This article has been archived. It is offered "as is" and will no longer be updated.
Update 1 is available for e-Gap Appliance 3.6 and for Microsoft Intelligent Application Gateway 2007 (version 3.7). The update functionality is the same for e-Gap Appliance 3.6 and for Intelligent Application Gateway 2007. However, this update is released in the following two kits:
e-Gap Appliance 3.6
e-Gap3.6-SP1Update-1 (e-Gap v3.6 SP1 Update-1)
Intelligent Application Gateway (IAG) 2007
IAG3.7-SP1Update-1 (IAG v3.7 SP1 Update-1)
Fixes that are included in the update
This update includes fixes for the following issues.
Consider the following scenario:
A client computer can access the e-Gap server or the IAG server only through a proxy server.
On the client computer, the proxy settings in the Internet Options are not explicitly configured. For example, the client computer uses automatic discovery or a configuration script for proxy settings.
In this scenario, the client components cannot check the server's identity, such as its certificates and its certificate revocation lists (CRL). In this situation, the user is notified that the server's identity cannot be checked. Therefore, the whole functionality of the client components is disabled.
This issue occurs because the client components do not function correctly if the browser is configured to use a configuration URL for proxy settings.
When a client validates the server identity, the client components check the CRL. If the CRL check fails for some reasons, the client components notify the user that the CRL cannot be checked. Therefore, the whole functionality of the client components is disabled.
This update includes the following changes to address this issue:
If the Internet Options are configured not to check CRL, the client components do not check the CRL.
If the CRL check that uses WinHTTP fails, the client components switch to use Windows Internet Services (WinInet).
If the CRL check fails, the user is prompted with an option to skip the CRL check.
Note If the CRL check discovers that the certificate is revoked the user is prevented from continuing.
Additionally, this update includes the following design changes.
Currently, customized detection scripts must be signed by Microsoft or by Whale Communications. After you apply this update, the client components will validate the signature only for Microsoft built-in scripts. All customized detection scripts will not require signatures. Customers who want to enforce signature checking for custom scripts can set the following registry entry:
To enforce signature checking for custom scripts, set the SignedAllScripts registry entry to 1.
This update includes the newest detection script (version 1.65).
A supported hotfix is now available from Microsoft. However, it is intended to correct only the problem that this article describes. Apply it only to systems that are experiencing this specific problem.
To resolve this problem, contact Microsoft Customer Support Services to obtain the hotfix. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:
Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
To apply this update for e-Gap Appliance 3.6, you must have e-Gap Appliance 3.6 Service Pack 1 (version 3.6.1) installed on the computer.
To apply this update for Intelligent Application Gateway 2007, you must have Intelligent Application Gateway 2007 Service Pack 1 (version 3.7.1) installed on the computer.
You do not have to restart the computer after you apply this update.
This update does not include offline installation of the client components. If customers want to use offline installation, they must install the offline client components in e-Gap Appliance 3.6 Service Pack 1 or in Intelligent Application Gateway 2007 Service Pack 1. The first time that the user accesses the computer that has this update applied, the client components will upgrade automatically.
The instructions in the following file are not updated to align to the new behavior of the signature requirement: