Release 4.11.0 Client

Issues Resolved

XA-1000 - HCLFOLogger.exe crash, preventing logging from functioning

Observed:

Events are logged in the Windows event log indicating an AppCrash of the HCI Logging Service (HCLFOLogging.exe)

Resolution:

The access violation causing the crash has been addressed

Affects Versions:

4.8.3 through 4.10

XA-4581 - When specifying Icon locations using an environment variable, the icons for an application revert to using the default icon instead of the icon specified

Observed:

Using environment variable to specify an icon path was non-functional

Resolution:

The eXactACCESS desktop applications have been updated to recognize the %XAUCM% environment variable as being the location of the eXactACCESS client root directory.  It is now properly parsed so that icons can be located when they are specified for an application with the /ICON:%XAUCM%iconname.ico parameter.

Affects Versions:

4.9 and above

XA-4634 - The ProxCard administrator allows for badges to be used that are intended to be excluded by the client configuration

Observed:

Enabling Parity Checking, Bit Count Filtering, and Facility Filtering on an endpoint is intended to prevent specific/invalid badges from being used.  Using the ProxCard Administrator on a configured workstation allowed for these badges to be enrolled, even though they would not function with the client.

Resolution:

The ProxCard Administrator has been enhanced to validate the card that is tapped before it may be enrolled.

Affects Versions:

All previous versions

XA-4244 - Memory leak in autologoff.exe

Observed:

When a session is configured to a multi-day logoff timeout and the process stayed running for a long period of time, the memory consumed by the process would exceed 2gb, causing a crash.

Resolution:

The Windows API call to check for session activity time on Windows 7 has a known memory leak.  Session activity time checking specifically on Windows 7 no longer uses this API call.

Affects Versions:

4.10 Windows 7 systems only

XA-4265 - XA Application Desktop flow panel loses resize event connection and fails to resize correctly.

Observed:

When re-sizing the application desktop to its minimum size, it appears that the flow panel will "lose" its connection to the resize event. This causes the display to no longer conform to the size of the form and ends with the app links all being displayed as a single column or a single row.

Resolution:

The form size has been limited to a minimum height and width to correct the loss of the events due to the panel becoming non-visible when the form shrinks far enough to hide the desktop links.

Affects Versions:

All previous versions

XA-4207 - Credential provider for SUM leaking Global Atoms

Observed:

When a standard mode workstation is locked and unlocked, the credential provider creates global atoms but does not release them.

Most prevalent on Windows 7 as the credential provider is loaded at boot time and does not unload until a system reboot takes place.

Resolution:

The credential provider no longer retains the component that created these global atoms and releases them back into the system.

Affects Versions:

4.8.0 through 4.10

XA-4297 - Transparency setting for status dialog is not being applied correctly

Observed:

Configuration settings for transparenteffect and transparentvalue for status display images when loaded by the eXactACCESS user context manager were not being applied to the status display.

Resolution:

The method calls to load the settings from the XML file were updated to properly load the attribute values from the settings line and configure the status display.

Affects Versions:

4.10

XA-4370 - eXactACCESS desktop is not able to launch applications that have parameters that contain the percent (%) sign

Observed:

COMMAND LINE PARAMETER:

url=CTX_CurrentFolder=%5cFastPass<<url=sso_tul_NextGen%20EMR%20Production

What shows up on XA desktop:

url=CTX_CurrentFolder=20EMR%20Production

It appears that the command line is being truncated because the parameter is URL encoded and these are not actual environment variables, though they are being treated as variables with substitution - since the environment variable does not exist, it is replaced with blank.  Note that the section highlighted in bold is what is dropped - the pieces between the leading and trailing % sign.

Resolution:

The parsing for environment variables has been altered to validate the existence of the variable name in the environment.  If the name does not exist, it is not replaced with blank, because it isn't defined, it is assumed to NOT be an environment variable replacement.

Affects Versions:

4.10.5 to 4.10.7

XA-4386 - Using local authentication when a Password was expired instead treated the login attempt as Account expired and failed to allow the user to change their password

Observed:

When a user's password is expired, and the workstation is configured to use Local Authentication, the user is not allowed to change their password.  The message presented to the user is "Your account has expired. Please see your system administrator."

Resolution:

The incorrect interpretation of the return result of the authentication attempt has been corrected.  The expected password expired result is now returned and handled properly.

Affects Versions:

4.8.3 through 4.10

XA-4400 - Foreign characters appear on the Windows login screen after the user changes their password

Observed:

After a user changes their password in standard mode, the credential provider displays characters that appear to be a foreign language set.

Resolution:

The password change was being released and wiped from memory and the display was showing data from an invalid region of ram.  The characters displayed would then be interpreted as a Unicode character set. As the data was random, no coherent message is displayed.  The user name data is now retained until the user session is fully logged in, thus access to the memory region storing the user name is still present while it may still be displayed.

Affects Versions:

4.9.2 and above

XA-4403 - Credential provider hangs displaying prox card icon window on the Windows Login screen

Observed:

It appears that sometimes when showing the proxicon window, the credential provider gets in a hung state. The users have to kill logonui.exe to recover.

Resolution:

A deadlock in the calling thread that started the proxicon thread when it tries to call showindow on the proxicon window handled right after creating the dialog window has been resolved.

Affects Versions:

4.10.7 and above

XA-4440 - HCI Deploy publisher allowed the recycle bin location to be deleted.

Observed:

Right-clicking on the recycle bin allows the location to be deleted.

Resolution:

The popup menu now recognizes the recycle bin location as being non-removable and the option has been disabled.

Affects Versions:

All previous versions

XA-4451 - HCI Logging service does not consistently start when the system has been rebooted.

Observed:

When a system is rebooted, the service shows in a stopped state when looking at the services MMC snap-in.  The process does not show in the task manager.

Resolution:

The service will restart internal processes that have abnormally terminated when resources are not available unless it is manually stopped by the service control message.

Affects Versions:

All previous versions

XA-4457 - Memory leak in credential provider for SUM

Observed:

In several cases, we create a solid brush for the three dialogs: User List, Status Dialog, and ProxIcon Dialog

Resolution:

The brush handle is now being closed/disposed of in accordance with Microsoft documentation on handle deallocation.

Affects Versions:

All previous versions

XA-4541 - Logging is truncating data if the log line includes a double quote as part of the data to log

Observed:

Reviewing debug logging revealed that when outputting XML type data, the data is truncated as in the example of a user object representation: Operation: " * Loading user from data:<USERINFO SID="

Resolution:

The closing quote for the operation is now scanned from the right to determine where the operation ends, rather than being scanned from the left to find the closing quote

Affects Versions:

4.10

XA-4570 - HCI Deploy fails to deploy packages when there are multiple packages to be deployed at the same time.

Observed:

When a new machine is joined to a deployment server at installation time, and the deployment server has multiple packages assigned to the default location, the new machine fails to synchronize all packages, and instead only downloads a single package.

Resolution:

The deployment process has been adjusted to fully download all packages prior to the deployment step, rather than downloading only a single package for deployment.

Affects Versions:

All versions prior to 4.10.10

XA-4739 - When adding a role using the eXactACCESS Administrator, the role cannot be dropped on the organization map until the role frame has been refreshed

Observed:

After adding a role to eXactACCESS with the Administrator, the role could not be dropped on the organization map.

Resolution:

The group identifier for the newly added role was not properly assigned to the group object identifying it as an XA enabled role, even though the icon was changed.  The group ID is now properly assigned, reflecting the role is XA enabled, thus allowing it to be assigned to a control item on the organization map.

Work around:

Refreshing the roles frame in the administrator would re-load the role information, including the group ID assigned to the object, correcting the issue.

Affects Versions:

All previous versions

XA-4756 - HCI Deploy Console fails to properly synchronize a client

Observed:

Using the console application to manually synchronize a client after package groups have been re-arranged with the publisher application resulted in a failure to synchronize the changes.

Resolution:

Package IDs and versions changed due to deleting a package name and re-creating the package using the same name (prior to a synchronization happening) with the publisher results in a situation where the client indicated the package was already deployed and a failure to deploy the new version.

Obsolete packages or IDs and versions that no longer exist on the server in comparison to the local client identification are now removed prior to downloading new packages, eliminating the confusion on the part of the client.

Affects Versions:

All previous versions

XA-4761 - When IPv6 is enabled on a client, multiple deprecated IPv6 addresses make the audit events too long to store in the DB

Observed:

On some systems with IPv6 enabled, the machine receives several (5+) "TENTATIVE" IP addresses or those marked (DEPRECATED) which are included in audit messages to identify the machine origin of the message.  Because IPv6 addresses are 128 bit, the textual representation of these becomes excessive and exceeds the capacity of the audit server to pass the schema validation for an audit message.

Resolution:

IP addresses that are marked DEPRECATED are not added to the IP identification of the source workstation so that only truly assigned or tentative addresses are logged for the origin of the audit message.

Affects Versions:

All previous versions

XA-4764 - The logging service is not using the correct environment passed in from a user session, so environment variable parsing fails

Observed:

When attempting to configure a log to use environment variables, the logging component sent the environment variables from the session to the logging service.  However, the logging service did not use this environment to parse the variables, so the logs do not appear in the intended destination.

Resolution:

The Windows API call to evaluate environment variables does not include an environment block parameter. Environment variable parsing is now handled internally using the passed in environment block.

Affects Versions:

4.7 and above

XA-4775 - User Properties are not sorted in the eXactACCESS Administrator, making it difficult to locate an application assigned to a user.

Observed:

After searching for a user in the Users pane of the XA Administrator, right-click and select Properties from the popup menu.  This display a list of roles the user is a member of, with a list of applications associated with the role. The list of applications in the left pane for each role -the roles are sorted, but the sub-items are not sorted, making it difficult to find an application of interest when there are many available under a particular role.

Resolution:

Sorting the sub-items has been enabled during the display of sub-items of a role.

Affects Versions:

All previous versions

XA-4793 - The eXactACCESS Administrator does not allow for entering parameters longer than 200 characters (the limit for versions of XA older than 4.11)

Observed:

Attempt to update XA Toolbar Desktop favorites for a user that has more than 3 pinned items results in a loss of data when connected to a 4.11 server that allows for more than 40 items.

Resolution:

The XA administrator field editing for versions prior to 4.11 have a specified limit of 200 characters that automatically truncates the data before it is sent to the server.  To edit these items when using a 4.11 server, the 4.11 client administrator must be used.

Affects Versions:

All versions prior to 4.11

XA-4798 - HCI Deploy schedules with intervals over 20 minutes fail to synchronize the client at the appropriate time.

Observed:

When configuring HCI Deploy to check in with the server in intervals longer than 20 minutes (30 minutes or above), the schedule is not executed in the expected time.  In addition, the 12-hour schedule would cause the workstation to never be synchronized and an index out of bounds error is generated.

Resolution:

A schedule parsing error has been corrected for the 30-minute and 45-minute settings to correct the index lookup values to return the appropriate interval for the schedule.

Affects Versions:

All previous versions