Sun Ray Core Services version 4.1 RHEL5.1 SLES10 Patch Update |
Status: RELEASED
Patch Id: 139550-02
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************Summary: Sun Ray Core Services version 4.1 RHEL5.1 SLES10 Patch Update
Date: May/21/2009
Installation Requirements:
Additional instructions may be listed below
Solaris Release: Note: RedHat SUSE
Sun OS Release: Note: RHEL5.1 SLES10
Unbundled Product: Sun Ray Core Services
Unbundled Release: 4.1
Xref: This patch available for SUNOS 5.10 as 139548-02 and for 5.10_x86 as 139549-02
Topic:
Relevant Architecture: i386
BugId's fixed with this patch:
6638939 6699511 6706040 6706607 6709953 6715426 6727792 6730822 6741840 6744675 6745120 6747622 6749640 6754108 6754138 6756504 6758164 6760323 6773304 6775532 6781604 6783751 6785797 6788938 6792954 6800187 6801496 6805507 6807885 6808910 6812067 6813315
Changes incorporated in this version:
6638939 6706607 6715426 6727792 6741840 6744675 6745120 6773304 6775532 6781604 6783751 6785797 6788938 6792954 6800187 6801496 6805507 6807885 6808910 6812067 6813315
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Required Patches:
Obsoleted by:
Files Included in this Patch:
Note: SUNWuta-4.1-50.06.i386.rpm
SUNWutfw-4.1-50.06.i386.rpm
SUNWutgsm-4.1-50.06.i386.rpm
SUNWutm-4.1-50.06.i386.rpm
SUNWuto-4.1-50.06.i386.rpm
SUNWutr-4.1-50.06.i386.rpm
SUNWutref-4.1-50.06.i386.rpm
Problem Description:
6638939 "Choose host from list" option doesn't work for XDMCP sessions with Xnewt
6706607 utsession -k can cause 26 D icons
6715426 [lowbandwidth] Video appears as green when the bandwidth is lowered for chicken.mpg clip
6727792 utseriald denies access to device after server switch
6741840 Killing a Sun Ray session through CLI throws unwanted messages on Linux
6744675 chicken.mpg does not play after disconnecting/relaunching windows session with low MTU value
6745120 Sun Ray 2FS hangs at 26D (Xsun) or is black (Xnewt) when the resolution is set to 640x480
6773304 PIX gateways no longer work for VPN with Sun Ray because of ID type change
6775532 Xnewt dumping core due to a divide by zero error.
6781604 AMGH fails on Sun Rays when server's Primary IP address is unreachable (sim. to CR#6747622)
6783751 Timings forced by 'utresadm' should be overridable by subsequent 'utresadm' invocations
6785797 Sun Ray firmware needs expanded network definition options
6788938 4.1 utauthd has a crash and redirect issue.
6792954 XVideo XvPutImage parameters not working and some boundary conditions not working
6800187 utauthd in SRSS 4.0 on S10/TX appears to leave a number of defunct processes and open ports
6801496 OpenPlatform.cfg and JavaBadgeCAC smartcard config files need to support G D JavaCard card
6805507 Xorg server uses bad locking algorithm which affects SRSS
6807885 Xnewt + XKB can erroneously autorepeat when key reports are dropped or delayed
6808910 Netscreen VPN connections don't come up if the gateway's version ID is not recognized.
6812067 Sun Ray VPN doesn't support AES 192 and 256 bit key sizes.
6813315 Slow repeat key after "utxconfig -k off" when using Xnewt
(from 139550-01)
6699511 Xsun hangs with OSD 26 on Sun Ray DTU with large time on poll() if under VMware and high speed net
6706040 Xnewt can send autorepeated keystrokes into a detached session
6709953 Sessions gets killed with ctrl+alt+backspace when XKB is enabled.
6730822 utauthd does not notice that sessions have been disconnected in certain circumstances
6747622 LAN-connected Sun Rays can't redirect to a server when its primary IP address is not reachable
6749640 Desire a way to use token data external to SRSS to control FOG session access
6754108 Xnewt utilizes 40% CPU for an existing server on switching to another server on Linux
6754138 utuser deprecated "-k" (and -xdisplay and -tokenid) options should be eliminated
6756504 Sun Ray doesn't know how to handle a request for 2 consecutive tokens from an ASA with RSA back end.
6758164 Left-handed mouse orientation functionality is not working as expected with Xnewt
6760323 Entering any prompting dialog causes locks to be reset
Detailed Installation Steps
---------------------------
1. Suppress firmware downloads
If the server being patched is not a member of a Sun Ray
failover group you should skip this step.
If the server being patched is a member of a Sun Ray failover
group then this step is optional but is strongly recommended.
At Patch Installation
---------------------
Before adding this patch to servers configured into a Sun
Ray failover group we advise that you disable Sun Ray
firmware delivery from all unpatched hosts in the failover
group. On each host in the group:
For config parameters (.parms) file:
$ /opt/SUNWut/sbin/utfwadm -D -a -V
For dedicated network interconnects:
$ /opt/SUNWut/sbin/utfwadm -D -a -n all
For shared subnetwork interconnects:
$ /opt/SUNWut/sbin/utfwadm -D -a -N all
Do this only one time, before adding this patch to any
server in the group.
The purpose of this step is to prevent unpatched servers
from offering old firmware to Sun Ray appliances.
2. Stopping Sun Ray services and login sessions
Before the addition of this patch to a Sun Ray server
all users should be logged out of their Sun Ray sessions.
Stop the Sun Ray services using the following commands:
$ /etc/init.d/utstorage stop
$ /etc/init.d/utsvc stop
These commands will terminate any Sun Ray sessions that were not
already logged out.
Next, use the instructions outlined below in the section
"Patch Installation Instructions" for the addition
of this patch.
3. Restart Sun Ray services
After the addition of the patch, Sun Ray
services should be restarted on the system by running
'/opt/SUNWut/sbin/utrestart -c'.
4. Enable firmware downloads
After the addition of this patch on all Sun Ray
servers in a failover group, enable firmware downloads
using one of the following methods:
1) If all Sun Ray servers in the failover group provide default
(non GUI) firmware downloads run this command on one of the servers:
$ /opt/SUNWut/sbin/utfwsync
After which the Sun Ray DTU's will reboot themselves and load
the new firmware.
2) If only some of the Sun Ray servers in the failover group provide
firmware downloads to the DTU's, run the following command
on the servers that do provide firmware:
For default (non GUI) firmware.
For dedicated network interconnects:
$ /opt/SUNWut/sbin/utfwadm -A -a -n all
For shared subnetwork interconnects:
$ /opt/SUNWut/sbin/utfwadm -A -a -N all
For GUI firmware.
For dedicated network interconnects:
$ /opt/SUNWut/sbin/utfwadm -A -a -n all -f \
/opt/SUNWut/lib/firmware_gui
For shared subnetwork interconnects:
$ /opt/SUNWut/sbin/utfwadm -A -a -N all -f \
/opt/SUNWut/lib/firmware_gui
3) Upgrading firmware via the config parameter (.parms) file
For default (non GUI) firmware.
$ /opt/SUNWut/sbin/utfwadm -A -a -V
For GUI firmware.
$ /opt/SUNWut/sbin/utfwadm -A -a -V -f \
/opt/SUNWut/lib/firmware_gui
Then restart services on all servers in the failover group by
executing the following command on a server in the group:
$ /opt/SUNWut/sbin/utfwsync -dRevision History:
139550-01
Patch Installation Instructions:
--------------------------------
NOTE: Before patch installation, make a copy of the auth.props file
which will have to be copied back after patch installation.
cp -p /etc/opt/SUNWut/auth.props <path_name>/auth.props-backup
To install this patch, run the following command for each RPM:
rpm --nodeps -F --noscripts 'rpmname'
Consult the rpm(1) man page for more details.
NOTE: After patch installation, restore the saved auth.props file.
cp -p <path_name>/auth.props-backup /etc/opt/SUNWut/auth.propsSpecial Install Instructions:
-----------------------------
NOTE 1: This patch is for the Sun Ray Core Services 4.1 component
that is part of Sun Ray Server Software 4.1.
NOTE 2: This SRSS patch does not support Live Upgrade. Please do not
install this patch via live upgrade.
NOTE 3: The DTU firmware delivered in this patch has the following version
identification string
4.1_139548-02_2009.05.13.18.59
GUI4.1_139548-02_2009.05.13.18.59
Required Patches
----------------
Warnings & Errors
-----------------
** WARNING: This patch should only be applied to systems which have
Sun Ray Server Software 4.1 fully installed.
Do not attempt to add this patch to the UFS image to be
applied as part of the install process.
Post-Patch Installation Notes:
------------------------------
Automated Token Importation (ATI)
A feature has been added in this patch which allows
controlling session access based on information stored in
customer data sources. In addition to man pages delivered
with this patch, a description has been added to the
Sun Ray Server Software 4.1 Release Notes available at:
Solaris: http://docs.sun.com/app/docs/doc/820-3774
Linux: http://docs.sun.com/app/docs/doc/820-3775
Regression fix for Cisco PIX gateways
The addition of support for the Netscreen family of VPN
gateways in the SRSS 4.1 release caused the Cisco PIX family of
VPN gateways to stop working, though ASA and 3000 series
continue to function correctly. Unfortunately, the fix for this
requires that the VPN configuration now include an item to
specify what type of VPN gateway the Sun Ray will be connecting
to. This configuration can be done using the local GUI tool
available on the Sun Ray, or through the download of a
configuration file, using the "Download Configuration" option
of the GUI tool. A couple of other useful options have been
added to the VPN configuration, including the PFS group to use,
the IPsec phase 2 lifetime, and a switch to enable Dead Peer
Detection. (Dead Peer Detection was also introduced in SRSS 4.1,
and was on by default. Unfortunately, having it enabled also
causes the PIX gateways to fail, so it must be disabled for PIX.)
The new values in the configuration file use these keywords and
value types:
vpn.peertype integer/string (0 or "cisco" = Cisco,
1 or "netscreen" = Netscreen)
vpn.pfsgroup integer Diffie-Hellman group for Perfect
Forward Secrecy
vpn.ipsectime integer IPsec SA lifetime for phase 2 proposals
in seconds
vpn.dpdswitch integer non-zero -> enable DPD
Other than the peertype, these values may also be set using the
"Advanced" submenu of the VPN configuration menu.
Keyboard Autorepeat Limitations
In SRSS 4.1, the Xnewt server could accidentally start autorepeating
a key under certain circumstances. This patch contains a fix for that,
but part of that fix includes code that forces the autorepeat "delay"
parameter to be at least 600ms. Any request to set it lower is ignored.
README -- Last modified date: Thursday, May 21, 2009
Sun Contracted Content
Sun Contracted Feature
