Intelligent Application Gateway (IAG) 2007 Service Pack 2 release notes
Applies To: Intelligent Application Gateway (IAG)
These release notes provide information and describe issues related to Whale Communications Intelligent Application Gateway (IAG) 2007 Service Pack 2 (SP2).
For complete IAG documentation, including explanations, considerations, and other related information, see Intelligent Application Gateway 2007(http://go.microsoft.com/fwlink/?LinkId=134716\&clcid=0x40).
This section describes known issues in IAG 2007 SP2.
Installing and uninstalling IAG 2007 SP2
The following are known issues about installing and uninstalling IAG 2007 SP2:
Before you install SP2 on top of an existing IAG 2007 installation, verify that the configuration was activated on the Configuration console at least once and a configuration file (.egf) was created. This ensures that, if required, you can revert to the IAG version that was installed on the IAG server prior to the installation of SP2. It is also recommended that you back up the existing IAG configuration prior to the installation of SP2.
When IAG 2007 SP2 is uninstalled, configuration settings are restored to the settings that prevailed prior to the installation of SP2. If you plan to reinstall SP2, it is recommended that you back up or export your SP2 configuration so that the settings are preserved, and you can restore them or import them into the system after SP2 is reinstalled.
When IAG 2007 SP2 is installed on an appliance where a previous version of IAG is not installed, such as a new appliance, uninstalling SP2 may leave the appliance in an unstable state.
During the upgrade from IAG 2007 or from IAG 2007 SP1 to SP2, the installation process creates a new configuration file (.egf). After the upgrade, if you create one or more additional configuration files and you then uninstall SP2, the Configuration console continues to use the SP2 configuration file as the default file that opens when you open the Configuration console, instead of the file that was used prior to the installation of SP2. In order to revert to the pre-SP2 configuration settings, you need to manually open the pre-SP2 configuration file in the Configuration console.
Uninstalling IAG 3.7 SP2 from an IAG virtual machine is not supported.
The following are known issues about publishing applications:
After you add applications to the trunk via the Getting Started Wizard, if you close the Add Application Wizard and then re-open it, the applications that you added previously are not displayed in the published applications list on the Published Applications page. You can, however, continue to use the wizard in order to add more applications to the portal.
In order to edit published applications, access the Application Properties dialog box via the Configuration console.
This note applies to Web and browser-embedded applications only. After you add the application to the trunk, if you change the application URL, on the Configuration console, on the Application Properties dialog box, on the Portal Link tab, you need to manually change the application's URL rules, on the Configuration console, on the Advanced Trunk Configuration dialog box, on the URL Set tab. For details about creating and editing URL rules, see Configuring IAG URL rules (http://go.microsoft.com/fwlink/?LinkId=134124\&clcid=0x40).
Integration between Microsoft Office OneNote 2007 and Microsoft SharePoint Products and Technologies (Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0) is not supported via IAG.
IAG HTML-form login isn't supported for users accessing Microsoft Office Communicator Web Access 2007 from Firefox browsers.
Client endpoint policies and detection
The following are known issues about client endpoint policies and detection:
In order to run IAG endpoint detection on endpoint computers running a Firefox browser from Symantec On-Demand Virtual Desktop, end users have to log off from the IAG portal after they access the Symantec On-Demand Virtual Desktop, and then they must log on to the IAG portal again.
In order to run the IAG Attachment Wiper on endpoint computers running a Firefox browser on Windows XP from Symantec On-Demand Virtual Desktop, end users have to log off from the IAG portal after they access the Symantec On-Demand Virtual Desktop, and then they must log on to the IAG portal again.
If you have created or intend to create custom endpoint detection scripts, make sure all the custom detection variables are defined in the custom policy template (PolicyTemplate.xml). Custom variables that are defined elsewhere will not be enforced.
After you create a custom endpoint policy, you cannot create a platform-specific policy by the same name. For example, after you create the policy MyPolicy, you cannot create the policy MyPolicy (Windows). In order to create both policies with the same name, create the platform-specific policy first.
Using Kerberos constrained delegation in IAG
The following are known issues about using Kerberos constrained delegation in IAG 2007 SP2:
If you have configured Kerberos constrained delegation on IAG 2007 SP1, then before you install SP2, you must undo the configuration of Kerberos constrained delegation and revert to the previous IAG configuration. For detailed instructions, see Undoing IAG SP1 Kerberos constrained delegation settings before configuring Kerberos in IAG SP2 (http://go.microsoft.com/fwlink/?LinkId=134714\&clcid=0x40).
When you use Kerberos constrained delegation for single sign-on in IAG, if you use a Lightweight Directory Access Protocol Data Interchange Format (LDIF) file in order to configure delegation in Active Directory Domain Services, the LDIF file replaces the existing delegation information in Active Directory Domain Services with the information in the file, thus deleting any delegation settings that were configured manually. If any settings that were configured manually need to be preserved, you can do one of the following:
When you transfer the LDIF file to the Active Directory domain administrator, inform them that they should note the existing settings before they import the LDIF file and then manually reapply the settings that were deleted.
Export the settings to a text file. When you transfer the file to the Active Directory domain administrator, inform them that they should manually enter the information in this file to Active Directory Domain Services.
For more information, see "Configuring Active Directory computer accounts for Kerberos constrained delegation" in Configuring Kerberos constrained delegation with IAG SP2 (http://go.microsoft.com/fwlink/?LinkId=134125\&clcid=0x40).
Support of Windows Internet Explorer
The Discussion feature in Internet Explorer is not supported via the IAG portal.
When end users attempt to download a file that exceeds the defined buffer size, the download is blocked, and the message "HTTP Error 500 - Internal server error" appears in the browser.
The default buffer size is 10 megabytes. You can change this value on the IAG server by creating the DWORD Value MaxBodyBufferSize under the following registry key and assigning the required value in Value data:
If you deploy client certificates to client endpoints from a certification authority (CA) installed locally on the IAG server, each time you install a CA on the IAG server or remove a CA from the IAG server, in order to start the IAG Configuration console, you need to follow the steps described in this procedure.
To start the Configuration console after local installation or removal of a CA
Start the Configuration console. After you enter your passphrase, the console is displayed, but you cannot use it (the hourglass is constantly displayed).
In Windows Task Manager, click the Processes tab, click the process Configuration.exe, and then click End Process. The Configuration console closes.
At the IAG Configuration Adjustment prompt, click Yes, and then, after the adjustment process is complete, on the IAG Configuration Adjustment dialog box, click Close.
Start the Configuration console.
Clicking the Help link on the Expressions Settings dialog box opens an error page.
Policy upgrade in IAG 2007 SP2
This section describes the method by which endpoint policies are migrated to IAG 2007 SP2 from previous IAG versions, including default policies that are provided by the system and custom policies.
Upgrade of default policies
Default policies that were provided with the system in previous versions are migrated to IAG 2007 SP2 as follows:
The pre-SP2 policy is translated into the corresponding Windows policy. For example, the pre-SP2 SharePoint 2007 Download policy is translated into a SharePoint 2007 Download (Windows) policy. This is true both for policies where the default values were not edited and for policies where the default values were customized.
Mac OS and Linux policies are determined as follows:
If a corresponding system-defined, platform-specific policy exists for a platform, it is applied as the platform's default policy. For example, SharePoint 2007 Download (Mac OS).
If no corresponding platform-specific policy exists for a platform, the value of the policy is set to Never. For example, the default value of the SharePoint 2007 Download (Linux) policy is Never.
The default value of all the default "Other" policies is Never.
Upgrade of custom policies
Custom, user-defined policies are migrated to IAG 2007 SP2 as follows:
The pre-SP2 policy is translated into a corresponding Windows policy.
The default values of Mac OS, Linux, and Other policies are set as follows:
In the pre-SP2 version, if the option Enforce policy only when endpoint detection is enabled was selected, then the Mac OS, Linux, and Other policies are set to Always.
In the pre-SP2 version, if the option Enforce policy only when endpoint detection is enabled was not selected, then the Mac OS, Linux, and Other policies are set to Never.