Dell Wyse ThinOS Lite Release 2.6 Administrator’s Guide April 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Introduction................................................................................................................. 6 About this Guide............................................................................................................................................................... 6 Technical Support..........................................................................................................................................................
Configuring the central configurations........................................................................................................................ 60 Configuring the general central configurations .................................................................................................. 60 Configuring the Wyse Device Agent settings....................................................................................................... 61 Configuring the VPN manager.........................
Appendix A: Creating and Using xen.ini Files.............................................................................. 164 Downloading and Using Sample INI Files........................................................................................................... 164 Rules and Recommendations for Constructing a xen.ini File.................................................................... 164 Parameters for a xen.ini file............................................................................
1 Introduction The Dell Wyse ThinOS Lite family of products are zero clients built for Citrix Virtual Apps and Desktops (formerly Citrix XenDesktop) and Citrix Virtual Apps (formerly XenApp) environments. These products represent an entirely new approach in delivering virtual desktops. ThinOS Lite zero clients deliver a Citrix HDX experience with zero delays, zero management, zero security risks, and almost zero energy use.
○ UI enhancement on the Wyse Device Manager console to display the device details of peripheral devices connected to the ThinOS client. For more information, see the Dell Wyse Device Manager Administrator's Guide at www.dell.com/ support. ○ Added support for Caradigm Way2Care. See, Caradigm Way2Care enhancement. ○ Added support for Vertical Synchronization to eliminate screen tearing. See, Vertical Synchronization. ● INI parameter updates: Added new INI parameters. See, Parameters for a xen.ini file.
2 Before working on ThinOS Lite This section contains information about firmware upgrade and system configuration that you need to know before using ThinOS Lite version 2.6. Firmware upgrade Firmware upgrade is the process of updating your existing ThinOS Lite firmware version to the latest version.
Installing the Windows IIS creates the directory C:\inetpub\ftproot, which is known as the FTP root. In the ftproot directory, create a folder wyse and a sub folder xen. The directory structure must read as C: \inetpub\ftproot\WYSE\xen. To upgrade the ThinOS Lite firmware using FTP server: 1. Go to www.dell.com/support. 2. Download the latest ThinOS Lite firmware and latest ThinOS Lite packages that corresponds to your thin client model.
5. Apply the settings and close the IIS admin console. Installing IIS creates the default directory C:\inetpub\WWWroot, which is known as the WWW root. In the WWWroot directory, create a folder WYSE and a sub folder xen. The directory structure must read as C: \inetpub\wwwroot\WYSE\xen. To upgrade the ThinOS Lite firmware using HTTP or HTTPS server: 1. Go to www.dell.com/support. 2. Download the latest ThinOS Lite firmware and latest ThinOS Lite packages that corresponds to your thin client model.
. In the Device Configuration pane, click Firmware Upgrade, and then click Configure this item. 12. From the Platform type drop-down list, select your thin client model. 13. From the Firmware to auto deploy drop-down list, select the firmware file that corresponds to your thin client model. 14. Click Save & Publish. The thin client restarts, and the firmware version is upgraded.
Central Configuration—Automating Updates and Configurations This appendix describes how to set up your environment to provide your zero clients running ThinOS Lite with automatic updates and configurations in the following procedures. NOTE: Dell Wyse zero clients do not require device management software. They are configured to obtain their IP address, as well as the location of firmware and configuration instructions, from a DHCP server.
3 Getting started Use the following information to quickly learn the basics and get started using your zero client: ● Connecting to a Remote Server ● Using Your Desktop ● Configuring Zero Client Settings and Connection Settings ● Connecting to a Monitor ● Connecting to a Printer ● Locking the Zero Client ● Signing Off and Shutting Down ● Additional Getting Started Details ThinOS Lite supports the headless mode that enables you to boot the operating system without a monitor.
Figure 1.
Figure 2. First Boot Wizard _Failure 1. Connect a new zero client or existing zero client to the Ethernet using a wired connection. The existing zero client must be reset to factory default settings to enter First Boot Wizard. 2. Turn on your zero client.
The zero client checks for a wired network connection. If the network connection is successful, a welcome screen with the model name of your zero client is displayed. The zero client validates the IP address from DHCP. If the DHCP contains the file server or Wyse Device Manager or Wyse Management Suite configurations, then the ThinOS Lite system desktop is loaded without entering First Boot Wizard. If the DHCP validation fails or if you have not connected to Ethernet, then follow the next step.
Figure 4. System preferences configuration ● Locale—Select a language to start ThinOS Lite in the regional specific language. ● Keyboard Layout—Select a keyboard layout to set the keyboard layout in the regional specific language. Time Zone—Select a time zone to set the time zone for your zero client. ● Time Server—Displays the IP addresses or host names with optional port number of time servers.
Figure 5. Ethernet cable After the connection is established, the zero client validates the IP address from DHCP. If the DHCP contains the file server or Wyse Device Manager or Wyse Management Suite configurations, then the ThinOS Lite system desktop is loaded. If the DHCP validation fails, or the network connection fails, then the Management Configuration screen is displayed. Follow the steps 6-9. 5. Click Next to enter the Management Configuration setup. 6.
● WDM—Enter the IP addresses or host names. ● Disable SSL warning—Select this check box to disable the SSL (Secure Sockets Layer) connection warnings. ● Certificates Manager—Click Certificates Manager to import or request a certificate. NOTE: To exit the Management Configuration screen, and load the ThinOS Lite system desktop, click Exit. 7. Click Done to exit First Boot Wizard or click Next to enter the Connection Broker Configuration setup. 8.
If a Specific Broker Server Connection is configured— After zero client restart, the Login dialog box appears for your server. Enter the User name, Password, and Domain and click Login. After authentication is successful, your Zero Toolbar is presented with your assigned connections defined by the broker server. Using your desktop What you view after logging on to the server depends on the administrator configurations.
Signing off and shutting down Use the Shutdown dialog box to select the available option you want: ● Zero Desktop — Click the Shutdown icon on the Zero Toolbar. NOTE: You can also configure automatic behavior after all desktop sessions are closed by using the Remote Connections dialog box, see Central Configuration: Automating Updates and Configurations.
Zero toolbar The Zero Toolbar usually appears at the left corner of the Zero Desktop. However, depending on administrator configurations, the toolbar can be removed or hidden. It is shown only when a user moves the mouse pointer over the left edge of the desktop screen. Table 5. Toolbar icons Icon What It Does Home Opens the list of available connections. System Information Displays zero client system information.
Table 6. Connection Options Option What It Does and use the Global Connection Settings dialog box to configure settings that affect all of the connection in the list. Login dialog box features While the Login dialog box allows you to log on to the server, it also allows you to: ● Obtain system information. ● Access Admin Mode to configure zero client settings. ● Change or reset your own password and unlock your account. ● Open the Shutdown dialog box by using CTRL+ALT+DELETE.
e. System Preference — Allows user selection of zero client parameters that are matter of personal preference. f. Display — Allows you to configure the monitor resolution and refresh rate. g. Peripherals — Allows you to select the peripherals settings such as keyboard, mouse, volume and touch screen settings. h. Printer — Allows configuration of network printers and local printers that are connected to the zero client. i. System Tools — Opens a submenu from which the xen.ini and user.
● User mode—The components are from the source, or binaries from third party that are compiled or integrated into ThinOS Lite. The version is displayed as [max].[min].[svn_revision]. The [max] and [min] is the base version of the third component, and the [svn_revision] is the source control revision of ThinOS Lite. Using the ThinOS Lite specified version, you can identify the changes between different revisions. For example, the Citrix Receiver version is 14.0.44705.
4 Global connection settings If you do not use INI files to provide central configuration (global connection settings) to users, you can use the Global Connection Settings dialog box to configure settings that affect all of the connections in your list of connections: To Configure the Global Connection Settings: 1. From the floating bar menu, click the Home icon, and then click Global Connection Settings. The Global Connection Settings dialog box is displayed. 2.
NOTE: USB devices redirection— By default, audio, video and printer devices will not use HDX USB for redirection. You can make selections for USB device redirection on the Session tab of the Global Connection Settings dialog box. 3. Click ICA tab to select the check boxes you want for the options that are available to all ICA sessions. Select the audio quality optimized for your connection. NOTE: ● Map to — When a drive is entered, maps a disk under the drive.
5 Configuring the connectivity This chapter helps you to understand various configuration settings for a secure connection. Connectivity menu includes: ● Configuring the Network Settings. ● Configuring the Remote Connections. ● Configuring the Central Configurations. ● Configuring the Caradigm Vault Server. ● Configuring objects on Imprivata Server. ● Configuring the VPN Manager.
2. Click the General tab and use the following guidelines: a. To set the default gateway, select the type of network interface from the available options. i. Single Network support— Either wireless or wired network is connected. ● ENET — Click this option, if you want set up the Ethernet Wired Network Connection. ● WLAN — Click this option, if you want set up the Wireless Network Connection.
Figure 8. Network Setup a. DHCP Option IDs — Enter the supported DHCP options; each value can only be used once and must be between 128 and 254). For information on DHCP options, see Using DHCP options b. Interpret DHCP Vendor-Specific Info — Select this check box for automatic interpretation of the vendor information. c. DHCP Vendor ID — Shows the DHCP Vendor ID when the dynamically allocated over DHCP/ BOOTP option is selected. d.
Figure 9. ENET settings a. Ethernet Speed — Normally the default (Auto-Detect) should be selected, but another selection can be made if automatic negotiation is not supported by your network equipment. Selections include Auto-Detect, 10 MB HalfDuplex, 10 MB Full-Duplex, 100 MB Half-Duplex, 100 MB Full-Duplex, and 1 GB Full-Duplex. The 10 MB Full-Duplex option can be selected locally at the device, however, this mode may need to be negotiated through AutoDetect. b. The IPV4 check box is selected by default.
Enter the address of the router that connects the thin client to the internet. The address must exist on the same subnet as the thin client as defined by the IP address and the subnet mask. If DHCP is used, the address can be supplied through DHCP. c. Select the IPV6 check box, and then click Advanced to select various IPV6 supported setting options from the available check boxes.
The following kinds of server names are supported — all examples are based on Cert Common name company.wyse.com ■ *.wyse.com ■ *wyse.com ■ *.com NOTE: Using only the FQDN, that is company.wyse.com does not work. You must use one of the options (note that *.wyse.com is the most common option as multiple authentication servers may exist): servername.wyse.com ● LEAP — If you select the LEAP option, click Properties to open and configure the Authentication Properties dialog box.
Figure 10. WLAN settings a. Add— Use this option to add and configure a new SSID connection. You can configure the SSID connection from the available security type options. b. After you configure the SSID connection, the added SSID connection is listed on the page of the WLAN tab. ● Remove — Use this option, if you want to remove a SSID connection by selecting the SSID connection from the list.
If you select EAP type as EAP-Fast, then EAP-MSCHAPV2 and EAP-GTC options are listed in the EAP type dropdown list in the Authentication Properties dialog box (2nd authentication method supports MSCHAPv2/GTC only for EAP-FAST). c. Select the Disable Wireless Device check box, if you want to disable a wireless device. ● Always: Click this radio button if you want to disable the wireless device at all times.
● EnetUp: Click this radio button if you want to disable the wireless device whenever the wired network is connected. d. Click IPConfig to configure the IPv4 settings for the wireless connection. To set the IPv4 connection to use DHCP or the specified static IP address, do the following: i. Click Properties. ii. If you want to allow your zero client to automatically receive information from the DHCP server, click Dynamically allocated over DHCP/BOOTP. iii.
○ User credential pass through is possible with $UN/$PW. ● For WMS, HTTP, HTTPS and Socks5 (recommended) protocols are supported. ● For RTME, HTTP and HTTPS protocols are supported. 1. From the desktop menu, click System Setup, and then click Network Setup. The Network Setup dialog box is displayed. 2. Click the Proxy tab, and use the following guidelines: a. Enter the HTTP proxy port number or HTTPS proxy port number, Username and Password in the respective fields.
Figure 12. Broker setup 2. Select the StoreFront Style check box to enable the StoreFront style. 3. Broker Server— Enter the IP address / Hostname / FQDN of the broker server. 4. Select the Enable automatic reconnection at logon check box to enable automatic re-connection at logon. NOTE: If you enable the automatic re-connection, you are able to select from the re-connection options. Click either of the options where you can connect to disconnected sessions only or both active and disconnected sessions. 5.
● Select the button if you want to enable Zero Toolbar activation in left pane when you pause a mouse on the screen. ● Select the button if you want to enable Zero Toolbar activation in left pane only after clicking. b. Select the check box to disable hotkey to show toolbar. c. Select the check box to always disable toolbar when you have one session available. d. Select the check box to disable the Home Icon. 3. Click OK to save the settings.
NOTE: By default, None is selected and the zero client automatically returns to the terminal desktop. b. Default Sign-on Username— Enter the Default user name. c. Default Sign-on password— Enter the Default password. d. Default Sign-on Domain— Enter the Default Domain. NOTE: If you enter all three Default Sign-on credentials (Username, Password and Domain), you are automatically logged on to your desktop upon system start. Configuring the authentication settings To configure the authentication settings: 1.
To configure the OneSign Server, enter either https://ip or https://FQDN values, reboot the client to display the logon dialog box, and then enter credentials to open the VDI broker dialog box for logon use. You can also set this feature in your INI file, see Parameters for a xen.ini File in this guide.
securely. Also, proximity cards can be secured with a PIN, if configured by the organization. The HealthCast SSO solution also supports user self-service password reset so that you can reset your own passwords without the need to call the help desk. ● OneSign Server— Enter the IP Address of the OneSign Server. 3. Click OK to save the settings. Configuring objects on Imprivata server This version of ThinOS Lite supports Imprivata WebAPI version 5.
Only yes or no options are supported. Non-OneSign user can log in to the Broker by clicking No radio button. ● Logging Allow ○ OneSign logs could output on ThinOS Lite with this feature. An INI configuration is needed correspondingly. ○ Loglevel=0/1/2/3. The default value is 0. If set to 0, logs are not displayed. ● Display name format — Account name can be shown correctly with different formats in pop-up notifications. 2.
Figure 16. Background 6. Configuring the Co-Branding configuration object On the Imprivata server, click Computer policy , and then click Customization. Figure 17. Login screen appearance Logo image impacts all the dialog boxes in ThinOS Lite with raw logo. 7. Configuring the SSPR Customization Configuration object ● The text displayed in sign-on UI and lock window can be customized. ● The largest size supported by ThinOS Lite is 17 characters.
Figure 18. Imprivata OneSign 8. Password Self-Services force enrollment feature Selecting this check box allows you to reset the primary authentication password. Figure 19. Security question INI configuration for Imprivata OneSign Server A new INI parameter is added to the OneSignServer=AutoAccess=command. The new value is AutoAccess=Local.
Figure 20. Enroll proximity card 2. Enter the credentials and then click OK. Figure 21. Confirm identity Proximity card is enrolled successfully.
Figure 22. Proximity card success message Imprivata bio-metric single sign-on Imprivata WebAPI is updated to version 5. The key feature of this version is the Fingerprint identification feature. This feature is highly reliable, and cannot be easily replicated, altered, or misappropriated. The prerequisites of OneSign server are: ● Imprivata v4.9 or later appliance version is needed that supports the WebAPI v5 and later versions. ● Fingerprint identification license is required. Figure 23.
● Figure 24. Desktop access authentication Fingerprint authentication must be enabled in OneSign user policy Following are the features of Imprivata Bio-metric Single Sign-On: 1. Supported protocol is ICA. 2. Required Fingerprint reader devices are: a. ET710 (PID 147e VID 2016) b. ET700 (PID 147e VID 3001) 3. Fingerprint authentication to sign-on/unlock for ThinOS Lite devices. For more information, see Signing in or Unlocking ThinOS Lite Devices using Fingerprint Authentication. 4.
Figure 25. OneSign 2. Fingerprint authentication works on the ThinOS Lite unlock window. Figure 26. Verifying administrator Unlocking virtual desktop using fingerprint authentication To unlock the virtual desktop using fingerprint authentication, do the following: 1. Enable the Imprivata Virtual Channel.
Figure 27. Global connection settings 2.
Figure 28. Verifying administrator 3. You can manage Fingerprints on virtual desktop. This requires OneSign agent v4.9. To manage Fingerprints, do the following: a. Right-click the OneSign agent icon in System tray. b. Click Manage Fingerprints, and enter the correct credentials in the displayed window to manage your Fingerprints.
Figure 29. Manage fingerprints Configuring the Caradigm Vault server To configure the Caradigm Vault server on ThinOS Lite, do the following: 1. From the floating bar menu, click the System Setup , and then click Remote Connections. The Remote Connections dialog box is displayed. 2. Click the Authentication tab, enter the IP address of the SSO & CM Server and then click OK.
Figure 30. Remote Connections 3. On the Caradigm Vault Server, use the following guidelines: ● Ensure that the Enroll unenrolled badges option is checked. ● Make sure that all Badge ID mapping entries are deleted.
Figure 31. Tap server 4. Click SSO&CM > Advanced Configurations , and use the following guidelines: Figure 32. Enable proximity server a. Ensure that the Enable Proximity Support check box is selected. b. Ensure that the Enable way2care check box is selected. 5. To prepare a certificate to the Caradigm Vault Server, use the following guidelines: The Caradigm Vault Server uses the certificate to validate the connection between the Tap Server and the zero client. a.
Figure 33. Thin client certificates Use the zero client Certificates page to add certificates for the zero client devices. The certificate must be a text in PEM format, that is, a text-based Base64-encoded DER file. ● Open the DER cert file on Notepad. ● Log in to the Vault Server Admin Console, and then click Appliance > zero client Certificates.
solution to work properly. Contact HealthCast on HealthCast website for one or more server installation executables, server requirements, and configuration information. Configuring HealthCast on ThinOS Lite HealthCast Web API Server is integrated with ThinOS Lite release to implement the HealthCast SSO solution. To use the HealthCast SSO solution, ThinOS Lite must be configured to use the HealthCast Web API Server. You can do this by using the INI file (wnos.ini), or using the ThinOS Lite UI.
Figure 35. Certificates browser 5. Click OK to save the settings. INI configuration To configure using INI parameters, add the following INI parameters to your wnos.ini file: ● HealthCastServer— The server address and options needed for the client to connect to the HealthCast Web API Server. HealthCastServer= SecurityMode= ClientCertificate= For example: HealthCastServer=https://server1.example.
Figure 36. Proximity card enrollment ● Manual login and lock/unlock terminal ○ If you do not have a card, or choose not to use your card, then you can manually log in using your user name and password. Administrators can disable manual login, if they wish, so that users can sign on with their proximity cards. You can also lock or unlock the terminal, if you have signed on with a manual login. Figure 37.
Figure 38. Login You can lock the session to secure it, but leave the remote session connected for fast access when you return. To do this, tap the proximity card and the session is locked. Figure 39. Lock terminal To resume the session, tap the card again.
○ Terminals can be configured to lock or log off sessions that have been left open. The time that will elapse before automatic lock or log off can be set by an administrator using the convenient web administration application. ● Tap-Over ○ If a session is locked or left open, a second user can tap their own proximity card and this will disconnect the first session and log the second user into their own unique session.
Figure 41. Central configuration 2. Click General tab and use the following guidelines: File Servers/Path, Username and Password — IP address or host name of the file server that provides the system software and update images. The address can be supplied through DHCP, if DHCP is used. a. File Servers/Path — Allows maximum of 127 characters for file server, and maximum of 127 characters for root path. The data specifies part of the path to be used when the server is accessed.
Figure 42. Central configuration By default, the WMS option is selected. Wyse Management Suite service automatically runs after the client boot up. If the first discovery, for example, the Wyse Management Suite service is not successful, it seeks for the next priority, for example, WDM service. This continues until a discovery is successful. If all discoveries fail, it is started again automatically after a fixed time—24 hours. a.
Value Returned: Group Token (as String) Example: _WMS_GROUPTOKEN .WDADEV.com # CA Validation DNS Record Type: DNS Text Record Name: _WMS_CAVALIDATION. Value Returned: TRUE or FALSE (as String) Example: _WMS_CAVALIDATION.WDADEV.com c. Group Registration Key—Enter the Group Registration Key as configured by your Wyse Management Suite administrator for the desired group. To verify the key, click Validate Key. A Group Registration Key is not required for the private Wyse Management Suite server.
Figure 44. General central configuration 1. Click WDM, and use the following guidelines: 2. WDM Servers—Enter the IP addresses or host names, if WDM is used. Locations can also be supplied through user profiles, if user INI profiles are used. 3. DNS Name Record—(Dynamic Discovery) Allows devices to use the DNS hostname lookup method to discover a WDM Server. 4. DHCP Inform—(Dynamic Discovery) Allows devices to use DHCP Inform to discover a WDM Server. 5.
Figure 45. VPN manager 2. Click New tab to Create a new Connection. The OpenConnect Property page is displayed. ● Session Name — Enter the name of the Session Name. ● VPN Server — Enter the IP address of the VPN Server. ● Login Username— Enter the Login Username. ● Password— Enter the password of the user. ● Select the check box to Auto-connect on system startup. ● Select the check box to Show progress in detail. Figure 46. OpenConnect property 3. Click Connect to connect to the VPN Manager. 4.
Figure 47.
6 Configuring the connection broker In a Virtual Desktop Infrastructure (VDI) environment, a connection broker is a software entity that allows you to connect to an available desktop. The connection broker facilitates the VDI environment to securely and efficiently manage the centrally hosted desktop environments. NOTE: ● Linux hosted desktop in the Citrix brokers is supported. ● Windows 10 desktop in multiple brokers is supported. ○ Windows 10 desktop is supported in the Citrix brokers.
Figure 48. Broker setup 2. Select the StoreFront Style check box to enable the StoreFront style. 3. Broker Server— Enter the IP address / Hostname / FQDN of the broker server. 4. Select the Enable automatic reconnection at logon check box to enable automatic re-connection at logon. NOTE: If you enable the automatic re-connection, you are able to select from the re-connection options. Click either of the options where you can connect to disconnected sessions only or both active and disconnected sessions. 5.
Introduction The Citrix HDX RealTime Optimization pack offers high-definition audio and video calls on Lync. In every ThinOS Lite release, the RTME version may be updated to newer version and the latest RTME version coexists with RTME 1.8 version in the corresponding release packages. ThinOS Lite v2.6 supports RTME/RTOP version 2.5. However, you can still use RTME 2.2 package. For more information about the Citrix RTME 1.8 feature, see the HDX RealTime Optimization Pack article at docs.citrix.com.
NOTE: Since ThinOS Lite 2.3 RTME, 1.8 and 2.0 co-exist in the release package, supporting both versions of RTME connectors. In every ThinOS Lite release, RTME version may be updated to newer version and the latest RTME version co-exists with RTME 1.8 version in the corresponding release packages. 3. (This step is for RTME 1.8 only) Configure the Domain Name Server (DNS) settings on ThinOS Lite for Lync Server.
Figure 49. Citrix HDX RealTime Connector for Microsoft Lync 2013 2. Click the About tab in the Citrix HDX RealTime Connector for Microsoft Lync 2013 dialog box. The RTMS status is displayed in the upper-right pane of the dialog box. If the RealTime Multimedia Engine is successfully initiated between the ThinOS Lite client and Citrix Desktop, the RTME status is displayed as follows: Table 8.
● RTME operation system on ThinOS Lite is displayed as Linux. ● The RTME 1.8 feature on ThinOS Lite does not work with other versions of HDX RealTime connector due to known Citrix limitation. ● If you change the audio device during an RTME call, the audio input or output might stop responding. ● Using similar hardwares, such as Dx0D, ThinOS Lite, Linux, and Windows (D90D7) produce similar video frame rate (20-30) and video resolution (320-400).
● RTME status dialog displays operation system as Linux. ● Only single device is supported in ThinOS Lite. ● Changing the video/audio device during RTME call results in issue with audio input or output. ● Volume: Dell recommends you to adjust the speaker volume in SFB 2015 call window to high, and the system local playback/ record audio volume for better voice input/output. The default volume is a bit low.
3. For MultiFarm (StoreFront or PNAgent servers) or Multilogon (StoreFront or PNAgent servers), select a single server to refresh or click Refresh All to refresh all servers. Figure 52. Refresh all NOTE: Warning message is displayed when you open or edit or remove applications when you refresh the applications. Figure 53. Warning 4. Refresh scope covers the aspects such as, application removed, added, duplicated, disabled, enabled, icon/title change, and on/off desktop.
Using multiple audio in Citrix session ThinOS Lite supports multiple audio device utilizations in the Citrix Virtual Apps and Desktops version 7.6 and later. You can connect or disconnect the audio devices anytime during the session, but the behavior is similar to a local desktop. With multiple device support, you can connect multiple audio devices and select a specific device for a specific application.
Figure 54. Credentials Figure 55. CensorNet App The PASSCODE dialog box is displayed. You will receive a push notification from the CensorNet App on your phone with the code. 3. Click OK.
Figure 56. PASSCODE If the authentication is successful, then you are logged into the Citrix session. Okta Integration through Citrix NetScaler Okta provides Single Sign-On (SSO) capability using Remote Authentication Dial-In User Service (RADIUS) for Citrix Virtual Apps and Desktops. ThinOS Lite supports Okta through the Citrix NetScaler Gateway 11.0 or later. The Okta RADIUS Agent is used for user authentication.
Figure 57. Default ICA a. Server or Published Application—Select the type of connection to which the settings apply. b. Connection Description—Enter the descriptive name that is to be displayed in the connection list (38 characters maximum). c. Browser Servers—Enter a delimited (comma or semicolon) list of IP addresses or DNS-registered names of ICA servers that contain the master browsers list, or that can direct to another server that contains the list.
application. DNS uses the default domain name in the network control panel to attempt to construct an FQDN but also tries to resolve the name without using the default. e. Encryption Level—Allows you to select the security level of communications between the zero client and the ICA server. Basic (the default option) is the lowest level of security. Basic allows faster communication between the device and the ICA server, because it requires less processing than the higher levels of encryption.
Figure 58. ICA Logon a. Logging on area—Enter the username, password, domain name, and logon mode. If the Login username, password, and domain name boxes are not enabled, you can enter the information manually in the ICA server login screen. ● Login Username—Maximum limit is 31 characters. ● Password—Maximum limit is 19 characters. ● Domain Name—Maximum limit is 31 characters. ● Logon Mode—Select User-specified credentials, Smart Card, or Local User. b.
Figure 59. ICA options a. Autoconnect to local devices—Select any options (Printers, Serials, USB, Smart Cards, and Disks) to have the thin client automatically connect to the devices. An ICA session does not automatically connect to a device through a serial port. b. Allow font smoothing—When selected, enables font smoothing (smooth type). c.
Advanced details on configuring ICA connections Use the following information when configuring ICA connections. In this information assumes that the zero client does not have a locked down privilege level: ● High-privileged user — The additional functionality provided by the Connection Settings dialog box allows testing of connection definitions before they are entered by a network administrator into the user profile files.
Figure 61. Security questions enrollment 2. Enter the appropriate answers to the question set. Figure 62.
Figure 63. Security questions 3. Click OK to register the security questions. Figure 64. Account self-service Using Account Self-Service After the security questions enrollment is complete, when ThinOS Lite is connected to a StoreFront server with Self-Service Password Reset enabled, the Account Self-Service icon is displayed in the sign-on window. NOTE: If you enter wrong password more than four times in the Sign-on window, the client automatically enters the unlock account process. 1.
Figure 66. Account self-service icon Unlocking account After you register the security questions, do the following to unlock the account: 1. Choose a task (Unlock account) in Account Self-Service window. 2. Enter the user name. The Unlock Account dialog box is displayed. Figure 67. Unlock account 3. Enter the registered answers to the security questions.
Figure 68. Unlock account Figure 69. Unlock account If the provided answers match the registered answers, then the Unlock Account dialog box is displayed. 4. Click OK to successfully unlock your account. Figure 70. Unlock account success message NOTE: ● If the provided answers are incorrect, the following error message is displayed.
Figure 71. Error message ● If you provide the wrong answers more than three times, you can not unlock the account or reset the password, and the following error messages are displayed. Figure 72. Attempts exceeded Figure 73. Account locked out Resetting password After you register the security questions, do the following to reset the password: 1. Choose a task (Reset password) in Account Self-Service window. 2. Enter the user name. The Reset Password dialog box is displayed.
Figure 74. Reset password 3. Enter the registered answers to the security questions. Figure 75. Security questions Figure 76. Security questions If the provided answers match the registered answers, then the Reset Password dialog box is displayed. 4. Enter and confirm the new password.
Figure 77. Set password 5. Click OK to successfully change the password. Figure 78. Password change successful NOTE: If you provide the wrong answers, you can not reset the password, and an error message is displayed. QUMU or ICA Multimedia URL Redirection QUMU utilizes ICA Multimedia URL Redirection. You are required to install a browser plug-in for this feature to work. In earlier ThinOS Lite releases, ICA Multimedia URL Redirection was partially supported. In ThinOS Lite 2.
Verifying HTML5 Video Redirection—While the video is playing, a noticeable lag or jump in the video window is observed when you move the browser on the screen or scroll the browser. This behavior indicates that the video is being redirected. ThinOS event log for RAVE MMR is also displayed. Sometimes, the initial playback does not work. After several seconds, the video is refreshed automatically, and you need to click playback from start again. During this time, the video will redirect.
Figure 80. HDX Monitor 3.3 Figure 81. Graphics-Thinwire advanced 2.
Figure 82. Event log Click HDX Monitor > Graphics > Thinwire Advanced > Encoder > CompatibilityEncoder; CompatibilityEncoder. From Citrix Virtual Apps and Desktops 7.11, the encoder is changed to Deprecated Figure 83. Status ● For Wyse 5010 zero client for Citrix (D00DX) (ThinOS Lite Pro 2) ○ ICA SuperCodec is always enabled without any limitation. ○ ThinOS Lite event log displays ICA: SuperCodec enabled. NOTE: For ICA connections, there is no INI parameter.
Anonymous logon Anonymous logon—This feature enables the users to log in to the Storefront server configured with unauthenticated store without Active Directory (AD) user credentials. It allows unauthenticated users to access the applications instead of AD accounts.
a. Go to the DDC Server. b. Click Start > Citrix AppCenter. c. Click Citrix Resources > XenApp > Policies > User > Settings > Printing > Client Printers and enable the Auto-create generic universal printer. d. Click Printing > Drivers, and set the Universal print driver usage to use universal printing only from the drop-down menu available. 2. To enable the printer policy in XenApp/XenDesktop 7.5 and XenApp/XenDesktop 7.6: a. Go to the DDC Server: i. Click Citrix studio > Policies and add a policy.
By default, no client configuration is required. New INI parameters are added to support HDX FR Client configurations, for example, to fetch the server side content. The newly added INI parameters are: SessionConfig=ICA\ HDXFlashUseFlashRemoting=Never | Always (default) \ HDXFlashEnableServerSideContentFetching=Disabled (default) | Enabled \ How to verify it is working or not working a. Right-click the flash video to know the flash player version.
Citrix server configuration for Citrix HDX Flash Redirection The following are the Citrix Server configurations for Citrix HDX Flash Redirection: 1. To disable flash version compatibility check, perform the following tasks: NOTE: In common scenarios the flash player version installed on VDA/XenApp host is higher than the one in client (Windows/Linux or others). Citrix advised to disable flash version compatibility check to make HDX Flash redirection works between host and client. Figure 86.
Figure 87. Pseudo server b. The registry key value IEBrowserMaximumMajorVersion is queried by the HDX Flash service to check for maximum Internet Explorer version that HDX Flash supports. For Flash Redirection to work with Internet Explorer 11, set the registry key value IEBrowserMaximumMajorVersion to 11 on the machine where HDX flash service is running. In case of XenApp it would be the XenApp Server and in case of XenDesktop it would be the machine where VDA is installed.
Figure 88. Policies 4. To view the list of Flash policies: a. Go to Setting tab, and select Flash Redirection category. All the Flash Redirection policies will be listed as shown in the following screenshot. Figure 89. Edit Policy 5. To activate a policy: a. After modifying any Citrix policy, run the CMD command ‘gpupdate /force’ in the XenApp/VDA machine, and then reconnect the session. The policy will be updated immediately.
Figure 90. User policy update 6. To verify if Flash is getting client rendered OR HDX Flash redirection is working: a. Right-click on the Flash Region to view the Flash context menu. If the Flash context menu is same as native Linux menu, the ThinOS Lite built-in Adobe Flash Player version is 11.1. The following screenshot shows that the Flash is getting client rendered. b. When flash is client rendered, the event log will display “FR”. 7. To delete dynamic blacklist manually: a.
Figure 92. FlashDesktop Citrix HDX Flash Redirection Policies Configurations Policy - Flash default behavior 1. Remove all other active flash related policies in XenApp/XenDesktop server side. Figure 93. Enable Flash acceleration 2. Set Enable Flash acceleration for policy 'Flash default behavior' in XenApp/XenDesktop server side. Then run a web Flash video in ICA session for the client to render the flash video.
Figure 94. Disable Flash acceleration Figure 95. Event viewer 3. Set Block Flashacceleration for the policy Flash default behavior in the XenApp/XenDesktop server side, and then run a web Flash video in ICA session, the flash video will be server rendered and event 55 generates in event viewer > ApplicationsAndServicesLogs > Citrix > Multimedia > Flash > Admin. 4.
Figure 96. Block Flash player Figure 97. Event viewer Policy - Flash URL compatibility list 1. Edit XenApp/XenDesktop policy 'Flash URL compatibility list', such as new item {Render On Client, *youku.com*, Any}, and then access the website (For example, www.youku.com). All flash instances on the website are client rendered.
Figure 98.
Figure 99. Event viewer 2. Edit XenApp/XenDesktop policy 'Flash URL compatibility list', such as new item {Render On Server,*youku.com*, Any}. And then access the website (For example, www.youku.com). All flash instances on the website are server rendered, and Event 59 generates in event viewer. 3. Edit XenApp/XenDesktop policy 'Flash URL compatibility list', such as new item {Block, *youku.com*, Any}. And then access the website (For example, www.youku.com).
Figure 100. Flash background color list 1. Edit the Flash background color list in XenApp/XenDesktoppolicy, such as new item {*FF0000}. 2. Access any web site, for example . www.youku.com to play a flash video through HDX FR, when the flash background color is red. Policy - Flash intelligent fallback 1. Enable the policy 'Flash intelligent fallback' in XenApp/XenDesktop server side. Run some flash websites in ICA session.
Figure 101. Flash intelligent fallback—Enabled Figure 102. Event viewer 2. Disable the policy Flash intelligent fallback in XenApp/XenDesktop server side. Run some flash websites in ICA session. there will be no new event 61 in event viewer > Applications And ServicesLogs > Citrix > Multimedia > Flash > Admin.
Figure 103. Flash intelligent fallback—Disabled Policy - Flash server-side content fetching URL list 1.
Figure 104. Flash server-side content fetching URL list 2. Set the ThinOS Lite INI using the {SessionConfig=ICA HDXFlashEnableServerSideContentFetching=Enabled} 3. Make sure that the client cannot access your testing Flash website, set an unreal DNS server to break client internet connection. You can try to ping your website domain name for example www.youku.com that request will be timed out. 4. Access any website for example www.youku.com to play a flash video through HDX FR.
Figure 105.
7 Configuring Zero Client Settings You can configure available zero client settings on the zero client using the following. Depending on user privilege level, some dialog boxes and options may not be available for use.
Figure 106. System preference 2. Click the General tab, and use the following guidelines: a. Screen Saver — Allows you to select the type of screen saver you want. The default is to Turn Off Screen. Other available selections are Flying Bubbles, Moving Image ,Showing Pictures and Playing Video which are screen savers with the monitor remaining on. b.
● Terminal is locked, Invalid unlock password d. Terminal Name — Allows entry of a name for the zero client. The default is a 14-character string composed of the letters WT followed by the zero client Ethernet MAC address. Some DHCP servers use this value to identify the IP address lease in the DHCP Manager display. 3. Click OK to save the settings. Setting the Time and Date To configure the Time and Date settings: 1. From the floating bar menu, click the System Setup , and then click System Preferences.
client time based on the settings of time zone and daylight saving information. If DHCP is used, locations can be supplied through DHCP. f. Change Date and Time — Allows you to change date and time for secure environments requiring a solution to outside server access. When connecting to a file server over HTTPS, the proper time must be defined on the zero client for SSL/ certification validation. Setting the Custom Information Use the Custom Info tab to enter configuration strings used by WDM software.
Configuring the General Display Settings To configure the general display settings. 1. From the floating bar menu, click the System Setup , and then click Display. The Display dialog box is displayed. Figure 109. Display—General 2. Click General tab and use the following guidelines: a. Select best display setting on DDC monitor—If the monitor is VESA DDC2B (Display Data Channel) compatible, selection of this option allows the zero client to automatically select the best resolution and refresh rate.
1440 x 900 1600 x 900 1600 x 1200 1680 x 1050 1920 x 1080 1920 x 1200 1920 x 1440 (R00LX (ThinOS Lite Pro) class only) 2560 x 1080 (Single monitor only; R00LX (ThinOS Lite Pro) class and Wyse 5010 Zero Client for Citrix (D00DX) class only) 2560 x 1440 (Single monitor only; R00LX (ThinOS Lite Pro) class and Wyse 5010 Zero Client for Citrix (D00DX) class only) 2560 x 1600 (Single monitor only; R00LX (ThinOS Lite Pro) class and Wyse 5010 Zero Client for Citrix (D00DX) class only) 3840 x 2160 (Single monitor on
Figure 110. Display—Dual Head 2. Click Dual Head tab and use the following guidelines: Supported Dual Monitor Capable Zero Clients Only. a. Dual Head—Select Mirror Mode to have the two monitors work in a matching state, or Span Mode to have the two monitors work separately second is extended from first. b. Main Screen—Select which of the two monitors you want to be the main screen (Screen1 or Screen2). The other screen is extended from the main screen. The other screen is extended from the main screen.
Figure 111. Display—Dual Head e. Swap dual screens—When you set Main Screen to Screen2, an additional check box is displayed at the bottom of the tab offering to swap dual screens; If the check box is cleared, the Screen1 is usually the left one or the top one in dual display.
Go to System Setup > Display > Dual Head and change the settings. Go to System Setup > Display > General and do the following: 1. Change resolution from DDC table or User defined display settings. 2. Change rotation setting from User defined display settings. When the display settings are changed during active sessions, the active sessions do not resize dynamically in the following situations: ● Seamless sessions. ● For dual head mode, including: ○ Change from single mode to dual head.
Figure 112. Peripherals—Keyboard 2. Click the Keyboard tab and set the Character Set, Keyboard Layout, Delay Before Repeat and Repeat Rate parameters. The following table explains the parameters present on the Peripherals page. Table 9. Parameters on the Peripheral page Parameter Description Character Set Specifies the character set. Each character is represented by a number.
Figure 113. Peripherals—Mouse 2. Click the Mouse tab to select the mouse speed and mouse orientation. 3. Select the Swap left and right mouse buttons check box to swap mouse buttons for left-handed operations. 4. Select the Reverse mouse wheel scroll direction check box to invert the direction of the mouse scroll wheel. 5. Click OK. Configuring the Audio Settings To configure the Audio settings: 1. From the floating bar Menu, click System Setup , and then click Peripherals.
Figure 114. Peripherals—Audio 2. Click the Audio tab to select the volume settings for connected devices. a. Click the Playback Devices tab to select the type of the audio from the drop-down menu. ● Use slider to control the volume settings for the playback devices. ● Select the check box to mute. b. Click the Recorded Devices tab to select the type of the record from the drop-down menu. ● Use slider to control the volume settings for the record devices. ● Select the check box to mute. c.
By default, the format of USB camera is set to RAW. Figure 115. Peripherals—Camera NOTE: You can optimize performance and modify the frame rate per second, if the Optimize for CPU check box is NOT selected —supported values include 1/1, 1/2, 1/3, 1/4, 1/5, and 1/6 – directly from the zero client (if the webcam supports Universal Video Driver). This feature is CPU intensive and is recommended for high performance products such as Wyse 5010 zero client for Citrix (D00DX).
Configuring the Bluetooth Settings The Bluetooth feature helps you to connect your zero client with Bluetooth enabled devices such as headsets and mouses. ThinOS supports both Intel wireless chipset 7260 and 7265. For mouse, headset, and keyboard, ThinOS supports both Bluetooth 3.0 and 4.0 Bluetooth 4.0 supports Classic and Bluetooth Low Energy (BLE). However, Bluetooth Alternate MAC/PHY (AMP) is not supported. To configure the Bluetooth settings: 1.
Table 10. Bluetooth—Status and Paired Status Paired Connected The Bluetooth device is connected to the ThinOS Lite device. It is ready to b Connecting The Bluetooth device is connecting to the ThinOS Lite device. Disconnected The Bluetooth device is not connected to the ThinOS Lite device. YES The Bluetooth device is paired with the ThinOS Lite device. NO The Bluetooth device is not paired with the ThinOS Lite device.
Figure 118. Peripherals—Bluetooth c. Scan— All Bluetooth devices enter into Page Scan mode. Different Bluetooth devices enter into the Page Scan mode at different instances such as when a specific button is pressed three times or a specific button is pressed and held until the LED turns blue. NOTE: Auto Connect function—The Auto Connect function is designed for HID devices. Prerequisites: ● ThinOS Lite has no HID devices connected such as USB or Bluetooth HIDs.
Workaround: Close the ThinOS Lite Bluetooth window and re-open it. The status is updated. 4. Only supports volume button and mute button on Bluetooth headset. 5. The performance of Bluetooth feature is low during wireless connection. Configuring the Printer Settings Use the Printer Setup dialog box to configure network printers and local printers that are connected to the zero client. Through its USB ports, a zero client can support multiple printers.
most USB direct-connected printers report/fill in their printer name automatically. NOTE: If Enable LPD service for the printer is selected, the printer name becomes the queue name for other clients using LPR to print to this printer. c. Printer Identification — Enter the type or model of the printer in the exact text of the Windows printer driver name—including capitalizations and spaces, most USB direct-connected printers report/fill in their printer identifications automatically.
Figure 120. LPDs 2. Click LPDs tab and use the following guidelines when printing to a non-Windows network printer: NOTE: Be sure to check with your vendor that the printer can accept Line Printer Request print requests. a. Select LPD—Select the port you want from the list. b. Printer Name —(Required) Enter name you want displayed in your list of printers. c.
NOTE: When the LPD printer is mapped to a session and the LPD service host is not accessible, the TCP connection tries to connect to the LPD service host. The timeout period is 60 seconds. During the timeout period, you cannot close the session until the LPD printer initialization error log is displayed. Configuring the SMBs settings To configure the SMBs Settings: 1. From the floating bar Menu, click the System Setup , and then click Printer. The Printer Setup dialog box is displayed. Figure 121. SMBs 2.
If the zero client is to be used as an LPD printer server, DHCP must not be used and a static IP address must be assigned to the zero client. 3. Click OK. Using the Printer Setup Options To Configure the Printer Setup Options: 1. From the floating bar menu, click the System Setup , and then click Printer Setup. The Printer Setup dialog box is displayed. Figure 122. Printer setup—Options 2. Click the Options tab and use the following guidelines: a.
To reset the zero client to factory default settings, restart the zero client and continuously tap the G key during the restart process. G-key reset impacts all configuration items, including, but not limited to, both network configuration and connections defined in local NV-RAM. NOTE: G-key reset is disabled for Low-privileged and Non-privileged users in Lockdown mode.
8 Performing Diagnostics Diagnostics include: ● System Tools ● Using the Trouble Shooting Options System Tools Use the System Tools dialog box to view device details, import certificates, view package details, and Global INI/User INI information. 1. From the floating bar menu, click System Tools. The System Tools dialog box is displayed. 2. Click the Devices tab to display all the locally attached devices, including USB, Serial, and Parallel on applicable platforms.
Figure 123. Peripherals—Audio NOTE: The Mirror File Server tab has been removed from the System Tools dialog box as it can now be viewed in the Devices tab. 3.
Figure 124. System tools—Certificates a. Import the certificates by selecting either USB Storage or File Server from the drop-down list, and then click Import to import the required certificate. b. Click Delete to delete the imported certificate. c. Click View Certificate to view the imported certificate information such as Version, Validity, and Serial number. You can also view the certificate path and certificate status. For more information about certificate details, see About Default Certificates. 4.
Figure 125. System tools—Packages a. Click the Delete button to delete the selected package. b. Click the Delete all button to delete all the packages. The following packages are available in the package tab: ● base.i386.pkg ● FR.i386.pkg ● RTME.i386.pkg package For information about updating the packages, see Firmware upgrade. You cannot delete the base package separately. If u clickDelete All, all packages are deleted including the base package. The base.i386.pkg is mandatory for all zeo clients.
Figure 126. System tools—Global INI 6. Click the WDM INI to view the received WCM configurations.
Figure 127. System tools—WDM INI WCM function is supported from WDM for comprehensive client configuration. Without configuration from server, the client loads the cached settings (wdm.ini), if available. Limitation To upgrade or downgrade firmware/image through WCM, you are required to enable WDM file server function by selecting the WTOS INI path upon checkin (FTP/HTTPS/HTTP/CIFS) check box in the WTOS preferences in the WDM configuration manager. User Scenario a.
Figure 128. ThinOS or Linux configuration b. Select the target devices, and publish configuration settings through the Package Distribution Wizard. Figure 129.
Figure 130. Package Distribution Wizard Figure 131. Package Distribution Wizard For more information about WDM Package Manager and Profile Manager, refer to the WDM Admin Guide. 7. Click OK to save the settings.
Simplified Certificate Enrollment Protocol—SCEP Simplified Certificate Enrollment Protocol (SCEP) was designed to be used in a closed network where all end-points are trusted. The goal of SCEP is to support the secure issuance of certificates to network devices in a scalable manner. Within an enterprise domain, it enables network devices that do not run with domain credentials to enroll for certificates from a Certification Authority (CA).
3. Click Ok to save the changes. NOTE: ● The CA Certificate Hash type currently supports MD5, SHA1, and SHA256. ● The request server URL can be an HTTP or HTTPs link. You can add the protocol prefix before the URL. Requesting certificate automatically Use INI parameters to automate the request and renew certificate process. Related INI parameters are of global scope and should be used with INI parameter ScepAutoEnroll.
Table 12. BTCTRoot.crt Certificate details Certificate field Default value/format Serial number 02 00 00 b9 Signature algorithm sha1RSA Issuer Baltimore CyberTrust Root CN=Baltimore CyberTrust Root OU=CyberTrust O=Baltimore C=IE Valid from 2000–05–12 18:46:00 Valid to 2025–05–12 23:59:00 Subject Baltimore CyberTrust Root CN=Baltimore CyberTrust Root OU=CyberTrust O=Baltimore C=IE Public key RSA (2048 bits). Key bits are displayed in the lower pane of the window.
Table 13. Class3PCA_G2_v2.crt Certificate details Certificate field Default value/format OU=Class 3 Public Primary Certification Authority – G2 O=VeriSign, Inc C=US Public key RSA (1024 bits). Key bits are displayed in the lower pane of the window. Thumbprint algorithm sha1 Thumbprint 85 37 1c a6 e5 50 14 3d ce 28 03 47 1b de 3a 09 e8 f8 77 0f Certificate name—Class4PCA_G2_v2.crt Table 14. Class4PCA_G2_v2.
Table 15. Entrust_G2.crt Certificate details Certificate field Default value/format Issuer Entrust Root Certification Authority CN=Entrust Root Certification Authority—G2 OU=(c) 2009 Entrust, Inc. – For authorized use only OU=See www.entrust.net/legal-terms. O=Entrust, Inc. C=US Valid from 2009–07–07 17:25:54 Valid to 2030–12–07 17:55:54 Subject Entrust Root Certification Authority CN=Entrust Root Certification Authority—G2 OU=(c) 2009 Entrust, Inc. – For authorized use only OU=See www.entrust.
Table 16. EquafaxCA1.crt Certificate details Certificate field Default value/format Key bits are displayed in the lower pane of the window.
Table 18. GTECTGlobalRoot.crt Certificate details Certificate field Default value/format Version V1 Serial number 01 a5 Signature algorithm md5RSA Issuer GTE CyberTrust Global Root CN=GTE CyberTrust Global Root OU=GTE CyberTrust Solutions, Inc. O=GTE Corporation C=US Valid from 1998–08–13 00:29:00 Valid to 2018–08–13 23:59:00 Subject GTE CyberTrust Global Root CN=GTE CyberTrust Global Root OU=GTE CyberTrust Solutions, Inc.
Certificate name—PCA-3G5.crt Table 20. PCA-3G5.crt Certificate details Certificate field Default value/format Version V3 Serial number 18 da d1 9e 26 7d e8 bb 4a 21 58 cd cc 6b 3b 4a Signature algorithm sha1RSA Issuer VeriSign Class 3 Public Primary Certification Authority — G5 CN=VeriSign Class 3 Public Primary Certification Authority — G5 OU=(c) 2006 VeriSign, Inc.
Figure 133. Trouble Shooting 2. Click the General tab and use the following guidelines: a. Click either USB or File Server to select your target device you want to use for CMOS management. b. Extract CMOS — Click this option to extract the CMOS settings to the USB Key or file server based on your target device selection. c. Restore CMOS — Click this option to write the CMOS settings from the USB Key to the target zero client. d.
Figure 134. Trace 4. Click the Capture tab to configure the Export Event Log, Network Capture to USB, Wireless Capture to USB, and capture USB packets.
Figure 135. Capture If you want to enable the error messages, use the following guidelines: ● Click either One-time or Persistent option to enable logging the unexpected error message. ● If you want to check the error messages, under Troubleshooting, turnoff the logging before checking.
Figure 136. Event log ● Be sure to enable the EnableTrace option of the Privilege parameter in a xen.ini file. For more information, see Dell Wyse ThinOS Lite INI Guide. ● Use the Network capture to USB option to enable the capture of network information, that is, a network trace of all traffic coming in and out of the zero client to a USB drive that is inserted into the zero client. After you login and use the XenDesktop server or network, you will see a /wnos/troubleshoot/[Terminal Name]_[ENET or WS].
Figure 137. Ping a. Enter Hostname or IP — Enter the IP address, DNS-registered host name, or WINS-registered host name of the target to be pinged. b. Data area — Displays ping response messages. The ping command sends one echo request per second, calculates round trip times and packet loss statistics, and displays a brief summary upon completing the calculation. c. Start — Executes the ping command. If the host is operational and on the network, it responds to the echo request.
● Determine the IP address of a host if only the host name is known. NOTE: Not all network equipment will respond to ping packets, as this is a common mechanism used in denial-of-service attacks. Lack of response does not necessarily indicate that the target of the ping is unusable for other purposes. 6. Click the Trace Route tab to execute the tracert diagnostic utility and display response messages. Use the following guidelines: Figure 138. Trace Route a.
Figure 139. Telnet a. Enter the hostname. b. Click Connect to connect to a remote host or device. The Telnet window is displayed, and the troubleshooting window is closed automatically.
Figure 140. Telnet Window 8. Click OK to save the settings.
9 BIOS Management The BIOS management information is used with the following supported versions: ● Wyse 5010 Zero Client for Citrix - D00DX (ThinOS Lite pro) BIOS version 3.0D or later For BIOS configuration, if a password is configured, the password is required to update any settings. For example, the INI parameter to update settings must be same as CurrentPassword={}. This is mandatory for Dell BIOS, and will be implemented as mandatory for Wyse BIOS post this release.
CMOS Central Management—Extracting CMOS Settings to the File Server for Distribution CMOS Central Management allows ThinOS Lite administrators to easily manage CMOS settings for large deployments of zero client devices using central configuration methodologies. The following are the steps for extracting CMOS Settings to the File Server for Distribution for C00 BIOS version 1.0B_SPC001–0407: 1. To prepare a Reference Drive containing BIOS version 1.0B_SPC001-0407 or later: a.
The following are the steps for extracting CMOS Settings to a USB Key for Distribution for C00 BIOS version 1.0B_SPC001– 0407: 1. To prepare a Reference Drive containing BIOS version 1.0B_SPC001-0407 or later: a. The Reference Device is a golden image you use to distribute to other zero client devices. To access Reference Drive, enter the BIOS Setup Utility. Press the Delete key, enter the Password — Fireport (case sensitive) and press Enter.
10 Security Changes A new global security policy has been defined for ThinOS Lite and this policy is applied to all secure connections (https/SSL connections) with a few exceptions. Purpose – To improve the security level by default and add the global configuration. This security policy integrates security setting for each application.
upgrade. If required certificates are not propagated to clients, then you must see the displayed warning message during system boot up, such as click OK or continue, and select the preferred option. ● In an un-secured environment, such as file server and WDM using ftp/http protocol, after firmware update or boot up with factory default settings, the client connects to the file server in ftp protocol without any warning message.
Figure 143. File Server The server address does not convert to http, if WDM server is set as https. ● In the previous scenario, If WDM server is configured without HTTPS, and local WDM server address is specified in HTTPS, then the system converts it to HTTP address. ● In the current scenario, the system does not convert the WDM server address to HTTP. Manual discovery is removed from WDM. In the WDA tab, the Manual discovery method option is removed.
Figure 144. Central Configuration By default, the SNMP is set to disabled. You can enable it by setting the INI parameterCommunity= Security Enhancements—Firmware Signature In ThinOS Lite 2.4 release, firmware signature verification is added to enhance firmware security. By default, signature verification is required on firmware downgrade/upgrade Salient features ● By default, signature verification is required on firmware downgrade/upgrade. ● Provision to downgrade from 2.4 firmware to 2.
Transport Layer Security—TLS Transport Layer Security (TLS) is a protocol that provides communication security between the client and server applications. Upgrade to Transport Layer Security (TLS)— In the ThinOS 8.2 release, the TLS is upgraded from version 1.0 to version 1.2. By default, the ThinOS client uses TLS 1.2 to secure any communication protocols, connections, or applications upon SSL/ TLS in general and falls back to the previous SSL/ TLS version when negotiating with the server.
A Creating and Using xen.ini Files In this chapter you will learn how to construct and use a xen.ini file. The xen.ini file you create will provide your zero client with automatic updates and configurations. Downloading and Using Sample INI Files ThinOS Lite Sample INI files are available from Dell and can be modified to suit the individual connection profile needs for your users.
For example: BootOrder=harddisk;usb;pxe SessionConfig=ICA PnliteServer=xxxxx SessionConfig=ICA USBRedirection=HDX AudioQuality=High DomainList="dellwyse.com" Password=PCCOPIDIPKCKPGGC encrypt=yes MaxVNCD=1 VncPassword="NCAOIIBOMPACMOAFMPBJ" Encrypt=yes VncPrompt=No Accept=5 4. Comment by using a # Sign As stated earlier, number signs (#) indicate the start of a comment. Comments can begin anywhere on a line. Everything between the # and the End of Line is ignored. 5.
Table 22. Parameters for a xen.ini File (continued) Parameter Description AddCertificate=client cert.pfx The Caradigm Vault server uses the certificate to validate the connection between the Tap Server and the zero client. Use this INI parameter certificate to Zero Client. password=passpass AdminMode={yes, no} Default is no.
Table 22. Parameters for a xen.ini File (continued) Parameter Description 202 — Enable a comparison/non-forced upgrade only process, but have a popup message with OK and Cancel buttons appearing before the process; completion message appears after process. The option LoadPkg specifies how to update the external packages. If set to 0, this disables checking for packages. If set to 1 it enable packages upgrade/downgrade process, and if set to 2, it enables upgrade only.
Table 22. Parameters for a xen.ini File (continued) Parameter Description AutoSignoff={yes, no, 2-60} AutoSignoff —This option can be used to automatically sign-off a user when the last opened session is closed. The default value is no. A value ranging from 2 to 60 can be configured. This value represents the number of seconds a session must be active prior to calling AutoSignOff. BootpDisable={no, yes} Default is no. Yes/no option to support both DHCP and BOOTP to obtain the network configurations.
Table 22. Parameters for a xen.ini File (continued) Parameter Description CCMEnable={yes, no} Default is no. [CCMServer=[:port]] CCMEnable — Yes/no option to enable the Cloud Client Manager [GroupPrefix=] [MQTTServer=[:]] CCMServer — Specifies a IP address or URL address for the Cloud Client Manager server. Default protocol is HTTPS. If "http://" or "https://" does not exist, default port is 443. Once specified, it is saved in the non-volatile memory.
Table 22. Parameters for a xen.ini File (continued) Parameter Description NOTE: There is an exception in the logic above when the 'override=yes' option is used in INI file. This will make #2 take priority over #1. For example CCMEnable=yes CCMServer=xxx:8080 GroupPrefix=wlab GroupKey=TC-TEST-ENG MQTTServer=xxx:1883 AdvancedConfig=yes Override=yes If IgnoreMqtt=yes is specified, CCM agent will not connect to MQTT server. The default value is no.
Table 22. Parameters for a xen.ini File (continued) Parameter Description Layout — Default is stretch. Specifies the arrangement on the desktop background of the bitmap file specified by the Desktop parameter, if auto dial-up is set, Layout is invalid. ● For center, the image is placed in the center of the desktop without image size change. ● For tile, the image is replicated across the desktop. ● For stretch, the image is modified to fill the desktop.
Table 22. Parameters for a xen.ini File (continued) Parameter Description 1 – ThinOS will buffer at least 10 ms of audio data when playing audio. 50 – ThinOS will buffer at least 500 ms (0.5s) of audio data when playing audio. EnableSpeaker — Default is yes. Yes/no option to enable the internal loud speaker. playback — You can set a playback device name. record — You can set the record device name. mic_gain_device— Specify the device name on which you want the mic gain.
Table 22. Parameters for a xen.ini File (continued) Parameter Description If optimize=yes and the camera does not support the 320 x 240 at 10 fps settings, an error will be present in the Event Log of ThinOS Lite. If optimize=no then the individual settings in width, height, and fps will be used as long as the camera supports them. Disable— When you specify Disable=yes, the device is disabled.
Table 22. Parameters for a xen.ini File (continued) Parameter Description The usage of other settings is self-explanatory. If the BIOS GUI has respective feature settings, then user can use these INI parameters to configure those settings. [CurrentPassword= password NewPassword = password]— This option is used to change the device BIOS password. CurrenPassword is required. The maximum count of the password string is 19 bytes.
Table 22. Parameters for a xen.ini File (continued) Parameter Description After the user sets this, the user needs set option in Trouble shooting to start tracing the USB device data. Device=Rfideas Device=Rfideas — Specifies the local Rfideas readers. [DisableBeep={yes,no}] DisableBeep — Default is yes. Option disables the beep sound when the card is read.
Table 22. Parameters for a xen.ini File (continued) Parameter Description NOTE: The CCMGroupKey, CCMServer and CCMMQTTServer options are specified to remap the tags for CCM configuration. NOTE: ● WDMServer (186) specifies ip address of WDM server. ● WDMServer (192) specifies HTTP port of WDM server. ● WDMSecurePort (190) specifies HTTPS port of WDM server. ● WDMFQDN (194) specifies the FQDN of WDM server.
Table 22. Parameters for a xen.ini File (continued) Parameter Description Type — (Citrix Environments Only) In Citrix environments, allows you to force the usage of HDX for USB virtualization instead of TCX. For example: Device=vusb Type=HDX NOTE: To use the TCX option, TCX Suite must be install on the target server. InterfaceRedirect— Default is no. Yes/no option to enable part of a composite device to run locally and part of the device to run on a remote session.
Table 22. Parameters for a xen.
Table 22. Parameters for a xen.ini File (continued) Parameter Description DomainList= A list of domain names that will appear in the Log on dialog box as options to help users in selecting the domain to sign-on to PNAgent/ PNLite servers. Once specified, it is saved in non-volatile memory. [disable={yes/no}] NOTE: Be sure to enclose in quotation marks if spaces are included.
Table 22. Parameters for a xen.ini File (continued) Parameter Description ● Client checks the server certificate in the following phases except in Low mode: ○ Certificate has to have a Valid Date. ○ Issuer is valid and correct. ○ Certificate verification should pass. ○ CN and SAN on cert match DNS naming. ● Set SecurityMode=Full to indicate that the client verifies the server’s certificate in highest security mode. If any error is detected, client prompts a pop-up box.
Table 22. Parameters for a xen.ini File (continued) Parameter Description [Profile=ssid] The key left of equal is case sensitive, and the value right of equal case is not case sensitive except for credential information; for example username, password or certificate filename.
Table 22. Parameters for a xen.ini File (continued) Parameter Description [fastmschapun={username for EAP-FAST/EAPMSCHAPV2}] servername=w2k8-ACS-64.sqawirelsess.com peapmschapdm=EAPMSCHAPV2 peapgtcun=sqawirless2 peapmschappwd=123!@#qwe [fastpmschappwd={password for EAP-FAST/EAPMSCHAPV2}] The username of ieee8021x (fastmschapun, peapmschapun, peapgtcun, leapun) can be configured as system variables like $mac, $sn etc.
Table 22. Parameters for a xen.ini File (continued) Parameter Description Ctrl+Alt+UP—Default is yes. Yes/no option to enable Ctrl+Alt+Up to toggle between task selections. Ctrl+Alt+Down —Default is yes. Yes/no option to enable Ctrl+Alt+Down to toggle between task selections. Ctrl+Alt+Left —Default is yes. Yes/no option to enable Ctrl+Alt+Left Arrow to lock the zero client if the user is logged in with a password, if the user is logged in without a password, this key sequence does not work.
Table 22. Parameters for a xen.ini File (continued) Parameter Description Arabic (Kuwait) — Ar_kuw Arabic (U.A.E.
Table 22. Parameters for a xen.ini File (continued) Parameter Description Lithuanian (IBM)-lt_lt_i Lithuanian (MS)-lt_lt_m Norwegian — No Polish (214) — Pl Polish Programmers — pl_prog Portuguese — Pt Portuguese (Brazil) — Pt2 Romanian — Ro Slovakian — Slovak Slovakian (Qwerty) — sk_q Slovenian — Sloven Spanish — Es Spanish (Mexican) English — La(us) Spanish (Mexican) Localized — La Swedish — Se Turkish — Turk Turkish (QWERTY) — turk_q U.S.
Table 22. Parameters for a xen.ini File (continued) Parameter Description When the system idle is time out in the configured minutes, the system will automatically sign off, reboot or shutdown which are based on the setting of AutoSignoff. The parameter NoSessionTimer has the same range as INACTIVE and it is valid only if INACTIVE value is not 0. If there is a session use the value of Inactive, otherwise use the value of NoSessionTimer, if NoSessionTimer is configured.
Table 22. Parameters for a xen.ini File (continued) Parameter Description MB to 10 MB. If the specified value is over the range, then it is set to 5. The range of value is extended to 50. In build 2.2_001 or after, the LPD data is spooled to a file in a ram disk instead of a buffer. So the value of the parameter will not be related to the spool size as before. If Lpdspool=0, the function is disabled, otherwise the function is enabled.
Table 22. Parameters for a xen.ini File (continued) Parameter Description If AutoAccess is defined, then auto launch the corresponding type of broker. Otherwise, get the broker type from the Imprivata Server setting of computer and user policy. If none of them is defined, then launch the first available broker server from the Imprivata server. If AutoAccess=LOCAL is set, then launch the broker from the zero client setting; the broker getting from the Imprivata Server is ignored.
Table 22. Parameters for a xen.ini File (continued) Parameter Description the Sus team.ini, the broker, broker list or connections can be defined for Sus team. After the user selects the group, the system will load the group ini file at first, and then load the \xen\ini\{group_name} \username.ini.If the username.ini in the group directory is not found, the system will try to load \xen\ini\username.ini as before.
Table 22. Parameters for a xen.ini File (continued) Parameter Description The device would use the cached files when files on the file server are unavailable. NOTE: ● Not supported on ThinOS Lite 2 ● With ThinOS Lite 1.7 build or later, the original function of the ini cache is discarded and the mirror file server replaces it. NOTE: For ThinOS Lite 2, use the depreicated EnableCacheIni parameter to locally cache the xen.ini ONLY. EnableCacheIni={no, yes}. Default is no.
Table 22. Parameters for a xen.ini File (continued) Parameter Description NoticeFile=filename NoticeFile — Specifies a legal notification file residing in the home directory folder. The file is displayed in a dialog box and the user is prompted to accept it before the sign-on process continues. [Resizable={no, yes}] [Timeout={0, 10 to 600}] [Title="notice_title"] [ButtonCaption="button_caption"] Resizable — Default is no. Yes/no option to resize the dialog box to fit the text size.
Table 22. Parameters for a xen.ini File (continued) Parameter Description AutoAccess can be set in [username].ini and xen.ini, however, the xen.ini, has priority over [username].ini. NetBIOSDomainName — Default is no. Yes/no option to enable the authentication to the broker server using the NetBIOS domain name. If set to yes, the Imprivata domain list will show NetBIOS domain name and the card user will authenticate to the broker server using the NetBIOS domain.
Table 22. Parameters for a xen.ini File (continued) Parameter [DisableSFInit={yes, no}] Description When Multifarm=yes, use # to separate failover servers, and use a comma (,) or a semicolon (;) to separate servers that belong to different farms. ReconnectAtLogon — Specifies the reconnection function at log in. Default is 0 — disables the option. 1 — reconnects to disconnected sessions only. 2 — reconnects to active and disconnected sessions.
Table 22. Parameters for a xen.ini File (continued) Parameter Description 1. SignOn=Yes 2. PnliteServer= RequestIconDataCount=20 3. desktopcolordepth=32 4. LongApplicationName=yes 5. sessionconfig=ica progressivedisplay=yes ondesktop=yes 6. device=audio volume=high 7. Seamless=yes FullscreenReserved=yes 8. sessionconfig=all mapdisks=yes 9. Enabled by default: Disks, Serials, Sound 10. Disabled by default: USB, Printers, Smart Cards Xen Desktop Default Settings: 1. SignOn=Yes 2.
Table 22. Parameters for a xen.ini File (continued) Parameter Description [CtrlKey={yes, no}] [AltKey={yes, no}] If the value is set to yes, pressing the F12 (default) key or the key defined in FastDiconnectKey= statement will close the active window of the session. If the active window is a seamless window, the action will only close the window. If the window is not a seamless window, then the session will be disconnected.
Table 22. Parameters for a xen.ini File (continued) Parameter Description The parameters must be specified in the order shown. For backward compatibility, LPD is accepted as LPD1. Printer={SMB1, SMB2, SMB3, SMB4} Default is SMB1. [LocalName=name] Printer — Specifies the shared Microsoft network printer to configure. [Host=\[domain]\host] [Name=share_name] LocalName — Specifies the name of the shared printer. [Class=classname] Host — Specifies the host name of the shared printer specified as \domain
Table 22. Parameters for a xen.ini File (continued) Parameter Description [DisableSerial={yes, no}] LockDown — Default is no. Yes/no option to allow lockdown of the zero client. If yes is specified, the system saves the privilege level in flash. If no is specified, the system clears the privilege level from flash to the default unlocked state.
Table 22. Parameters for a xen.ini File (continued) Parameter Description SuppressTaskBar — Default is no. Yes/no/auto option to hide the taskbar. If set to auto the taskbar will automatically hide/display the taskbar. When using this parameter in a xen.ini file, it will be saved to NVRAM if EnableLocal is set to yes in the xen.ini file. EnablePrinterSettings — Default is no. Yes/no option to enable printer configurations when a user Privilege=None.
Table 22. Parameters for a xen.ini File (continued) Parameter Description and/or bluetooth devices, the camera and/or bluetooth tab will be enabled too. The optional EnableKeyboardMouseSettings=yes can be replaced as below:Privilege=none lockdown=yes EnablePeripherals=keyboard,mouse. FastDHCP— FastDHCP identifies the gateway first. If the gateway is same as the network before disconnection and the previous DHCP information is valid, the same information is used. The default value is yes.
Table 22. Parameters for a xen.ini File (continued) Parameter Description Server=server_global user=user_global password=password_global_encrypted Encrypt=yes RapportDisable={yes, no} If this option is set to yes, the Rapport agent will be disabled. [DHCPinform = {yes, no}] We support to discover WDM server by the following options: 1. DHCP option tag values received from standard or WDM proxy DHCP service for vendor class “RTIAgent”. 2. DNS service location record "_wdmserver._tcp". 3.
Table 22. Parameters for a xen.ini File (continued) Parameter Description For example, If you set Reboot=yes time=20:30, the unit reboots on local time 20:30. If you set Reboot=yes time=20:30-4:30, the unit reboots on random time through 20:30 to 4:30. If you set Reboot=yes time=23:00 Wday=Friday,Monday, the unit reboots on local time 23:00 of Friday and Monday. If you set Reboot=yes time=1:00 Idle=10, the unit reboots on 1:00, if there are no sessions.
Table 22. Parameters for a xen.ini File (continued) Parameter Description The Screen parameter must be placed before the Resolution parameter. For example: screen=1 resolution=1280x1024 refresh=60 rotate=none RootPath= This file server root path is entered into the zero client local setup (non-volatile memory). The zero client immediately uses this path to access files. The directory name \xen will be appended to the file server root path entry before use.
Table 22. Parameters for a xen.ini File (continued) Parameter Description Type — Specifies which type of screensaver to use. 0 — Blank the Screen 1 — Flying Bubbles 2 — Moving Image 3 — Showing Pictures 4 — Playing Video VideoLink — Specifies the video link address of the video file. Links with only http are supported. The mp4 video format is supported. VideoSpan — Specifies the video displayed mode in the screen. If the dual head is in span mode and VideoSpan=yes, it is spanned across all the screens.
Table 22. Parameters for a xen.ini File (continued) Parameter Description screen saver is off. The value range is 0 to 180. The value 0 is default which disables this function. SecureMatrixServer= Specifies the Host name or IP address/FQDN or URL of the Secure Matrix server. Http or https protocol usage is decided by the server configuration.
Table 22. Parameters for a xen.ini File (continued) Parameter Description [unmapusb={no, yes}] If Disablesound =2 is set, it disables sound at remote computer. [DisksReadOnly={no, yes}] Set WyseVDA=yes to enable WYSE Virtual Desktop Accelerator for all /ICA sessions. Default is disabled. If WyseVDA is disabled, ICA sessions, including MMR and USB, will not go through WYSE VDA.
Table 22. Parameters for a xen.ini File (continued) Parameter Description If EnableImprivataVC is set to no, the Imprivata Virtual Channel is disabled. The user can use vusb redirect instead of Imprivata Virtual Channel mode to use the Rfideas or finger print device in session as server side remote device. Set Locale=LocaleID to set Locale in session to make some localization configuration to work. ) Set SessionLogoffTimeout to force all sessions to logoff after you sign-off from the broker.
Table 22. Parameters for a xen.ini File (continued) Parameter Description [FlipByTimer={0, 1}] it is remote, the system menu will come from the remote server; otherwise, it will be the local menu. [RefreshTimeOut={dd:hh:mm}] [Timeout={Yes, No}] [PasswordExpireNotify={yes, no}] [RefreshPopupNotice={yes, no}] [DisableReceiverLogo={Yes, No}] [MMRClientFetchDisabled={Yes, No}] SessionReliability — Default is no. Yes/no option to enable session reliability.
Table 22. Parameters for a xen.ini File (continued) Parameter Description HDXFlashUseFlashRemoting— Default is Always, which means the HDX is enabled always. The value Never is to disable HDX. HDXFlashEnableServerSideContentFetching— Default is Disabled, which means the server side fetching content is not enabled. The value enabled is to enable this function. EnableRTME— This option controls the launch of RTME service. The default value is enabled.
Table 22. Parameters for a xen.ini File (continued) Parameter Description [DisableGuest={no, yes}] The optional keyword MaxConnect sets the maximum number of connects that are allowed to be specified in the xen.ini and username.ini together. The range allowed for the “max” is 100 to 2000. If the value is greater than 2000, 2000 is set instead. If the value is lesser than 100, 100 is set instead.
Table 22. Parameters for a xen.ini File (continued) Parameter Description If set IconGroupStyle=folder, the PNAgent published applications which are specified to display on the desktop will display with the folder. After clicking the folder icon, the subfolder or applications in this folder will display on the desktop. In this case, there is an Up to 1 Level icon on top. Clicking the icon will display the up one level folder contents. In this case, there is an "Up to 1 Level" icon on top.
Table 22. Parameters for a xen.ini File (continued) Parameter Description belongs to group domain user and group tc_grp1_ad, the option is configured as AdGroupPrefix=tc_grp1. If the configuration file adgroup/tc_grp1_ad.ini exists, it will be loaded. RequireSmartCard is used for authentication of smartcard. If optional RequireSmartCard=yes or force, only smartcard authentication is allowed. If optional RequireSmartCard=no, smartcard authentication is disabled.
Table 22. Parameters for a xen.ini File (continued) Parameter Description [ScepUserPwd = scep_enrollment_user_password] and every element is either a DNS name or an IP address. Use ';' as delimiter between them. [ScepUserPwdEnc = encrypted_scep_enrollment_user_password] RequestURL—The RequestURL option is to specify the SCEP server service URL. This field must be set correctly. The default protocol for SCEP services is HTTP, which also ensures data security.
Table 22. Parameters for a xen.ini File (continued) Parameter Description [ToolbarStay=] [EnableLogonMainMenu={no, yes}} [LightGray=”r g b” ] [MediumGray=”r g b” ] [DarkGray=”r g b”] [DisableAddConnection={yes, no}] toolbardisablemouse — Default is no. By default, the toolbar is hidden until a user hovers their mouse over the left side of the screen.
Table 22. Parameters for a xen.ini File (continued) Parameter Description format}] TimeFormat — Default is 24-hour format. Specifies the time format to use. [DateFormat={yyyy/mm/dd, mm/dd/yyyy, dd/mm/yyyy}] [GetBiosDT={no, yes}] DateFormat — Default is yyyy/mm/dd. Specifies the date format to use. GetBiosDT — Default is no. Yes/no option to obtain time from BIOS/ CMOS when the timeserver is not available or cannot be contacted. Example: TimeServer=time.nist.
Table 22. Parameters for a xen.ini File (continued) Parameter Description something similar to Eastern Daylight Time, otherwise it should be the same as TimeZoneName. Overall Example: TimeZone="GMT – 08:00" \ ManualOverride=Yes Daylight=Yes Start=030107 End=110107 \ TimeZoneName="Pacific Standard Time" \ DayLightName="Pacific Daylight Time" VncPassword= [encrypt={no, yes}] VncPassword=password — Specifies a string of up to 8 characters as the password used for shadowing.
Table 22. Parameters for a xen.ini File (continued) Parameter Description WDMFlash=flash_size The specified value will be saved into NVRAM, and then reports to the WDM server. This statement ensures that all the units would function with DDC regardless of flash size. This statement is valid for all platforms and replaces the previous S10WDMFlash statement. WakeOnLAN={yes, no} Default is yes. Wake-on-LAN allows a ThinOS Lite to be turned on or woken up by a network message.
Table 22. Parameters for a xen.ini File Parameter Description [SecurityMode={default, full, warning, low}] 3. DNS host name lookup "wdmserver"If WDMService=yes, set DHCPinform=yes will do #1, set DNSLookup=yes will do #2 and #3. If QuickMode is set to yes, the rapport agent will not block any other process during ThinOS Lite boot up and increases the boot time of ThinOS Lite.
[Option2={1, 2, 3, 4}] Since you are using Connect=ICA, then Option 1 and its default value 0 will automatically be used as Option 1 has an underlined value (default of 0). You can still use Option 2 if you want to, however, Option 2 is not automatically used with the parameter as Option 2 does not have a default value. NOTE: Any option in ICA Connect Options that is used in a {username}.ini file will return to the default value set for that option in the wnos.ini file after a user sign-off.
Table 23. ICA connect: options (continued) Option Description ● 16m — 24-bits over ICA is only supported by Windows XP and Windows 2003 server. It is not supported by Windows Server 2008 or newer. ● true — 32-bit remote connections are not supported by Windows XP or Windows 2003 server. It requires Windows Vista, Windows Server 2008, or newer with ICA. Command=start command A string of commands to be executed after logging on to the server. This entry is limited to 127 characters.
Table 23. ICA connect: options (continued) Option Description HttpBrowsing={no, yes} Default is no. Yes/no option to select an http browsing protocol. Use HttpBrowsing=no for User Datagram Protocol (UDP). NOTE: This option is used to override the default method of browsing established in the ICABrowsing parameter. Icon={default, bitmap file} Specifies an icon to appear on the thin client desktop for a connection. Use Icon=default to display a system default icon for a connection.
Table 23. ICA connect: options (continued) Option Description Used here is an option of the Connect statement. It sets the value of NoReducer only for this specified connection. NOTE: By default the ICA protocol compresses the data to minimize the amount of data that needs to traverse the network. This compression can be as much as 50 percent for text-based applications such as Microsoft Word and 40 percent less for graphics applications than the data streams that are not compressed.
Table 23. ICA connect: options Option Description Seamless — Available for use if the connection is to a published application. For Seamless connections, the MetaFrame hosts select the best-fit connection window for applications. — Resolution values you can use in the form X x Y depending on your client. Example for monitor resolution: 1024 x 768. See the Release Notes of your client. SessionReliability={no, yes} Default is no. Yes/no option to enable session reliability.
TimeZone Parameter—Values Using the TimeZone parameter, Table “TimeZone Parameter: Values” contains the zone value options that can be used. For Example: TimeZone="GMT - 08:00" ManualOverride=Yes Daylight=Yes \ Start=030207 End=110107 TimeZoneName=Pacific \ DaylightName=Pacific Remember to use quotation marks (" ") since the option includes spaces. The example above uses the " \" to break a single continuous line into multiple likes for easier reading with no" \" on the last line of the parameter.
Table 24.
Table 24. TimeZone Parameter Values Geographic time zones Time zones name (GMT+01:00) West Central Africa W. Central Africa (GMT+01:00) Windhoek Namibia (GMT+02:00) Amman Jordan (GMT+02:00) Athens, Bucharest GTB (GMT+02:00) Beirut Middle East (GMT+02:00) Cairo Egypt (GMT+02:00) Damascus Syria (GMT+02:00) E. Europe E.
Table 24.
Table 24. TimeZone Parameter Values Geographic time zones Time zones name (GMT+11:00) Solomon Is., New Caledonia Central Pacific (GMT+12:00) Anadyr, Petropavlovsk-Kamchatsky (RTZ 11) Russia TZ 11 (GMT+12:00) Auckland, Wellington New Zealand (GMT+12:00) Coordinated Universal Time+12 UTC+12 (GMT+12:00) Fiji Fiji (GMT+13:00) Nuku'alofa Tonga (GMT+13:00) Samoa Samoa (GMT+14:00) Kiritimati Island Line Islands Creating and Using xen.
B Examples of Common Printing Configurations This section provides examples on using the Printer Setup dialog box and ThinOS Lite INI parameters for common printing situations. Use the following guidelines mentioned below in addition to the information provided in Connecting to a Printer. NOTE: Host-based printers are not supported.
d. Printer Class — You can leave this as default. e. Enable the printer device — Enable this option, as it enables the printer device to display on the remote host. 3. Click OK to save the settings. Using INI Parameters for Local USB Printers The INI parameters for Local USB Printers: Printer=LPT1 \ Name="HP LaserJet 4000" \ PrinterID="HP LaserJet 4000 Series PCL" \ Enabled=yes NOTE: The PrinterID is same as that of the Windows printer driver name.
Using INI Parameters for Non-Windows Network Printers—LPD The INI parameters for Non- Windows Network Printers (LPD) : Printer=LPD1 \ LocalName="HP LaserJet 4200n" \ Host=10.10.10.1 \ Queue=auto \ PrinterID="HP LaserJet 4200 PCL6" \ Enabled=yes NOTE: The PrinterID is same as that of the Windows printer driver name.
is that you can pre-define the domain account to use to authenticate the printer. The following examples discuss how the credentials can be supplied. 1. To Define a SMB Printer with Generic User Credentials in Plain Text Printer=SMB1 \ LocalName="Demo SMB Printer" \ Host=\\dp-dc-ftp \ Name="TechSupportPrinter" \ PrinterID="HP LaserJet 4100 Series PCL" \ Enabled=yes \ Username=Username1 \ Password=Password \ Domain=contoso 2.
Using the Printer Setup Dialog Box for Configuring LPD Services A zero client can be configured to provide LPD (Line Printer Daemon) services making the zero client a printer server on the network. Set up the zero client that is to provide LPD print services as follows: To configure LPD Services using the Printer Setup Dialog Box : 1. From the floating bar menu, click System Setup > Network Setup to open the Network Setup dialog box. 2. Enter a static IP address for the zero client. 3.
To Configure the ThinPrint use the following guidelines: ● Use the Printer Identification field to enter a printer class (you can change the printer name as needed).
C Important Notes VNC RFB version upgrade—Since ThinOS Lite 2.0, the VNC RFB version has been upgraded to 3.8. This version upgrade provides support for applications like DameWare. Thus, an administrator can now remote into a ThinOS Lite device using either DameWare or VNC Viewer. Prior to 2.0, you could only use VNC Viewer.
D Troubleshooting ● ThinOS Lite devices allow secure SSL connections—SecurityMode=Full—only after verifying the certificates. In the present scenario, the devices enforce the warning policy after you define a server using a valid IP address. The resolution for the issue will be delivered in the next ThinOS Lite release. The following are the workarounds to avoid the SSL connection issue: ○ Ensure that the device has a valid certificate and the correct time is selected on the device.