This bulletin describes the contents of the Cisco® Secure Services Client Release 4.0.51. Cisco Secure Services Client 4.0.51 is a point release for the 4.0.5 product release and contains bug fixes identified from the previous product release. The release is scheduled to be generally available on December 21, 2006.
Table 1. Bugs and Fixes for the Cisco Secure Services Client 4.0.51 Point Release
More than one profile with same time stamp causes supplicant to crash
Improvements have been made in handling incorrectly deployed configuration files. For example, errors in creating a deployed package and mistakenly copying both the network profile configuration XML file and the policy configuration XML file, which have the same timestamp, into the same folders. (Ref #13886)
Authentication retries default value change
Background: Some more intelligent access devices support special features that have, for example, the ability on a failed connection attempt to open the port but switch the user into a special VLAN. In order to support these access devices, the client provides the administrator with the capability of adjusting the number of connection retries before disconnecting, allowing the access device to make intelligent decisions based on multiple authentication failures.
The default values for administrator control over the retry counts made during authentication have been changed in order to better support the Failed Authentication VLAN feature of Cisco switches. In this case, it is important to set the supplicant to be one more than what the switch is set to for retries. This is so that the supplicant tries one more time to get onto the restricted VLAN. (Ref #14434)
Cisco Secure Services Client sends wrong password after Active Directory password change
A fix has been made to correct the password that is sent when using single sign-on and the user is prompted to change their Active Directory password. An authentication failure and a subsequent reboot or re-logon is now avoided. (Ref CSCsf32767, CSCzd14391, CSCzd14494)
Authentications while transferring from a machine to user context
Improvements have been made to eliminate processing a redundant machine authentication session when logging onto Windows. (Ref CSCsd78605)
Forced logoff of a user by a local administrator logon
A fix has been made, in a machine-only or a machine/user connection context, so that when an administrator logs onto a user-locked computer, the network connection is maintained and the client responds normally. (Ref CSCsg71040)
Upgrading from 4.0.4 to 4.0.5 may break trusted server validation
A fix has been made that allows for a correct upgrade from the AEGIS SecureConnect 4.0.4 client for specific environments that are using server validation and happen to have two possible server certificate chains resident on the end station - one, an invalid Intermediate CA certificate and another, a valid Root CA certificate.
Note: If you have already successfully upgraded from version 4.0.4 (AEGIS SecureConnect) to 4.0.5 (Cisco Secure Services Client), this is not an issue.