Release 4.11.1 Client

Features and Enhancements

Kiosk Mode

• Domain Drop-down list can now be customized so specific domains can be excluded, and the local computer can be excluded from the list.
• The Password link text can now be customized on the Kiosk Mode Username/Password/Prox Login dialog.
• The network status and session/user status screens can be "pinned" so that users may not alter their positions on the privacy shield.
• Active Touch Keyboard support for login when a touch-screen device or tablet does not have a physical keyboard attached.  The Windows on-screen keyboard is now activated for manual logins.
• PNG images may be used for the privacy shield background image (previous versions only supported BMP image format)

Standard Mode

• Per-user Lock and Logoff times can be set in Standard Mode, Roaming Sessions Mode, or VMware/Citrix VDI Desktop Modes.
• Performance enhancement for login speed when using a prox card device to authenticate reduces login time.

Other

• Web SSO now automatically submits credentials after filling them in on a web page.
• The XA Administrator and XA Help desk now have a friendly "Desktop Favorites" editing form to eliminate the need for Application GUID lookup when helping users with invalid, disabled, or access restricted favorites on the XA Toolbar.
• Enhancements for PubLauncherSF for third-party scripting, community connect, Netscaler gateway support, and applying settings during installation for configuration.
• HCIDeploy Publisher can now show locations for a package so administrators can see the scope of package deployment.
• HCIDeploy Console can now synchronize all workstations associated with a location to expedite the deployment of packages associated with that location.
• HCI Deploy scripts  (or batch files) can now send notifications by having the XA notification application present the message to the user.

Issues Resolved

XA-4961 - Multiple desktop refreshes after package sync with HCI Deploy Console

Observed

When a destination workstation has multiple packages that need to be uninstalled or deployed, and synchronization is performed on the workstation, the XA desktop is refreshed after each package is either uninstalled or deployed - once for each updated package.

Resolution:

A new service command has been added to refresh the desktop.  The console will now trigger this command after all updates have been performed.  Additionally, the refresh desktop function call has been removed from the uninstall and deploy functions so that it is not triggered for each package.

Affects Versions:

4.7.3 and above

XA-4857 - Attempting to use an XA Enabled user that has the same name as the NETBIOS domain name fails

Observed

Given a NETBIOS domain name of XAENG - attempting to log in with a user named XANEG\xaeng (where the user name is the same as the domain name) fails with a user not found.

Resolution:

The API call to LookupAccountName requires the domain name as part of the username so that it doesn't get confused about the account SID retrieval is performed on.  The code previously only provided the username, so the Windows API call assumed the SID for the DOMAIN is what should be returned - this does not include the user RID portion, as it looks up the domain object, rather than a user object to retrieve the SID.

Affects Versions:

All prior versions.

XA-4959 - When using Empty Recycle Bin on the HCI Deploy Publisher, it is possible to delete all packages in the database.

Observed

The server deletes all packages from the database after clicking the Empty Recycle Bin toolbar button

Work Around:

Ensure that the confirmation indicates "Recycle Bin" as the node being emptied - in this instance, the message indicated "Staging" as the location to remove packages from.  If the confirmation does not say Recycle Bin, click no and re-select the recycle bin tree view item, then click the empty recycle bin button again.

Resolution:

The Empty Recycle Bin button is disabled if the last selected node is not the recycle bin location in the locations list (e.g. selecting any other node, or clicking in the staging tree list disables the empty recycle bin button).  Additionally, instead of using the selected node as the target to delete packages from the server, the specific recycle bin node is examined to verify that only packages associated with the recycle bin are deleted from the server.

Affects Versions:

4.11 only

XA-4837 - Tooltips for the HCIDeploy Publisher can be activated when the application is covered by a different application and is not the active window

Observed

When HCIDeploy Publisher is launched and active, the user can hover over the tool buttons to get the help hints - however, this also applies when the application is covered by a different application/window  - hints "bleed-through" and pop up over the currently active window (which is not deploying publisher)

Resolution:

Tooltips/Hint Windows can now only be activated when the application is the active (focused) application.

Affects Versions:

4.11 only

XA-4858 - Wireless devices are not always providing an IP address for auditing

Observed

Wireless tablets and virtual machines with wireless dongles are not having their IP addresses saved to the Audit database. The user is successfully logged in and can access/interact with all of the XA applications they have assigned to that account.

No user_locip is being stored in the Audit database for wireless connected devices only

Machines/devices that are attached to the network via wired will always show the IP in the user_locip field.

Resolution:

A startup delay has been added to the system service so that Wireless adapters have a chance to acquire an IP address before the system reads the values.  In the event an IP is not available, the system service will wait, and re-query the network until an IP has been assigned.

Affects Versions:

All previous versions - Wireless adapters using DHCP IP assignment

XA-4795 - Access violation when UN-pinning a favorite from the XA Toolbar 

Observed

Under certain conditions, when un-pinning a favorite from the toolbar work-space area, an Access Violation would be displayed:

Resolution:

Updating to the latest version of the embedded tile controls resolved the issue with the custom draw method when the control is removed from the cell space of the tile.

Affects Versions:

4.11 Toolbar with Work-space support

XA-4866, XA-4907 - High DPI scaling support distorts Kiosk Mode login dialogs and may hide the login entry fields.

Observed

When using a wide foreground graphic that contains data outside of the login fields, incorrect placement and sizing of the elements occurs, making the login fields not visible.

Resolution:

Fixed incorrect DPI scaling calculation for the foreground image.

Fixed Incorrect width calculation when the mask image centers the input fields instead of being left-aligned to the foreground image

Affects Versions:

4.11 Kiosk Mode

XA-4877 - Access Violation occurs in XA Toolbar when an invalid link has been pinned as a favorite, and the Show Invalid Links option is disabled

Observed

Access violation is created when a favorite is pinned that is an invalid link on the workstation, and HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\eXactACCESS\Override :: TBMenuShowInvalidLinks: reg_DWORD is set to 0 (to not show invalid links) 

Resolution:

The favorites bar has been updated to correctly locate the application that is invalid and display a disabled (gray - depending on the style) button for the invalid favorite.  This allows applications that may be present on some machines, but not on others to remain functional favorites for those machines that have the application present while preventing undesirable behavior when the application is not present (such as notification the application is not found after the user attempts to click the favorite link)

Note that invalid application favorites are still displayed - this is to preserve application ordering so end users are aware the application favorite is present, even when it is not functional for the current workstation.

Affects Versions:

4.10.9 and above

XA-4879 - First-time startup when launching the XA Toolbar, it fails to display the user and application links

Observed

After XA starts and loads the toolbar, it fails to wait for the toolbar to become available as a registered instance in the Running Object Table (ROT) - and therefore, is not able to successfully communicate the user to the instance of the toolbar.  This appears to be related to disk load times of the components

Resolution:

Updated the XA user context manager to wait for the object to become available so that the user can be loaded within the toolbar.

Workaround:

Option 1: After the user is logged in, right-click on the XA tray icon image, and select "Desktop" or "Desktop Refresh..." menu options from the popup.

Option 2: Have the XA Toolbar Desktop started by Windows at the time of session creation, rather than when XA loads - so the toolbar will be "pre-loaded" before a user is logged into XA.

Using batch commands, the system can be configured to perform this operation:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v XATBDeskApp.exe /t REG_SZ /d "c:\program files (x86)\HealthCast\eXactACCESS\XATBDeskApp.exe" /f /reg:64

reg add HKLM\SOFTWARE\HealthCast\eXactACCESS\Override /v AutoLaunchTBDesktop /t REG_DWORD /d 0

reg add HKLM\SOFTWARE\HealthCast\eXactACCESS\Override /v StopTBDOnQuit /t REG_DWORD /d 0

Option 3: Ensure that the HealthCast directory and/or the individual files are excluded from Windows Defender or other virus scanning software.  Lengthy load times of the xatbdeskapp.exe application cause the issue.

Affects Versions:

4.11 when AutoLaunchTBDesktop=1 and StopTBDOnQuit=1

XA-4883, XA-4884 - Unsigned files are present in the install

Observed

Examine properties on HCIShell.exe, and KMPrintCopy.exe in the c:\program files (x86)\HealthCast\eXactACCESS\ folder - note that there is no digital signature associated with the file.  Because the files are not digitally signed with the HealthCast certificate, virus scanners flag the files (false positive), even when they are not infected by a virus. 

Resolution:

Added file signing to the process that builds the components prior to packaging into the installation MSI.

Affects Versions:

All previous versions

XA-4880 - Remote authentication can cause an Access Violation (AV) when invalid username/password are supplied for login

Observed

When attempting to log into XA Kiosk mode, entering invalid credentials (either username or password, or both) - the system shows an Access Violation message rather than the message that the username or password is invalid.

Resolution:

Excessive clicking on the log-in button while the system is attempting to authenticate the first invalid account caused subsequent authentication attempts to be performed unnecessarily.  Prior to returning the failed log-in attempt, all button clicks are processed while the button is still disabled to prevent processing additional clicks after the unsuccessful authentication result.

Affects Versions:

All previous versions - Locking Kiosk mode only

XA-4881 - UTC Time conversion error is logged when tapping a card with an associated PIN record

Observed

After authenticating a card tap and PIN prompt, an error is displayed: The given "12/30/1899" local time is invalid (situated within the missing period prior to DST)

Resolution:

Calls to TTimeZone.Local.ToUniversalTime( now ) functions are not thread-safe, causing the loss of the date parameter value during the call to validate the PIN prompt time.  This function has been replaced with a thread-safe version that does not require translation of local time into UTC.

Affects Versions:

4.11

XA-4900 - Excessive application window flashing in HCIDeploy Publisher when updating the contents of a package

Observed

After updating a package, the entire application window appears to be repainted at least 3 times, making the screen "flash" as the current contents are erased and re-drawn.

Resolution:

During a package update, the status display is shown at the bottom of the window, causing a resize of the application.  Once the package has been updated, the status display is hidden, causing another resize of the application. This status method has been replaced with a popup status window so that the application is no longer resized to display update progress.

Affects Versions:

All previous versions

XA-4908 - Standard Mode (SUM) Credential Provider hangs after pressing ctrl-alt-delete and selecting Lock from the Windows menu screen

Observed

Multiple instances of the credential provider are loaded by Windows that cause a deadlock with badge scanning.

Resolution:

The credential provider now detects that it is loaded in an active Windows user session and aborts connecting to the prox device, allowing the primary credential provider to retain that function.

Affects Versions:

4.10 and above - Standard Mode with Prox Card Support

XA-4914 - Prox card service incorrectly flags a tap-over event when a user taps out and the server is down.

Observed

In a load-balanced environment using a round-robin method for server availability, a single server can be unavailable while traffic is still being directed to it.  In this scenario, a user can tap in and connect to the operational server, and upon tap-out get directed to the non-responsive server. When this happens, the prox card service sends a badge tap notification to the credential provider once it is re-loaded with the expectation that the subsequent query will notify the user that the server is down.  However, in this case, it is able to actually contact the working server, which processes the badge and logs the user back in.

Resolution:

The service will no longer send the notification to the credential provider that a prox card was tapped when it detects the server is not available.  The system is just locked. Subsequent users can tap in and may be notified at that time that the server is unavailable as expected, or they may get connected to the operational server and have a successful log-in experience.  The current user that is leaving is no longer notified that the server is unavailable.

Affects Versions:

4.10 and above - Standard Mode with Prox Card Support - Most prevalent on Windows 10 systems

XA-4919 - Incorrect handling of a connection to 4.11 ProxCard Server

Observed

When using the XA client or the ProxCard Administrative tool, the version of the server was not correctly processed for intermediate versions of the ProxCard Server.

Resolution:

Added version validation to the client components and to the ProxCard Administrative tool to properly decode the data during communications with the server for protocol versions higher than 2.0.

Affects Versions:

All prior versions connecting to a protocol version 2.1 or higher ProxCard server.