ZC 17.05.1

Release Overview

PCoIP Zero Client Firmware 17.05.1 is a firmware release replacing firmware 5.5.2 for PCoIP Zero Clients (not PCoIP Remote Workstation Cards).

This release is a maintenance release containing security updates. These release notes provide a summary of compatibility notes, resolved issues, and known issues for this release.

Important Notice

If you are using PCoIP Management Console to deploy firmware updates, you must upgrade to Management Console 20.01 or newer before deploying firmware 17.05 or 20.01 or newer.

Deploying endpoints from an earlier version of Management Console may cause endpoints to become unmanageable.

For further details see knowledge base article KB 3230

What's New in Release 17.05

Versioning Number Change

PCoIP Zero Client firmware is on a new numbering scheme, where the first number is the release date year, and the second number is the release date month, and the third number is the number of maintenance releases.
PCoIP Zero Client firmware 17.05 replaces firmware 5.5.

Use with Management Console version 20.01 or newer

This firmware is supported with Management Console 20.01 or newer.

Security Updates

This release contains security updates over firmware 5.5.2.

  • The TLS_RSA_WITH_RC4_128_SHA cipher suite for encrypting Pre-Session communications with VMware Horizon Environments has been removed.
  • TLS 1.0 is no longer available to initiate PCoIP sessions. TLS 1.1 must be used as the minimum version to initiate PCoIP sessions.
  • AES-128 has been removed. PCoIP session can only be encrypted with AES-256.
  • The PCoIP Zero Client Administrative Web Interface now requires web browsers that support TLS 1.2.

Removal of CounterPath Unified Communications

Unified Communications is no longer supported on Tera 2.

Administrative Web Interface (AWI) is disabled by default

By default, the Administrative Web Interface is disabled. To enable it, please read instructions here.

SLP is disabled by default

By default, SLP discovery is disabled.


Use with Management Console version 20.01 or newer

This firmware is supported with Management Console 20.01 or newer.

Remote Workstation Card

Zero Client 17.05 has been tested with Remote Workstation Card 17.05.

Leostream Connection Broker

Zero Client 17.05 is compatible with Leostream Connection Broker version 8.2. It is not compatible with earlier versions of the Leostream Connection Broker.

Note: After upgrading from PCoIP Zero Client Firmware 4.x to 5.0 or higher, the session connection type for the Zero Client must be changed to PCoIP Connection Manager, with the address of the Leostream Connection Broker. Also ensure the Leostream Connection Broker has had Enable TLSv1.1 protocol enabled in the Leostream Connection Broker Security Options section of the Connection Broker > System > Settings page.
Brokering of the Remote Workstation Card requires the installation of the Teradici Remote Workstation Card Agent.

VMware Horizon

Zero Client 17.05 has been tested with VMWare Horizon 7.11. It is also compatible with one major release of Horizon prior to this. Other versions of Horizon may also be compatible, but will need to be verified in your specific deployment environment.

PCoIP Connection Manager for Amazon WorkSpaces

PCoIP Connection Manager for Amazon WorkSpaces 1.0.7 or higher is required in order to connect to Amazon WorkSpaces using the PCoIP Connection Manager session type.

Imprivata OneSign

Zero Client 17.05 has been tested against Imprivata OneSign 6.0.1 with VMware Horizon 7.10.



Resolved Issues

Jabra LINK 230 is now supported


Audio works with Jabra LINK 230 adapter

802.1x authentication issue with Firmware 6.5.0


The issue with 802.1x authentication in Firmware 6.5.0 is resolved in Firmware 6.5.1

Able to connect to AWI after using it to apply the 'Reset Parameters' settings


If the AWI is used to apply the 'Reset Parameters', you are no longer immediately locked out of the Administrative Web Interface.

DisplayPort monitors can come out of sleep


Zero Client can now successfully bring DisplayPort monitors out of sleep.

OneSign error message specifies when password change does not meet length, complexity or history requirements


When a user sets a new password via OneSign that does not meet the complexity requirements, they are presented the following message: "New password does not meet the length, complexity, or history requirements." (earlier versions would present the message: "OneSign could not authenticate you")

Image tearing has been removed.


Image tearing has been eliminated when viewing moving content that is thin and vertical or diagonal in nature.

Known Issues

MFA (Multi-Factor Authentication) fails to authenticate to VMWare Horizon


User cannot log in with MFA (Multi-Factor Authentication) using Horizon View from a Zero Client, but is able to log in with Horizon Client. Will be resolved in 20.04 release.

Zero Client restarts when switching from "Connection Manager for AWS WorkSpaces" to "Direct to Host"


The Zero Client will restart when switching connection type from "Connection Manager for AWS WorkSpaces" to "Direct to Host" if the following steps are taken:

  1. Initiate a connection to Amazon WorkSpaces using the PCoIP Connection Manager for Amazon WorkSpaces.
  2. Disconnect the session.
  3. Change connection to "Direct to Host", this will auto-populate the IP address.
  4. Start a connection without changing the IP address.

Enter the IP address of the PCoIP endpoint you are trying to connect to when using "Direct to Host' session type, and do not try to connect the auto-populated IP address generated when you switch the connection type to "Direct to Host". Will be resolved in the 20.04 release.

OCSP revocation check skipped for certificates issued by root


If a Certificate Authority (CA) issued certificate has an OCSP responder, the PCoIP Zero Client checks if it is revoked. However, for certificates (with an OCSP responder) that are issued by a root CA, the PCoIP Zero Client would report that the OCSP responder is unreachable.


Use certificates that are issued by subordinate/intermediate Certificate Authority.

SafeNet SC650 Blade returns 'Alert! VCS Communication Error' when used to authenticate to Horizon


When connecting to VMWare Horizon using SafeNet SC650 Blade smart card, the Zero Client fails to authenticate with the View Connection Server and an Alert message is displayed in the OSD "Alert! View Connection Server communication error."

This issue affects firmware 5.5.0 and higher.


Use Zero Client firmware 5.4.1

Zero Client crashes after IDPrime .NET smart card PIN and username hint are submitted


Zero Client crashes after IDPrime .NET smart card PIN and username hint are submitted

VMware pool names are blank if they are too long


The VMware pool names will be populated as blank if they exceed 65 characters.

Certificates with unreadable DNs are not logged


Certificates with unreadable Domain Names (DN) will not be logged if the firmware is unable to match any certificates against known CAs.

Stylus cannot wake up display.


If the display goes to sleep, the stylus on a Wacom tablet cannot be used to wake it up.


Use mouse or keyboard to wake up display.

Zero client in Auto Detect crashes upon receipt of invalid certificate chain


The zero client may crash with the error: {quote}0d,00:00:00.00> LVL:1 RC:   0        MGMT_SYS :*** CRITICAL ERROR CONTEXT DUMP ***

0d,00:00:00.00> LVL:1 RC:   0        MGMT_SYS :Reset cause: SOFTWARE {quote} when it is is configured for either one of the VMware Horizon connection types, or Auto Detect, and is presented with an invalid certificate chain (such as one containing duplicate entries).


Verify and correct the certificate chain.

Mouse and keyboard briefly unresponsive after session launch with Wacom tablet connected


Mouse and keyboard devices may be unresponsive when launching a session from the Zero Client if a PTH-660 or PTH-860 Wacom tablet is connected. The mouse and keyboard will become responsive after a few seconds.

Internet Explorer 11 does not trust the Administrative Web Interface certificate


Internet Explorer 11 does not trust the Administrative Web Interface certificate if the AWI is accessed via IP address (it will trust the certificate when using the FQDN).

802.1x not disabled after all certificates removed


Removing the certificates set to be used for 802.1x will not disable 802.1x.


After removing the 802.1x certificates, manually disable 802.1x.

Certificates with long subject names populated using the Cyrillic alphabet cannot be parsed by the zero client.


Certificates with long subject names populated using the Cyrillic alphabet cannot be parsed by the zero client.


Use a shorter subject name in the certificate.

USB Isochronous devices need to be on a root port in order to work.


USB Isochronous devices (such as audio or video devices) need to be on a root port in order to work.


Availability of the root port varies from manufacturer to manufacturer, and they should be engaged to determine if they have a root port available on their zero client model. If available, use the root port for Isochronous device types.

Zero client attempts to resume session when Amazon WorkSpaces host initiates disconnect


Amazon WorkSpaces can support Ctrl+Alt+F12 as a means to cause the connection to disconnect. If the zero client is configured to have Enable Session Disconnect HotKey turned off, then when the user enters Ctrl+Alt+F12, the Amazon WorkSpace will catch the command and initiate a disconnect. When this disconnect occurs the zero client will attempt to resume the session.


Ensure Enable Session Disconnect Hotkey is set to on for the zero client so that the zero client manages the disconnect.

Incorrect error presented when certificate uploaded via AWI


When uploading a certificate via AWI, even though the certificate is uploaded into the certificate store the following error may be displayed: Error. The upload did not complete. Please try again.


Verify the certificate is in the certificate store. If it is, ignore the error.

Zero clients may reboot if a Nessus scan is performed while SNMP is enabled.


Zero clients may reboot if a Nessus scan is performed while SNMP is enabled.


Disable SNMP on the zero client.

Setting timezone to UTC in Management Console results in UTC+0 Europe/Dublin


If the Management Console is configured to push the timezone setting of (UTC+0:00) UTC to the zero client, the zero client will set itself to (UTC+0:00) Europe/Dublin or (UTC+0:00) Europe/London. This timezone makes use of daylight savings time. There is no option in the zero client for (UTC+0:00) UTC.


There is no option in the zero client for (UTC+0:00) UTC. However, if UTC+0:00 without daylight savings is required, then (UTC+0:00) Atlantic/Reykjavik can be used instead.

SIPR token authentication may fail with multiple certificates on card


The zero client will fail to complete SIPR token smart card authentication against VMware Horizon View when the smart card contains more than two certificates.


Ensure that the card has no more than two certificates.

Change in button timing for entering manual recovery


Beginning with firmware 5.2.1, the power button sequence to boot a zero client from powered down into the recovery image is:

  1. Press power button once to turn on the client
  2. Wait for one second
  3. Triple tap power button
  4. Zero client boots into the recovery image

From firmware 5.0.0 to 5.2.0, it was possible to triple tap the power button immediately after turning on the zero client. This is no longer supported.

Mouse cursor briefly unresponsive after zero client reboot


The On-Screen Display's mouse cursor may be unresponsive for a few seconds after a zero client reboot when a web browser is connected to the zero client's Administrative Web Interface.

Zero Client is unable to use IPv6 VMware Horizon View when DHCPv6 is not available


If the zero client is configured for IPv6, and it cannot connect a DHCPv6 server, it will be unable to connect to a desktop when brokered by an IPv6 VMware Horizon View Connection Server. The zero client displays the message 'CONFIGURATION_ERROR - IPv6 capability required: Your VMware Horizon View Client addressing configuration is not compatible with this View Server…'

Security scanners may report zero client to be susceptible to CVE-2004-0230


Security scanners may report that the zero client is susceptible to CVE-2004-0230. This CVE exists in TCP stacks in devices that implement the Border Gateway Protocol. While this is a significant issue for routers that implement the Border Gateway Protocol, it is not a significant issue for zero clients.

Mouse wheel problem occurs with Belkin Advanced Secure Keyboard/Mouse Switch


Mouse wheel scroll-down does not work while in a PCoIP session. This occurs when the mouse is connected to a zero client through a Belkin Advanced Secure Keyboard/Mouse (KM) Switch. This problem has been observed while using KM models F1DN102K, F1DN104K, and F1DN108K.


On Tera2 Zero Clients, bridge the KM and enable the Force Local Cursor Visible on the zero client Configuration > USB Administrative Web Interface.

Zero client fails to resolve FQDN with a label that starts or ends with an underscore


A zero client will not resolve an FQDN that begins or ends with the underscore character (for example, _myhost.teradici.local).

Restrict Proximity Card setting does not work with VMware Horizon RDSH


The Restrict Proximity Card setting does not work with VMware Horizon RDSH sessions when set to disabled.

Enumeration failures with Western Digital portable hard drives


Western Digital Passport external portable hard drives connected to a zero client internal hub may fail to enumerate.


Connect the drive to a zero client root hub port, or connect the drive to an external hub that is connected to the zero client, then restart the PCoIP session and disconnect/reconnect the drive.

Manual IPv6 gateway address is overwritten on reset


Although the IPv6 Gateway address is displayed as an editable field on the zero client Administrative Web Interface (AWI), changes to this field are not respected by the zero client firmware. Instead, the IPv6 gateway is determined using IPv6 Router Advertisement.

Zero client AWI cannot be accessed when IPv6 Link Local Address is entered in the IPv6 Manual address field


Configuring a zero client in IPv6 mode to manual addresses and setting the IPv6 Manual Address to the same value as the Link Local Address will make the zero client Administrative Web Interface (AWI) unreachable.


Use the On-Screen Display (OSD) to reconfigure the IPv6 address settings.

Evoluent VerticalMouse 4 does not work when connected behind a hub during active session


The Evoluent VerticalMouse 4 device does not work if the device is bridged and the user connects the device to a zero client behind a hub (external or built-in hub port) while a session is active.


Avoid plugging the device into a hub port while a session is active or connect the device to a zero client root port. Alternatively, disconnect and reconnect the session after plugging the mouse into a zero client behind a hub.

Elo Touch monitor may lose calibration in OSD after used in bridged mode with certain Elo Multi-Touch drivers


An Elo Touch monitor connected to a zero client may lose its calibration settings and be unstable in the On-Screen Display (OSD) when the zero client connects to a PCoIP host running certain versions of the Elo Multi-Touch driver, and when the monitor is calibrated using Elo Multi-Touch driver on the host.


Use version 5.5.3 of the Elo Multi-Touch driver. This issue has not been observed with this driver version.

RDR-7L82AKU smart card reader does not work with OneSign 4.9 SP1 HF11 and newer


RFIDeas RDR-7L82AKU proximity card readers do not detect cards after logging in to a virtual desktop running Imprivata OneSign 4.9 SP1 HF11 or newer.


Revert Imprivata OneSign installation to a version older than 4.9 SP1 HF11.

Gemalto IDCore 3020 smart cards is missing correct driver in Windows 7


By default, Gemalto IDCore 3020 smart cards work in pre-session. However, the card does not work while in-session for Windows 7 virtual desktops.


Install the correct driver from a default Windows 7 installation:

  1. From the zero client administrative web interface, bridge the smart card reader.
  2. Without the smart card inserted, log in to the virtual desktop with username/password.
  3. Insert the smart card. Windows 7 should recognize the smart card and reader and automatically install the correct drivers.
  4. Log off Windows to disconnect the session.
  5. From the zero client administrative web interface, remove the bridge configuration for the smart card reader.
  6. Log in with the smart card. The smart card should be fully accessible.

OneSign cannot authenticate after changing Session Connection Type


After changing a zero client's Session Connection Type from View Connection Server + Kiosk to View Connection Server + OneSign, the Zero Client is unable to negotiate a PCoIP session with VMware View using OneSign authentication.


Restart the zero client.

After display is turned off, screen does not wake up by pushing zero client button


When the On-Screen Display (OSD) Screensaver timeout expires, it will turn off the display after the end of a PCoIP session brokered by a PCoIP Connection Manager. Clicking the zero client's physical button does not wake the display.

OSD cursor briefly stops responding to mouse input


The On-Screen Display (OSD) cursor stops responding to mouse input for a few seconds after pressing the Apply button on the AWI USB Permissions page, or while loading the AWI Attached Devices page. It will behave as expected shortly after.

Disconnecting a session with auto-reconnect enabled causes an alert dialog


With the auto-reconnect feature enabled, users may see an alert dialog briefly on screen before the PCoIP session is reconnected. The message shown is "Unable to connect (0x1001). Please contact your IT administrator." This message can be safely ignored.

Switching between DVI and DisplayPort connectors may cause screen to go blank on HP Z27i displays


HP Z27i displays connected to a zero client's DisplayPort connectors may not show the remote desktop content when the zero client starts a PCoIP session to a workstation access card, and the card's previous session was from a zero client with displays attached to its DVI ports.

Temporary IPv6 addressing causes failure when connecting zero clients to any soft host


Zero clients cannot establish a connection to any soft host that has temporary IPv6 addressing enabled.