Skip to main content
Start a Conversation

Unsolved

DELL-Scott H

Moderator

 • 

878 Posts

357

December 2nd, 2024 20:25

ThinOS 2411 Posted

Now Available for download and testing.

Release Notes

https://dl.dell.com/content/manual16337107-dell-thinos-2402-2405-2408-and-2411-release-notes.pdf?language=en-us

Admin Guide

https://dl.dell.com/content/manual15713521-dell-thinos-2402-2405-2408-and-2411-administrator-s-guide.pdf?language=en-us

Highlights for me:

  1. Updated Chrome browser package (Contact your Dell SE or sales team while this is in tech preview

  2. Open SSL With new security standards introduced, if using in a legacy environment you may need to adjust TLS Security Level via policy

  3. Beginning in November of 2024, new devices from manufacturing will no longer include the Teradici PCOIP Client (Vmware PCOIP Client still included) which may affect Host card, CAS and Amazon PCOIP connections. See the RN for details, PCOIP can still be enabled for these use cases at an additional cost

  4. Imprivata PIE is officially supported by Imprivata, including PIE Bootstrap updates

  5. Make sure you apply the ConfigUI package to WMS if using on-premises so you can use the latest policies

  6. Updated Common Printing Package

  7. Horizon client SDK package is the only horizon client provided moving forward

  8. CWA Service Continuity added

  9. Updated AVD SDK, with improvements to SSO and FIDO2

  10. ***FIDO2 Security Key Management

Package List

r/WYSE - ThinOS 2411 Released


DELL-Scott H
#IWork4Dell

1 person also has this problem

r.edv

1 Rookie

 • 

8 Posts

December 3rd, 2024 15:22

Hi

After updating a 5070 to ThinOS 2411 we received the message that the certificate is not valid.
The host name in the certificate is invalid.
This certificate worked perfectly with version 2408.
Thanks 
 

Mr. TK

1 Rookie

 • 

12 Posts

December 5th, 2024 14:59

I have the same results as you mentioned above.  I updated an Optiplex 3000 Thin Client to the following 2411 OS and then newest Horizon Client SDK.  This was fine before these updates with certificate and previous OS and SDK Client. I even attempted to perform the following changes with no luck.    

To further improve the security of ThinOS devices, from 2311, ThinOS uses OpenSSL version 3.0 with default TLS security 
level 1. If your environment requires a legacy OpenSSL version (like an SHA1 certification), change the TLS security level 
to 0 in Wyse Management Suite policy by going to Privacy & Security > Security Policy. From 2408, ThinOS is updated 
to follow the WMS Security Policy > TLS Security Level (default = 1). If your network environment requires a legacy 
OpenSSL version, you must change the TLS security level to 0, when updating to 2408 or later version. Otherwise, the 
device can lose its network. Legacy OpenSSL versions are not supported on future ThinOS versions. If a Legacy OpenSSL 
version is required, update your environment

I attempted to roll back the Horizon Client SDK to previous version and still received the error.  I rolled back to the previous OS and everything was fine again.

r.edv

1 Rookie

 • 

8 Posts

December 5th, 2024 15:32

@Mr. TK​ 
Is a problem of the certificate on the VmWare Horizon Connection Server.

In WMS control the setting "Vmware Horizon Settings". With Security Mode = Low the client ignore the certificate.

Or create/use a valid certificate for the Connection Server to increase security.

DELL-Scott H

Moderator

 • 

878 Posts

December 5th, 2024 16:16

Are you assigning the root and intermediate cert in your policy?

 

cptkl0s

1 Rookie

 • 

25 Posts

December 5th, 2024 16:39

i'm getting the same issue with the certificate - our public wildcard certificate works everywhere else including 2408, just not this new 2411. 

(edited)

DELL-Scott H

Moderator

 • 

878 Posts

December 5th, 2024 16:40

Does anyone have an open Support case on this?  if you do, please PM me the SR# so I can get it to engineering. 

Mr. TK

1 Rookie

 • 

12 Posts

December 5th, 2024 20:02

@DELL-Scott H​ I believe we are doing that.  I roll the OS back to 2408 and everything works as it should.  

The notes for 2408 also state this same information 

Important notes
● To further improve the security of ThinOS devices, from 2311, ThinOS uses OpenSSL version 3.0 with default TLS security 
level 1. If your environment requires a legacy OpenSSL version (like an SHA1 certification), change the TLS security level 
to 0 in Wyse Management Suite policy by going to Privacy & Security > Security Policy. The ThinOS 2408 is updated 
to follow the WMS Security Policy > TLS Security Level (default = 1). If your network environment requires a legacy 
OpenSSL version, must change TLS security level to 0, when updating to 2408. Otherwise, device can lose network. Legacy 
OpenSSL versions are not supported on future ThinOS versions. If a Legacy OpenSSL version is required, update your 
environment

It worked fine for me without any changes on 2408,  seems to be something with 2411 unless I am missing something I need to enable.  Thanks 

DELL-Scott H

Moderator

 • 

878 Posts

December 6th, 2024 00:04

@Mr. TK​   Great callout.  Did you by chance try and change the TLS Security policy to 0 under 2411?

I am leaning towards an issue with the Horizon SDK specifically reading the SSL Certs.   I have yet to see a Citrix or imprivata customer raise this yet, just Horizon. 

You can also set the security level to low for the horizon connection which tells the OS to not verify the cert and it will connect as a work around, but probably defeating to do so.

r.edv

1 Rookie

 • 

8 Posts

December 6th, 2024 06:50

Hello, we had installed our certificate with 3 certificates, root, intermediate and our certificate. This meant that the connection with 4211 did not work.

Then we created a PEM certificate chain (.Pem) and with this it is accepted and works

DanielLowe

1 Rookie

 • 

5 Posts

December 6th, 2024 16:02

@DELL-Scott H Any chance i can get the download link for "Chrome browser package"

DELL-Scott H

Moderator

 • 

878 Posts

December 6th, 2024 16:07

@DanielLowe​ Please PM me

DanielLowe

1 Rookie

 • 

5 Posts

December 6th, 2024 16:15

@DELL-Scott H​ wish i could send you a PM, its not working.
when i click on your name and then "Private message" it just loops me back to the default community page

DELL-Scott H

Moderator

 • 

878 Posts

December 6th, 2024 16:25

*****Certificate issue with certain Horizon use cases.

Thank you all for your assistance with this.  Engineering has identified a root cause and are doing internal testing of demo code. A timeline for public testing and availability is being developed.

For now, a workaround is to set the security policy to low if you need to stay on 2411 or roll back to 2408 while the fix is being delivered.  

#IWork4Dell

Mr. TK

1 Rookie

 • 

12 Posts

December 10th, 2024 18:35

@DELL-Scott H​ Thanks for the information. 

DELL-Scott H

Moderator

 • 

878 Posts

December 17th, 2024 23:34

@DELL-Scott H​ 

A hotfix is scheduled to be posted 12/20 on this.

The decision has been made to make this a private hotfix, the public build released in Feb (2502) will contain this.

If you would like to get access to it, please open a support case and ask for

hotfix_24.12.002_5_signed.pkg, related to DTOS-30398

 

(edited)

Was this post helpful?

View All

No Events found!

Top