KB:

Microsoft IAG 2007 Service Pack 2 Update 1


A:
 Applies to: Winfrasoft Gateway Appliances running Microsoft IAG 2007 with Service Pack 2

Winfrasoft has tested SP2 Update 1 on Winfrasoft appliances and supports this configuration.

Warning: After installing SP2 Update 1 it has been noted that custom URL Set entries on a portal may be removed. Please check for these entries and make a record of them prior to installing the update.

Download Details: Select the location to download from. Note: SP2 Update 2 is now available.

IAG 2007 SP2 Update 1 download:
IAG3.7-SP2Update-1 (20Mb)

Further Information:

Microsoft knowledge base: http://support.microsoft.com/kb/968384

  1. Enhanced client detection with WMI “SecurityCenter2” namespace

In addition to the existing detection methods, the endpoint client detection components now use a new WMI namespace, SecurityCenter2, introduced since Vista SP1:

  • An updated detection script and updated endpoint client detection components add this functionality on the client
  • “SecurityCenter2” detection can be disabled by setting a server value if desired.
  • Existing detection logic has not been removed or changed.
  1. Support for the Citrix XenApp5 application

Citrix XenApp5 is the latest Citrix presentation server product.
Citric XenApp5 publishing is fully integrated and is seamlessly functioning through IAG .
In this release, Citrix XenApp5 publishing is implemented with Single sign-on, security rule set, and SSL VPN tunneling.

  1. Full support for client components unattended installation/un-installation

With the provided “MSI” offline installers the client components may be installed/uninstalled with no the user interaction. No pop-up messages are displayed. If a machine reboot is required, this will occur automatically.

  1. Handling large Web Monitor reports

A maximal allowed report size is defined. The default maximum allowed size for report generation is now set to 800 MB and this limit may be changed by a registry value. When a generated report size exceeds the maximum allowed size, the user will receive a message with a suggested range of dates that may not exceed the allowed size.

  1. Publishing SharePoint AAM team sites problem

Publishing SharePoint team sites via IAG now works as expected when using Site Collections that have an initial path.
The handled scenario is as follow, the customer has a single SharePoint site that hosts multiple teams. Each team has a unique site that they require access control on. The customer wants to provide a link to the SharePoint team site for a particular team and not to the whole server. The data on these sites is confidential and must not be shared or viewed between teams without explicit permissions. This scenario is working now.

  1. Support a logon name including multi byte characters
  • Double Bytes User ID (Account)
  • Double Bytes User Display Name
  • Double Bytes Group Name
  • Double Bytes OU Name

Note: This is not a full localization feature. The multi byte characters support requires a specific configuration and environment. Detailed description will be publish in Update-1 KB.

  1. Web Monitor report displays users having an apostrophe (`) character in the name

The fix is allowing correct Web Monitor report display for users having an apostrophe (`) character in their name

  1. Fixed a rule set preventing from OWA 2003 clients to use some special characters in a signature

 

  1. Automatic scheduled logoff on an ADFS portal trunk

The fix enforces a full logout when scheduled logoff occurs.
No redirect to ADFS login is implemented, since now IAG allows re-login only for the same lead user, and this cannot be achieved for ADFS groups.

  1. Fixed incorrect cookie parsing when a cookie is including a comma (,) character

Until now the separation between cookies has been performed for both semicolon (;) and comma (,) characters (according to RFC 2109). Such behavior broke the cookies including a comma in the cookie value. Newer RFCs allow only the semicolon character to be a cookie separator. The code has been changed accordingly.

  1. Added functionality allowing client certificate retrieval (user or machine) by the SAN field, in addition to the existing support for the Subject/Issuer fields.

 

  1. Fixed two issues occurring while configuring Secure Port for Active Directory repository
  • An Alternate Server definition caused an error message to the IAG administrator.
  • Automatic check for password expiration feature did not work
  1. Windows 2000 client support was broken in SP2

Update 1 fixes this problem. The client components for Win2K OS should be pre-installed before connecting to IAG portal by a corresponding offline installer.

  1. ActiveSync issues
  • Windows Mobile 6.1 devices communicating to Exchange 2007 SP1 use URLs and parameters that are not fully taken into account in the OOB rulesets and require updating for devices to be able to perform full usage of ActiveSync via IAG.
  • ActiveSync displays a blank screen since the response contains a zero length. That occurs at some random interval when the data is sent by the CAS to IAG. Any customer with Windows Mobile 6.0 & 6.1 using ActiveSync to Exchange 2007 SP1 is experiencing this problem.
  1. Fixed URL Set Level incorrect behavior (URL Inspection tab)

Fixed an issue when applying changes to the URL Set Level slider control. When more than one application is defined and the user is changing a level for any application from the list the actual rule set level appears to correctly have changed, but the new slider level is then applied to the first application in the list.

  1. Fixed a trusted domain authentication problem (relevant for Win2K domain)

Fixed the inability of IAG to authenticate users in a trusted domain when a DNS name is not defined in the Name attribute of the Trusted Domain Object (using the NetBIOS domain name instead).

  1. Fixed a problem when adding attachments for OWA2003 latest update

Update for Microsoft Exchange 2003 (KB 911829) restores functionality to Microsoft Exchange 2003 Outlook Web Access due to changes being made to Internet Explorer in Microsoft Windows Vista.
After installing Update for Microsoft Exchange 2003 (KB 911829), the operation of adding attachments for WOA2003 fails. A change in the client side scripts has changed the policies. Our fix customizes the IAG to work with the new client side.

  1. Logging application category events to Syslog is now implemented.

 

  1. Resolved Socket Forwarding malfunctioning when using Oracle Discoverer Client application

The problem was found with Oracle Discoverer Client version 8.0.6.

Last updated: 20/08/2009