Intelligent Application Gateway (IAG) 2007 Service Pack 1 release notes

Applies To: Intelligent Application Gateway (IAG)

These release notes provide information and describe issues related to Intelligent Application Gateway (IAG) 2007 Service Pack 1 (SP1), including:

  • Overview

  • Notes for IAG 2007 SP1 TAP and Beta users

  • Change of Web site address

  • Known issues

Overview

IAG 2007 SP1 introduces the following new features and enhancements to IAG 2007:

  • Support for endpoint computers running Windows Vista operating systems.

  • Support for federated identity management. For details, see Enabling Active Directory Federation Services in IAG SP1.

  • Support for Kerberos constrained delegation. For details, see Configuring Kerberos constrained delegation with IAG SP1.

  • Support for push e-mail technology with Windows Mobile 5.0 and Windows Mobile 6 on smartphones and Pocket PCs.

  • All end-users, both administrative and non-administrative, can run Network Connector.

  • After end-users install the SP1 Whale Client Components on their computer, they won’t need administrative permissions in order to upgrade the components.

  • On Windows Vista, you can use the ActiveX Installer Service in conjunction with Group Policy to enable non-administrative users to install the Whale Client Components.

Notes for IAG 2007 SP1 TAP and Beta users

These notes are relevant only for users who have previously installed the Technology Adoption Program (TAP) or Beta builds of the IAG 2007 SP1.

  • Before you install the final release of SP1, you must uninstall the SP1 TAP or Beta build.

  • Before end-users install the SP1 Whale Client Components, they must uninstall any TAP or Beta components that are installed on their computer.

  • In this release, all the Whale Client Components support Windows Vista.

Change of Web site address

The URL www.whalecommunictions.com is no longer valid. For information about IAG 2007 see the following address:

https://www.microsoft.com/forefront/edgesecurity

Known issues

Known issues in this release relate to the following:

Support for Windows Vista

Whale Client Components

Attachment Wiper

Socket Forwarding conflict with Microsoft Firewall Client for ISA Server on Windows XP

Proxy server settings in Internet Explorer

Integration with Office SharePoint Server 2007

Enabling Certified Endpoint by using Microsoft CA locally

Support for Windows Vista

The issues described in this section affect only endpoint computers running Windows Vista with default settings. The experience for users running non-default settings may differ. The experience for users running other operating systems remains unchanged from previous IAG 2007 versions.

Browser settings

Users should not launch the browser using the Run as administrator menu command, thus running the browser in elevated mode.

IAG trusted sites

Information about the user-defined Trusted Sites list is not shared between the Endpoint Detection and SSL Wrapper client components. For example: A user is prompted by the Endpoint Detection component to add an IAG site to the Trusted Sites list. The user opts to trust the site. The user then attempts to run an SSL Wrapper application. The SSL Wrapper component does not recognize the user’s previous decision, and again prompts the user to add the site to the list.

Whale Client Components

  • To deploy the components in offline installation mode, you have to access endpoint computers in a mode that does not require user consent.

  • Only administrative users can uninstall the components by using Programs and Features in Control Panel. All users, both administrative and non-administrative, can uninstall the components from the portal homepage.

  • This issue is relevant for deployments where the Socket Forwarding component is installed on the endpoint computer. In this deployment, when users uninstall the Whale Client Components by using Programs and Features on the Control Panel, after they opt to restart their computer, they receive an error message informing them of an error in the uninstall process. The uninstall process continues without user intervention.

Attachment Wiper

The Attachment Wiper might not delete the Microsoft Office 2003 offline folder.

SSL Wrapper

The Socket Forwarding client component is used with all SSL Wrapper applications, including applications where Socket Forwarding configuration on the IAG server, in the Client Settings tab of the Application Properties dialog box, is Disabled. For these applications, Basic mode is used.

Integration with SharePoint sites

  • After users open a Microsoft Office document via a SharePoint site in Read-Only mode, they cannot switch to Edit mode.

  • After users open an Office document via a SharePoint site, they cannot use the Check Out option.

  • Users cannot open shared documents by using Actions > Edit in Datasheet. Users are alerted when trying to switch to this mode.

  • When users upload files larger than 1MB onto a SharePoint site they might receive an HTTP 500 - Internal Server Error message. The file, however, uploads successfully. The error is received since IAG is configured by default to handle files up to 1MB in size. If you wish to change the default settings, contact your support channel.

  • Users of Microsoft Office Picture Manager cannot use the option Upload > Upload Multiple Pictures from Picture Library.

Policy compliance

Last Update variable is not detected for the following policy compliance components:

  • Windows Defender

  • Windows Live OneCare

  • Microsoft Forefront Client Security 2007: MS Forefront Anti Spyware, MS Forefront Anti-Virus

Application support

Local Drive Mapping is not supported on endpoints running Windows Vista.

Whale Client Components

The issues described in this section relate to the installation, support, and monitoring of Whale Client Components.

Installation and support on endpoint computers running Windows 2000

  • Whale Client Components can only be installed by using the Whale Client Components installer.

  • Functionality of the components is based on IAG version 3.7.0. Features that were added in version 3.7 SP1 are not supported.

  • SSL Wrapper Java applet is not supported.

Monitoring of services by the Web Monitor

The Web Monitor does not monitor the Whale Component Manager and Whale Network Connector services.

Attachment Wiper

The Attachment Wiper does not delete the following browser data items:

  • Microsoft Office 2007 items

  • Wininet cached passwords on Windows XP and Windows Vista

  • Office Outlook Web Access 2007 items (in some cases)

Socket Forwarding conflict with Microsoft Firewall Client for ISA Server on Windows XP

This issue is only relevant for endpoint computers running Windows XP, where the Microsoft Firewall Client for ISA Server is installed. In this deployment, the Socket Forwarding client component conflicts with the firewall client. When the Socket Forwarding component attempts to install on the endpoint computer, the component detects the conflict, notifies the user, and removes itself.

Proxy server settings in Internet Explorer

In sites where a proxy server is used, users who access the site via Internet Explorer should configure the server in Internet Options > Connections tab > LAN settings > Proxy server.

Integration with Office SharePoint Server 2007

This issues described in this section are relevant for SharePoint Server 2007 implementations.

  • Users cannot open shared documents with Windows Explorer by using Actions > Open with Windows Explorer.

  • If one or more SharePoint server names contain special characters, for example: a server named sharepoint-server, follow this procedure:

    To enable special characters in SharePoint Server 2007 server names

    1. Access the Application Access Portal (AAP) configuration file:

      WhlFiltSecureRemote_HTTP.xml

      or

      WhlFiltSecureRemote_HTTPS.xml

      Depending on your trunk-type.

      Note

      Be sure to access or create the file in a CustomUpdate folder. For details, see "Advanced Configuration in the Configuration Files" in the Intelligent Application Gateway Advanced Configuration guide on page 278.

    2. In the AAP configuration file, remove the remarks from the following section:

      <!--

      <URL>

      <NAME>.*</NAME>

      <SEARCH>\u0025</SEARCH>

      <REPLACE>%</REPLACE>

      </URL>

      -->

Enabling Certified Endpoint by using Microsoft CA locally

When you enable the Certified Endpoint feature by using Microsoft CA installed locally on the IAG, you must stop the Whale services on the IAG computer before you install the CA.