Changes to a MetaFrame XP server's product code do not take effect instantaneously.
When you change a MetaFrame XP server's product code, the change does not take effect until a polling interval passes. When the polling interval is passed, the server attempts to take a new license based on the new product code. The original product code is displayed in the Management Console for MetaFrame XP during the polling interval. [#56603]
Small delay in displaying licenses
When you add, activate, or delete licenses in the Management Console, you can experience a delay of a minute before the updated license information is displayed in the Management Console and the licenses are available to the farm. If you try to refresh the licensing information in less than a minute you may see a message that the license list is incomplete. [#56674]
ica32_all.msi is not supported for independent installation
A new file, ica32_all.msi, is used during the regular installation of MetaFrame XP on a server. Using ica32_all.msi for independent installation of the ICA Client outside of the MetaFrame XP installation is not supported. [#55827]
IMA Service can fail to start when using IPSEC
The Citrix IMA Service can fail to start when IP Security (IPSEC) is required in communications between MetaFrame XP servers and the server hosting the MetaFrame XP server farm's data store. When the MetaFrame XP server is restarted, the IMA Service must wait for the Microsoft IPSEC services to start. You can fix this problem by manually adding PolicyAgent to the IMAService dependencies list. Add the string "PolicyAgent" to the registry value DependOnService under HKLM\SYSTEM\CurrentControlSet\Services\IMAService. [#54405]
MetaFrame 1.8 installation using the Program Neighborhood Agent
If you want to use the Program Neighborhood Agent as the pass-through client on the MetaFrame XP Server and you are upgrading from MetaFrame 1.8, you must install both the full Program Neighborhood Client and the Program Neighborhood Agent when you run MetaFrame Setup. Installing Program Neighborhood updates earlier versions of the Program Neighborhood Client. Not updating the client can cause problems. If you want to install only the Program Neighborhood Agent pass-through client, remove Program Neighborhood using Add/Remove Programs for MetaFrame XP Server with Feature Release 3. Select the Modify option in the installation wizard to remove components. [#58844]
Close the Management Console before running CHFARM
Be sure that the Management Console for MetaFrame XP is closed before you run the chfarm command. Running chfarm while the console is open can result in loss of data and functionality. [#42269]
Multiple servers can be set to be most preferred data collectors
When installing servers into a new zone, multiple servers can be automatically set to be most preferred data collectors. [#57146]
Avoid a forward slash (/) in Active Directory Service account names when using MFCOM
The MFCOM service incorrectly interprets an Active Directory Service user name that contains forward slashes. The "/" in an account name string is interpreted as a folder delimiter. For example, account name "account/01_A" is interpreted as two separate entities, the string "account" is interpreted as a MFCOM folder, and "01_A" is treated as a user name. The most common exception caused is "the parameter is incorrect" but other exceptions can also occur. Either do not use MFCOM to access Active Directory Service account names that contain a "/" or avoid using a "/" in the account names. [#56361]
Setting CTX_MF_ENABLE_VIRTUAL_SCRIPTS for a silent installation
Running a silent installation of MetaFrame XP without setting the MetaFrame XP Setup property CTX_MF_ENABLE_VIRTUAL_SCRIPTS to "Yes" or 1" can cause Setup to abort. A "Yes" or "1" setting prevents a prompt for creating a virtual scripts directory during silent installation. For more information on customizing MetaFrame XP Setup, see the MetaFrame XP Server Administrator's Guide. CTX_MF_ENABLE_VIRTUAL_SCRIPTS is used when the XML port on the MetaFrame XP server is shared with Internet Information Services (IIS) and one of the following is true: * The server is running Windows Server 2003 with IIS installed * The server is running Windows 2000 Server with IIS installed and the IIS Lockdown Tool applied [#62080]
Input from Extended UNICODE Keyboard Support-enabled clients fails in four cases
When you use Windows XP Tablet PC Edition Service Pack 1 with Speech to Text or handwriting recognition invoked (utilizing the writing pad): * If the ICA published application or desktop is configured for the floating bubble option in SpeedsScreen Latency Reduction, the floating bubble will not display text written from within the writing pad panel. [#59204] * Text cannot be entered into a shadowed ICA session. [#59424] * Text cannot be entered into the Windows Logon dialog box for an ICA session. [#59425] * Text cannot be entered into an embedded Web session. [#60599]
Text entered using the keyboard panel is handled correctly.
Known issue with FR3 on Windows 2000:
Downgrading to Feature Release 2 resets the XML port
The XML port is reset to port 80 when you downgrade from MetaFrame XP Server Feature Release 3 to Feature Release 2 on a server on which Internet Information Services (IIS) is not installed. [#58002]
Uninstalled servers continue to be displayed in the Management Console
When you uninstall MetaFrame XP from several servers, the servers that are no longer in the MetaFrame XP farm may continue to be displayed in the Management Console (in the Zones pane of the farm's Properties page). Uninstall MetaFrame XP from only ten servers at a time to avoid this issue. [#58288]
Known issue with FR3 on Windows 2003:
Published application limits
Changes that you make to the application instance limits setting for a published application are effective only for ICA connections established after you change the setting. This means that if users disconnect before or after you change the setting, they can always reconnect to the disconnected session. You can either kill disconnected sessions or restart the machines in the farm after you change the setting for it to be totally effective.
MetaFrame XP server farm-wide logon limits
Changes that you make to the server farm-wide logon limits affect only ICA connections established after you change the setting. This means that if users disconnect before or after you change the setting, they can always reconnect to the disconnected session. You can either kill disconnected sessions or restart the machines in the farm after you change the setting for it to be totally effective.
User access to published applications
Changes that you make to the users or user groups who have access to a published application affect only ICA connections established after you change the setting. This means that if users disconnect before or after you change the setting, they can always reconnect to the disconnected session. You can either kill disconnected sessions or restart the machines in the farm after you change the setting for it to be totally effective. You are likely to see this issue if you move users from group to group or if you completely remove groups from the list of those having access to the application.
Audio as a minimum requirement
Audio as a minimum requirement cannot be enforced on Windows Server 2003 when users are reconnecting to disconnected sessions. This limitation will be fixed in a future release of Windows Server 2003.
Issues using smart cards on Windows Server 2003
Contact your smart card vendor for specific smart card software that is validated by the vendor for use with Windows Server 2003. Citrix recommends that you contact your smart card vendor for advice and support before deploying MetaFrame XP running on Windows Server 2003 with your smart card system.
The minimum encryption level set in a MetaFrame XP policy is not enforced
The minimum encryption level, set in a MetaFrame XP policy using the Management Console, is ignored when Citrix ICA Clients connect to a server running Windows Server 2003. Citrix will be working with Microsoft to resolve this issue. You can use Microsoft Terminal Server Group Policies to enforce minimum encryption level on a Windows Server 2003 server. See "ICA session encryption level can be controlled with Microsoft Group Policies" later in this readme. [#62013]
ICA session encryption level can be controlled with Microsoft Group Policies
You can use the Microsoft Terminal Services Group Policy option, Set client connection encryption level, to set the minimum encryption level for an ICA Session. There are three encryption levels: High Level (128 bit), Low Level, and Client Compatible. When High Level is used, ICA Clients must be configured for 128 bit encryption to access the MetaFrame XP server. When Low Level is used, data is encrypted at the maximum level supported by the ICA Client. A client can be configured at any ICA encryption level to access the server including Basic. When Client Compatible is used Basic is excluded, otherwise data is encrypted at the maximum level supported by the ICA Client. [#28454]
Limiting connections for anonymous users may be enforced erratically in one case
When you set the registry key HKLM\SYSTEM\CurrentControlSet\Control\Citrix\MaxAnonymousUsers to limit connections for anonymous users and the Terminal Services Configuration setting Restrict each user to one session to Yes, the result is erratic enforcement of the limit. Sometimes the connection limit is exceeded without errors and sometimes fewer connections are permitted than the allowed limit. If you want to use the MaxAnonymousUsers registry key to limit the number of anonymous user connections, ensure that Restrict each user to one session is set to No. [#56127]
Installation of Citrix Web Console on a non-MetaFrame XP server
To install the Citrix Web Console on a server that is running Windows Server 2003 but is not running MetaFrame XP, you must turn on Active Server Pages scripting support in Internet Information Services. Follow these steps: Start the Internet Information Services Manager from within Administrative Tools. Click the local computer. Double-click Web Service Extensions. In the right pane, right-click Active Server Pages and select Allowed. [#60081]
Client time zone settings no longer override Windows group policy settings
Help in the Management Console for MetaFrame XP states that client time zone settings override similar settings configured in Microsoft Windows Group Policies. This statement is not true for MetaFrame XP servers running Windows Server 2003. On a server running Windows Server 2003, the Microsoft Terminal Services Group Policy option, "Allow time zone redirection", overrides the Management Console setting, "Use local time of ICA Clients". An ICA session on a client connected to that type of server reflects the server's time zone when "Allow time zone redirection" is disabled. The setting "Use local time of ICA Clients" is ignored. [#62388]
Internet Explorer Enhanced Security Configuration can restrict Internet browsing
Users can be restricted in browsing the internet from an ICA session if the Internet Explorer Enhanced Security Configuration is enabled. This feature is enabled by default when Windows Server 2003 is installed. To allow users to browse the Internet easily follow these steps: 1. Open Add or Remove Programs in the Control Panel. 2. Click Add/Remove Windows Components. 3. Click Internet Explorer Enhanced Security Configuration and click Details. 4. Make sure the setting "For all other user groups" is not selected. Click OK. For security, you may want to leave Internet browsing restricted for the administrator group. [#62591]
Anonymous users must be in the Remote Desktop Users group in order to connect
To allow anonymous users to connect to a MetaFrame XP server, add the anonymous user accounts to the Remote Desktop Users group. Anonymous user accounts are created during MetaFrame XP installation. To administer group access choose Start > Administrative Tools > Computer Management > Local Groups and Users > Groups. [#62483]
After installing MSDE start the MSDE service prior to installing MetaFrame XP
When you install an instance of Microsoft SQL Server 2000 Desktop Engine (MSDE) for use as a data store, start the MSDE service by restarting the server prior to installing MetaFrame XP. The MSDE Service should be running when MetaFrame XP accesses the data store during installation. For more information about installing MSDE from the MetaFrame XP Server CD, see the MetaFrame XP Server Administrator's Guide. [#62944]
Citrix WMI Provider for MetaFrame XP
Using the WMI Provider with servers running Windows Server 2003
Citrix recommends that you do not use a WMI consumer (for example, Microsoft MOM) to manage a server running Windows Server 2003 if you have more than 10 servers in your server farm.