Oracle® Secure Global Desktop Platform Support and Release Notes for Release 5.6

January 2021 F28102-03 Oracle Legal Notices

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle. Table of Contents

Preface ...... v 1 New Features and Changes ...... 1 1.1 New Features in Release 5.6 ...... 1 1.1.1 oracle-sgd-ext-* Extension Packages ...... 1 1.1.2 Improvements for Client Drive Mapping ...... 1 1.1.3 Enhanced Graphics Performance for Applications ...... 2 1.1.4 HTML5 Client Improvements ...... 2 1.2 Changes in Release 5.6 ...... 2 1.2.1 Automatic Configuration of Gateway Deployments ...... 2 1.2.2 Changes for tarantella array join Command ...... 3 1.2.3 Changes for Default Client Proxy Settings ...... 3 1.2.4 Retirement of Graphics Acceleration Attribute ...... 3 1.2.5 Changes for RANDR X Extension Configuration ...... 4 1.2.6 Changes for SGD Client Platforms ...... 4 1.2.7 Changes for Java Software ...... 4 1.2.8 Changes for PDF Printing on Windows Platforms ...... 4 2 System Requirements and Support ...... 7 2.1 SGD Server Requirements and Support ...... 7 2.1.1 Supported Installation Platforms for SGD ...... 7 2.1.2 Supported Upgrade Paths ...... 7 2.1.3 Java Requirements ...... 7 2.1.4 Third Party Components for SGD ...... 7 2.1.5 Supported Authentication Mechanisms ...... 8 2.1.6 SSL Support ...... 9 2.1.7 Printing Support ...... 9 2.2 Client Device Requirements and Support ...... 10 2.2.1 Supported Client Platforms ...... 10 2.2.2 Supported Proxy Servers ...... 12 2.2.3 PDF Printing Support ...... 12 2.2.4 Supported Smart Cards ...... 13 2.3 SGD Gateway Requirements and Support ...... 13 2.3.1 Supported Installation Platforms for the SGD Gateway ...... 13 2.3.2 Network Requirements ...... 14 2.3.3 SGD Server Requirements for the SGD Gateway ...... 14 2.3.4 Third Party Components for the SGD Gateway ...... 14 2.3.5 SSL Support ...... 14 2.4 Application Requirements and Support ...... 14 2.4.1 Supported Applications ...... 14 2.4.2 Network Requirements ...... 15 2.4.3 Supported Installation Platforms for the SGD Enhancement Module ...... 15 2.4.4 Microsoft Windows Remote Desktop Services ...... 16 2.4.5 X and Character Applications ...... 17 2.4.6 Oracle Hypervisor Hosts ...... 18 2.4.7 Microsoft Hyper-V ...... 19 2.5 Removed Features ...... 19 3 Known Issues, Bug Fixes, and Documentation Issues ...... 21 3.1 Known Bugs and Issues ...... 21 3.1.1 12268127 – Backup Primaries List Command Returns an Error ...... 21 3.1.2 12275351 – HyperTerminal Application Hangs in a Relocated Windows Desktop Session ...... 21 3.1.3 12300549 – Home Directory Name is Unreadable For Some Client Locales ...... 21

iii Oracle® Secure Global Desktop

3.1.4 12304903 – Print to File Fails for Windows Client Devices ...... 21 3.1.5 14147506 – Array Resilience Fails if the Primary Server is Changed ...... 22 3.1.6 14221098 – Konsole Application Fails to Start on Oracle Linux ...... 22 3.1.7 14237565 – Page Size Issue When Printing on Non-Windows Client Devices ...... 22 3.1.8 14287730 – X Error Messages When Shadowing From the Command Line ...... 22 3.1.9 16275930 – Unable to Access SGD Servers When Using the SGD Gateway ...... 23 3.1.10 16814553 – Multiple Authentication Prompts When Accessing My Desktop Using a Safari Browser ...... 23 3.1.11 17601578 – Poor User Experience When Displaying Applications on macOS Platforms ...... 23 3.1.12 20421590 – Lock File Issues With Oracle Access Manager WebGate ...... 24 3.1.13 20220383 – Proxy Authentication Dialog Box Issue ...... 24 3.1.14 20463642 – Credential Caching Issues for HTTP Proxy Authentication on Windows Clients ...... 24 3.1.15 20506611 – Enhancement Module Installation Issue on Oracle Linux UEK R3 ...... 24 3.1.16 20678796 – macOS Client Device Uses Multiple CALs ...... 25 3.1.17 20693954 – Audio Recording Issue for Linux Clients ...... 25 3.1.18 20821979 – tarantella status Command Returns Parser Errors ...... 25 3.1.19 21478016 – macOS SGD Client Issues ...... 26 3.1.20 21530993 – ABRT Errors When Closing Oracle Linux 7 Applications ...... 26 3.1.21 22563362 – OSS Audio Driver Module Issue on Oracle Linux Platforms ...... 26 3.1.22 23592020 – Key Mapping Issues on Oracle Linux 7 Platforms ...... 27 3.1.23 24311356 – Browser Workarounds for Using Untrusted Certificates with the HTML5 Client on Desktop Platforms ...... 27 3.1.24 25687260 – Locate Pointer Issue on Linux Client Platforms ...... 27 3.1.25 26495194 – Seamless Window Issues for Adobe Reader ...... 27 3.1.26 29133366 – GNOME Session Issues When Using Remote Oracle Linux 7.6 Application Server ...... 28 3.1.27 29628348 – Audio is Not Played on a Linux Client Device ...... 28 3.1.28 Long Print Jobs Do Not Complete Successfully ...... 28 3.2 Bug Fixes in Version 5.6 ...... 29 3.3 Providing Feedback and Reporting Problems ...... 31 3.3.1 Contacting Oracle Specialist Support ...... 31

iv Preface

This document describes the new and changed features for this release of Oracle Secure Global Desktop. Information on supported platforms and known bugs and issues are included. The document is written for system administrators. Audience

This document is intended for SGD Administrators. It is assumed that readers are familiar with Web technologies and have a general understanding of Windows and UNIX platforms. Document Organization

The document is organized as follows:

• Chapter 1, New Features and Changes describes the new features and changes for this version of Oracle Secure Global Desktop.

• Chapter 2, System Requirements and Support includes details of the system requirements and supported platforms for this version of Oracle Secure Global Desktop.

• Chapter 3, Known Issues, Bug Fixes, and Documentation Issues contains information about known issues, bug fixes, and documentation issues for this version of Oracle Secure Global Desktop. Details on providing feedback and reporting bugs are also included. Related Documents

The documentation for this product is available at:

https://docs.oracle.com/en/virtualization/secure-global-desktop/index.html Conventions

The following text conventions are used in this document:

Convention Meaning boldface Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary. italic Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values. monospace Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter. Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at https://www.oracle.com/corporate/accessibility/. Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit

v Diversity and Inclusion

https://www.oracle.com/corporate/accessibility/learning-support.html#support-tab. Diversity and Inclusion

Oracle is fully committed to diversity and inclusion. Oracle recognizes the influence of ethnic and cultural values and is working to remove language from our products and documentation that might be considered insensitive. While doing so, we are also mindful of the necessity to maintain compatibility with our customers' existing technologies and the need to ensure continuity of service as Oracle's offerings and industry standards evolve. Because of these technical constraints, our effort to remove insensitive terms is an ongoing, long-term process. Document Revision

Document generated on: 2021-01-14 (revision: 6705)

vi Chapter 1 New Features and Changes

This chapter describes the new features and changes in Oracle Secure Global Desktop (SGD) Release 5.6. 1.1 New Features in Release 5.6

This section describes the features that are new in the SGD 5.6 release. 1.1.1 oracle-sgd-ext-* Extension Packages

The following extension packages have been added for this release:

• oracle-sgd-ext-unixcdm-version.el7.noarch.rpm

• oracle-sgd-ext-print-converter-version.el7.noarch.rpm

• oracle-sgd-ext-print-cups-version.el7.noarch.rpm

Install these packages on the SGD host, to provide full support for the following features of SGD:

• UNIX client drive mapping. The oracle-sgd-ext-unixcdm package is required for the new implementation of UNIX CDM described in Section 1.1.2, “Improvements for Client Drive Mapping”.

• PDF printing. The oracle-sgd-ext-print-converter package is required for PostScript to PDF conversion.

• Printing from a UNIX or Linux application server. The oracle-sgd-ext-print-cups package is required.

See Installing the oracle-sgd-ext-* Extension Packages in the Oracle Secure Global Desktop Installation Guide for details of how to install the packages. 1.1.2 Improvements for Client Drive Mapping

The following improvements have been introduced for client drive mapping (CDM):

• UNIX CDM. This release includes a new implementation of UNIX CDM, based on Filesystem in Userspace (FUSE) technology. The new implementation is more secure and provides improved file transfer performance and reliability.

The new implementation of UNIX CDM is used automatically on Oracle Linux 7 or later application servers. For other application servers, SGD uses the legacy implementation of UNIX CDM.

The following requirements apply:

• The fuse-sshfs package must be installed on the application server.

• The oracle-sgd-ext-unixcdm extension package must be installed on the SGD host.

See Configuring UNIX CDM for Oracle Linux 7 or Later Application Servers in the Oracle Secure Global Desktop Administration Guide.

• Drop Drives. For Windows CDM, client drives called drop drives can be specified. Files can then be dragged and dropped to the client drive, but opening files or browsing the drop drive is not allowed.

The Drop Drives (dropdrives) option has been added to the Client Device Drives list of the Client Drive Mapping attribute for Windows application objects and for user profile and organization objects.

1 Enhanced Graphics Performance for Applications

See Configuring Drop Drives in the Oracle Secure Global Desktop Administration Guide. 1.1.3 Enhanced Graphics Performance for Applications

A new application object attribute called Enhanced Graphics (--enhancedgraphics) has been introduced. Enabling this attribute on the Performance tab results in improved graphics performance. For example, when displaying video and animations in a high color application or desktop session.

To use Enhanced Graphics the application object must have the following settings:

• Window Type: Independent Window or Kiosk.

• Color Depth: 16-bit or 24/32-bit.

See Enhanced Graphics Performance for Applications in the Oracle Secure Global Desktop Administration Guide. 1.1.4 HTML5 Client Improvements

This release includes an improved HTML5 Client. The new HTML5 Client is supplied as the oracle- sgd-webclient package and must be installed on the SGD host. See Installing the HTML5 Client for installation instructions.

The new HTML5 Client provides improved performance and includes the following changes:

• User interface changes. The application toolbar has been simplified and copy and paste dialogs have been redesigned.

Menu options for sending keyboard shortcuts to the remote application window are now available.

• International keyboard support. International keyboards are now supported. In previous releases, only US English keyboards could be used with the HTML5 Client.

• Support for RESTful web services. This enables an Administrator to monitor and configure an SGD server, by using a browser or a client application such as curl.

• Tablet devices. Tablet devices, such as iPad and Android devices, are not supported by the new HTML5 Client.

Note

Internet Explorer is not supported as a client browser for the HTML5 Client.

See Using the HTML5 Workspace in the Oracle Secure Global Desktop User Guide. 1.2 Changes in Release 5.6

This section describes the changes in SGD Release 5.6. 1.2.1 Automatic Configuration of Gateway Deployments

The following changes for configuring an SGD Gateway deployment automatically have been introduced. The changes provide a quicker method of configuring Gateway deployments, without the need for manual tasks such as copying and installing security certificates. However, use of legacy commands and configuration procedures are still supported.

2 Changes for tarantella array join Command

• Automatic Gateway Configuration. The new gateway server add-array command enables Administrators to configure a Gateway deployment automatically, by running a single command on the Gateway.

The gateway server add-array command also reconfigures the Gateway configuration automatically if the array structure is changed. For example, when a new member joins the array or an existing member is removed from the array. See gateway server add-array in the Oracle Secure Global Desktop Gateway Administration Guide.

The gateway server list-array command enables you to list the arrays that have been added using the gateway server add-array command.

• Discovery of a Remote Gateway. The tarantella discover gateway command has been extended to discover a remote Gateway. See tarantella discover gateway in the Oracle Secure Global Desktop Administration Guide.

In previous releases this command could only be used for single host Gateway deployments.

• Gateway Deployment role. The Gateway Deployment role has been introduced for SGD servers. This role is designed to be used with the new commands. See The Gateway Deployment Role in the Oracle Secure Global Desktop Gateway Administration Guide. 1.2.2 Changes for tarantella array join Command

New options have been added to the tarantella array join command, to enable automation and minimize user input during the array join procedure. See tarantella array join in the Oracle Secure Global Desktop Administration Guide.

Note

These options can only be used when running tarantella array join on the primary server in the array. 1.2.3 Changes for Default Client Proxy Settings

SGD uses the following methods to determine the default proxy settings for a client device. The methods used vary depending on whether the SGD Client is installed on the client device, or if the HTML5 Client is used.

• SGD Client. On Windows and MacOS client platforms, default proxy settings are determined by the operating system settings.

On Linux client platforms, default proxy settings are determined from the https_proxy environment variable.

The default settings can be overridden by editing the proxy settings in the client profile.

The Use Default Web Browser Settings client profile setting has been renamed to be Automatically Determine Proxy. This setting now obtains the proxy settings from the client system.

• HTML5 Client. The browser settings are used automatically. 1.2.4 Retirement of Graphics Acceleration Attribute

The Graphics Acceleration (--accel) attribute for application objects is no longer available in this release.

3 Changes for RANDR X Extension Configuration

1.2.5 Changes for RANDR X Extension Configuration

Configuring multiple monitor displays is simplified in this release and less system resources are used. Users no longer need to preconfigure parameters such as the maximum display size.

RANDR is enabled by default for an SGD array. From this release, RANDR cannot be disabled either globally, or for individual applications or users.

The following RANDR attributes are no longer available:

• Global Settings. The RandR Extension (--array-xrandr-enabled) attribute on the Global Settings, Client Device tab.

• Applications. The Window Size: RandR Extension (--xrandr) attribute on the Presentation tab for the application object.

• Users. The RandR Extension (--orgxrandr) attribute on the Client Device tab for a user profile, organizational unit, or organization object.

See Using the RANDR X Extension in the Oracle Secure Global Desktop Administration Guide. 1.2.6 Changes for SGD Client Platforms

The following changes apply for SGD Client platforms:

• 32-bit Client Packages. Legacy 32-bit versions of the SGD Client are not available in this release. 64-bit versions of the SGD Client are available for all supported client platforms.

The oracle-sgd-clients-legacy package for enabling download of legacy SGD Client packages from an SGD server is no longer available.

• Solaris Client Packages. Packages for Solaris client platforms are not available in this release.

• Internet Explorer support. Internet Explorer is no longer supported as a browser on Windows client platforms. Microsoft Edge browser can be used as an alternative. 1.2.7 Changes for Java Software

This release requires Java 11 to be available on the SGD host. See Section 2.1.3, “Java Requirements”. 1.2.8 Changes for PDF Printing on Windows Platforms

The following changes have been introduced for PDF printing on Windows platforms:

• Client PDF Viewers. In previous releases, Adobe Reader was required in order to use PDF printing on Windows client devices. Other PDF viewers such as Nitro and Chrome are supported in this release.

SGD uses the default PDF viewer for the user on the client device.

See Section 2.2.3, “PDF Printing Support”.

• PDF Printing on Windows Application Servers. For PDF printing from Windows application servers, you can configure SGD to use the Microsoft Print to PDF printer driver. This means that the PDF is generated on the application server and print job conversion is not required on the SGD host.

Using this method can reduce resource usage and improve performance.

4 Changes for PDF Printing on Windows Platforms

See PDF Printing Without Using the oracle-sgd-ext-print-converter Extension Package in the Oracle Secure Global Desktop Administration Guide.

5 6 Chapter 2 System Requirements and Support

This chapter includes details of the system requirements and supported platforms for Oracle Secure Global Desktop (SGD) Release 5.6. 2.1 SGD Server Requirements and Support

This section describes the supported platforms and requirements for SGD servers. 2.1.1 Supported Installation Platforms for SGD

The supported installation platform for SGD is Oracle Linux 7, 64-bit only.

Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products. 2.1.1.1 Virtualization Support

SGD is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product. 2.1.1.2 Network Requirements

IPv6 network addresses are not supported for the SGD host.

IPv6 network addresses are supported for deployments using the SGD Gateway. See Network Requirements in the Oracle Secure Global Desktop Gateway Administration Guide.

See the Oracle Secure Global Desktop Installation Guide for details of network requirements for SGD. 2.1.2 Supported Upgrade Paths

Upgrades to version 5.6 of SGD are only supported from the following versions:

• Oracle Secure Global Desktop Software version 5.5

Upgrades from SGD Release 5.4 or earlier releases to SGD Release 5.6 are not supported.

Backing Up and Restoring Data From a Legacy SGD Installation in the Oracle Secure Global Desktop Installation Guide describes how you can migrate data from an SGD 5.4 installation to a default SGD 5.6 installation. 2.1.3 Java Requirements

For this release, Java 11 is required on the SGD host.

Server JRE (Java SE Runtime Environment) is not shipped with SGD. You must install this product separately on the SGD host. Both Oracle Java and OpenJDK are supported.

The Java truststore on the SGD host is used to store the CA certificates used by the SGD server. 2.1.4 Third Party Components for SGD

The SGD web server consists of an Apache web server and a Tomcat JavaServer Pages (JSP) technology container preconfigured for use with SGD.

7 Supported Authentication Mechanisms

The SGD web server consists of several components. The following table lists the web server component versions for this release of SGD.

Component Name Version Apache HTTP Server 2.4.41 Apache Tomcat 9.0.37

The Apache web server includes all the standard Apache modules as shared objects.

The minimum Java Virtual Machine (JVM) software heap size for the Tomcat JSP technology container is 256 megabytes. 2.1.5 Supported Authentication Mechanisms

The following are the supported mechanisms for authenticating users to SGD:

• Lightweight Directory Access Protocol (LDAP) version 3

• Microsoft Active Directory

• Network Information Service (NIS)

• RSA SecurID

• Oracle Access Manager

• Web server authentication (HTTP/HTTPS Basic Authentication), including public key infrastructure (PKI) client certificates

2.1.5.1 Supported Versions of Active Directory

Active Directory authentication and LDAP authentication are supported on the following versions of Active Directory:

• Windows Server 2012

• Windows Server 2012 R2

• Windows Server 2016

• Windows Server 2019

2.1.5.2 Supported LDAP Directories

SGD supports version 3 of the standard LDAP protocol. You can use LDAP authentication with any LDAP version 3-compliant directory server. However, SGD only supports the following directory servers:

• Oracle Unified Directory 11gR1 (11.1.1.x), 11gR2 (11.1.2.x)

• Oracle Internet Directory 11gR1 (11.1.1.x), 11gR2 (11.1.2.x)

• Oracle Directory Server Enterprise Edition 11gR1 (11.1.1.x)

• Microsoft Active Directory, as shown in Section 2.1.5.1, “Supported Versions of Active Directory”

Other directory servers may work, but are not supported.

8 SSL Support

2.1.5.3 Supported Versions of SecurID

SGD has been tested with version 8.1 of RSA Authentication Manager.

SGD supports system-generated PINs and user-created PINs.

2.1.5.4 Supported Versions of Oracle Identity Management

SGD works with the following versions of Oracle Identity Management:

• Oracle Identity Management 11gR2 (11.1.2.x) 2.1.6 SSL Support

SGD supports TLS version 1.2 and 1.3. Earlier versions of TLS are not supported.

SGD supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates.

SGD supports the Subject Alternative Name (subjectAltName) extension for SSL certificates. SGD also supports the use of the * wildcard for the first part of the domain name, for example *.example.com.

SGD includes support for a number of Certificate Authorities (CAs). The supported CA certificates are determined by the Java Runtime Environment (JRE) used by SGD. To add support for additional CAs, you can import CA certificates to the JRE truststore. Additional configuration is required to support SSL certificates signed by an unsupported CA. Intermediate CAs are supported, but additional configuration may be required if any of the certificates in the chain are signed by an unsupported CA.

SGD supports the use of external hardware SSL accelerators, with additional configuration.

By default, SGD uses Oracle approved cipher suites.

Other cipher suites may be configured, as described in the Oracle Secure Global Desktop Administration Guide. You can use any cipher suite that is supported by the version of OpenSSL installed on the SGD host. 2.1.7 Printing Support

Note

To use the full features of SGD printing, install the oracle-sgd-ext-print-* extension packages on the SGD host as described in Installing the oracle-sgd-ext-* Extension Packages in the Oracle Secure Global Desktop Installation Guide.

SGD supports two types of printing: PDF printing and Printer-Direct printing.

For PDF printing, SGD uses the oracle-sgd-ext-print-converter extension package to convert print jobs into PDF files.

For PDF printing from Windows applications, you can configure SGD to generate the PDF output directly on the application server. This means that the oracle-sgd-ext-print-converter extension package is not required on the SGD host for print job conversion.

SGD supports Printer-Direct printing to PostScript, Printer Command Language (PCL), and text-only printers attached to the user's client device. To support print job conversion from PostScript to PCL, the oracle-sgd-ext-print-converter extension package must be installed on the SGD host.

9 Client Device Requirements and Support

To print from a UNIX or Linux system application server using CUPS (Common UNIX Printing System), the version of CUPS must be at least 1.4.2. For best results, install the oracle-sgd-ext-print-cups extension package on the SGD host. 2.2 Client Device Requirements and Support

This section describes the supported platforms and requirements for client devices. 2.2.1 Supported Client Platforms

The following sections list the supported client platforms and browsers for the SGD Client.

• Desktop platforms: For supported desktop client platforms, see Section 2.2.1.1, “Desktop Client Platforms”.

• Chrome OS devices: For a list of Chrome OS devices which have been tested with SGD, see Section 2.2.1.2, “Chrome OS Client Platforms”.

Caution

The client platform for SGD must be a full operating system. An individual application, such as a browser, is not a supported client platform. 2.2.1.1 Desktop Client Platforms

Table 2.1, “Supported Desktop Client Platforms for SGD” shows the supported desktop client platforms and browsers for this release.

For more information, see About the Supported Desktop Client Platforms and Browser Versions.

Table 2.1 Supported Desktop Client Platforms for SGD

Supported Client Platform Supported Browsers Microsoft Windows 10 (64-bit only) Microsoft Edge

Mozilla Firefox 77 and later, Rapid Release and ESR

Chrome Oracle Linux (64-bit): Mozilla Firefox 68.9 ESR

• Oracle Linux 6 (at least version 6.2) Chrome

• Oracle Linux 7 (at least version 7.0) Ubuntu Linux 16.04, 18.04, and 20.04 (64-bit) Mozilla Firefox 52 ESR, 59

Chrome macOS 10.13 or later Safari 13

Mozilla Firefox 77 and later, Rapid Release and ESR

Chrome

10 Supported Client Platforms

About the Supported Desktop Client Platforms and Browser Versions

Table 2.1, “Supported Desktop Client Platforms for SGD” shows the client platforms and browser versions that Oracle has tested with this release of SGD.

The latest versions of the browsers listed in this table are supported. Browsers not shown in this table may be supported at a later stage. 2.2.1.2 Chrome OS Client Platforms

Table 2.2, “Chrome OS Client Devices Tested With SGD” shows the Chrome OS client devices that have been tested with this release.

The latest versions of the browsers listed in this table are supported.

Note

Oracle has tested SGD with the following preferred models of Chrome OS devices. Other devices may work with SGD, but have not been tested.

Table 2.2 Chrome OS Client Devices Tested With SGD Device Name Operating System Supported Browsers Acer Chromebook Chrome OS 64 Chrome

HP Chromebook

2.2.1.3 Browser Requirements

• The SGD Administration Console is not supported on Safari browsers.

• Beta versions or preview releases of browsers are not supported.

• Browsers must be configured to accept cookies.

• Browsers must have the JavaScript programming language enabled.

For details of workarounds when using untrusted certificates with the HTML5 Client on desktop platforms, see Section 3.1.23, “24311356 – Browser Workarounds for Using Untrusted Certificates with the HTML5 Client on Desktop Platforms”. 2.2.1.4 Other Client Requirements

For best results, client devices must be configured for at least thousands of colors.

The SGD Client and workspace are available in the following supported languages:

• English

• French

• German

• Italian

• Japanese

• Korean

11 Supported Proxy Servers

• Portuguese (Brazilian)

• Spanish

• Chinese (Simplified)

• Chinese (Traditional)

2.2.1.5 Virtualization Support

2.2.1.6 Network Requirements

IPv6 network addresses are supported for client devices when using an IPv6 Gateway deployment. See Network Requirements in the Oracle Secure Global Desktop Gateway Administration Guide.

See the Oracle Secure Global Desktop Installation Guide for details of network requirements for SGD. 2.2.2 Supported Proxy Servers

You can use HTTP, Secure Sockets Layer (SSL) or SOCKS version 5 proxy servers with SGD. To connect to SGD using an HTTP proxy server, the proxy server must support tunneling.

SOCKS proxy servers: SGD supports the following authentication methods.

• Basic

• Anonymous (no authentication required)

HTTP proxy servers: SGD supports the following authentication methods.

• Negotiate (for NTLM authentication only)

• Digest

• NTLM

• Basic

• Anonymous (no authentication required)

For the Negotiate method you must use a Windows client device and must start the SGD Client manually.

If the HTTP proxy server supports multiple authentication methods, the SGD Client selects a method automatically. The selected method is based on the order of preference shown in the above list. Negotiate has the highest order of preference, Basic has the lowest order of preference.

By default, the SGD Client uses the system proxy settings configured for the client device. 2.2.3 PDF Printing Support

To be able to use PDF printing, a recognized PDF viewer must be installed on the client device. SGD supports the following PDF viewers.

12 Supported Smart Cards

Client Platform PDF Viewer Notes Microsoft Windows Adobe Reader DC (version 2020 • The Universal PDF Viewer uses or later) the default PDF viewer for the SGD user on the client device. Nitro Pro (version 11 or later) • The Universal PDF Printer is Chrome only supported with Adobe Reader and Nitro. Oracle Linux GNOME PDF Viewer (gpdf) • To be able to use a supported PDF viewer, the application must Evince Document Viewer be on the user's PATH. (evince) • Support for alternative PDF X PDF Reader (xpdf) viewers can be configured in the user's client profile. macOS Preview App (/System/ • The Preview App PDF viewer Applications/Preview.app) must support the open -a command option.

• To be able to use a supported PDF viewer, the application must be on the user's PATH.

• Support for alternative PDF viewers can be configured in the user's client profile. 2.2.4 Supported Smart Cards

SGD works with any Personal Computer/Smart Card (PC/SC)-compliant smart card and reader supported for use with Microsoft Remote Desktop Services. 2.3 SGD Gateway Requirements and Support

This section describes the supported platforms and requirements for the SGD Gateway. 2.3.1 Supported Installation Platforms for the SGD Gateway

The supported installation platform for the SGD Gateway is Oracle Linux 7, 64-bit only.

By default, the SGD Gateway is configured to support a maximum of 100 simultaneous HTTP connections, 512 simultaneous Adaptive Internet Protocol (AIP) connections, and 512 simultaneous websocket connections. The JVM memory size is optimized for this number of connections. The Oracle Secure Global Desktop Gateway Administration Guide has details of how to tune the Gateway for the expected number of users. 2.3.1.1 Virtualization Support

The SGD Gateway is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate

13 Network Requirements

the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product. 2.3.2 Network Requirements

IPv6 network addresses are supported for the SGD Gateway. See Network Requirements in the Oracle Secure Global Desktop Gateway Administration Guide. 2.3.3 SGD Server Requirements for the SGD Gateway

The following requirements apply for the SGD servers used with the SGD Gateway:

• SGD version. Always use version 5.6 of SGD with version 5.6 of the Gateway.

• Clock synchronization. It is important that the system clocks on the SGD servers and the SGD Gateway are in synchronization. Use Network Time Protocol (NTP) software, or the rdate command, to ensure that the clocks are synchronized. 2.3.4 Third Party Components for the SGD Gateway

The Apache web server supplied with the SGD Gateway is Apache version 2.4.41.

The web server includes the standard Apache modules for reverse proxying and load balancing. The modules are installed as Dynamic Shared Object (DSO) modules. 2.3.5 SSL Support

SSL support for the SGD Gateway is provided by the Java Runtime Environment (JRE) used by the Gateway.

The SGD Gateway supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates.

The SGD Gateway supports the use of external hardware SSL accelerators, with additional configuration.

By default, the SGD Gateway is configured to use Oracle approved cipher suites for SSL connections.

Other cipher suites supported by the JRE may also be used with the Gateway. These cipher suites must be configured by the user, as shown in the Oracle Secure Global Desktop Gateway Administration Guide. 2.4 Application Requirements and Support

This section describes the supported platforms and requirements for displaying applications through SGD. 2.4.1 Supported Applications

You can use SGD to access the following types of applications:

• Microsoft Windows

• X applications running on Oracle Solaris, Linux, HP-UX, and AIX application servers

• Character applications running on Oracle Solaris, Linux, HP-UX, and AIX application servers

• Applications running on IBM mainframe and AS/400 systems

• Web applications, using HTML and Java technology

14 Network Requirements

SGD supports the following protocols:

• Microsoft Remote Desktop Protocol (RDP)

• X11

• HTTP

• HTTPS

• SSH at least version 2

• Telnet VT, American National Standards Institute (ANSI)

• TN3270E

• TN5250 2.4.2 Network Requirements

IPv6 network addresses are not supported for application servers used by SGD. See the Oracle Secure Global Desktop Installation Guide for details of network requirements for SGD. 2.4.3 Supported Installation Platforms for the SGD Enhancement Module

The SGD Enhancement Module is a software component that can be installed on an application server to provide the following additional functionality when using applications displayed through SGD:

• Advanced load balancing

• Client drive mapping (UNIX or Linux platforms only)

• Seamless windows (Windows platforms only)

• International keyboard support (Windows platforms only)

• Audio (UNIX or Linux platforms only)

The PulseAudio audio module is supported on Oracle Linux 6 or later, and Oracle Solaris 11 platforms only.

Table 2.3, “Supported Installation Platforms for the SGD Enhancement Module” lists the supported installation platforms for the SGD Enhancement Module.

Table 2.3 Supported Installation Platforms for the SGD Enhancement Module Operating System Supported Versions Microsoft Windows (64-bit) Windows Server 2019, Windows Server 2016, 2012 R2 Oracle Solaris on SPARC platforms Solaris 10 8/11 (update 10) or later

Solaris 11

Trusted Extensions versions of the above Oracle Solaris on x86 platforms Solaris 10 8/11 (update 10) or later

Solaris 11

15 Microsoft Windows Remote Desktop Services

Operating System Supported Versions Trusted Extensions versions of the above Oracle Linux (32-bit and 64-bit) 5 (at least version 5.5)

6 (at least version 6.2)

7 (at least version 7.0)

8 (at least version 8.0)

On Oracle Solaris Trusted Extensions platforms, only advanced load balancing is supported. Audio and CDM are not supported.

For best results, ensure that the version of the Enhancement Module is the same as the SGD server version.

Application servers that are not supported platforms for the SGD Enhancement Module can be used with SGD to access a supported application type using any of the supported protocols.

2.4.3.1 Virtualization Support

The SGD Enhancement Module is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

Installation in zones is supported for Oracle Solaris platforms. The Enhancement Module can be installed in the global zone, or in one or more non-global zones. Installation in both the global zone and a non-global zone is not supported.

On Oracle Solaris Trusted Extensions platforms, you must install the Enhancement Module in a labeled zone. Do not install in the global zone. 2.4.4 Microsoft Windows Remote Desktop Services

SGD does not include licenses for Microsoft Windows Remote Desktop Services. If you access Remote Desktop Services functionality provided by Microsoft operating system products, you need to purchase additional licenses to use such products. Consult the license agreements for the Microsoft operating system products you are using to determine which licenses you must acquire.

SGD supports RDP connections to the following versions of Microsoft Windows:

• Windows Server 2019

• Windows Server 2016

• Windows Server 2012, 2012 R2

• Windows 8, 8.1

• Windows 10

16 X and Character Applications

On Windows 8 and Windows 10 platforms only full Windows desktop sessions are supported. Running individual applications is not supported. Seamless windows are also not supported.

SGD supports RDP connections to virtual machines (VMs) running on a hypervisor. The following features are supported when you connect using RDP:

• Audio recording (input audio)

• Audio redirection

• Clipboard redirection

• COM port mapping

• Drive redirection (client drive mapping)

• Multi-monitor

• Session directory

• Smart card device redirection

• Windows printer mapping (client printing) 2.4.4.1 Audio Recording Redirection

To record audio in a Windows Remote Desktop Services session, audio recording redirection must be enabled on the application server. By default, audio recording redirection is disabled. 2.4.4.2 Encryption Level

You can only use the Low, Client-compatible, or High encryption levels with SGD. SGD does not support the Federal Information Processing Standards (FIPS) encryption level. 2.4.4.3 Transport Layer Security

With Microsoft Windows Server, you can use Transport Layer Security (TLS) for server authentication, and to encrypt Remote Desktop Session Host communications. 2.4.4.4 Network Level Authentication

If the Remote Desktop Session Host supports Network Level Authentication (NLA) using CredSSP, you can use NLA for server authentication. 2.4.5 X and Character Applications

To run X and character applications, SGD must be able to connect to the application server that hosts the application. SGD supports SSH and Telnet as connection methods. SSH is the most secure connection method.

SGD works with SSH version 2 or later. Because of SSH version compatibility problems, use the same major version of SSH, either version 2 or version 3, on all SGD hosts and application servers.

SGD supports the X Security extension. The X Security extension only works with versions of SSH that support the -Y option. For OpenSSH, this is version 3.8 or later.

To print from a UNIX or Linux system application server using CUPS, the version of CUPS must be at least 1.4.2.

17 Oracle Hypervisor Hosts

2.4.5.1 X11 Software

SGD includes an X protocol engine (XPE) implementation based on X.Org Server 1.20. 2.4.5.2 Supported X Extensions

SGD supports the following X extensions for X applications:

• BIG-REQUESTS

• Composite

• DAMAGE

• DOUBLE-BUFFER

• GLX

• Generic Event Extension

• MIT-SCREEN-SAVER

• MIT-SHM

• RANDR

• RECORD

• RENDER

• SGI-GLX

• SHAPE

• SYNC

• X-Resource

• XC-MISC

• XFIXES

• XINERAMA

• XInputExtension

• XKEYBOARD

• XTEST 2.4.5.3 Character Applications

SGD supports VT420, Wyse 60, or SCO Console character applications. 2.4.6 Oracle Hypervisor Hosts

SGD includes the following application server objects, which can be used to represent an Oracle hypervisor host.

18 Microsoft Hyper-V

• Oracle VM hypervisor: Used to integrate with an Oracle VM hypervisor host.

This release of SGD has been tested with version 3.3 and 3.4 of Oracle VM.

• VirtualBox hypervisor: Used to integrate with an Oracle VM VirtualBox hypervisor host.

This release of SGD has been tested with version 5.0 of Oracle VM VirtualBox.

Integration with Oracle VM and Oracle VM VirtualBox is described in the Oracle Secure Global Desktop Administration Guide. 2.4.7 Microsoft Hyper-V

This release of SGD supports connections to a Microsoft Hyper-V guest running on a supported Windows Server platform.

Integration with Microsoft Hyper-V is supported by configuring a Windows application object, as described in the Oracle Secure Global Desktop Administration Guide.

The enhanced session mode feature of Hyper-V can be used with supported virtual machines. 2.5 Removed Features

The following features are not available in this release:

• Using tablet devices with the HTML5 Client.

• The oracle-sgd-clients-legacy package for 32-bit SGD Clients.

• SGD Client packages for Solaris client platforms.

• Internet Explorer is no longer supported as a browser on Windows client platforms.

• RANDR attributes for global settings and for applications, users, and organizations.

• The Graphics Acceleration (--accel) attribute for application objects.

19 20 Chapter 3 Known Issues, Bug Fixes, and Documentation Issues

This chapter contains information about known issues, bug fixes, and documentation issues for Oracle Secure Global Desktop (SGD). Details on providing feedback and reporting bugs are also included. 3.1 Known Bugs and Issues

This section lists the known bugs and issues for the SGD 5.6 release. 3.1.1 12268127 – Backup Primaries List Command Returns an Error

Problem: Using the tarantella array list_backup_primaries command on an SGD server that has been stopped and then detached from an array returns a "Failed to connect" error.

Cause: A known issue.

Solution: Restart the detached SGD server before using the tarantella array list_backup_primaries command. 3.1.2 12275351 – HyperTerminal Application Hangs in a Relocated Windows Desktop Session

Problem: Users running the HyperTerminal application in a Windows desktop session experience problems when they try to resume the desktop session from another client device. The HyperTerminal application is unresponsive and cannot be closed down.

Cause: A known issue with HyperTerminal when resuming Windows desktop sessions from another client device (also called “session grabbing”).

Solution: Close down the HyperTerminal application before you resume the Windows desktop session from another client device. 3.1.3 12300549 – Home Directory Name is Unreadable For Some Client Locales

Problem: When using client drive mapping in SGD, the name of the user's home directory may include unreadable characters. By default, a user's home directory is mapped to a drive called "My Home".

The issue has been seen on non-Windows client devices configured with a non-English client locale, such as ja_JP.UTF-8.

Cause: A known issue for some client locales.

Solution: No known solution at present. 3.1.4 12304903 – Print to File Fails for Windows Client Devices

Problem: When users select the Print to File menu option in a Windows application displayed through SGD, the print job remains on hold in the print queue on the client device. The issue has been seen on Windows 7 client devices.

Cause: A known issue with some versions of Windows.

Solution: A workaround is described in Microsoft Knowledge Base article 2022748.

21 14147506 – Array Resilience Fails if the Primary Server is Changed

3.1.5 14147506 – Array Resilience Fails if the Primary Server is Changed

Problem: Array resilience may fail if you change the primary server while the array is in a repaired state. The array is in a repaired state when the failover stage has completed.

After the recovery stage of array resilience, when uncontactable servers rejoin the array, communications to the other array members may not work.

The issue is seen when secure intra-array communication is enabled for the array.

Cause: A known issue with array resilience when secure intra-array communication is used. By default, secure intra-array communication is enabled for an SGD server.

Solution: No known solution. If possible, avoid changing the array structure during the array resilience process. 3.1.6 14221098 – Konsole Application Fails to Start on Oracle Linux

Problem: The KDE Konsole terminal emulator application fails to start when configured as an X application object in SGD.

The issue is seen when the application is hosted on an Oracle Linux 6 platform.

Cause: A known issue when running Konsole on Oracle Linux 6. The issue is caused by the application process forking on start up.

Solution: The workaround is to use the --nofork command option when starting Konsole.

In the Administration Console, go to the Launch tab for the X application object and enter --nofork in the Arguments for Command field. 3.1.7 14237565 – Page Size Issue When Printing on Non-Windows Client Devices

Problem: Print jobs are not delivered to the client printer in the correct page format. For example, a print job for an A4 page size document is delivered to the client printer as a Letter page size document. Depending on the client printer configuration, this may cause the print job to fail.

The issue is seen when using Linux and macOS client devices.

Cause: A known issue when printing to some non-Windows client devices.

Solution: Some client printers can be configured to ignore the page size format.

A workaround is to use PDF printing when printing from SGD. 3.1.8 14287730 – X Error Messages When Shadowing From the Command Line

Problem: Error messages similar to the following may be seen when shadowing an application session from the command line, using the tarantella emulatorsession shadow command.

X Error: BadImplementation Request Major code 152 (RANDR) Request Minor code 8 () Error Serial #209 Current Serial #209

Shadowing works as expected, despite the error messages.

Cause: A known issue if the X server on the client device does not implement session resizing.

22 16275930 – Unable to Access SGD Servers When Using the SGD Gateway

Solution: The errors are benign and can be ignored. 3.1.9 16275930 – Unable to Access SGD Servers When Using the SGD Gateway

Problem: When connecting through an SGD Gateway, users are unable to access the SGD servers in the array. When they attempt to log in to an SGD server or use the Administration Console, their browser is redirected to an error page.

The issue is seen when the Gateway is configured as follows:

• The port used for incoming connections is not the default port, port 443.

• Connections between the Gateway and the SGD servers in the array are not secure.

These settings are usually configured during installation of the Gateway.

Cause: A known issue with this specific Gateway configuration.

Solution: Use the following workaround.

On the Gateway host, edit the opt/SUNWsgdg/httpd/default/conf/extra/gateway/httpd- gateway.conf file.

Locate the ProxyPassReverse directive. For example:

ProxyPassReverse / http://gw.example.com:80/

Change the port number for the ProxyPassReverse directive, as follows:

ProxyPassReverse / http://gw.example.com:port-num/

where port-num is the port number used by the Gateway for incoming connections. 3.1.10 16814553 – Multiple Authentication Prompts When Accessing My Desktop Using a Safari Browser

Problem: Users may see multiple authentication prompts when they try to access the My Desktop application, either from the SGD web server Welcome page or by going to the My Desktop URL.

The issue is seen when the following apply:

• Web authentication is the authentication mechanism for SGD.

• A Safari browser is used to access SGD, from a macOS client device.

Cause: A known issue with the Safari browser.

Solution: No known solution. The user is logged in to SGD after negotiating the authentication prompts. 3.1.11 17601578 – Poor User Experience When Displaying Applications on macOS Platforms

Problem: Users on some macOS platforms may experience screen refresh and other performance issues when displaying SGD applications.

Cause: This issue is caused by the App Nap power-saving feature in macOS.

Solution: Turn off the App Nap feature for the SGD Client, as follows:

23 20421590 – Lock File Issues With Oracle Access Manager WebGate

• Locate the SGD Client application in Finder and Command-click the application name.

• Choose the Get Info option, then select the Prevent App Nap check box. 3.1.12 20421590 – Lock File Issues With Oracle Access Manager WebGate

Problem: Single sign-on authentication does not work when using some versions of the Oracle Access Manager WebGate 11gR2.

Cause: The WebGate is unable to create lock files on the SGD host.

This is caused by changes in the file locking implementation, introduced in version 11.1.2.2.0 of the WebGate.

Solution: In the webgate.conf configuration file for the WebGate, set the value of the WebGateLockFileDir directive. This directive specifies the location to create WebGate lock files.

The value must be a directory that is writeable by the ttaserv system user. For example, /opt/ tarantella/webserver/apache/default/logs. 3.1.13 20220383 – Proxy Authentication Dialog Box Issue

Problem: When users connect to SGD through a proxy server, the proxy authentication dialog box does not display the authentication method or authentication realm used by the proxy server. This can cause confusion when the proxy server supports multiple authentication methods, and users have different credentials for different authentication methods.

Cause: A known issue when using a proxy server that is configured to use multiple authentication methods.

Solution: No known solution at this time. 3.1.14 20463642 – Credential Caching Issues for HTTP Proxy Authentication on Windows Clients

Problem: When users connect to SGD through an HTTP proxy server from a Windows client device, cached credentials are not used as expected.

The following issues have been seen:

• For Basic or Digest authentication methods, cached credentials are not used. The user is always prompted to enter credentials, regardless of whether credentials have previously been cached.

• For NTLM or Negotiate methods, cached domain credentials are not used. If the domain requested by the proxy server does not match the domain used to log in to Windows, the user is prompted for credentials. The SGD Client does not attempt to use alternative domain credentials stored in Windows Credential Manager.

Cause: Known issues when connecting to SGD through an HTTP proxy server from a Windows client device.

Solution: No known solution at this time. 3.1.15 20506611 – Enhancement Module Installation Issue on Oracle Linux UEK R3

Problem: Installation of the SGD Enhancement Module may fail on Oracle Linux versions which use the Unbreakable Enterprise Kernel Release 3 (UEK R3) kernel.

24 20678796 – macOS Client Device Uses Multiple CALs

The error message Unable to locate source tree is shown during installation.

Cause: The Enhancement Module installation program is unable to locate the kernel headers for the UEK R3 kernel.

Solution: Use the following command to install the required kernel header packages:

# yum install kernel-uek-devel-$(uname -r) 3.1.16 20678796 – macOS Client Device Uses Multiple CALs

Problem: Connections to a Windows application server from a macOS client device may use more client access licenses (CALs) than expected. The issue is seen when using both the SGD Client and the Microsoft Remote Desktop Client on the same macOS client device.

Cause: A known issue when using SGD with some versions of the Microsoft Remote Desktop Client that are downloaded from the Mac App Store.

Such versions of the Microsoft Remote Desktop Client may not store CALs in the default shared directory location used by the SGD Client: /Users/Shared/Microsoft/Crucial RDC Server Information.

Solution: No known solution at present. 3.1.17 20693954 – Audio Recording Issue for Linux Clients

Problem: Audio recorded from a Linux client device by the audiorecord command running on an Oracle Solaris application server is not recorded correctly. White noise is heard on playback.

Cause: The default audio format for audiorecord is u-law. When recording from a Linux client device, this audio format is not recorded correctly by the SGD UNIX audio input service.

Solution: Change the audio format used by the audiorecord command. Specify the linear encoding option, as follows:

audiorecord -e linear audio-file

where audio-file is the output file name. 3.1.18 20821979 – tarantella status Command Returns Parser Errors

Problem: When running the tarantella status --byserver command to display detailed status information for each SGD server in an array, the command fails. Error messages such as the following are seen:

parser error : Start tag expected, '<' not found

Cause: A timeout issue for a web service which is used by the tarantella status command. The default connection timeout for the web service is 10 seconds. In some deployments, this may be too low.

Solution: The workaround is to change the default setting for the connection timeout.

Edit the /opt/tarantella/bin/scripts/status.soap file. Change the following entry:

set env(TTA_SOAP_CONNECT_TIMEOUT) "10"

to read as follows:

set env(TTA_SOAP_CONNECT_TIMEOUT) "20"

25 21478016 – macOS SGD Client Issues

Note that there are multiple TTA_SOAP_CONNECT_TIMEOUT entries within this file. 3.1.19 21478016 – macOS SGD Client Issues

Problem: Users may see the following issues when using the SGD Client from this release on macOS client devices:

• On the Client Connection Settings dialog box, using the Tab key to move between fields may not work as expected.

• The pull-down header in Kiosk mode applications looks different, compared to when using earlier SGD releases.

Cause: Known issues when using the macOS version of the SGD Client included in this release.

Solution: Use one of the following workarounds.

• The tabbing issue is a known issue for macOS client devices. On the macOS client device, enable the following setting in System Preferences:

System Preferences, Keyboard, Shortcuts, Full Keyboard Access Radio Button.

• For this release, the Kiosk mode pull-down header has been integrated with the standard macOS toolbar. 3.1.20 21530993 – ABRT Errors When Closing Oracle Linux 7 Applications

Problem: The ABRT (Automatic Bug Reporting Tool) reports errors when applications hosted on Oracle Linux 7 application servers are closed down from the SGD workspace.

Cause: A known issue with some versions of ABRT on Oracle Linux 7 platforms.

Solution: The workaround is to update to the latest version of ABRT, as follows:

# yum update abrt 3.1.21 22563362 – OSS Audio Driver Module Issue on Oracle Linux Platforms

Problem: An error message such as the following is seen when using the SGD Enhancement Module on Oracle Linux platforms:

Starting OSS audio. modprobe: FATAL: Module sgdadem not found.

This error message indicates that the Enhancement Module is unable to locate the Open Sound System (OSS) audio driver module.

Cause: This issue occurs when the Linux kernel is updated on the application server host. The installed OSS audio driver module is then incompatible with the new kernel version.

Solution: The workaround is to rebuild and reinstall the audio driver module, using the new kernel source. Enter the following commands:

# cd /opt/tta_tem/audio/sgdadem/src/ # make clean # make # make install

Restart the SGD Enhancement Module, as follows:

# /opt/tta_tem/bin/tem restart

26 23592020 – Key Mapping Issues on Oracle Linux 7 Platforms

3.1.22 23592020 – Key Mapping Issues on Oracle Linux 7 Platforms

Problem: Key mapping issues may be seen for applications published through an Oracle Linux 7 SGD server. Some displayed characters may not match the key press.

Cause: A known issue with the default settings for ibus (Intelligent Input Bus) on Oracle Linux 7 platforms.

Solution: Run the ibus-setup command and display the Advanced tab.

Ensure that the Use System Keyboard Layout check box is selected. By default, this check box is not selected. 3.1.23 24311356 – Browser Workarounds for Using Untrusted Certificates with the HTML5 Client on Desktop Platforms

Problem: Issues may be seen when you connect using the HTML5 Client from a desktop client platform and the SGD server uses an untrusted certificate, such as a self-signed certificate. For example, you may not be able to log in to the SGD server or applications may not start as expected.

These issues do not apply for SGD deployments which use an SGD Gateway.

Cause: These are browser trust issues caused by using untrusted certificates.

Solution: If possible, use a certificate that is signed by a Certificate Authority that is trusted by the browser.

Alternatively, configure the browser to trust the certificate.

The following are examples of workarounds for some supported browsers:

• Firefox: Import the SGD server certificate into the browser truststore.

You may need to add a permanent security exception for the SGD server URL.

• Edge: Import the SGD server certificate into the Trusted Root Certification Authorities store.

• Safari: Set the trust policy for the SGD server certificate to "Always Trust".

• Chrome: Import the SGD server certificate into the browser truststore. 3.1.24 25687260 – Locate Pointer Issue on Linux Client Platforms

Problem: For some applications displayed through SGD, pressing the Ctrl key on the client device has no effect. For example, using the Ctrl + C key combination in a terminal window does not work as expected.

The issue is seen on Linux client platforms.

Cause: This is caused by the Locate Pointer feature of GNOME desktop. This feature indicates the position of the mouse pointer when the Ctrl key is pressed.

The Locate Pointer feature is disabled by default.

Solution: Disable the Locate Pointer setting in the Mouse Preferences dialog box for the GNOME desktop. 3.1.25 26495194 – Seamless Window Issues for Adobe Reader

Problem: Issues may be seen when displaying Adobe Reader in seamless windows mode. Users may not be able to minimize, move, or resize the application window.

27 29133366 – GNOME Session Issues When Using Remote Oracle Linux 7.6 Application Server

The issues have been seen with Windows Server 2012, but may apply to other supported Windows application servers.

Cause: A known issue when using the Protected Mode feature of Adobe Reader. This feature was introduced in Adobe Reader 10.

Solution: The workaround is to disable the Protected Mode feature of Adobe Reader. Seamless windows mode then works as expected. 3.1.26 29133366 – GNOME Session Issues When Using Remote Oracle Linux 7.6 Application Server

Problem: When launching gnome-session on a remote Oracle Linux 7.6 application server, windows within the gnome-session are displayed as black boxes.

Cause: This is a known issue when using gnome-session on a remote Oracle Linux 7.6 server.

Solution: On the gnome-session application set the Hints attribute, --scottahints, to xpecommandlineargs=-extension MIT-SHM. This attribute can be set from the SGD Administration Console or from the command line by entering the following command:

# tarantella object edit \ --name ".../_ens/o=applications/cn=name" \ --scottahints "xpecommandlineargs=-extension MIT-SHM" 3.1.27 29628348 – Audio is Not Played on a Linux Client Device

Problem: Audio output from applications is not played on a Linux client device.

Cause: This issue is due to missing ESD library dependencies on some Linux client platforms.

Solution: The workaround is to install the required libraries and restart the pulseaudio daemon, as follows:

Oracle Linux 6 and Oracle Linux 7 platforms (64-bit):

# yum install pulseaudio-esound-compat esound-libs $ pulseaudio -k

Ubuntu Linux platforms (64-bit):

$ sudo apt-get install pulseaudio-esound-compat libesd0 $ pulseaudio -k 3.1.28 Long Print Jobs Do Not Complete Successfully

Problem: Long print jobs are not completed successfully. Subsequent print jobs may cause the SGD Client to exit unexpectedly.

Cause: If an SGD print job takes longer than four minutes to be transferred from the SGD server to the client device it may be trigger an idle timeout on the SGD server and be cancelled.

Solution: A workaround is to increase the Print Protocol Engine exit timeout on the SGD server.

Change the timeout to a value that is suitable for your print jobs. For example if your print jobs take a maximum of approximately six minutes (360 seconds), set the timeout to ten minutes (600 seconds). For example:

$ tarantella config edit --ppe-exitafter 600

Restart the SGD server, for the changes to take effect.

28 Bug Fixes in Version 5.6

3.2 Bug Fixes in Version 5.6

The following table lists the significant bugs that are fixed in the 5.6 release.

Table 3.1 Bugs Fixed in the 5.6 Release Reference Description 31702006 UNABLE TO LOGIN TO SGD AFTER UPGRADING TO SGD 5.5U3 WHEN A PROXY SERVER IS USED AND SGD HOST IS SET AS AN EXCEPTION IN THE CLIENT BROWSER 31595031 AFTER AN SGD SERVER RESTART, OLD SGD COOKIES ARE NOT CLEANED UP 31476324 SGD SERVER TRANSITIONS UNEXPECTEDLY FROM SECURE AND STANDARD CONNECTIONS TO ONLY STANDARD CONNECTIONS 31464756 GATEWAY CLIENTCERT LIST DOES NOT SHOW CERTIFICATE WHEN LOCALE IS JA_JP.UTF-8 31429937 SYNTAX ELEMENTS OF LDAP OBJECT NAMES SHOULD NOT BE CASE SENSITIVE 31316016 SERVICE OBJECT WITH SEARCH BASE WORKS ONLY FOR "DC=EXAMPLE,DC=ORG", NOT IF "OU=GROUP,DC=EXAMPLE,DC=ORG" IS INCLUDED 31240131 SGD SERVER ENTERPRISE MANAGER PLUGIN FAILING TO COLLECT DATASTORE METRICS 31236406 SERVICE OBJECT CANNOT BE EDITED USING THE ADMIN CONSOLE 31219398 IMPROVE PERFORMANCE OF PDF PRINTING 31198898 MAC CLIENT WINDOW MODE AND SEAMLESS WINDOWS MODE APPLICATIONS DO NOT MINIMISE CORRECTLY 31166904 PARTIAL MOUSE POINTER IS ONLY DISPLAYED WHEN NORMAL MOUSE POINTER SCHEME IS SELECTED IN KIOSK SESSION 31110312 AUDIO-IN FAILS WITH LATER VERSIONS OF MAC OS X 31038774 MOUSE CURSOR DISAPPEARS UPON ENTRY TO TEXT FIELD IN WINDOWS 10 APPLICATIONS 30982085 USER PROFILE PAGE CONFIGURATION PAGE INCORRECT IN ADMIN CONSOLE 30963970 ERASING ORACLE-SGD-TEM DOES NOT STOP ALL PROCESSES 30956963 APPLICATION LAUNCH FAILS WITH SOME SECURITY-GATEWAY SETTINGS 30944782 UNIVERSAL PDF PRINTING DOES NOT WORK WITH RECENT WINDOWS SERVERS 30914606 FIX ENHANCEMENT MODULE UNINSTALL 30914549 NOTARIZE MAC OS X CLIENT 30910086 TARANTELLA QUERY ERRLOG COMMAND FAILS WHEN ATTEMPTING TO RUN TARANTELLA ARCHIVE COMMAND 30847299 TTASSL TERMINATES, ALL APPLICATIONS DISAPPEAR AND SGD MUST BE RESTARTED 30803454 LOG ROTATION NO LONGER AUTOMATED ON SGD 5.5 30724290 JAVA APPLICATIONS IN CLIENT WINDOW MODE ARE NOT RESIZABLE ON NON- LINUX CLIENTS 30658275 LAUNCH ATTEMPTS VIA WEBSERVICES API APPEAR TO FAIL WITHIN A GATEWAY DEPLOYMENT

29 Bug Fixes in Version 5.6

Reference Description 30635273 WINDOWS USERS WITHOUT PASSWORDS RECEIVE REDUNDANT LOGIN PROMPT FROM WINDOWS 2016 AFTER SESSION LAUNCH 30632128 INACTIVE USERS ABLE TO LOG IN TO SGD 30560928 RESIZING CHROME SEAMLESS WINDOW MODE APPLICATION IN ORACLE LINUX 7 CLIENT SHOWS BLACK BACKGROUND ON FIRST LAUNCH 30556114 WINDOWS KIOSK RANDR APPLICATIONS ARE RESUMED WITH BLACK BACKGROUND ON ORACLE LINUX 7 CLIENT 30522945 CHROME BORDER HAS THICKENED WITH TTASWM.EXE 30522800 TTASWM.EXE CAUSES INACTIVE KEYBOARD FOR DROP DOWN MENU 30510540 SUFFIX MAPPING FAILS TO AUTHENTICATE WHEN DOMAIN IS NOT IN A FOREST 30494970 GATEWAY SSLCERT PRINT COMMAND MAY PROVIDE INCORRECT STATUS IF A NEW CERTIFICATE IS INSTALLED AFTER INITIAL CONFIGURATION 30478571 TARANTELLA INFO MESSAGE WHEN READING A CORRUPT SSLDAEMON PID FILE 30407291 POST-INSTALL SCRIPT ERRORS RELATING TO SHORT HOSTNAME 30383371 COPY AND PASTE BETWEEN TWO GNOME TERMINALS CRASHES THE SOURCE WHEN PASTING INTO THE TARGET 30383280 REQUEST 64-BIT CLIENT FOR UBUNTU 18+ DEVICES (DEBIAN), INCLUDING SUPPORT FOR LIBCURL4 30372149 ALLOW SGD SERVER DIRECTORIES TO BE MAPPED IN RDS SESSIONS 30370454 UNWANTED MESSAGES ARE SEEN WITH WRONG DECRYPTION PASSWORD DURING RESTORE 30367464 RESIZING VM WINDOW CAUSES FLICKERING AND FINAL SIZE DOES NOT MATCH MOUSE RELEASE POINT 30365516 WORKSPACE CAN FAIL TO LOAD USING GATEWAY PATCH 5.4 P4 30328585 BLACK BORDER SEEN ON SEAMLESS WINDOW MODE WINDOWS 2016 APPLICATION 30328403 BLACK RECTANGLE APPEARS UNDER URL MOUSEOVER FOR WINDOWS 2016 APPLICATIONS 30328227 SEAMLESS WINDOW MODE APPLICATION MOUSE CURSOR SHOULD BE RED CIRCLE BUT IS BLUE BUSY BALL 30328174 SEAMLESS WINDOW MODE APPLICATIONS FREEZE 30322243 PERSISTENT SSLDAEMON/HANDSHAKE/FAILEDERROR ON ARRAY JOIN WITH SOME ORACLE LINUX 7 COMPUTE INSTANCES IN OCI 30254260 SGD 5.5 X APPLICATION DOES NOT BEHAVE THE SAME AS WITH SGD 5.4 30039465 RESTORE ACTIVE APPLICATION SESSIONS IF NEEDED AFTER BRIEF NETWORK INTERRUPTION 30038370 NEWLY INSTALLED SGD CLIENT DOES NOT DETECT OR PROMPT FOR PROXIES, AND CANNOT CONNECT 29996261 ALT GR CHARACTERS DO NOT APPEAR RELIABLY FOR CITRIX APPLICATIONS 29965590 USER IS PROMPTED TWICE, EVEN IF CREDENTIALS ARE ENTERED CORRECTLY THE FIRST TIME

30 Providing Feedback and Reporting Problems

Reference Description 29889843 ADMIN CONSOLE LINKS ON THE WEBSERVER INDEX PAGE AND THE SGD WORKSPACE NOT WORKING BEHIND AN HTTP REVERSE PROXY 29871708 CREDENTIALS REJECTED WHEN USER PASSWORD CONTAINS A BACKSLASH 29714043 WINDOW OF X APPLICATION IS DRAWN CORRECT SIZE, BUT IS OFF-CENTER IN MULTI-DISPLAY CLIENT 29713891 SGD CLIENT DOES NOT ADJUST PROPERLY WHEN SCREEN RESOLUTION IS CHANGED 29710201 WINDOWS SERVER 2016 SEAMLESS WINDOW MODE APPLICATIONS DISPLAYED WITH WIDE BLACK BORDER 29707546 LINUX CLIENT: APPLICATION START FAILS WHEN NO PRIMARY DISPLAY IS CONFIGURED 29688846 SGD SERVER NOT ACCEPTING CONNECTIONS ONCE EVERY FEW DAYS 29521011 FIX BLACK WINDOWS SESSIONS ON RESUME 29331545 AFTER USING GATEWAY DISCOVER ON COLOCATED DEPLOYMENT, SSLKEY IMPORT CREATES SECOND ENTRY IN KEYSTORE.CLIENT 28812584 ALT GR CHARACTERS DO NOT APPEAR RELIABLY 27714860 ERROR MESSAGE IN PROXY LOG: RECEIVED FATAL ALERT: UNKNOWN_CA 27494487 UNABLE TO CHANGE ICON FOR DYNAMIC APPLICATION USING SGD ADMIN CONSOLE 27351360 NUMLOCK STATE REVERSED IN WINDOWS APPLICATION IF ENGAGED AT LAUNCH 23738497 GERMAN/SWISS KEYBOARD LOCALES ARE REQUIRED WHEN USING CHROME HTML5 CLIENT 3.3 Providing Feedback and Reporting Problems

This section provides information about how to provide feedback and contact support for the Oracle Secure Global Desktop product.

If you need to report an issue and have an Oracle Premier Support Agreement, you should open a case with Oracle Support at https://support.oracle.com.

If you are reporting an issue, please provide the following information where applicable:

• Description of the problem, including the situation where the problem occurs, and its impact on your operation.

• Machine type, operating system version, browser type and version, locale and product version, including any patches you have applied, and other software that may be affecting the problem.

• Detailed steps on the method you have used, to reproduce the problem.

• Any error logs or core dumps. 3.3.1 Contacting Oracle Specialist Support

If you have an Oracle Customer Support Identifier (CSI), first try to resolve your issue by using My Oracle Support at https://support.oracle.com. Your Oracle Premier Support CSI does not cover customization support, third-party software support, or third-party hardware support.

31 Contacting Oracle Specialist Support

The Oracle Secure Global Desktop Information Center on My Oracle Support contains links to knowledge documents for SGD.

If you cannot resolve your issue, open a case with the Oracle specialist support team for technical assistance on break/fix production issues. The responding support engineer will need the following information to get started:

• Your Oracle Customer Support Identifier.

• The product you are calling about.

• A brief description of the problem you would like assistance with.

If your CSI is unknown, find the correct Service Center for your country (http://www.oracle.com/us/support/ contact-068555.html), then contact Oracle Services to open a non-technical service request (SR) to get your CSI sorted. Once you have your CSI, you can proceed to open your case through My Oracle Support.