Release Notes V10.0.0

Remote Control V10.0.0 GA

Features that are introduced in Remote Control V10.0.0 GA
  • New Server Interface

    Remote Control V10.0 introduces a modern look and feel for the server interface based on HCL style, improving usability and user experience.

  • Privacy Mode for Windows 10

    Privacy Mode is a product feature that allows to hide the target screen while in session with a controller. In 9.1.4, it was working on Windows 7 but not on Windows 10 because of Microsoft API changes. Remote Control V10.0 introduces this features for Windows 10.

  • Controller Rework for Commands Executions

    A new property allow.user.commands is introduced in the trc_controller.cfg and controller.properties files. You can configure this property at the Admin Level or at the User Level commands to run on the target during an active session. Enabling this feature removes the command entries in the Perform Action in Target menu of the Controller.

  • New Virtual Smart Card Reader Certificates

    Remote Control V10.0 introduces new certificates for the Virtual Smart Card Reader.

  • MacOS Catalina Notarization Support

    Notarization is a security feature implemented by Apple. At binary execution (or package install time) Apple servers are contacted to confirm if the executbale can be trusted. Remote Control V10.0 introduces notarization support for Target and On-Demand Target.

Previous limitations and issues that are no longer applicable in Remote Control V10.0.0 GA

The following issues have been fixed in Remote Control V10.0

  • Adding new users, groups, and other entities into the remote control server might fail with a 500 Internal Server error

    When new entities are added to the server, for example, users and groups, the server might return a 500 internal server error. The issue occurs if any of the fields in the user or group data is larger than the size of the column in the database. The column is resized after the error occurs; therefore, if you try to insert the user or group into the database again, no error is displayed.

  • The LDAP Configuration Utility saves a password incorrectly if it contains the + symbol

    If you choose to store a password unencrypted when you use the LDAP configuration Utility, do not use a password that contains a + symbol. If you encrypt the password, you must press the Encrypt button until the generated encrypted password does not contain a + symbol. Symptoms of the issue are reported in the log. A BadPaddingException is reported in the log at the LDAP synchronization. The exception causes the LDAP connection to fail, and the users or groups are not imported. The limitation will be resolved in a future fixpack or next release.

  • An error page is displayed when a password that contains a $ symbol is used on the Remote Control server

    When you change your own or another user's password to a password that contains the $ symbol a 500 Internal server error is displayed, and the password is not changed. An exception is also reported in the server log. Therefore, passwords must not contain the $ symbol until the issue is fixed.

  • The All screens view is corrupted in a multi-screen exported recording

    With the introduction of the toggle multiple screens feature, you can view all of the target screens when you select the All screens option. When you export and play a recording of a session in which the All screens option is used, the All screens part of the recording is corrupted. The screen 1 part of the view is initially displayed as a black. However, during the recording, if the user moves the mouse in the screen 1 part, the area where the mouse is moved, is displayed. This issue is seen only in an exported recording.

  • Controller screen is corrupted when the screen saver ends

    During a session in which the Stop screen saver updates when screen saver is active property is set to Yes, the controller screen fails to update correctly when the screen saver is dismissed. When the mouse is moved, the controller screen partially updates. Maximize the controller window to force a full screen update.

The following limitations and issues are no longer applicable because Java Web Start is deprecated as the launch method. The new launch method fixes the issues.
  • Java Web Start does not support FIPS mode and might prevent the controller and player from enforcing compliance with FIPS 140-2 requirements.

    At time of publication, Java Web Start does not support FIPS mode and might prevent the controller and player from enforcing compliance with FIPS 140-2 requirements. When FIPS 140-2 compliance is enabled and the controller or player are started by using Java Web Start, compliance with the FIPS 140-2 requirements might not be fully enforced for all HTTPS encrypted communications.

  • Java Web Start does not support NIST mode and might prevent the controller and player from enforcing compliance with SP800-131a requirements.

    At time of publication, Java Web Start does not support NIST mode and might prevent the controller and player from enforcing compliance with SP800-131A requirements. When NIST SP800-131A compliance is enabled and the controller or player are started by using Java Web Start, compliance with the SP800-131A requirements is not fully enforced. Full compliance with the SP800-131A requirements in this scenario is enforced when the other remote control components are already configured for SP800-131A.

  • Running the Controller in NIST mode might display a previous version of remote control banner

    When you run the controller in FIPS or NIST mode, an old JNLP banner splash screen might be displayed instead of the Remote Control banner. Java caches the splash image and stores the banner. Therefore, if there is a previous run of the controller, Java Web Start does not check to see whether the new image is newer or different. It uses the existing banner. A workaround for this issue is to clear the java cache, which can be done in the Java control panel so that the old banner is no longer used.

Known issues in Remote Control V10.0 GA
At the time of publication, the following issues were known.
  • When the On-Demand Target application is started on macOS, an error is shown

    If you are using the version 10.0.0-0029 or earlier of the Remote Control Server and you are using the On-demand Target on macOS, when you try to start the application, the error message “The application "BigFixRC-xxx" can't be opened.” is shown. To solve the problem, follow the instructions at Error when you start On-demand Target on macOS.

  • macOS Target/On-demand Target to be restarted twice to control or view the remote screen when a session is established
    After the installation, Target and On-demand Target applications that run on macOS 10.15 Catalina need to be restarted twice for the first time. This is because, when a Controller connects to the macOS Target or On-demand Target for the first time, a system panel is displayed by macOS asking to enable specific permissions. The required permissions are: Accessibility and Screen Recording. To enable both the permissions, you need to establish a connection to the macOS Target twice. If you do not provide the needed permissions, the Controller screen does not show the remote Target screen or it is not possible to control the remote Target. For more information, see Enable the required macOS permissions on Remote Control target version V10.
    Note: If the Target computer is running macOS 10.14 Mojave, then only the Accessibility permission is required.
  • Manually remove duplicate shortcuts after Remote Control V10.0 upgrade

    It is a known limitation that when the installer is run for an upgrade (if the Remote Control server is installed already and shortcuts are present), it does not detect the existing shortcuts, though the shortcuts are still valid. To note, the upgrade preserves the same install location.

    To mitigate this issue, during the first upgrade to Remote Control V10.0, the installer asks if shortcuts are to be created. If you confirm yes, there is a possibility that there will be a duplicate shortcut; one named IBM BigFix and the other one named BigFix. In that case, manually remove the shortcut that is referencing IBM.
  • A collaboration session cannot be joined in "pure" Managed mode

    For details and workaround, see HCL Software knowledge article KB0073874

  • Installer UI Mode Error while installing Remote Control server on Windows 2019

    While running the installer, the error message “Installer User Interface Mode Not Supported” is displayed. The workaround is to right click on the installer and run the Windows 8 in compatibility mode.

  • Server installation via Wizard on Windows 2019 fails

    If you run an installation server task via Wizard on Windows 2019, it fails. From the installation log, it seems that there are problems related to the determination of operating system tsetup.ini. This can be due to installation binary must have the compatibility mode set to Windows 8 before to be manually launched.

  • Error while starting the BigFix Remote Control Player
    The workaround for the above issue is to generate a new server certificate ensuring that the entries in the Subject Alternative Name and Common Name fields are the same. For more information, see the following documentations:
  • Blinking while enabling Privacy Mode feature on Windows 10

    While enabling the Privacy Mode feature, you may observe blinking on the obscured target screen and on the controller window. This behavior has been observed on Windows 10 virtual machines with Version 1909. This behavior does not compromise the overall privacy enablement and functionality.

  • New code signing certificates

    Remote Control V10 uses new code signing certificates. When manually installing the remote control components on Windows systems where the Windows Defender SmartScreen feature is present, the warning message “Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.” may be shown.

    Click More info link and proceed with the installation. Over time, the new certificates will gain reputation and the message will no longer show. Refer to Microsoft Documentation for more information about SmartScreen.

  • Manually add the parameter allow.user.commandsto upgrade controller and use the new feature

    During controller upgrade, on Linux environment, the new parameter allow.user.commands is not created in trc_controller.cfg. Therefore, users need to manually add this parameter to use the new feature. This is applicable for all supported platforms. However for managed sessions, during server upgrade, this parameter is added to controller.properties on server and set as 'True' by default.

  • All Screen selection does not work in Privacy Mode with a multiple-screen target with Windows 10 or later

    If Remote Control V10.0 is running on a target with Windows 10 or later with multiple screens, when you try to establish a remote session with that target (either through Peer to peer mode or through Managed mode) and select All Screens after enabling privacy mode, the controller receives corrupted stream, irrespective of the controller version. Fore more information on the Privacy Mode feature, see Privacy Mode and Input Lock. Fore related information, see Viewing multiple target screens.

  • On the BigFix Remote Control Controller for macOS UI, the show help option fails with error message Unable to show help contents.

    Start the controller from /Applications. Close the connection window. Click the question mark icon in the toolbar, then click Help. The error message, Unable to show help contents is displayed.

    As a workaround, you can run the following command, which requires Administrator authority.

    sudo chmod +x "/Applications/Remote Control Controller.app/Contents/Plugins/Java.runtime/Contents/Home/jre/lib/jspawnhelper"

  • The controller might block all input on a macOS system if a key is held down for more than 3 seconds

    If the ApplePressAndHold feature is enabled on macOS, the controller might block all keyboard input if a key on the keyboard is pressed and held for more than 3 seconds. You must restart the controller to regain keyboard input to the controller.

    As a workaround you can disable the feature for the controller application by using the following command:

    defaults write com.bigfix.remotecontrol.controller ApplePressAndHoldEnabled -bool false

    The behavior is prevented when you use the controller in a peer-to-peer session, or when you use the preinstalled controller in a managed session. The workaround has no effect on a controller that is started with a .jnlp file. To use the workaround for a .jnlp file, the ApplePressAndHold feature must be disabled for all applications for the current user. Type the following command to disable all applications.

    defaults write -g ApplePressAndHoldEnabled -bool false

    To re-enable the ApplePressAndHold feature, you can rerun the commands and replace false with true.

  • Issue when you start the controller from a Safari browser on a macOS system.

    The issue is seen when the always.use.preinstalled.controller property is set to true in the trc.properties file. When you use Apple's Safari browser on a macOS system to access the server's web interface and start or join a remote control session or play back a session recording, the application does not open automatically. Instead, a file with a Remote Control icon and the extension .trcjws is automatically saved to the Downloads folder. To open the application, click on the Downloads icon on the right hand side of the Dock and then click the downloaded .trcjws file. Alternatively, use a different browser such as Firefox.

  • Controllers that are using Java 1.6 fail to connect to the server

    Although Java 1.6 is not officially supported since V9.1.2, controllers that run this version of Java fail to connect to the BigFix Remote Control server when HTTPS mode is configured.

  • Log distribution task can cause java out of memory errors

    The log distribution task exports session audit history from the database to log files on the file system. However, the task can cause java out of memory errors when the query it runs returns a large result set. The log distribution task is enabled by default in older versions of remote control. In the new version of remote control, it is disabled by default for new installations. However, when you upgrade from an older version of remote control, the current setting remains in force. Therefore, it is recommended to turn off this feature if you do not require it. It can cause high memory usage and might cause the server to run out of memory. Especially on servers that have numerous session audit logs in the session history. Also, if you do not process and clean up the exported audit logs, they can use up free disk space. For more information about the setting the values, see Audit log distribution.

  • The on-demand target can fail to run in Internet Explorer 11

    If you are using the current version of Internet Explorer 11, the ActiveX control might fail to install when you try to run the on-demand target. Alternatively, you can choose to use Firefox where this limitation does not exist.

  • The chat and collaboration windows remain active and accessible when the target loses the connection

    During a session, if the controller has the chat window or collaboration windows open when the target loses the connection to the network, the chat and collaboration windows remain active and accessible. However, any action that is taken within the windows has no effect.

  • The Num lock icon might not be available to the new master controller after a collaboration session handover.

    During a collaboration session, the num lock icon might not be available to the new master controller after a session handover. The previous master controller still has access to the icon but nothing happens when they click the icon.

  • Participants limit in collaboration is not enforced when participant loses network connection and other participants join

    During a collaboration session, if a participant loses network connection and then reconnects to the session, the participant limit is not enforced when they reconnect. For example, the participant limit is one and UserA is connected to the session. UserA loses network connection. UserB requests to join the session and is accepted. UserA reconnects to the network and because of the session resilience feature, reconnects to the remote control session. Two participants are now in the session although the limit is set to one.

  • The Retry button has no effect when you select to create the database and a database exists.

    During a server installation that uses the installer, if you select to create the database, and a database exists with the same name, an error is reported. The message window provides two options, Retry and Continue. When you click Retry, nothing happens. When you click Continue, the installation proceeds and the existing database is used.

  • Broker support not available in the accessible GUI

    On Microsoft Windows systems, when you use the accessible user interface, the Enter connection code option is not available, preventing you from starting a session through a broker. To enable the option, disable the accessible UI by setting Accessibility=no in the target configuration.

  • Target installer exits and does not install the device driver for the virtual smart card reader

    On 64-bit versions of Windows, during an attended installation of the device driver for the virtual smart card reader, the installer can exit without installing the device driver. This issue occurs if the installation of the Microsoft Visual C++ 2015 Redistributable Package prompts to restart the system and you select No.

    Complete one of the following steps to avoid this issue.
    • During the installation, select Yes instead of No. The system restarts. After you log on, the installation of the device driver resumes automatically.
    • If you do select No, restart the system and rerun the target installation.
Known limitations in Remote Control V10.0
At the time of publication, the following limitations were known.
  • Support for compliance with FIPS 140-2 or NIST SP800-131a is not supported in the macOS components

    In the first phase of macOS support for Remote Control, compliance with FIPS 140-2 or NIST SP800-131a is not supported. The remote control target uses OpenSSL. However, OpenSSL does not have FIPS 140-2 certification and validation for OS X El Capitan (10.11) or macOS Sierra (10.12). The BigFix® Remote Control Target for macOS cannot be configured to run in FIPS mode.

    The BigFix® Remote Control Controller for macOS is bundled with the Oracle Java SE Runtime Environment, which does not have a FIPS certified cryptographic provider. If the controller is configured for FIPS or NIST compliance mode, or it is launched from a remote control server in which FIPS or NIST compliance is configured, the connection to the target fails with the following error message: Error initializing the local FIPS certified cryptographic provider. The session cannot be established.

  • Fast user switching and logging off limitation in the BigFix® Remote Control Target for macOS

    The BigFix® Remote Control Target for macOS does not support Fast User Switching during a remote control session. Also, when you switch to a different user account, no message is displayed on the controller to indicate that the session is temporarily interrupted.

    When a user logs out, all the applications that are running in the user's session are terminated. Therefore, because the BigFix® Remote Control Target for macOS runs as an application, it is terminated too.

    These limitations also apply to the BigFix® Remote Control Target for macOS in an on-demand session.

  • Some policies for unregistered targets are not supported on the BigFix® Remote Control Target for macOS
    The following session policies that are available for unregistered targets, are not supported on the BigFix® Remote Control Target for macOS. For more information about the session policies, see Session policies for unregistered targets
    • Reboot
    • Enable On-screen Session Notification
    • Chat
    • Guidance
    • Allow input lock
    • Set target locked
    • Display screen on locked target
    • Allow input lock with visible screen
    • Disable Panic Key
    • Remove desktop background
    • Hide windows
    • Stop screen updates when screen saver is active
    • Allow chat in session
    • Allow automatic session handover
  • The JNLP file that is started from the controller is prevented from running on macOS because it is unsigned.

    When a .jnlp file is started from the server to run the controller or player, macOS might block it from running. A message reports an unsigned application. No option is available to continue, instead you must go to the control panel, and in the Security & Privacy panel, select the option to allow the application to run anyway. User authentication is requested before you can continue.

    To prevent the message from being displayed, enable the always.use.preinstalled.controller property on the server. Also, ensure that the controller is installed on the macOS system before you start a session.

  • The BigFix® Remote Control Target for macOS application cannot listen on port 888

    As macOS is UNIX based, it prevents applications from listening on port 1024 and lower. These ports require root privileges, but in this release, the target runs with the privileges of the current user. Therefore, the default port is 8787.

  • The standalone player must be installed separately on a macOS system

    The standalone player, which is used to play back local session recordings, must be installed separately on macOS systems. On Windows and Linux systems, this application is installed by the controller package. On macOS systems, install trc_player.pkg separately. You can obtain the trc_player.pkg file from FlexNet Operations or from the BigFix® Remote Control server UI. For more information, see Obtain the installation files.

  • The BigFix® Remote Control Target for macOS adds audit events to a log file in the user's home directory.

    When the AuditToSystem property is enabled, the installed BigFix® Remote Control Target for macOS target adds audit events to a file in the user's home directory, rather than to the system event log. The file is trcaudit_[date]_[time].log file, where [date]_[time] is the date and time that the session took place.

  • BigFix® Remote Control Target for macOS does not support tools

    You can use the Run Tools tab in the controller configuration window to enter tools that can be run on the target. However, running tools on the BigFix® Remote Control Target for macOS is not implemented.

  • Chat, Guidance, and File Transfer session modes are not available.

    Chat, Guidance, and File Transfer session modes are not yet implemented on the BigFix® Remote Control Target for macOS. The target refuses the session when a session is started in one of these session modes.

  • Some options in the controller UI are not supported.

    The following options in the Perform Action in Target menu in the controller UI are not supported: Drawing Tool, Highlighting Tool, Clear Instructions, and Lock Workstation.

  • Global configuration is not available in the installed BigFix® Remote Control Controller for macOS in peer-to-peer mode.

    The trc_controller.cfg file is contained in the Remote Control Target.app. The files and content within the application are signed. If an administrator changes values in the .cfg file, the controller might fail to start. Therefore, the default values cannot be changed in the installed product, nor can the administrator enforce any global configuration settings by using the mandatory options. You can create a local configuration when you run the controller by using the Configure controller option in the controller UI.

  • Unable to inject Force Quit on pre-Sierra macOS targets

    A controller user cannot inject Force Quit against a BigFix® Remote Control Target for macOS that is running OS X El Capitan 10.11.

  • There might be compatibility issues with earlier versions.

    The following limitation is not an issue when you upgrade from version 9.0.0, 9.0.1, or 9.1.0 to Remote Control.

    In IBM® Endpoint Manager for Remote Control version 9.0.0, new capabilities were introduced that can cause compatibility issues with earlier versions. The issues occur if the different components are not upgraded in the correct order.

    The limitation applies only to environments where the gateway and broker components are deployed. In these environments, the broker and gateway must be updated before the server or the target components. After they are upgraded, the targets and server can be upgraded in the order that best suits your environment because there are no dependencies between them.

    Always back up any properties files. You must back up your properties files for a controller upgrade in this release because any existing properties are lost.

    Older versions of Remote Control controllers, earlier that V9.1.4, cannot connect to V9.1.4 targets that by default refuse AES and MARS encryption. Upgrade the controller components to the latest version to avoid this incompatibility.

    For more information, see the BigFix® Remote Control Installation Guide.
  • For a NIST-compliant server, all encrypted SSL/TLS connections must use TLS 1.2 exclusively.

    When the Remote Control server is configured to be compliant with the NIST SP800-131A requirements, it requires all encrypted SSL/TLS connections to use TLS 1.2 exclusively. This compliance requirement can prevent connectivity from the server to other components that might not support TLS 1.2 connections or might require further specific configuration. For example, database servers, LDAP servers, or mail servers.

  • Java does not support legacy use of SSL certificates with SHA-1 in NIST SP800-131A-compliance mode.

    Java does not support legacy use of SSL certificates with SHA-1. This issue affects the server and the controller. When NIST SP800-131A compliance is enabled, the server and the controller components disallow the usage or verification of certificates that use SHA-1. The certificates must be updated to SHA-2.

  • The Choose file to send window remains open when the session times out.

    During a session if the session ends because the inactivity timeout limit is reached, and the Choose file to send window is open in the target, the window does not close at the end of the session. If the target is an on-demand target, the target does not exit until you click OK or Cancel in the window.

  • Some virtualization software does not render a mouse on the guest.

    Some virtualization software does not render a mouse on the guest. Instead, only the mouse on the host is used to stop the user from seeing two pointers instead of one. As a side effect, when the virtual machine is under the control of a remote controller, the local user might not see the mouse move within the guest window.

  • The auto-generated certificate overwrite and password options are not enabled at first.

    During the server installation, when you are using the installer program, the auto-generated certificate overwrite and password options are not enabled at first. If you are using an auto generated certificate and want to enable the overwrite and password options, click Use an auto generated certificate store to enable them.

  • During a session with an on-demand target, if you select 'Inject Alt + Tab' from the controller action menu, it has no effect on the target system.

    This limitation applies to Windows 8.1 and Windows Server 2012 R2 operating systems and it affects standard users only. During a session with an on-demand target, if you select 'Inject Alt + Tab' from the controller action menu, it has no effect on the target system. In Windows 8.1 and Windows Server 2012 R2 operating systems, Microsoft blocks applications from injecting the Alt + Tab keyboard shortcut except for Ease of Access applications. The on-demand target can mark itself as an Ease of Access application when it is run by an administrator user but not when it is run by a standard user.

  • The Use Remote Control Gateway option is not applicable when you install the CLI tools

    When you install the CLI tools in a Windows operating system and select Use a proxy server or a Remote Control Gateway during the installation, two options are enabled. You can either select Use an HTTP proxy or Use a Remote Control Gateway. However, the CLI tools do not work in environments where gateways are configured and the Use a Remote Control Gateway is not applicable.

  • The Enable Privacy and Enable Input Lock options might be available when you are connected to a Linux target

    During a session with a Linux target, the Enable Privacy and Enable Input Lock options might be available in the Perform Action in target menu in the controller. Clicking the options has no effect on the target because these features are not supported on a Linux target.

  • The server UI web session does not time out when the View Current Server Status page is kept displayed

    In the server UI, the logon page is displayed when you select an option after a period of inactivity. The time limit is defined in the web.xml file. However, when you select AdminView Current Server Status and keep the page on display, the web session does not time out. The result is that you can continue to select options after the time limit is reached and the logon page is not displayed.

  • Controller fails to display entire large target screen on computers with not enough VRAM.

    During a remote control session, if the visible target area is too large and the VRAM of the computer that runs the controller is too small, the image on the controller flickers. The scroll bars on the session window do not work and might hide occasionally. The controller session window toolbar might also be hidden by the target screen.

  • Windows 10 startup screen re displays before the smart card initialization completes

    The Windows 10 startup screen is a background image that must be cleared to get to the logon screen. When you go to the logon prompt and there is no further input, the background screen is displayed again. The smart card reader might take a while to load, which means that the background screen is redisplayed before you can select the smart card as the logon method. Therefore, you must clear the background again and choose the smart card.

  • The subjectAltName extension is not supported in broker certificates

    Brokers require an SSL or TLS certificate that is verified by the endpoints or other brokers when they establish a secure connection. The host name can be encoded in the certificate by using two methods. The traditional method that uses the commonName (CN) field in the Subject is deprecated in favor of the subjectAltName extension. SSL or TLS clients must verify any subjectAltName extensions, if they are present, and fall back to the CN field otherwise. Due to a problem with the verification code in the broker and target, the subjectAltName verification is disabled until a solution is found.

  • Some of the components in Remote Control are unable to support verification of wildcard certificates

    The broker, target, and CLI components in Remote Control are unable to support verification of wildcard certificates. The only solution currently is to request a server certificate with the server's full FQDN in the CN field. It is acceptable for the certificate to have subjectAltName fields. The limitation that the broker and target ignore these fields when they verify the certificate.

  • On-demand target run as a normal user is unable to retrieve all of the target system information on a Linux operating system

    When the On-demand target is run on a Linux operating system as a normal user, some of the target information cannot be retrieved when you use the Get System Info feature. The following target information is blank when you retrieve or view the system information. Model, Vendor, Serial Number, UUID.

  • An issue can arise where starting an on-demand remote control session does not work.
    The issue occurs in the following cases:
    • The server is configured for HTTPS and has the cookieSecure attribute set to true in the cookie.xml file. For example, [INSTALLDIR]/wlp/usr/servers/trcserver/cookie.xml
    • The on-demand portal is being accessed by using HTTP instead of HTTPS. It is discouraged to allow unsecured access by using HTTP to the on-demand portal because the Connection Codes that are used for session authorization are sent unencrypted over the internet.

      If a reverse proxy is used to make the on-demand portal publicly available through the internet, configure the reverse proxy to make sure that internet users can access the on-demand portal by using HTTPS only. Access by using HTTP must be disabled. On the remote control server, check that the ondemand.url property in the ondemand.properties file is configured to begin with HTTPS.

  • The on-demand plug-in cannot be installed when using Firefox, HTTPS, and the server's certificate is not signed by a CA in the Firefox truststore.

    When you try to launch the Remote Control on-demand target from the landing page, by using Firefox you might be unable to install the on-demand plug-in if HTTPS is being used and the server's certificate is not signed by a CA in the Firefox truststore.

    The on-demand plugin fails to install when you attempt to start an on-demand session from the landing page, and the following statements are true.
    • You are using the Mozilla Firefox browser.
    • You are using HTTPS to either connect to the reverse proxy, if one is being used, or the server.
    • The certificate that is used on either the reverse proxy or the server (whichever one the user is accessing) is not signed by a certificate authority (CA) that is included in Firefox's truststore.
    The following error is reported: The add-on could not be downloaded because of a connection failure on <server>. This issue prevents the user from using the Firefox plug-in to launch the on-demand target.
    This issue can be resolved by using a server certificate that is signed by a CA that is included in Mozilla Firefox's store. Alternatively, the JNLP method can be used to launch the on-demand target if a version of Java is available on the user's system.
  • Controller cannot detect the insertion or removal of a smart card

    During a session in which smart card authentication is enabled, the controller can fail to detect the insertion or removal of a smart card from the card reader. This issue is intermittent. To resolve the issue when you are in a peer to peer session you can end the session, then close the controller and reopen it. Start a new session and use the smart card feature again. To resolve the issue in a managed session, end the session, start a new session, and use the smart card feature again.