile Entry
Login URL <url>

Add Applications to Start Menu <mode>
Automatic Client Login <autologin>
<AT>
Connect on System Login <autostart>
Connection Failure <reconnect mode>
<reconnect_attempts>
<reconnect_interval>
Automatic Timeout of Idle User Sessions

SGD Administrators can now configure an automatic timeout for idle user sessions.
The timeout enables user sessions to be suspended if there has been no application
session or webtop activity for a specified time period. The timeout applies to all SGD
servers in the array.
This timeout is only configurable from the command line. You cannot edit the
timeout value using the Administration Console.
You configure the timeout with the following command:
$ tarantella config edit \

--tarantella-config-array-webtopsessionidletimeout secs
Replace secs with the timeout value, measured in seconds.
A setting of 0 turns off the user session idle timeout feature. This is the default
setting.
In the following example, user sessions are suspended after 1800 seconds (30
minutes) of inactivity.

--tarantella-config-array-webtopsessionidletimeout 1800

Netmask Filters for Specifying Network
Addresses
You can now specify a netmask filter when setting the following attributes:
■ External DNS names (--server-dns-external)
■ Array routes (--tarantella-config-array-netservice-proxy-routes)
The netmask filter takes the format v.w.x.y/z. The previous “wildcard” type filters
are still supported.
The following example uses a netmask filter to specify external DNS names.
$ tarantella config edit --server-dns-external \

"192.168.55.0/24:boston.indigo-insurance.com"
Window Management Keys

A new Window Management Keys (--remotewindowkeys) attribute is available
for the following object types:
■ Windows application
■ X application
Using this attribute, keyboard shortcuts that deal with window management can
either be sent to the remote session or acted on locally. This setting is only effective
for applications having a Window Type setting of Kiosk mode.
To exit Kiosk mode when this attribute is enabled, use the key sequence
Alt-Ctrl-Shift-Space. This minimizes the kiosk session on the local desktop.
By default, the Windows key is now enabled in SGD Windows Terminal Services
sessions. The default setting for the SGD Terminal Services Client (ttatsc)
-windowskey option is on. You can change this option using the Arguments for
Protocol (--protoargs) attribute on the Windows application object.
Support for Solaris 10 OS Trusted Extensions

SGD runs on Solaris 10 OS Trusted Extensions with the following known limitations:
■ SGD must be installed to a labelled zone. See the Sun Secure Global Desktop 4.41
Installation Guide for more information about installing SGD on Solaris 10 OS
Trusted Extensions.

■ Client drive mapping is not supported for UNIX platform client devices
[6610354].
■ Audio is not supported for UNIX platform applications [6610352].
■ Integrated mode is not supported for Solaris 10 OS Trusted Extensions client
platforms [6610371].
■ Kiosk mode display for applications does not provide the best user experience for
Solaris 10 OS Trusted Extensions client platforms [6594795].
Global Management of Passwords and Tokens

The Administration Console can be used to globally manage passwords and tokens
for all users of SGD.
You can now manage passwords and tokens by user identity or by user profile.
Previously, the Object Manager administration tool only supported management of
passwords and tokens by user profile.
Subject Alternative Names for Server Certificates

If an SGD server has multiple DNS names, for example, it is known by different
names inside and outside a firewall, you can specify the additional DNS names as
subject alternative names when generating a Certificate Signing Request (CSR). This
enables you to associate more than one DNS name with a server certificate.
The tarantella security certrequest command now prompts you to enter

subject alternative names when generating a CSR.
The subject alternative names for a certificate can be displayed using the
tarantella security certinfo command.
Time Zone Map File Attribute

A new Time Zone Map File attribute (--xpe-tzmapfile) is available.
The attribute enables you to specify a file that contains mappings between UNIX
client device and Microsoft Windows application server time zone names. The
attribute applies to all SGD servers in the array.

Session Directory for Windows Terminal Services
SGD version 4.40.917 and later supports Session Directory for Windows Terminal
Services sessions running on Microsoft Windows Server 2003.
Session Directory can be used instead of SGD to handle session resumability for
Windows applications. Session Directory is a database that keeps track of which
users are running which sessions on which Windows application server.
Using Session Directory enables SGD users to reconnect automatically to their

Windows session.

Audio Support in X Applications

SGD Administrators can now enable audio in X applications accessed using SGD.
To hear audio in X applications, the following conditions must be met:

■ The client device must be capable of playing audio.
■ The SGD Client must be used to connect to SGD.
■ The UNIX audio module of the SGD Enhancement Module must be installed and
running on the application server.
■ The X application must output audio using the Open Sound System (OSS). If your
system uses the Advanced Linux Sound Architecture (ALSA), you might have to
enable the ALSA OSS emulation modules in the kernel.
■ The SGD UNIX audio service must be enabled in the Administration Console. The
service is disabled by default.
The UNIX audio module contains an OSS audio driver emulator. The audio driver
emulator is installed in the kernel when you install the UNIX audio module of the
SGD Enhancement Module.
Note – As the UNIX audio module includes an audio driver emulator, the
application server itself does not actually need to have a sound card.

Some X applications are hard-coded to use the /dev/audio or /dev/dsp devices
for audio output. A new attribute for X application objects, Audio Redirection
Library (--unixaudiopreload), enables an SGD audio redirection library to force
the X application to use the SGD audio device.
Support for the Remote Desktop on Microsoft

Windows Vista
Microsoft Windows Vista includes the Remote Desktop feature that enables you to
access a computer using the Microsoft Remote Desktop Protocol (RDP). You can now
use SGD and Remote Desktop, for example, to enable users to access their office PC
when they are out of the office. Only full Windows desktop sessions are supported.
You can also install the SGD Enhancement Module on Microsoft Windows Vista
client devices to provide support for client drive mapping. Advanced load balancing
and seamless windows are not supported.
SSH Client Settings

A new SSH Arguments (--ssharguments) attribute is available for the following
object types:
■ X application
■ Character application
■ 3270 application
■ 5250 application
With this attribute, you can specify the command-line arguments for the SSH client
when the connection method for an application is SSH.
Changes in Version 4.41

This section describes the changes since the SGD version 4.40 release.
Changes to Supported Platforms

The supported platforms for SGD have changed, as follows:

■ SGD servers. Fedora Linux 8 is now supported as an SGD server installation
platform. Fedora Linux 7 is not supported in this release.
■ SGD Enhancement Module. Fedora Linux 8 and Windows Server 2008 are now
supported as installation platforms for the SGD Enhancement Module. Fedora
Linux 7 is not supported in this release.
■ Client platforms. Fedora Linux 8 and Red Hat Desktop version 5 are now
supported client platforms. Fedora Linux 7 and Red Hat Desktop version 4 are
not supported in this release. The Mozilla 1.5 browser is not supported for this
release.
See the Sun Secure Global Desktop 4.41 Installation Guide for more information about
supported platforms for this release.
SGD Server Command-Line Changes

The commands used to control the SGD server and the SGD Web Server have been
changed.
The following commands for stopping, starting, and restarting the SGD Web Server
have been deprecated:
■ tarantella webserver start
■ tarantella webserver stop
■ tarantella webserver restart
These commands are now implemented as subcommands for the tarantella

start, tarantella stop, and tarantella restart commands.
In previous releases, the tarantella start, tarantella stop, and

tarantella restart commands controlled the SGD server. By default, these
commands now control the SGD server and the SGD Web Server.
New subcommands to the tarantella start, tarantella stop, and

tarantella restart commands enable you to choose to start, stop, or restart
either the SGD server or one or more components of the SGD Web Server.
The following table summarises the main command-line changes.
Command in Version 4.40 Command in Version 4.41
tarantella webserver start tarantella start webserver

tarantella webserver stop tarantella stop webserver
tarantella webserver restart tarantella restart webserver

Command in Version 4.40 Command in Version 4.41
tarantella start tarantella start sgd

tarantella stop tarantella stop sgd
tarantella restart tarantella restart sgd
See the Sun Secure Global Desktop 4.41 Administration Guide for more detailed
information about the revised commands.
Changes to SGD Web Server Component Versions

The SGD Web Server now uses version 2 of Apache. Version information for the
components of the SGD Web Server are shown in the following table.
Component Version
Apache HTTP Server 2.2.8

OpenSSL 0.9.8g
mod_jk 1.2.25
Apache Jakarta Tomcat 5.0.28
Apache Axis 1.2
JDK Version Change

The SGD installation now includes JDK™ version 1.6.0_05.
My Desktop Link
The SGD Web Server Welcome page now includes a My Desktop link. The SGD Web
Server Welcome page is at http://server.example.com, where server.example.com is
the name of an SGD server.
The My Desktop link enables users to log in and display a full-screen desktop,
without displaying a webtop. See “The My Desktop URL” on page 5 for more
details.
Using the My Desktop link is an alternative to specifying the My Desktop URL. The
My Desktop URL is http://server.example.com/sgd/mydesktop.

Changes to tarantella security start and
tarantella security stop Commands
The --array and --server options have been deprecated for the tarantella
security start and tarantella security stop commands.
This means that the tarantella security start and tarantella security
stop commands can only be used to configure security for the SGD server on which
the command is run.
Changes to tarantella status Command

If there are problems with the array, the tarantella status command now
returns more detailed information about the array configuration. This information
can be used to diagnose and fix array problems.
Enabling Secure Intra-Array Communications

In previous releases, enabling secure intra-array communications for an array was
done by running a tarantella array join command on the secondary SGD
server joining the array.
In the SGD 4.41 release, if you are using secure intra-array communication, the
tarantella array join command must be run from the primary SGD server in
the array.
Replacing an SGD Server Certificate

In the SGD 4.41 release, you can generate a new Certificate Signing Request (CSR)
without affecting your current SGD server certificate.
This enables you to replace an SGD server certificate, for example because the
original certificate is about to expire.
When you use the tarantella security certrequest command to generate a

CSR, the private key is now stored in the
/opt/tarantella/var/tsp/key.pending.pem file.

Performance Improvements for tarantella
array Commands
The performance of the tarantella array commands has been improved.
Configuring arrays of SGD servers is now a quicker process, compared to previous
releases.

Retirement of Classic Clients

SGD version 4.31 was the last release to contain the Java technology clients, the SGD
Native Clients and the classic webtop. The 4.40 release does not contain these clients.
As a result of this change, for this release of SGD, you cannot configure applications
to display in a web browser window. The webtop and newbrowser options for the
Window Type attribute (--displayusing) have been removed.
Login and Authentication Sequence

As a security measure to prevent denial-of-service attacks, the sequence of events
when you log in to SGD has changed, as follows:
■ In SGD version 4.31, the SGD Client was started before the login screen was
shown.
■ For SGD version 4.40, the SGD Client is not started until after the user successfully
authenticates at the login screen.
Start up of the SGD Client is indicated by an icon in the desktop task bar. See the
Sun Secure Global Desktop 4.41 Installation Guide for more details about logging in to
SGD.
You can no longer deny a connection to SGD based on the client’s IP address.

Server Certificates and Multiple External DNS
Names
In previous releases, the --tarantella-config-ssldaemon-certificates
attribute was used to associate an X.509 certificate with an external DNS name for an
SGD server.
This attribute is no longer supported. In this release, you can specify external DNS
names as subject alternative names when you generate a CSR.
See “Subject Alternative Names for Server Certificates” on page 9 for more details.
Web Services Changes

The following web services changes have been implemented for this release:
■ Authentication model changes
■ Renaming of methods
■ New web service operations
■ Document/Literal SOAP message encoding
■ Querying device data
Authentication Model Changes

In the 4.31 release, the startSession and the authenticateSession methods
were used to authenticate a user session.
For the 4.40 release, creating and authenticating a user session have been combined
into a single method, authenticate.
The startSession and authenticateSession methods are not available for the
4.40 release.
Renaming of Methods
Some overloaded methods were present in the 4.31 release. These methods were
distinguished by the number and type of their parameters. All such overloaded
methods have been renamed for the 4.40 release. Additionally, the mandatory
parameters for the setSessionIdentity method have changed for the 4.40
release.

The following table lists the method name changes for this release.
Interface Name Method Name in Version 4.31 Method Name in Version 4.40
ITarantellaDatastore modify(String, String, modifyReplace (String, String,

String[]) String[])
ITarantellaEvent adminSendClientSideMessage adminBroadcastClientSideMessage
(String, String, String, (String, String, String,
String, String) String, String)
ITarantellaExternalAuth setSessionIdentity (String, setSessionIdentity (String,
String) String, String)
ITarantellaPrint printJobs(String) printAllJobs(String)
ITarantellaWebtopSession authenticateSession(String, authenticate(String, String,
String, String) String, String)
ITarantellaWebtopSession authenticateSession(String, authenticateExt(String,
String, String, Item[], String, String, String,
Item[]) Item[], Item[])
ITarantellaWebtopSession setTCCConfiguration setTCCConfigurationOverrides
(String, String, String, (String, String, String,
String, String, Item[]) String, String, Item[])
ITarantellaWebtopSession startSession(*) No equivalent

New Web Service Operations
The following table lists the new web service operations.
Interface Name Method Name Description
ITarantellaDatastore deleteObjects Delete several objects from the SGD datastore.

searchEnd Release server resources for a given search.
searchNext Retrieve the next subset of search results.
searchStart Start a datastore search, returning a subset of results.
ITarantellaEmulatorSession adminCount Count the number of matching application sessions
a search would return.
adminSearchEnd Release server resources for a given search.
adminSearchNext Retrieve the next subset of search results.
adminSearchStart Start a search, returning a subset of results.
endSessions End multiple application sessions.
ITarantellaPrint adminCount Count the number of matching print jobs a search

adminSearchEnd would return.
adminSearchNext Release server resources for a given search.
adminSearchStart Retrieve the next subset of search results.
Start a search, returning a subset of results.
ITarantellaWebtopSession associateTCC Associate a user session with an existing SGD Client
authenticate connection.
authenticateExt Authenticate a user session.
createView Authenticate a user session.
adminEndSessions Create a new view of an existing user session.
adminCount End multiple user sessions.
Count the number of matching user sessions a
adminSearchEnd search would return.
adminSearchNext Release server resources for a given search.
adminSearchStart Retrieve the next subset of search results.
Start a search, returning a subset of results.
ITarantellaUtility searchEnd Release server resources for a given search.
searchNext Retrieve the next subset of search results.
searchStart Start a search, returning a subset of results.
Document/Literal SOAP Message Encoding

The SOAP message encoding format used for SGD web services has changed from
RPC/Encoded to Document/Literal.

To list the SGD web services, go to http://server.example.com/axis/services,
where server.example.com is the name of an SGD server. Click on the wsdl link to see
the Web Services Description Language (WSDL) listing for an SGD web service.
The WSDL listings for the RPC/Encoded versions of the web services are still
included on this page. Do not use the RPC/Encoded versions for developing your
own applications. These versions of the web services will be deprecated in future
releases.
Querying Device Data

The adminLookupSession operation now returns device information. You can use
this operation to query the --scottarawdevicedata and
--scottadeviceaccessibledata device data attributes.
The returned device information can be used as a diagnostic tool.
Flushing the Kerberos Cache

A new setting for the tarantella cache command enables you to refresh the
current Kerberos configuration settings for an SGD server.
The new option, krb5config, is used as follows:
$ tarantella cache --flush krb5config
This setting enables you to update the Kerberos configuration for an SGD server
without having to restart the server. This feature is used for Active Directory
authentication only.
tem status Command

For users of the SGD Enhancement Module, a new command is available.
The tem status command provides status information for load balancing, UNIX
platform audio, and client drive mapping services for the SGD array. The command
lists the installed modules and indicates whether they are running or not.

SGD Client Does Not Assume Java Technology by
Default
The SGD Client can be started from the command line using the tcc command on
Microsoft Windows client platforms, or the ttatcc command on UNIX, Linux, or
Mac OS X client platforms.
In this release, by default, when you start the SGD Client from the command line or
in Integrated mode, the SGD Client assumes that the client device does not have
Java technology enabled. A new -use-java argument for the tcc and ttatcc
commands configures the SGD Client to use Java technology.
In previous releases, by default, the SGD Client assumed Java technology was
enabled. A -no-java argument for the tcc and ttatcc commands was available
to override this behavior. This argument has now been deprecated.
The available arguments for the tcc and ttatcc commands are described in the
Sun Secure Global Desktop 4.41 Administration Guide.
SGD Client Logs Client Device Information

The SGD Client now logs information on client devices. Device access data and error
messages are logged for printing, serial port, client drive mapping, audio, and smart
card devices.
The client device information is written to the SGD Client log file and is displayed
on the Detailed Diagnostics page of the webtop.
Renamed Command Line Arguments

Several attributes have been renamed to give shorter attribute names. This prevents
errors when typing these attributes on the command line. The following table lists
the attribute names that have been renamed.
Attribute Name in Version 4.31 Attribute Name in Version 4.40
--tarantella-config-login-thirdparty-searchens --login-thirdparty-ens
--tarantella-config-login-thirdparty-allownonens --login-thirdparty-nonens

Attribute Name in Version 4.31 Attribute Name in Version 4.40
--tarantella-config-ldap-thirdpartyldapcandidate-us --login-ldap-thirdparty-ens
eens
--tarantella-config-ldap-thirdpartyldapcandidate-us --login-ldap-thirdparty-profile
eprofile
--tarantella-config-xpeconfig-timezonemapfile --xpe-tzmapfile
Windows NT Domain Attribute

The Windows NT Domain attribute has been renamed to Domain Name. This
attribute specifies the domain to use for the application server authentication
process.
The following objects have this attribute:

■ Application server
■ Windows application
■ User profile
PDF Printers Renamed

The names of the SGD PDF printers have changed as shown in the following table.
Printer Name in Release 4.31 Printer Name in Release 4.40
Universal PDF Universal PDF Printer

Print to Local PDF File Universal PDF Viewer
Window Closure Warning

For application objects configured with a Window Type setting of Independent
Window, a warning dialog is now shown when the application window is closed.
The dialog prompts you to confirm that you want to end the application session.
SOCKS Proxy Removed From Client Profile

You can no longer configure SOCKS proxy servers using the SGD Client profile.

You can still configure SOCKS proxy servers using the array routing feature. Use the
following command:

--tarantella-config-array-netservice-proxy-routes \
"192.168.10.*:CTSOCKS:taurus.indigo-insurance.com:8080"
With this configuration, clients with IP addresses beginning 192.168.10 connect

using the SOCKS proxy server taurus.indigo-insurance.com on TCP port
8080.
Administration Tools Removed From The

Administrator Webtop
The Object Manager, Array Manager, Session Manager, and Configuration Wizard
administration tools are no longer displayed on the Administrator’s webtop. These
administration tools have been replaced by a browser-based administration tool
called the Administration Console. See “SGD Administration Console” on page 4 for
more details.
The Configuration Wizard is still included in the SGD distribution, as an example

web application. To display the Configuration Wizard, go to
http://server.example.com/sgd/admin/configmgr/index.jsp, where
Session Manager is still included in the SGD distribution, as an example web

application. To display Session Manager, go to
http://server.example.com/sgd/admin/sessmgr/index.jsp, where
Login Script Changes

The login scripts in the /opt/tarantella/var/serverresources/expect
directory have been rationalized. Some scripts have been renamed and others have
been merged.
If you are using SecurID for application server authentication, objects now use the
securid.exp script, rather than the securid/unix.exp script. For backward
compatibility, a symbolic link now exists from securid/unix.exp to the new
securid.exp script.

Enabling Input Methods for Locales
An input method (IM) is a program or operating system component that enables
users to enter characters and symbols not found on their keyboard. On Microsoft
Windows platforms, an IM is called an input method editor (IME).
When running applications, SGD enables an IM if either the

TTA_PreferredLocale, TTA_HostLocale, or the LANG (from the application
environment overrides) environment variables are set to a locale that requires an IM.
The locales that require an IM are controlled by the IM_localeList variable, which
is defined in the vars.exp login script.
By default, an IM is enabled for all Japanese, Korean, and Chinese locales. To enable
an IM in other locales, you must edit vars.exp and add the locale to the
IM_localeList variable.
SGD Client Termination Timeouts

If an application is terminated because the SGD Client exits unexpectedly, an
additional value of 20 minutes is added to the following timeouts:
■ Timeout for User Session Resumability – For applications configured to be
resumable during the user session
■ Timeout for General Resumability – For applications configured to be generally
resumable

SecurID Authentication on Solaris x86 Platforms

In version 4.31, you can use SecurID authentication when SGD is installed on Solaris
x86 platforms.

Support for Multiple SGD Servers in Integrated
Mode
In version 4.30, it is possible to connect only to one SGD server when the SGD Client
is in Integrated mode. In version 4.31, Integrated mode can be used with multiple
SGD servers. In the desktop Start or Launch menu, a login link is available for each
SGD server.
Array Routes
SGD has an array routes feature that enables you to configure server-side SOCKS
proxy servers. You configure array routes with the following command:

--tarantella-config-array-netservice-proxy-routes route...
Array routes are enhanced so that you can now configure a direct connection type.
Use CTDIRECT as the connection type to specify the clients that can connect without
using a proxy server.
The following is an example array route configuration:

--tarantella-config-array-netservice-proxy-routes \
"192.168.5.*:CTDIRECT:" \
"192.168.10.*:CTSOCKS:taurus.indigo-insurance.com:8080"
With this configuration, clients with IP addresses beginning 192.168.5 have a

direct connection. Clients with IP addresses beginning 192.168.10 connect using
the SOCKS proxy server taurus.indigo-insurance.com on TCP port 8080.
SGD Startup Scripts

In version 4.31, the startup scripts that ensure SGD services stop and start when an
SGD server is rebooted are renamed and restructured. The *Tarantella and
*TarantellaWebserver scripts are replaced by a single script named
*sun.com-sgd-base. The *tem script for the SGD Enhancement Module is now
named *sun.com-sgd-em.

Untrusted Initial Connection Message
The Untrusted Initial Connection warning message that is displayed when users first
connect to an SGD server is enhanced. Users can now view the server’s security
certificate from this message.

CHAPTER 2
Support Statements, Known Issues,

Bug Fixes, and Documentation
Issues
This chapter contains support information for SGD.
Topics in this chapter include the following:

■ “End-Of-Support Statements” on page 27
■ “Known Bugs and Issues” on page 30
■ “Bug Fixes in Version 4.41” on page 43
■ “Documentation Issues in Version 4.41” on page 51
End-Of-Support Statements
The following table lists the end-of-support dates for SGD products.
Software and Version End of Full Support End of Limited Support End of Service Life
Sun Secure Global Desktop Software 4.40 February 3, 2010 February 3, 2014 February 3, 2014
Sun Secure Global Desktop Software 4.31 May 19, 2009 May 19, 2013 May 19, 2013
Sun Secure Global Desktop Software 4.3 April 29, 2009 April 29, 2013 April 29, 2013
Sun Secure Global Desktop Software 4.2 November 8, 2008 November 8, 2012 November 8, 2012
Secure Global Desktop Enterprise Edition 4.1 March 31, 2007
27
Software and Version End of Full Support End of Limited Support End of Service Life
Secure Global Desktop Software Appliance 4.0 March 31, 2007

Secure Global Desktop Enterprise Edition 3.44* December 31, 2007
Tarantella Enterprise 3 (including TASP) March 31, 2007
* Japanese only
For details of the Sun End of Service Life (EOSL) Policy, see http://
www.sun.com/service/eosl/.
Customers with a valid support agreement can upgrade to the latest version of SGD
free of charge.
Changes to Supported Platforms for The Next

Release
Changes to the supported platforms for the release following SGD version 4.41 are
as follows:
■ SGD servers. OpenSolaris is supported as an SGD server installation platform in
this release. Solaris OS 8, Solaris OS 9, Red Hat Enterprise Linux 4, Fedora Linux
8, and SUSE Linux Enterprise Server 9 are not supported.
The following table lists the supported installation platforms for the next release.
Operating System Supported Versions
Solaris™ Operating System (Solaris OS) on SPARC platforms 10, 10 Trusted Extensions
Solaris OS on x86 platforms 10, 10 Trusted Extensions
OpenSolaris on x86 platforms Latest version
Red Hat Enterprise Linux (Intel x86 32-bit) 5
SUSE Linux Enterprise Server (Intel x86 32-bit) 10
■ SGD Enhancement Module. OpenSolaris is supported as an installation platform

for the SGD Enhancement Module in this release. Windows 2000 Server, Red Hat
Enterprise Linux 4, Fedora Linux 8, SUSE Linux Enterprise Server 9, and SUSE
Linux Enterprise Server 10 are not supported.

The following table lists the supported installation platforms for the SGD
Enhancement Module in the next release.
Operating System Supported Versions
Microsoft Windows Windows Server 2008

Windows Server 2003
Microsoft Windows XP Professional
Microsoft Windows Vista Business
Microsoft Windows Vista Ultimate
Solaris OS on SPARC platforms 8, 9, 10, 10 Trusted Extensions
Solaris OS on x86 platforms 10, 10 Trusted Extensions
OpenSolaris on x86 platforms Latest version
Red Hat Enterprise Linux (Intel x86 32-bit) 5
■ Client platforms. OpenSolaris is a supported client platform for this release.

Solaris 8 OS, Solaris 9 OS, Microsoft Windows 2000 Professional, Fedora Linux 8,
and SUSE Linux Enterprise Desktop 10 are not supported in this release. The
Internet Explorer 6.0 browser is not supported.
The following table lists the supported client platforms for the SGD Client in the
next release. Also included are the supported browsers.
Supported Client Platform Supported Browsers
Microsoft Windows Vista Internet Explorer 7.0+

Mozilla Firefox 2.0+
Microsoft Windows XP Professional Internet Explorer 7.0+
OpenSolaris on x86 platforms (latest version) Mozilla Firefox 2.0+
Solaris 10 OS on SPARC platforms Mozilla Firefox 2.0+
Solaris 10 OS on x86 platforms Mozilla Firefox 2.0+
Solaris 10 OS Trusted Extensions on x86 platforms Mozilla Firefox 2.0+
Mac OS X 10.4+, 10.5+ Safari 2.0+
Red Hat Desktop (latest version) Mozilla Firefox 2.0+
Ubuntu (latest version) Mozilla Firefox 2.0+
Chapter 2 Support Statements, Known Issues, Bug Fixes, and Documentation Issues 29
Known Bugs and Issues
This section lists the known bugs and issues with SGD version 4.41.
602423 - Return Key and Keypad Enter Key Issues

Problem: SGD X and character emulators cannot distinguish between the Return key
and the keypad Enter key on the user’s client keyboard.
Cause: A known issue.
Solution: By default, the SGD Client maps the keypad Enter key to Return in both X
and character application sessions. With additional configuration, this behavior can
be changed.
To change the behavior of the keypad Enter key in a character application session, you
need to set up a keymap for your character application object (--keymap) and add a
mapping for KPENTER, for example:
KPENTER="hello"
To change the behavior of the keypad Enter key in a Windows or X application

session, you need to modify your X keymap, for example xuniversal.txt, and
add a mapping for the KP_Enter key, for example:
92 KP_Enter KP_Enter NoSymbol NoSymbol 0x801c
Caution – The X keymap is a global user resource, so all applications for that user
might be affected by this change. If any of these applications do not handle
KP_Enter, then you might need to consult your X or Windows application vendor
for assistance.
6443840 - Automatic Proxy Server Configuration

Scripts Fail
Problem: Proxy server automatic configuration scripts can specify a list of proxy
servers to try. If the first proxy server in the list is unavailable, the browser tries the
other proxy servers in turn until it finds one that is available.

If you are using Microsoft Internet Explorer with Sun Java Plug-in tool version 1.5.0,
only the first proxy server in the list is used. If that proxy server is not available, the
connection fails.
Solution: Use Sun Java Plug-in tool version 1.6.0.
6456278 - Integrated Mode Does Not Work for the

Root User
Problem: On Solaris 10 x86 platforms, enabling Integrated mode when you are
logged in as the root user does not add applications to the Solaris 10 Launch menu.
You might also see the following warning:
gnome-vfs-modules-WARNING **: Error writing vfolder configuration

file "//.gnome2/vfolders/applications.vfolder-info": File not found.
Cause: A known issue with the Gnome Virtual File System (VFS).
Solution: No solution is currently available.
6458111 - Gnome Main Menu Crashes Using

Integrated Mode
Problem: On client devices running SUSE Linux Enterprise Server 10, the Gnome
Main Menu crashes when using the SGD Client in Integrated mode. The crash
usually occurs on login or logout.
Cause: A known problem with the Gnome Main Menu applet on SUSE Linux
Enterprise Server 10 (Novell bug reference 186555).
Solution: Install the latest version of the gnome-main-menu.rpm package for SUSE
Linux Enterprise Server 10.
Alternatively, disabling the Recently Used Applications functionality improves the

stability of the Gnome Main Menu. Run the following commands on the client
device:
$ gconftool-2 --set --type=list --list-type=int \

/desktop/gnome/applications/main-menu/lock-down/showable_file_types [0,2]
$ pkill main-menu
$ pkill application-browser
6461864 and 6476661 - Automatic Login and
Integrated Mode Fails With the Gnome Desktop
Problem: After enabling Automatic Client Login or Integrated mode, the SGD Client
does not start automatically when you log in to the Gnome Desktop and the Start
menu is not updated with webtop content when you log in to SGD. This problem
affects SUSE Linux Enterprise Server 9 and Red Hat Enterprise Linux 4.
Cause: The directories containing the .menu files are not monitored and so changes
to the Start menu are not detected.
Solution: The workaround is run the pkill gnome-panel command to restart the
gnome-panel and pick up new menu information.
Note – You must run the pkill gnome-panel command to update the menu each
time the menu changes.
6476194 - No KDE Desktop Menu Item for the

SGD Client
Problem: Shortcuts for the SGD Client do not display on the KDE Desktop Menu on
SUSE Linux Enterprise Server 10.
Cause: SUSE-specific configuration of the KDE menu system means that if a menu
contains only one application entry, then that single application is used in the main
menu instead of the menu. If menu entry is a sub-menu, the sub-menu does not
display at all. This causes the Login menu for the SGD Client in Integrated mode not
to display.
Solution: The workaround is to add the following line to the [menus] section of the
$HOME/.kde/share/config/kickerrc file:
ReduceMenuDepth=false
Then run the following command for the KDE panel to immediately pick up the
changes:
# dcop kicker kicker restart
All subsequent KDE sessions automatically use this setting.

6481312 - Upgrading Resets the Available
Connection Types
Problem: After upgrading to version 4.40, a server that was configured to accept
only secure connections now accepts standard and secure connections.
Solution: Reconfigure the server to accept only secure connections. In the

Administration Console, display the Secure Global Desktop Servers → Security tab
for the SGD server and deselect the Standard check box in the Connection Types
field. Alternatively, run the following command:
$ tarantella config edit --security-connectiontypes ssl
6482912 - SGD Client Not Installed Automatically

Problem: Using Internet Explorer 7 on Microsoft Windows Vista platforms, the SGD
Client cannot be downloaded and installed automatically. The SGD Client can be
installed manually and can be installed automatically using another browser, such as
Firefox.
Cause: Internet Explorer has a Protected Mode that prevents the SGD Client from
downloading and installing automatically.
Solution: Add the SGD server to the list of Trusted Sites in Internet Explorer's
Security Settings.
6493374 - Non-ASCII Characters in Input Method

Windows
Problem: Users in Simplified Chinese and Traditional Chinese locales cannot display
non-ASCII characters in the candidate and status windows of the input method
when running applications on a Solaris OS application server. This affects Solaris 8
OS, 9 OS, 10 OS, and 10 OS update 1 platforms.
Cause: Missing font path configuration on the SGD server.
Solution: If the application server is running on Solaris 10 OS or Solaris 10 OS

update 1, do one of the following:
■ For SPARC platforms, install patches 120410, 120412, and 120414.
■ For x86 platforms, install patches 120411, 120413, and 12041.
■ Upgrade to Solaris 10 OS update 2 or higher.
If the application server is running on Solaris 8 OS or Solaris 9 OS, do one of the

following:
■ Simplified Chinese. Set Environment Variables as “LANG=zh;LC_ALL=zh” in
the Applications → Launch tab of the Administration Console.
■ Traditional Chinese. Set Environment Variables as “LANG=zh_TW;LC_ALL=
zh_TW” in the Applications → Launch tab of the Administration Console.
6503530 – No Launch Menu Entries on Sun Java™

Desktop Systems
Problem: On Sun Java Desktop Systems (JDS), users might find that Launch menu
entries are not created for SGD when they enable Integrated mode. The Launch
menu entries are added when they log out of their desktop and log in again.
Cause: A known issue with the Gnome panel.
Solution: The solution is to install the following patches:

■ 119906 for Solaris OS on SPARC technology platforms
■ 119907 for Solaris OS on x86 platforms
These patches are included in the Solaris 10 OS update 5 release.
The workaround is to log out of the desktop and log in again.
6555834 – Java Technology is Enabled For Browser

But Is Not Installed On Client Device
Problem: If Java technology is enabled in your web browser settings, but a Sun Java
Plug-in tool is not installed on the client device, the SGD webtop does not display.
The login process halts at the splash screen.
Cause: SGD uses the web browser settings to determine whether to use Java
technology.
Solution: Install the Sun Java Plug-in tool and create a symbolic link from the web
browser plug-ins directory to the location of the JVM. Refer to your web browser
documentation for more information.

6592560 – Administration Console Online Help
Not Available Over HTTPS
Problem: The online help for the Administration Console is disabled when HTTPS
connections to the SGD Web Server are enabled.
Cause: The Administration Console uses the JavaHelp™ software to display the
online help. Additional configuration is required to run JavaHelp over an HTTPS
connection.
Solution: Import the CA certificate used to sign the certificate for the SGD Web
Server into the JDK™ software keystore. Use the Java software keytool application
as follows:
$ keytool -import \
-keystore /opt/tarantella/bin/jdk-version/jre/lib/security/cacerts \
-storepass changeit -file /opt/tarantella/var/tsp/ca.pem
Where changeit is the password for the keystore and jdk-version is the version of the
JDK installed on the SGD server.
If you have more than one certificate in your ca.pem file, separate each certificate
and add them individually.
6598048 – French Canadian Keyboard Not

Mapped Correctly for Windows Applications
Problem: When using a Canadian French (legacy) keyboard layout with Windows
applications, some French characters are printed incorrectly.
Cause: A known issue with Canadian French (legacy) keyboard layouts.
Solution: No known solution. A compatible keymap file is not supplied with SGD at
present.
6609518 – Array Joining When Running the

Administration Console From a Secondary Server
Problem: You cannot add a new secondary server to an SGD array when the
Administration Console is running on an existing secondary server.
Cause: In this release, it is not possible to supply credentials for more than one
secondary server.
Solution: Run the Administration Console on the primary server, or on the server
that is to be joined into the array.
6610760 – Custom PDF Printer Settings Not

Applied For Windows Applications
Problem: Custom PDF printer settings are not applied when printing from Windows
applications.
For example, if you enable the SGD Universal PDF Printer and Universal PDF Viewer
printers for an organizational unit (OU) object. Then, you override the parent objects
setting and disable the Universal PDF Printer and Universal PDF Viewer printers for
a user in the OU. The custom printer settings are not inherited by the user.
Cause: A known issue when inheriting PDF printer settings.
Solution: No known solution. Configure PDF printer settings at OU or organization

level wherever possible, rather than at user level.
6611502 – Errors When Creating and Modifying

Objects From a Secondary Server
Problem: Creating or modifying objects when running the Administration Console
on a secondary SGD server returns the following error message: “Object could not
be created”.
Cause: The creation or modification of the object is successful, but the

Administration Console proceeds before the replicated data has come back from the
primary server.
Solution: Wait for a couple of seconds and then repeat the operation.
6616290 – Integrated Mode Issues When Using the

SGD Load-Balancing JSP
Problem: Integrated mode does not work correctly for arrays where the SGD
load-balancing JSP is being used. The SGD load-balancing JSP, swcd.jsp, is used
for load balancing of user sessions.

Cause: A known problem.
Solution: No known solution at present. Do not run the SGD Client in Integrated
mode when using the load-balancing JSP.
6618698 – Blank Webtop When Using LDAP

Authentication
Problem: Users who log in using the LDAP authentication mechanism see a blank
webtop.
Cause: LDAP assignment of applications fails if the user object does not match the
following LDAP search filter:
(|(objectclass=user)(objectclass=person)(uid=*))
For example, LDAP assignment of applications fails if an LDAP object is of

inetOrgPerson object class and does not have a uid attribute.
Solution: In the LDAP directory, ensure that SGD users are of person or user
object class. Alternatively, assign a uid attribute to the LDAP object describing the
SGD user.
6631991 – High CPU Usage When Using the SGD

Enhancement Module
Problem: High CPU usage can be reported when using the SGD Enhancement
Module on a Microsoft Windows application server. Processes with high CPU usage
can include ttaswm.exe and ttatdm.exe.
Solution: No known solution.
6634243 – Microsoft Windows Vista Applications

Limited to 16-Bit Color Depth
Problem: For full-screen Microsoft Windows Vista desktop sessions, the display
color depth on the client device is limited to 16-bit.
Cause: A known issue when using SGD to display Microsoft Windows Vista desktop
sessions.
Solution: No known solution.
6654307 – Slow Log In When Using Active

Directory Authentication
Problem: Log in to SGD can be slow when using the Active Directory (AD)
authentication mechanism in large AD domains.
Cause: A known issue. The SGD Active Directory authentication mechanism does
not always use the nearest domain controller when looking up users.
Solution: No known solution at present.
6665330 – Font Errors When Starting VirtualBox™

Software From a JDS Session Displayed Using
MyDesktop
Problem: On Solaris 10 OS, font errors are reported and there are display problems
when starting the VirtualBox software from a JDS desktop session that is displayed
using MyDesktop. The problem is seen when using Xsession.jds as the
Application Command for the MyDesktop application object.
Cause: Unavailable fonts on the SGD X server.
Solution: When starting the VirtualBox software from the JDS desktop session, use
the -fn option to specify valid fonts. Alternatively, install the missing fonts on the
SGD server. See the Sun Secure Global Desktop 4.41 Administration Guide for more
details about using fonts with SGD.
6702234 – tarantella security start

Command Errors When SGD Server is Stopped
Problem: If an SGD server is stopped, error messages are returned when starting
security services using the tarantella security start command.
Cause: The tarantella security start command is unavailable if the SGD

server is not running.
Solution: Start the SGD server first, before using the tarantella security
start command.

6711479 – Audio Unavailable on Linux Platform
Client Devices
Problem: SGD audio is not available when using a Linux platform client device.
Cause: The Enlightened Sound Daemon (ESD) is not running on the client device.
ESD is usually started when the client device desktop session is started. Otherwise,
the daemon must be autospawned by the ESD library on request.
Solution: Ensure that autospawning is enabled in the ESD configuration file. On

most Linux platform client devices, this file is at /etc/esd.conf. For Ubuntu client
devices, this file is at /etc/esound/esd.conf. The correct setting to make is
auto_spawn=1.
6711001 – SGD Server Will Not Start

Problem: SGD server will not start.
Cause: No available disk space on the SGD server.
Solution: Before starting the SGD server, ensure that sufficient disk space is
available. The minimum disk space requirements are listed in the Sun Secure Global
Desktop 4.41 Installation Guide.
6712191 – Active Directory Password Expiry

Dialog Issues
Problem: The password expiry dialog used for Active Directory authentication does
not work correctly. Users are unable to change their password. Additionally, log in
to SGD can fail if the user does not enter a domain name.
Cause: A default_realm entry is not present in the Kerberos configuration file

used by the SGD server. The default_realm setting is used by the Kerberos
password expiry mechanism. Additionally, for users who log in without typing a
domain name, SGD uses the default_realm in cases where the Active Directory
Default Domain (--login-ad-default-domain) attribute is not set.
Solution: Edit the Kerberos configuration file used by the SGD server, ensuring a
valid entry is present for default_realm. See the Sun Secure Global Desktop 4.41
Administration Guide for more information about the Kerberos configuration file.
6716771 – Default Printer Not Created for
Windows 2008 Applications
Problem: When printing from applications hosted on a Windows 2008 Server
application server to a UNIX, Linux, or Mac OS X platform client device, a default
client printer is not shown in the Windows application print dialog.
Cause: The default printer driver used by SGD is QMS 1060 Print System. This
printer driver is not included with Windows 2008 Server.
Solution: Do either of the following:

■ Install the QMS 1060 Print System printer driver on the Windows 2008 Server
application server.
■ Edit the global printer configuration file on the SGD server, and specify a different
default printer driver. The global printer configuration file is /opt/
tarantella/etc/data/default.printerinfo.txt.
■ Edit the user-specific printer configuration file on the client device, and specify a
different default printer driver. The user-specific printer configuration file is
$HOME/.tarantella/printerinfo.txt.
See the Sun Secure Global Desktop 4.41 Administration Guide for more details about
configuring printer drivers for UNIX, Linux, and Mac OS X platform client devices.
6726403 – Active Directory Authentication Fails

With SSL Connections to Microsoft Windows
Server 2008
Problem: When using Active Directory authentication, users cannot log in to SGD if
SGD is configured to use Secure Sockets Layer (SSL) connections without client
certificates to Microsoft Windows Server 2008.
Solution: The workaround is either to use client certificates with SSL connections, or
to use the Kerberos protocol, to secure the connection to Microsoft Windows Server
2008.

6734906 – “Network is Unreachable” Messages in
Apache Log File
Problem: The error log for the Apache component of the SGD Web Server contains
multiple “Network is unreachable” warning messages. The error log is at /opt/
tarantella/webserver/apache/2.2.8_openssl-0.9.8g_jk1.2.25/logs/
error_log.
Although this issue results in large log files, it does not affect the operation of SGD.
Solution: The workaround is to set the LogLevel directive to error in the main
Apache configuration file at /opt/tarantella/webserver/apache/
2.2.8_openssl-0.9.8g_jk1.2.25/conf/httpd.conf.
6742027 – Installation of SGD Appears to Hang

Problem: Installation of SGD version 4.41 can take much longer than expected. The
installation procedure halts at the following line:
...
Configuring and starting Secure Global Desktop web server...
Installation eventually completes with no adverse affects.
Cause: A known issue when installing SGD version 4.41. The installation program
attempts to access a location on /net/telford.
Solution: The workaround is to add a DNS entry for telford.
6742916 – Issues With Routing Token Redirection

for Session Directory
Problem: Resuming of Windows Terminal Services sessions is not handled correctly
when using Session Directory with routing token redirection.
Solution: Use IP address redirection for Session Directory. This is the default setting
for Windows Terminal Services.
6744107 – Applications Fail to Start When Using
SSL Connections
Problem: Users cannot start applications when using a secure SSL connection to
SGD.
Cause: The SGD server is not forwarding connections from the external network
interface of the SGD server to the localhost loopback network interface on the SGD
server.
Solution: Ensure that the external bind address entry in the /opt/tarantella/
var/serverconfig/local/nic.properties file on the SGD server contains a *.
For example:
tarantella.config.edit.bindaddresses.external=*,www.example.com
where www.example.com is the external DNS name of the SGD server.
By default, the external bind address entry for an SGD server contains a *.
Sun Type 7 Japanese Keyboard Issues

Problem: Users with Sun Type 7 Japanese keyboards cannot input characters
correctly using SGD.
Cause: Missing Solaris OS keytable on the client device.
Solution: Install the appropriate patch to install the keytable on the client device.
Platform Patch
Solaris 10 OS on SPARC platforms 121868

Solaris 10 OS on x86 platforms 121869

Start Menu Items Not Sorted Alphabetically
Problem: When using the SGD Client in Integrated mode on Microsoft Windows
client devices, users might notice that the Start menu entries are not sorted
alphabetically.
Cause: This is caused by a Windows feature that adds new items to end of a menu
rather than preserving the alphabetical sorting.
Solution: See Microsoft KB article 177482 for details.
Microsoft Windows Server 2003 Applications

Limited to 8-Bit Color Depth for Large Screen
Resolutions
Problem: For Microsoft Windows Server 2003 applications, the display color depth
on the client device is limited to 8-bit for large screen resolutions. The issue is seen
when screen resolutions are higher than 1600 x 1200 pixels.
Cause: A known issue with Windows Server 2003 terminal services sessions.
Solution: See Microsoft Hotfix 942610 for details of how to increase the color depth
to 16-bit.
Bug Fixes in Version 4.41

The following table lists the significant bugs that are fixed in the 4.41 release.
Reference Description
6489154 Window focus issue when applications run in seamless window mode.
6498460 Text is not displayed properly after resizing of screen. Characters overlap or are
too far apart.
6506571 SGD Enhancement Module upgrade on Solaris fails to merge client.prf file.
6508202 Em-size/normal-width change in Japanese.
6524429 Windows XP Home client takes a built-in license, instead of a Windows 2000
client access license (CAL).
6531922 Seamless windows are not launched after clicking the Close button on the
remote application.
6532001 Active Directory: PKI expired password fails to prompt for new password.
6536434 Korean keyboard does not work correctly with SGD.
6557536 Initial post-launch focus misleading in SGD application window.
6557568 Unexpected focus change with loss of input focus.
6568484 Name of application using seamless windows is not displayed in Japanese, but
displays correctly using a full screen.
6570049 Blank webtop when user DN contains “/”.
6572217 Webtop hints attribute is missing from Administration Console.
6589194 CPU load based load balancing algorithm providing skewed results.
6591022 Num Lock state unstable with SGD 4.31.905 patch for Num Lock and Caps Lock
state issues.
6591516 Page transitions not working in Internet Explorer.
6592699 Accent characters, tonos and dialytika, do not work correctly using Greek
keyboard.
6594537 Improved user experience and warning messages for firewall traversal mode.
6600335 “Hangul” and “Hanja” keys fail on WinXP client with Korean USB keyboard
when running Windows terminal services applications.
6609001 Cannot detach a stopped secondary server using the Administration Console.
6612935 SGD Client shows blank logout menu items on Gnome panel.
6615864 Secure and non-secure content on Add Assignment page.
6615864 Internet Explorer Warning Messages When Accessing the Administration
Console Over HTTPS.
6616296 Copy and paste from X-based 5250 or 3270 application to local Windows
Notepad does not work.
6617987 Erratic behavior seen on creating a user object with inverted commas.
6618516 ttaauxserv reports fatal error and exits when file descriptor limit is reached.
6620254 Num Lock and accent acute characters on Portuguese keyboard do not work as
expected.
6620268 Classic webtop attributes still available.
6621456 Enabling “Establish proxy settings on session start” in profile does not work.
6621911 Accented characters not properly emulated on Sun Ray™, from es_MX
ISO8859-1.
6623775 Need to secure Active Directory queries without using client certificates from
the Active Directory server.
6624044 The server/webtop/* logging filter is incorrect.

6624122 Copy and paste does not work with Windows application as non-root user in
Trusted Extensions environment.
6624795 Title on minimized Internet Explorer incorrect when using seamless windows.
6625786 Session is cut off when accessing specific URL through a Windows desktop.
6629782 Ambiguous login and SecurID dialogs are not localized.
6630832 PDF printing fails on Solaris OS 8.
6632864 Errors in 4.40 datastore reorganization on upgrade.
6633342 Access Denied errors when accessing mapped drive with SWIFT application.
6633363 Third tier authorization dialog does not accept keyboard input in Mac OS X
10.5.1.
6633389 Cyclic links for application groups not upgraded correctly.
6634373 Log Active Directory errors more concisely.
6634689 4.40 datastore reorganization does not handle dc trees very well.
6635919 -no-browser option required for ttatcc command.
6636787 Documentation for securing SOAP is unclear.
6638874 SGD Client crashes due to partial packet receipt.
6639470 Creation of new object not possible when Security Warning alert notifications
enabled.
6639655 X server security vulnerabilities.
6640141 Exception caused by LDAP search on Assigned User Profiles tab for an OU in
the Applications organization.
6641356 Extensible LDAP search filters are not validated correctly.
6641475 LDAP user attribute isMemberOf should be in the reverseAttributes list by
default.
6641538 Documentation on cache --flush krb5config should include information
about what it affects.
6643772 Unable to resume My Desktop session.
6646817 The printertypes.txt file needs to be updated.
6649163 SGD leaves “white screen” when Windows session is grabbed by Sun Ray client.
6650200 “Potentially unsafe connection” warning dialog presented repeatedly to users in
an unsecure environment.
6650334 Difficulties in “mirroring” LDAP in ENS, based on groups, with LDAP profiles
on OU.
6651582 -n option displayed on output during certificate request.
6653001 SGD Client crash when cancelling paste action in Trusted Extensions Sun Ray
client.
6653019 Suspended Windows session causes ttatsc to consume 100% of CPU
resources.
6653024 Authentication token information does not get updated in profile when changed
a second time.
6654565 JDK change has changed keytool commands.
6655852 SGD Client fails on Ubuntu when Extra Visual Effects are enabled.
6658738 Application session load balancing is not firewall friendly.
6659812 Escape key and window close button are not working in View Certificate Details
message box.
6661505 Active Directory Global Catalog and Domain Controller hostname sorting is
incorrect.
6661507 “Failed to Find Site Objects” Active Directory error should be downgraded.
6663148 SGD server stability issues.
6663754 My Desktop feature fails if second webtop entry My Desktop2 exists.
6664301 New primary server detached unexpectedly when old primary server becomes
available.
6667259 SGD Client by default is paused when printing.
6668963 Array join issues for two servers with different configurations for secure
intra-array communications.
6670774 Array join on secure intra-array communications-enabled servers fails in certain
scenarios.
6670843 Array make_primary option is not working in the Administration Console.
6671528 Absence of Java not detected on Windows client using Internet Explorer 6.
6673906 Licenses replication issues after array remaster.
6678939 Network printers are not appearing in Windows sessions.
6679810 Documentation for CommandExecutionFailed or Error 7 should also mention
permissions on the /tmp folder on the application server.
6679845 Sun Ray DTU ID required for Windows terminal services sessions.
6680413 ttatsc core dumps with Solaris patch 119060-38.
6682124 Flushing a cached LDAP configuration using tarantella cache --flush
does not work.
6685521 Login to SGD webtop fails after upgrade from 4.31.
6686727 Administration Console: New Object pop up needs scroll bars.

6689236 How to use load balancing JSP for My Desktop functionality.

6689502 Entering application command line arguments in the Administration Console.
6690301 SGD Client crashes when using OpenOffice from SGD webtop.
6692376 SGD Client pegged at 100% CPU, fails on authorization of Windows application
running OS X Leopard as a client device.
6692620 Unable to interrupt Active Directory discovery timeouts when using default
Kerberos credentials.
6693487 Unable to write to CDM drives using Office 2007.
6693489 Invalid session cookie causes JSP error with French locale.
6693496 Browsing to Info->Detailed Diagnostics immediately after login fails.
6693498 SGD Client Motif dialog has large icons on Solaris 10u4.
6693505 Microsoft Word 2007 does not maximize correctly on Solaris 10u4 desktop.
6693508 Microsoft Word 2007 claims to start in German locale on Solaris 10u4 desktop.
6693516 Window close operation not handled correctly in GIMP on Solaris 10u4.
6693972 Internet Explorer browser hangs on connection with obsolete JRE 1.3.
6694481 Restricting the LDAP search when the ou= has multibyte characters fails to
authenticate user via LDAP authorization to Active Directory.
6695371 Copy and paste between two protocol engines crashes ttaxpe.
6695876 Misleading load balancing error message in log.
6697034 Create button remains inactive for localized characters input.
6698552 X application launch failure seen in certain scenarios with “Unknown Terminal”
error.
6698730 No errors displayed to user when the SGD application shortcut is no longer
valid.
6699329 tarantella security fingerprint command shows wrong fingerprint.
6699873 Certain keys do not work with Turkish keyboard in Windows sessions.
6700449 Protocol argument (-dir) for Windows applications does not work with
cmd.exe.
6701438 2X load balancer does not work with SGD.
6702069 Seamless display method does not work correctly for applications on Windows
2008.
6702822 Solaris Trusted Extensions: kiosk mode area should be below the Trusted
Extensions stripe area.
6703066 Solaris Trusted Extensions: Xerror in call to XSelectInput via copy and paste
incremental selections.
6704749 Print job size does not match in webtop and command line.
6704925 Problems with portuguesebrazilian_abnt2 keyboard.
6705544 Terminal services CALs for users with parentheses in their CN are not reused by
SGD.
6707001 Missing apostrophes in French translations.
6709037 Mouse over tooltips in an seamless windows session causes the SGD Client to
crash.
6710067 Unicode to keysym table maps the Unicode for EuroSign to the keysym for
EuroSign.
6710510 Solaris array operations take a long time to respond when other array members
are down.
6710580 Printing status: potential null pointer exception in opt.jsp.
6710927 Log in menu item not completely seen on Sun Ray client start menu.
6712258 Missing information for InvalidSessionCookie error string in localized versions.
6712649 Integrated client login fails with StringIndexOutOfBounds exception.
6712721 Garbled characters are displayed in localized authentication error message for
all languages.
6714996 Active Directory authentication does not fail over to the next Global Catalog.

The following table lists the additional bugs that are fixed in the 4.40.917 release.
6499184 Support for Windows 2003 Session Directory required.

6613733 SGD printing causes core dumps, for Solaris OS on SPARC platforms.
6624122 Copy and paste issues with Windows applications for SGD on Solaris 10 OS
Trusted Extensions.
6632816 Mac OS X client platform issues.
6632864, Datastore issues following upgrade to SGD version 4.40.907.
6633389,
6646187
6638874 SGD Client exits unexpectedly due to network packet fragmentation.

6639655 SGD X server security vulnerabilities.

6641522 Administration Console errors when specifying an application server DNS name
that begins with a number.
6642603 Upgrade of SGD Enhancement Module fails.
6644678, Upgrade issues when using a nonstandard installation directory.
6645784
The following table lists the significant bugs that are fixed in the 4.40.907 release.
2144612 Active Directory authentication does not failover to the next global catalog.
2147536 ttaxpe command does not exit if an incorrect password is entered.
2148699 CDM fails with multiple external DNS names.
2148700 SGD Client fails when an X application opens a specific window.
2148811 Printer preferences on Terminal Services not set permanently with Zebra bar
code printer.
2149630 Korean keyboard does not work correctly with SSGD 4.30.915.
2150849 Intermittent problems with serial COM port redirection.
2151274 Accented characters fail in French locale windows.
6469935 SGD Client should be able to match hostname to DNS item in certificate
subjectAltName extension.
6478585 Java virtual machine SSL key and certificate store destroyed on upgrade.
6520742 The tarantella security peerca --show command fails on primary SGD
server.
6525004 Extend client device access logging in the SGD Client.
6527507 Better error reporting for web service failures.
6532425 UNIX CDM fails if tta_tem is installed in non-standard directory.
6532764 LDAP failover is not seamless when multiple LDAP servers are configured.
6537643 SGD Client crashes if application exited while dialog displayed.
6541478 SGD session hangs if audio played from SGD while local audio is playing on
Sun Ray Client.
6541914 CDM does not work in Windows Vista in certain scenarios.
6542533 Webtop does not update to display launched applications in Safari on MacOS X
10.4.9.
6544350 Webtop print controls are unstable in an array.

6546840 Integrated mode is not enabled on SUSE Linux Enterprise Server 9.
6547337 Using -preferredlanguage option for ttatcc command does not open page
in appropriate locale.
6550172 Launch fails if offline server selected in a load balanced group.
6552038 Improvements to ttaxpe debug logging.
6553252 SGD Client exits with segmentation faults and is terminated by Electric Fence
application.
6558691 Secondary licenses are removed when primary stopped or array breaks apart.
6561306 Check ssh version before updating ssh arguments.
6563481 Improve error messages in execpe log files.
6571826 Command line for creating 3270 and 5250 objects does not accept all arguments
correctly.
6574469 Update Java Platform, Standard Edition to 1.6.0_01 or later (third party) for
6574471 Solaris and Linux platforms.
6583316 CDM cannot be disabled on a per-client basis for SGD clients.

6583333 ssh launch failure when sshhelper is setuid, and SGD user has no home
directory.
6597576 SGD Enhancement Module for Linux platforms does not get installed in
non-default path.
6598686 Application title is garbaged on locales.
6601084 In Integrated mode, the folder specified in the “Start In” box is invalid.

The following table lists the significant bugs that are fixed in the 4.31 release.
2140625 Time zone redirection is fixed for clients on UNIX platforms.

2145026 Licensing information is not copied to all the secondaries until after a restart.
2145602 X application launch is slow or times out. Possible error in the Input Method
handling in the procs.exp script.
2145932 Windows key functionality is being held when returning to SGD session.

2146043 Using client drive mapping, you cannot overwrite a larger file.
2146285 Tomcat fails and icons do not appear on the webtop.
6440254 The proxy server authentication dialog does not display realm information.
6443192 Upgrading using the pkgadd command on Solaris OS reports hundreds of file
conflicts.
6443840 The SGD Client does not understand proxy failover from proxy server
configuration (PAC) files.
6474180 The HARD_SERVER_LIMIT of the SGD Web Server is increased to 1024.
6480225 In Integrated mode, applications fail to resume on UNIX client platforms.
6494450 Client drive mapping cannot handle files larger than 2 gigabytes.
6499639 A recursive directory request causes a segmentation fault when using client
drive mapping on UNIX and Linux platforms.
6503627 The xfrbelgian.txt keyboard map file contains a mistake.
6518152 Start menu is not updated using Integrated mode on Microsoft Windows Vista
client devices.
6518638 The tarantella print cancel command deletes all print jobs instead of
just the selected job.
6525384 XRDP does not work with SGD.
6528037 Page Not Found displays on the webtop when a group containing hosts is
deployed by mistake to a webtop.
6506222 A user’s .Xdefaults file is not used when launching an application.
Documentation Issues in Version 4.41

This section lists the known documentation issues for the 4.41 release.
Correction to the “Selecting a Cipher Suite for

Secure Intra-Array Communication” Section
In the “Selecting a Cipher Suite for Secure Intra-Array Communication” section on
page 55 of the Sun Secure Global Desktop 4.41 Administration Guide, the following
sentence is incorrect:
“By default, the SGD uses the RSA_WITH_AES_256_CBC_SHA cipher suite.”
The corrected sentence is as follows:
“By default, SGD uses the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite.”
Correction to the “Keep Alive Configuration for

Windows Terminal Servers” Section
The “Keep Alive Configuration for Windows Terminal Servers” section on page 166
of the Sun Secure Global Desktop 4.41 Administration Guide contains an invalid link to
Microsoft Knowledge Base Article 216783.
The corrected link is as follows:
http://support.microsoft.com/?kbid=216783
Correction to the “How to Configure SSL

Connections to Active Directory” Section
The “How to Configure SSL Connections to Active Directory” section on page 83 of
the Sun Secure Global Desktop 4.41 Administration Guide contains incorrect port
number information.
The port number information in step 4 of the procedure should read as follows:
“The ports required depends on the SSL configuration used for Active Directory
authentication, as follows:
■ SSL connections without client certificates – TCP port 636 for the secure LDAP
connection to an Active Directory server, and TCP port 3269 for the secure
connection to the global catalog server
■ SSL connections with client certificates – TCP port 389 for the secure LDAP
connection to an Active Directory server, and TCP port 3268 for the secure
connection to the global catalog server”

820-4905 SSGD 4.41 Release Note

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

820-4905 SSGD 4.41 Release Note

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

820-4905 SSGD 4.41 Release Note

Uploaded by

Copyright:

Available Formats

Sun Secure Global Desktop 4.

Sun Microsystems, Inc.

Part No. 820-4905-12

Submit comments about this document at: http://docs.sun.com/app/docs/form/comments

1. New Features and Changes 1

iv Sun Secure Global Desktop 4.41 Release Notes • August 2008

2. Support Statements, Known Issues, Bug Fixes, and Documentation Issues 27

vi Sun Secure Global Desktop 4.41 Release Notes • August 2008

Using System Commands

AaBbCc123 The names of commands, files, Edit your .login file.

x Sun Secure Global Desktop 4.41 Release Notes • August 2008

Application Title Part Number Format Location

Installation Sun Secure Global Desktop 4.41 820-4906-10 HTML Online

Third-Party Web Sites

Sun Welcomes Your Comments

New Features and Changes

Topics in this chapter include the following:

New Features in Version 4.41

New Command for Securing an SGD Server

The tarantella security enable command performs the following

The following limitations apply for these commands:

Pull-Down Header for Kiosk Mode Applications

$ tarantella object edit \

2 Sun Secure Global Desktop 4.41 Release Notes • August 2008

Registration of service tags is attempted on every instance of tarantella start

For more information about Sun Service Tags, see

Active Directory Authentication Log Filter

Active Directory SSL Security Without Client

New Features in Version 4.40

Chapter 1 New Features and Changes 3

The Administration Console is localized into the languages supported by SGD:

4 Sun Secure Global Desktop 4.41 Release Notes • August 2008

SGD Version 4.31 Administration Console

array member SGD server

Attribute Name Changes

The My Desktop URL

Chapter 1 New Features and Changes 5

The My Desktop URL is http://server.example.com/sgd/mydesktop, where

Support for Roaming Profiles

6 Sun Secure Global Desktop 4.41 Release Notes • August 2008

Client Profile Setting Roaming Profile Entry

Login URL <url>

Automatic Timeout of Idle User Sessions

You configure the timeout with the following command:

$ tarantella config edit \

Replace secs with the timeout value, measured in seconds.

$ tarantella config edit \

Chapter 1 New Features and Changes 7

$ tarantella config edit --server-dns-external \

Window Management Keys

Support for Solaris 10 OS Trusted Extensions

8 Sun Secure Global Desktop 4.41 Release Notes • August 2008

Global Management of Passwords and Tokens

Subject Alternative Names for Server Certificates

The tarantella security certrequest command now prompts you to enter

Time Zone Map File Attribute

Chapter 1 New Features and Changes 9

Using Session Directory enables SGD users to reconnect automatically to their

New Features in Version 4.31