Intelligent Application Gateway (IAG) 2007 Service Pack 1 release notes
Applies To: Intelligent Application Gateway (IAG)
These release notes provide information and describe issues related to Intelligent Application Gateway (IAG) 2007 Service Pack 1 (SP1), including:
Overview
Notes for IAG 2007 SP1 TAP and Beta users
Change of Web site address
Known issues
Overview
IAG 2007 SP1 introduces the following new features and enhancements to IAG 2007:
Support for endpoint computers running Windows Vista operating systems.
Support for federated identity management. For details, see Enabling Active Directory Federation Services in IAG SP1.
Support for Kerberos constrained delegation. For details, see Configuring Kerberos constrained delegation with IAG SP1.
Support for push e-mail technology with Windows Mobile 5.0 and Windows Mobile 6 on smartphones and Pocket PCs.
All end-users, both administrative and non-administrative, can run Network Connector.
After end-users install the SP1 Whale Client Components on their computer, they won’t need administrative permissions in order to upgrade the components.
On Windows Vista, you can use the ActiveX Installer Service in conjunction with Group Policy to enable non-administrative users to install the Whale Client Components.
Notes for IAG 2007 SP1 TAP and Beta users
These notes are relevant only for users who have previously installed the Technology Adoption Program (TAP) or Beta builds of the IAG 2007 SP1.
Before you install the final release of SP1, you must uninstall the SP1 TAP or Beta build.
Before end-users install the SP1 Whale Client Components, they must uninstall any TAP or Beta components that are installed on their computer.
In this release, all the Whale Client Components support Windows Vista.
Change of Web site address
The URL www.whalecommunictions.com is no longer valid. For information about IAG 2007 see the following address:
https://www.microsoft.com/forefront/edgesecurity
Known issues
Known issues in this release relate to the following:
Support for Windows Vista
Whale Client Components
Attachment Wiper
Socket Forwarding conflict with Microsoft Firewall Client for ISA Server on Windows XP
Proxy server settings in Internet Explorer
Integration with Office SharePoint Server 2007
Enabling Certified Endpoint by using Microsoft CA locally
Support for Windows Vista
The issues described in this section affect only endpoint computers running Windows Vista with default settings. The experience for users running non-default settings may differ. The experience for users running other operating systems remains unchanged from previous IAG 2007 versions.
Browser settings
Users should not launch the browser using the Run as administrator menu command, thus running the browser in elevated mode.
IAG trusted sites
Information about the user-defined Trusted Sites list is not shared between the Endpoint Detection and SSL Wrapper client components. For example: A user is prompted by the Endpoint Detection component to add an IAG site to the Trusted Sites list. The user opts to trust the site. The user then attempts to run an SSL Wrapper application. The SSL Wrapper component does not recognize the user’s previous decision, and again prompts the user to add the site to the list.
Whale Client Components
To deploy the components in offline installation mode, you have to access endpoint computers in a mode that does not require user consent.
Only administrative users can uninstall the components by using Programs and Features in Control Panel. All users, both administrative and non-administrative, can uninstall the components from the portal homepage.
This issue is relevant for deployments where the Socket Forwarding component is installed on the endpoint computer. In this deployment, when users uninstall the Whale Client Components by using Programs and Features on the Control Panel, after they opt to restart their computer, they receive an error message informing them of an error in the uninstall process. The uninstall process continues without user intervention.
Attachment Wiper
The Attachment Wiper might not delete the Microsoft Office 2003 offline folder.
SSL Wrapper
The Socket Forwarding client component is used with all SSL Wrapper applications, including applications where Socket Forwarding configuration on the IAG server, in the Client Settings tab of the Application Properties dialog box, is Disabled. For these applications, Basic mode is used.
Integration with SharePoint sites
After users open a Microsoft Office document via a SharePoint site in Read-Only mode, they cannot switch to Edit mode.
After users open an Office document via a SharePoint site, they cannot use the Check Out option.
Users cannot open shared documents by using Actions > Edit in Datasheet. Users are alerted when trying to switch to this mode.
When users upload files larger than 1MB onto a SharePoint site they might receive an HTTP 500 - Internal Server Error message. The file, however, uploads successfully. The error is received since IAG is configured by default to handle files up to 1MB in size. If you wish to change the default settings, contact your support channel.
Users of Microsoft Office Picture Manager cannot use the option Upload > Upload Multiple Pictures from Picture Library.
Policy compliance
Last Update variable is not detected for the following policy compliance components:
Windows Defender
Windows Live OneCare
Microsoft Forefront Client Security 2007: MS Forefront Anti Spyware, MS Forefront Anti-Virus
Application support
Local Drive Mapping is not supported on endpoints running Windows Vista.
Whale Client Components
The issues described in this section relate to the installation, support, and monitoring of Whale Client Components.
Installation and support on endpoint computers running Windows 2000
Whale Client Components can only be installed by using the Whale Client Components installer.
Functionality of the components is based on IAG version 3.7.0. Features that were added in version 3.7 SP1 are not supported.
SSL Wrapper Java applet is not supported.
Monitoring of services by the Web Monitor
The Web Monitor does not monitor the Whale Component Manager and Whale Network Connector services.
Attachment Wiper
The Attachment Wiper does not delete the following browser data items:
Microsoft Office 2007 items
Wininet cached passwords on Windows XP and Windows Vista
Office Outlook Web Access 2007 items (in some cases)
Socket Forwarding conflict with Microsoft Firewall Client for ISA Server on Windows XP
This issue is only relevant for endpoint computers running Windows XP, where the Microsoft Firewall Client for ISA Server is installed. In this deployment, the Socket Forwarding client component conflicts with the firewall client. When the Socket Forwarding component attempts to install on the endpoint computer, the component detects the conflict, notifies the user, and removes itself.
Proxy server settings in Internet Explorer
In sites where a proxy server is used, users who access the site via Internet Explorer should configure the server in Internet Options > Connections tab > LAN settings > Proxy server.
Integration with Office SharePoint Server 2007
This issues described in this section are relevant for SharePoint Server 2007 implementations.
Users cannot open shared documents with Windows Explorer by using Actions > Open with Windows Explorer.
If one or more SharePoint server names contain special characters, for example: a server named sharepoint-server, follow this procedure:
To enable special characters in SharePoint Server 2007 server names
Access the Application Access Portal (AAP) configuration file:
WhlFiltSecureRemote_HTTP.xml
or
WhlFiltSecureRemote_HTTPS.xml
Depending on your trunk-type.
Note
Be sure to access or create the file in a CustomUpdate folder. For details, see "Advanced Configuration in the Configuration Files" in the Intelligent Application Gateway Advanced Configuration guide on page 278.
In the AAP configuration file, remove the remarks from the following section:
<!--
<URL>
<NAME>.*</NAME>
<SEARCH>\u0025</SEARCH>
<REPLACE>%</REPLACE>
</URL>
-->
Enabling Certified Endpoint by using Microsoft CA locally
When you enable the Certified Endpoint feature by using Microsoft CA installed locally on the IAG, you must stop the Whale services on the IAG computer before you install the CA.