Geeks With Blogs

News Clicky Web Analytics

web stats View David Caddick ('s profile on LinkedIn

Search this Site!

Locations of visitors to this page
View My Stats eXTReMe Tracker
This posting is provided "AS IS" with no warranties, and confers no rights. The opinions expressed within are my own and should not be attributed to any other Individual, Company or the one I work for. I just happen to be a classic techie who is passionate about getting things to work as they should do (and are sometimes advertised and marketed as being able to?) and when I can I drop notes here to help others falling in to the same traps that I have fallen in to. If this has helped then please pass it on - if you feel that I have commented in error or disagree then please feel free to discuss with me either publically or privately? Cheers, Dave
Thin Clients, VDI and Linux integration from the front lines.... Raw and sometimes unedited notes based on my experiences with VMware, Thin Clients, Linux etc.

Courtesy of Doug Brown at DABCC.COM there is this news of what is effectively a hotfix for the CAG (Citrix Access Gateway) I can also confirm with Doug that this will simply update the device without blowing away your existing Config, Licences, etc. However, it is always good practice to plan for the unforseen? so it's not a bad idea to save a copy of the config in a safe place before upgrading, don't you think? ;-))

If you are currently running Citrix Access Gateway version 4.2 you can upgrade to version the 4.2.1 Hotfix using an upgrade file. An upgrade file contains only the software binaries that have been updated. When an upgrade file is installed, the version is updated but all configuration settings, licenses, and certificates are maintained on the appliance.

The following issues were resolved with the Citrix hotfix v4.2.1.  (from the readme)
  • The Access Gateway experiences interoperability problems with some RADIUS servers because it sends the NAS-IP-ADDRESS as The Access Gateway now sends the IP address configured for Interface 0 on the General Networking tab to the RADIUS server. (bz2212)
  • If more than 20 host names are configured in the preauthentication policy, the net6helper Active-X control fails, causing Internet Explorer to close. The content in the policy is checked to make sure there is enough space before filling the buffer. (bz2251)
  • If a file rule for end point resources is created and if the check boxes Require SSL Client Certificates and Enable Portal Page Authentication are selected on the Global Policies tab, the net6help Active-X control fails, causing Internet Explorer to close. (bz2322)
  • The DNS suffix size was limited to 127 characters. The suffix list size is now doubled to 254 characters. (bz2324)
  • The Secure Access Client displays an error message that some intermediate certificates are invalid. The server’s certificate chain could not reliably revalidate the intermediate certificates because it cannot be retrieved for the SSL session object. In this release, the certificate is not revalidated when the server’s certificate chain is using an OpenSSL session. (bz2435)
  • When an authorization request is made using LDAP, and the LDAP environment performs LDAP referrals, the SSL daemon on the Access Gateway resets. End users are disconnected from the Access Gateway and the SSL daemon is reset. (bz2517)
  • IP pooling does not allocate the number of IP addresses correctly. For example, if there are two IP pools, the first with a range of through, the second IP pool cannot start with The second IP pool has to start at With this release, this is fixed. (bz2521)
  • The Access Gateway automatic update process removes the Advanced Access Control logon point, causing the Advanced Access Control to stop functioning. With this release, the Access Gateway resets the desktop Web address when the client upgrades. (bz2560)
  • When an HTTP host header is missing, it causes the server process to experience a fatal error if this is the first request made to the Access Gateway as part of a new Advanced Access Control session. Host headers are required for HTTP 1.1 requests (see RFC 2616) and the connection is responded to with an HTTP 400 request.
    Host headers are not required for HTTP 1.0 connections. Connections of this type are handled correctly, which can include Web browsers connecting through a proxy server. (bz2599)
  • Internet Explorer stops functioning when logging onto the Access Gateway using Advanced Access Control. The LogonPoint page is returned to the user when an error occurs. (bz2684)

Click to download the CTX108902 - v4.2.1 Hotfix for Citrix Access Gateway

Posted on Thursday, February 23, 2006 7:48 PM Citrix , IT Management , Real Cool Stuff , Microsoft Tips , VMware and other Virtualization tools , Security | Back to top

Comments on this post: Citrix Releases v4.2.1 Hotfix for Citrix Access Gateway (CAG)

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Dave Caddick | Powered by: