This document provides information about unresolved interoperability issues that might affect Novell® iChain® 2.2 and other Novell products. Known issues are listed under the products for which interoperability testing with iChain 2.2 has been performed. Issues are listed in this document in the following format:
REF <number>, <product>, <description of issue>
where REF <number> is an internal reference number (see Note for more information), and <product> is the Novell product referred to in the description of the issue.
Note: Some issues listed below include a REF number (for example, REF 314061). This is a Novell internal reference number. It is not a Technical Information Document (TID) number. Searching on a REF number on the Novell Web site will not return any information pertaining to the referenced issue.
1.0 Known Issues With Tier 1 Products
1.1 Novell Certificate Server
1.2 Novell eDirectory
1.3 GroupWise 6.1 SP2
1.4 Novell iFolder 2.0
1.5 NMAS
1.6 Novell Portal Services 1.5 SP1
1.7 Novell ZenWorks OnDemand Services 2
1.8 Novell SecretStore
1.9 SilverStream
1.10 TimeSync
2.0 Known Issues With Tier 2
Products
2.1 Novell BorderManager 3.7
2.2 Novell eGuide 2.1
2.3 Novell eGuide 2.1.1
2.4 GroupWise 6.5
2.5 Novell iManager 1.5
2.6 iPrint
2.7 Novell NetMail 3.1
2.8 NetWare 6 Home Page
2.9 NetWare 6 Web Manager
2.10 NetWare Web Access
2.11 RConsole
2.12 Novell Remote Manager
2.13 Novell SecureLogin
2.14 Novell ZENworks For Desktops
3.0 Known Issues With Tier 3
Products
3.1 NetDrive
3.2 NetStorage
3.3 List of Products That Have Not Been Tested With
iChain
4.0 Legal Information
4.1 Disclaimer, Copyright, and Patents
4.2 Trademarks
1.0 Known Issues With Tier 1 Products
There are currently no known interoperability issues between Novell® Certificate Server and iChain.
There are currently no known interoperability issues between Novell® eDirectory™ and iChain.
(REF 314061) The iChain rewriter does not reliably change qualified URL references in GroupWise® WebAccess message Body or Subject areas. This appears to be a result of formatting done by GroupWise which results in the URL References no longer matching the delimiters used by the iChain rewriter.
(REF 100300747) The iChain rewriter changes the URL references in message bodies when you reply to a message. Users reading the reply will see the re-written URL reference, even though they might not be accessing GroupWise through an accelerator and the reference might not be useable.
(REF 100300994) The iChain rewriter changes URL references in e-mail attachments when you view them. However, the references are not changed when you save the attachment (as expected).
(REF 314039) The GroupWise WebAccess monitoring agent can be configured for SSL, but still only works over HTTP. If you are accelerating the WebAccess monitoring agent with iChain, Secure Exchange should be disabled between the proxy and the WebAccess server.
(REF 100300801, REF 312888) If you are using iChain Form Fill with Novell® iFolder™, the admin page will not work and the browser will loop continually. This appears to be a cache-control problem and can be avoided by adding a Bypass type Pin entry for the iFolder Web site.
(REF 314631) iChain can provide single sign-on functionality only for the Login (PDA) link on iFolder’s HTML page. The iFolder client and the Login link on the HTML page cannot utilize iChain authentication or single sign-on.
(REF 314063, REF 100296447) Novell recommends disabling iChain caching of iFolder content. iFolder data is private and encrypted, so caching might slow down access.
Since iFolder encrypts its own data, all communications can be sent using HTTP (rather than HTTPS). iChain with Secure Exchange will try to redirect HTTP traffic to HTTPS. iFolder uses HTTP POSTs, which cannot be redirected. These connections will fail. For this reason, iChain Secure Exchange will only work for HTML (PDA) access.
If you are fronting iFolder with Secure Exchange disabled, iFolder Management, Applet, and HTML (PDA) access methods which require HTTPS will not work. Only iFolder client access will work.
The iFolder client does not have the means to prompt for the iChain Proxy Server password. If iChain proxy authentication is enabled, the client connection will fail.
There are currently no known interoperability issues between Novell Modular Authentication Service™ (NMAS) and iChain.
1.6 Novell Portal Services 1.5 SP1
(REF 100301232) If you configure iChain OLAC with Shared Secrets to provide single sign-on to Novell® Portal Services (NPS) but the credentials in Novell® SecretStore® are incorrect or non-existent, the user will be prompted to manually log in to NPS. However, this manual login will fail. This is caused by multiple authorization headers being sent by iChain.
(REF 100301426) When you access NPS through iChain, if an idle session timeout occurs, a “409 conflict” error will be given if the user then attempts to use a link in a gadget from that browser session. One possible workaround is to use the new iChain 2.2 feature “Allow authentication through HTTP authorization header”. You should enable Secure Exchange if this option is selected in order to secure credentials that are sent in the headers.
(REF 100300685) The NPS Chat gadget uses port 2122 by default and will only work through iChain using tunneling.
1.7 Novell ZENworks OnDemand Services 2
(REF 295369) The iChain session reconnect for Novell® ZENworks® OnDemand Services 2™ DeFrame applications using a load-balanced RDP or ICA tunnel does not work. Tunnels configured for OnDemand ICA and RDP applications should be point-to-point only.
(REF 291879) OnDemand DeFrame Load Balancing is not compatible with iChain. The DeFrame load algorithm uses NDS attributes which iChain does not monitor.
(REF 100301232) If iChain OLAC with Shared Secrets is configured to provide single sign-on to a Web resource but the credentials in Novell SecretStore are incorrect or non-existent, the user will be prompted to manually log in to the Web resource. However, this manual login might fail due to multiple authorization headers being sent by iChain.
This product has not been tested with iChain.
There are currently no known interoperability issues between TimeSync and iChain.
2.0 Known Issues With Tier 2 Products
(REF 314058) The iChain Proxy GUI is incompatible with the Novell® Border Manager® NAT due to the use of a hard-coded IP address instead of a DNS name. Administrators will be unable to access the GUI across static NAT-type routers.
(REF 292468) Using Schema Collision with Border Manager causes problems with iChain ACL rules. See Technical Information Document (TID) 10067543 on the Novell Technical Services Web site for a workaround.
(REF 100300259) Using the Novell eGuide Logout button through iChain causes a loop condition, and subsequent access fails. This problem can be avoided by adding a Bypass type Pin entry for the eGuide Web resource. This problem is fixed in eGuide 2.1.1.
(REF 100300310) If iChain is used to access eGuide, users might see the previous user's name on the eGuide page. This problem can be avoided by adding a Bypass type Pin entry for the eGuide Web resource. This problem is fixed in eGuide 2.1.1.
(REF 100300272) Users are unable to authenticate to eGuide using iChain's OLAC method for single sign-on with attributes such as TelephoneNumber (configured in eGuide). This problem is fixed in eGuide 2.1.1.
There are currently no known interoperability issues between Novell eGuide 2.1.1 and iChain.
(REF 314061) When reading e-mail messages, the iChain rewriter is not reliably changing qualified URL references in GroupWise WebAccess message Body or Subject areas. This appears to be a side effect of the formatting done by GroupWise which results in the URL references no longer matching the delimiters used by the rewriter.
(REF 100300747) The iChain rewriter permanently changes the URL references in message bodies when you reply to a message. Users reading the reply will see the re-written URL reference even though they might not be accessing GroupWise through an accelerator. The rewritten URL reference(s) might not be useable.
(REF 100300994) The iChain rewriter changes URL references in e-mail attachments when you view them. However, the references are not changed when you save the attachment (as expected).
(REF 320221) Several iPrint management links in Novell iManager are broken when you access iManager through iChain due to the use of a hard-coded IP address. This problem will also occur if you access iManager through static NAT and other proxy devices.
(REF 100297228) Links to access or install IPP printers don't work with the iChain proxy (this is a 409 conflict). A tunnel might provide a workaround for this issue.
(REF 100297981) You cannot print from an iPrint client through an iChain accelerator. The iPrint client uses Tranfer Encoding (type chunked) to send print jobs, which isn't supported by iChain. A tunnel might provide a workaround for this issue.
(REF 320221) Several iPrint management links in iManager are broken when you access iManager through iChain due to the use of a hard-coded IP address. This problem will also occur if you access iManager through static NAT and other proxy devices.
(REF 318074) You might encounter HTTP 504 Gateway Timeout errors when you are using iChain’s Secure Exchange feature with a Novell® NetMail™ Web server and SSL certificates from Novell Certificate Server. This problem cannot be reproduced with third-party certificates.
(REF 100297484) If an iChain accelerator is configured for NetMail and uses OLAC for single sign-on, the user will be manually prompted for NetMail authentication if the OLAC credentials fail for any reason. However, the manually entered credentials will also fail due to the presence of multiple Authorization headers sent from iChain. To avoid this problem, you should keep user databases in sync and keep login information current and accurate.
(REF 322892) When you access the NetMail calendar through iChain using Internet Explorer 6 browsers, clicking links to see calendar events is delayed by 20 seconds before information is returned.
(REF 100301545) The iChain internal rewriter changes URL references in saved NetMail attachments. The rewriter can be disabled for the NetMail accelerator by editing sys:\etc\proxy\rewriter.cfg on the iChain server.
There are currently no known interoperability issues between NetWare 6 Home Page and iChain.
(REF 320221) Several iPrint management links in Web Manager are broken when Web Manager is accessed through iChain due to the use of a hard-coded IP address. This problem also occurs if Web Manager is accessed through static NAT and other proxy devices.
(REF 100300505) If an accelerator is configured for Web Manager and uses iChain OLAC for single sign-on, the user will be prompted for authentication if the OLAC credentials fail for any reason. However, the manually entered credentials will also fail due to the presence of multiple Authorization headers sent from iChain. To avoid this problem, you should keep user databases in sync and login information current and accurate.
(REF 100301516) A “Click here to use” link is displayed when accessing NetWare Web Access with Netscape 7 instead of the expected home page graphic. This problem does not occur with IE browsers and seems to be caused by the user-agent value sent from Netscape not supported by Web Access.
(REF 100301680) The Folders frame is empty when you access Netstorage from NetWare Web Access using Netscape 7. You can still navigate the file system using the folder icons in the main frame of the html page.
There are currently no known interoperability issues between RConsole and iChain.
(REF 100298180, REF 100301232) If an iChain accelerator is configured for Remote Manager and uses OLAC for single sign-on, the user will be prompted for authentication if the OLAC credentials fail for any reason. However, the manually entered credentials will also fail due to the presence of multiple Authorization headers sent from iChain. To avoid this problem, you should keep user databases in sync and login information current and accurate.
(REF 100301854) The Console Screens page (found under Manage Server) provides another link, “Console Screens,” which uses an applet to view and navigate through the server screens. If Remote Manager is accessed through an iChain path-based child accelerator, the applet screen comes up blank. As a workaround, use the individual links listed under “HTML-based Screen Pages” to access the console screens.
(REF 100300898) Login failures might occur if you are using Novell SecureLogin for the iChain proxy login and Form Fill for the back-end web resource if the FormFill script is interactive (no <post/> tag in the script).
(REF 100301232) If an iChain accelerator and resource is configured to use OLAC for single sign-on, the user will be prompted for authentication if the OLAC credentials fail for any reason. However, the manually entered credentials may also fail due to the presence of multiple Authorization headers sent from iChain. To avoid this problem, you should keep Novell SecretStore credentials configured properly.
2.14 ZENworks For Desktops 4.0
(REF 319083) The Novell® ZENworks® for Desktops Management Agent does interoperate with iChain Authentication. The Zen Management agent cannot handle the redirect by iChain for authentication. A workaround is to use a tunnel or an accelerator with authentication disabled.
3.0 Known Issues With Tier 3 Products
(REF 100301568) The NetDrive client cannot connect to iFolder or WebDAV servers through an iChain accelerator if proxy authentication is enabled.
(REF 100301590) The NetDrive client cannot connect to an iFolder server through an iChain accelerator if Secure Exchange is enabled.
(REF 100296910) iChain single sign-on is not compatible with xTier cookie authentication. Users will be prompted for NetStorage login credentials.
(REF 312033) iChain does not provide support for WebDAV extensions.
3.3 List of Products That Have Not Been Tested With iChain
The following Tier 3 products have not been tested with iChain 2.2
- Novonyx Web Server
- Novell® Nterprise™ Branch Office™
- Novell® NetDevice™ NAS
- NFS
- FTP Server
- Novell® ZENworks® For Servers
- NFAP
4.0 Accessing Other iChain Interoperability Information
4.1 Accessing the Interoperability Technical Information Document
For information on how to configure iChain with NetWare products, see TID 10078054, "Configuring iChain to Work With Other NetWare Products."
5.0 Accessing the Latest iChain Documentation
For the latest iChain documentation, including information on iChain setup and administration, go to http://www.novell.com/documentation and locate iChain documentation in the alphabetical list.
6.1 Disclaimer, Copyright, and Patents
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
You may not export or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside. This product may require export authorization from the U.S. Department of Commerce prior to exporting from the U.S. or Canada.
Copyright (C) 2003 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
U.S. Patent Nos. 5,349,642; 5,608,903; 5,671,414; 5,677,851; 5,758,344; 5,784,560; 5,818,936; 5,828,882; 5,832,275; 5,832,483; 5,832,487; 5,870,561; 5,870,739; 5,873,079; 5,878,415; 5,884,304; 5,913,025; 5,933,503; 5,933,826; 5,946,467; 5,956,718; 6,047,289; 6,065,017; 6,081,900; 6,105,132; 6,167,393. Patents Pending.
Novell, iChain, GroupWise, NetWare, SecretStore, and ZENworks are registered trademarks of Novell, Inc. in the United States and other countries.
BorderManager, Branch Office, Certificate Server, ConsoleOne, eDirectory, iFolder, OnDemand Services 2, NetDevice, NetMail, Nterprise, and NMAS are trademarks of Novell, Inc.
Novell Technical Services is a service mark of Novell, Inc.
For more information, see Legal Notices.