This document contains the known issues for Novell Identity Manager 4.0.1.
The latest version of this Readme is available at the Novell Identity Manager documentation Web site.
This Readme contains the known issues for Identity Manager 4.0.1. In addition to this Readme, separate Readmes are available for Designer 4.0.1 and Analyzer 4.0.1:
Additional documentation resources are also available for the following products:
The following sections provide information on known issues at the time of the product release.
You might encounter the following issues during the installation of the Identity Manager framework installer:
Ensure that the specified path doesn’t contain any spaces.
You cannot install the Linux/UNIX Bidirectional driver in a Solaris zone that contains a read-only/usr partition. If you select the driver for installation, the Identity Manager 4.0.1 framework installer reports an error.
During the Identity Manager installation, if you return to the Installation Location page from the subsequent page, the
button does not work as expected.After Identity Manager 4.0.1 is installed on your Windows machine, if you click the
link under the Identity Manager entry in the list, it displays Identity Manager 4.0.To find the correct Identity Manager version that has been deployed on your machine, run the DxCMD command.
You might encounter the following issues when you use the Identity Manager integrated installer:
The primary server might stop working just before you start the Metadirectory server configuration after the Identity Vault configuration is completed.
If the primary server stops working, follow these steps to resume the configuration from the current state:
Start Identity Vault on the primary server.
On the Linux machine, create the /root/idm/Uninstall_Identity_Manager/idmconfigure_state.conf file. The idmconfigure_state.conf file should have only false entry.
Make sure that the IA_RESULT_IDM_FRAMEWORK_CONFIGURED entry in the /etc/opt/novell/idm/install/state/conf/install_state.conf file does not have true value.
Rerun the configuration.
If you are installing Identity Manager through integrated installer on a 64-bit system, make sure that libgthread-2_0-0-32bit-2.17.2+2.17.3+20080708+r7171-3.1.x86_64.rpm compat library is installed before starting the Identity Manager installation.
You cannot use UNC paths for installation and configuration when you use the Identity Manager 4.0.1 integrated installer (for example, \\myserver\share\Identity_Manager_4.0.1_Windows_Enterprise).
To work around this issue, create an actual mapped drive.
The Identity Manager installation might fail with an error message if you are installing from a remote desktop. Because the remote desktop connection is delayed in comparison to the actual/physical access, the install process fails to acquire the local referrals, resulting in a failed installation.
To work around this issue, install Identity Manager on an actual/physical connection of the server or by using a VNC connection.
The integrated installer does not perform a health check before the secondary server addition.
You must run ndscheck if you are adding secondary server through the integrated installer. On Windows, run ndscheck from the <install loccation>\NDS location. On Linux/Solaris, run it from the /opt/novell/eDirectory/bin/ndscheck directory. Specify the mandatory parameters and run the command as follows:
ndscheck [-h <hostname port]>] [-a <admin FDN>] [[-w <password>]
NOTE:Ruuning ndscheck on Windows causes eMbox warnings to display on the screen. Don't treat these warnings as health check failure. It is safe to ignore them.
You might encounter the following issues as you use the Remote Loader:
On Windows Server 2008 Core, when you click
in the Remote Loader console, the corresponding help page is not displayed.To work around this issue, install a browser (for example, Internet Explorer) on your machine and click
in the Remote Loader console.If you choose to have both a 32-bit and a 64-bit Remote Loader on the same machine, the audit events are generated only with the 64-bit Remote Loader. Events are not logged to the lcache file with the 32-bit Remote Loader.
When 32-bit and 64-bit Remote Loaders are installed together, the events are logged to the 64-bit lcache and 32-bit Remote Loader fails to log audit events. It displays the "Agent already running error" error message.
However, if a 64-bit Remote Loader is installed before installing a 32-bit Remote Loader, the events are logged to the 32-bit lcache, which prevents 64-bit Remote Loader from logging events. The 32-bit and 64-bit lcaches don’t work on the same machine.
To work around this issue, don't install both 32-bit and 64-bit Remote Loaders on the same machine.
You might encounter the following issues as you use Identity Manager:
This issue is observed only on virtual machines.
To work around this issue:
Restart eDirectory.
Reduce the JVM minimum heap size if the failure repeats.
Restart eDirectory.
To enable or disable telemetry job, connect iManager to the server where the job is configured to run.
If you enable or disable it from a different server than the server it is configured to run on, it might not be enabled/disabled. It might also continue to run even if it is disabled on the other server.
You might encounter the following issues as you use the Identity Manager drivers:
This issue has been reported only on MySQL. The upgrade operation fails when you upgrade the JDBC driver from a version earlier than 3.5.1 to version 3.5.1 or later.
The operation fails because of one of the following reasons:
The driver cannot use the mysql-connector-java-3.1.11-bin.jar driver classes to read the metadata of tables.
You cannot get the information from the state files because the serialVersionUID of the class JDBMKeyComparator has changed after the upgrade.
To work around this issue, use one of the following actions:
Upgrade the third-party driver class from mysql-connector-java-3.1.11-bin.jar to mysql-connector-java-5.1.6-bin.jar.
Delete the state files and restart the driver.
At times, you cannot select drop-down options when creating or configuring a driver. To work around this issue:
Click the drop-down menu and continue to hold the left mouse button until the desired option is highlighted.
Release the left mouse button to select the option.
You might encounter the following issues as you use the Identity Reporting Module:
If you use the loopback address of 127.0.0.1 as the IP address for the Managed System Gateway driver when configuring with the integrated installer, that is valid and will work correctly. However, when you use the endpoints, having the IP address be the loopback (127.0.0.1) will not work. In this case, you need to specify the correct IP address in the
section of the Managed System Gateway driver.The integrated installer displays the following error if Identity Reporting Module and the Roles Based Provisioning Module are separately configured:
'Failed to load users/passwords/role files'
To work around this issue, either stop JBoss before installing the Identity Reporting Module or restart JBoss after installing the Identity Reporting Module.
When users assign roles, the request_date column in the idmrpt_idv_identity_trust table is not being populated with data. The defect number is 633206.
If you remove an attribute that was added to the Data Collection Service driver filter policy, the attribute is not removed from the extended attributes tables (idmrpt_ext_attr, which tracks the attributes) and no data is removed from the idmrpt_ext_item_attr table. The defect number is 633209.
On Firefox, when the
are set to show 1 week on the Calendar page, you do not see today’s schedule if you click the button. Instead, you see a day one week ahead of today. To see today’s schedule in the Calendar page, press the up-arrow to go back one week. This problem does not occur on Internet Explorer.If the times of your machines are not in synchronization when you install the Event Auditing Service (EAS), there may be problems with your configuration. You cannot install EAS on Windows. It must be installed on Linux. Therefore, the Linux server where EAS is installed must be synchronized with the machine where you are installing the rest of your components.
Under the following circumstances, the logevent.conf is overwritten without prompting during the installation of the reporting module:
There is already a logevent.conf file in /etc/.
EAS is installed on the same machine.
During the reporting installation, you replace the value of localhost
and enter the machine's actual IP address for the EAS server.
To work around this issue, manually update the /etc/logevent.conf file after the installation is complete.
If EAS is installed remotely and you want to test the connection to EAS during the Identity Reporting Module installation, the parent directory of your chosen install directory must exist prior to running the installation. Without an existing parent directory, the installation directory cannot be created in order to write the JDBC JAR file used for testing the connection. For example, if you are installing the Identity Reporting Module to /opt/novell/IdentityReporting, you need to ensure that the /opt/novell directory exists before beginning the installation.
If RBPM and the Identity Reporting Module are configured from an AE .iso file, and the tree to which they are connected is an SE tree, the collection state of the Managed System Gateway driver is active when it should not be. This bug occurs only in the following mixed mode scenario:
The Metadirectory server is installed from an SE .iso file on one machine.
RBPM and Reporting are configured from an AE .iso file on another machine (RemoteIDVault scenario) that tries to connect to the SE tree installed earlier.
Because the reporting module is configured from an AE .iso file, it tries to configure the Managed System Gateway driver, and the Managed System Gateway driver registration parameter is set to Yes in the Data Collection Service driver.
The IDMRPT_CORE war deployment sometimes fails on the JBoss application server because of memory issues. Look for the following error messages in the server console:
***********Server Error Log****************** 16:45:02,440 INFO [[/IDMRPT-CORE]] Marking servlet OsgiBridge as unavailable 16:45:02,441 ERROR [[/IDMRPT-CORE]] Servlet /IDMRPT-CORE threw load() exception java.lang.OutOfMemoryError: Java heap space ... *******************************************
There are two different memory issues and the solutions are different:
Unfortunately, Novell is unable to correct this problem.
In this situation, you might see an error similar to the following, most of the time followed by a JVM crash:
java.lang.OutOfMemoryError at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.<init>(Unknown Source) at java.util.zip.ZipFile.<init>(Unknown Source) at org.jboss.virtual.plugins.context.zip.ZipFileWrapper.ensureZipFile(ZipFileWrapper.java:175) at org.jboss.virtual.plugins.context.zip.ZipFileWrapper.openStream(ZipFileWrapper.java:213) at org.jboss.virtual.plugins.context.zip.ZipEntryContext.openStream(ZipEntryContext.java:1082) at org.jboss.virtual.plugins.context.zip.ZipEntryHandler.openStream(ZipEntryHandler.java:153) at org.jboss.virtual.VirtualFile.openStream(VirtualFile.java:230) at org.jboss.classloading.spi.vfs.policy.VFSClassLoaderPolicy.getResourceAsStream(VFSClassLoaderPolicy.java:483)
This indicates that the available system memory on your machine is not sufficient for running our product. Either increase your memory, or stop some unnecessary services from running. Increasing java heap size by -Xmx for your application server does not help.
If you use your own JBoss, you need to use the following procedure to upgrade Hibernate before you can use the product:
Stop JBoss.
Back up the Hibernate jars.
Go to the <jboss>/common/lib folder and move all jars beginning with hibernate
to a backup location outside the <jboss> folder.
Go to the Hibernate Web site and follow its instruction to download Hibernate 3.6.1.
Unzip Hibernate and copy the hibernate3.jar file into <jboss>/common/lib.
Start JBoss.
NOTE:If you do not upgrade Hibernate, the reporting module might not start properly. Also, remember that upgrading Hibernate affects non- Identity Manager applications running on the same JBoss.
This problem has only been observed on WebSphere.
When you add an application in the reporting module, you might notice that a valid certificate is not properly converted. The following actions might cause this problem to occur:
You log in to the Identity Reporting Module with valid credentials.
You navigate to the Applications page and click the
button.You fill in all the mandatory fields and browse for the certificate by selecting the
check box and clicking .The certificate should be converted, but this does not occur.
To workaround this problem, you can simply copy and paste the content of the certificate into the text area on the form.
When users are added in both RBPM and iManager, these users are updated in the database in the idmrpt_idv_acct table. However, the following reports might be empty when executed if the time between the servers is not synchronized:
IDV User report
IDV user status
IDV password
This happens only for new users when the time between the servers is out of synchronization. If a user is added and then modified, the reports are populated with data.
If the MetaDirectory and Reporting servers are running on different machines, and the timestamp value of the MetaDirectory server is ahead compared to the reporting server, this issue will occur. The timestamp value of the user account (valid time) will update with MetaDirectory timestamp. Until the reporting server time meets the user account valid time, you cannot fetch the data into reports. The fix for this issue is to ensure that all servers have the same time.
Currently, in release 4.0.1 of the Identity Reporting Module, it is not possible to modify the frequency of a schedule. If you need to change the frequency (from week to month, for example), you need to delete the schedule and create a new one.
Currently, when using the Download page in Identity Reporting Module with an Internet Explorer browser, the file may change its extension from .rpz to .zip. This change does not cause any problems. The reporting module will handle the upload and import the report correctly if the extension is .zip.With a Firefox browser, the extension always will be .rpz.
If you change from the Standard Version to the Advanced Edition, the version change for the reporting module will occur after the next batch of events is processed.
When you first start the Identity Reporting Module, wait 5 minutes before running a report. The startup process consumes a lot of memory, leaving less memory for the report generation. If you do not wait 5 minutes, you may encounter memory errors.
When using the standalone installers for RBPM and the Identity Reporting Module, you may see configuration errors on Windows 2008 if you install both components and switch from a 32-bit JRE to a 64-bit JRE.
The Identity Reporting Module is installed with a 32-bit JRE. Preferences are set under this JRE environment.
If install a 64-bit Java on Windows 2008, then this will become the default Java on you system. When JBoss starts up, it reads the environment variable JAVA_HOME, and uses the Java that JAVA_HOME points to. If JAVA_HOME points to the 64 bit Java, then you will see errors in the JBoss server log when starting the reporting module (IDMRPT, IDMRPT-AUTH, IDMRPT-CORE) indicating that the configuration is not correct. This is because it is reading the preferences under the 64-bit Java and not the 32-bit Java.
To workaround this issue, open the start-jboss.bat file and edit the JAVA_HOME and PATH entries to point the 32-bit Java. This will typically be in your JBoss directory. Alternatively, if you are aware of this issue before installing RBPM, you can point to the 32 bit Java when the installer asks which Java you want to use.
If you install RBPM alone (and do not install the Identity Reporting Module), you can use 64-bit Java.
You might encounter the following issues as you use the Roles Based Provisioning Module:
In Firefox, if you attempt to copy text in the Detail portlet, an error message is displayed.
The following actions cause this message to appear:
You log in to the User application as administrator and go to the
tab.You click
in Portlet Applications.You click
.You click the
icon and enter some sample text, such as “TEST”.You select the text and click the
icon.If you follow these steps, you see the following error message:
“Exception... "Access to XPConnect service denied" code: "1011" nsresult: "0x805303f3 (NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED)" location: "http://172.16.1.99:8180/IDMProv/resource//portal-general/javascript/html_editor.js Line: 531" ” when clicked on Copy button.
You might also see this message when performing cut and paste operations.
This is a known issue with Dojo and Firefox.
The session-level failover does not function properly with software dispatchers. However, it works correctly with hardware dispatchers.Until further notice, the User Application supports only hardware dispatchers in a clustered environment.
You can add JavaScript to a workflow form to allow for printing. However, this technique does not produce expected results on Internet Explorer.
As described in the Designer documentation, you can add the following to the form onload event:
form.interceptAction("SubmitAction", "around", function (invocation) {var pf = new PrintForm("SubmitAction"); pf.printFormInterceptor(invocation); } );
This action works correctly for both Internet Explorer and Firefox. However, the printed form output is not formatted correctly on Internet Explorer, although it is formatted correctly on Firefox.
Firefox supports automatic resizing of pages. It takes the entire page as a vector and resizes it, but Internet Explorer just changes the styles internally. For this reason, only Firefox can be used to resize the page appropriately for printing.
To work around this problem on Internet Explorer, determine which of the following possible solutions works best for you:
You can perform an Alt+Print Screen function in Internet Explorer that prints the content as it appears on the screen.
You can use the reference below, which might work for the workflows but might not print the form exactly the way you want it to print. This is a quick fix to print the form.
<link rel="stylesheet" type="text/css" href="print.css" media="print" />
This can be added in the workflow forms (the Request_form, Approval_form, and so forth) under
> . This improves the print formatting on Internet Explorer, but might not be totally correct.You can create a CSS script specifically for each workflow to print the output as you want it to appear. Each CSS script probably needs to be specific to a workflow and requires tweaking that could be time-consuming.
The references look like this:
document.writeln("<link rel=\"stylesheet\" type=\"text/css\" href=\"http://172.17.5.100:8280/externalFiles/css/jquery-ui-1.7.2.custom.css\"><\/script>");
This can be added in the workflow forms (Request_form, Approval_form, and so forth) under
> .You can create an external WAR file that stores all the CSS scripts and is referenced from the workflow. This allows changes to be made in one file rather than within each workflow.
For example, with document.writeln("<link rel=\"stylesheet\"type=\"text/css\"href=\"http://172.17.5.100:8280/externalFiles/css/jquery-ui-1.7.2.custom.css\"><\/script>");, you replace the href attribute with the link to your CSS script. You need to do it this way because the external script for a workflow form must be JavaScript. You need to use an inline script to load a reference to a CSS. The inline scripts go into a specific area on the form called and are executed when the form is first loaded. You need to put the scripts on all the forms (request forms and approval forms). This allows you to specify a style that works for the printer, without changing the style for the viewable form.
The Roles Based Provisioning Module reports that were provided in previous releases of the product (available under
on the tab) are being deprecated in this release. These reports will be removed in a future release.Support for digital signatures has been removed in this release.
Support for accessory portlets has been removed in this release
On WebSphere, if you create a new user with special characters in the name, the user cannot log in to the User Application. For example, if you create a user as /Test//
from the page, an error page is displayed when the new user tries to log in to the application.
PostgreSQL requires several Microsoft VC++ libraries when running on Windows. If these libraries are not installed on the Windows server, the PostgreSQL installer automatically installs them. When you run the JBossPostgreSQL installer in silent mode on Windows, a pop-up window appears for about three seconds while these libraries are being installed, if those libraries are not already installed on the machine.
At this time, the installer is not able to suppress this pop-up window on Windows.
If you redeploy the User Application driver from Designer after running the integrated installer, the trustees for the Attestation Report provisioning request definitions are deleted and no one can execute the report. The reason for this is that the trustees are added to the Attestation Report provisioning request definitions at User Application startup. Because Designer does not know about the trustees, an attempt to redeploy the User Application driver from Designer removes the trustees. Therefore, you need to import these objects from eDirectory after User Application startup to synchronize the trustees.
In some situations, the integrated installer does not properly handle the Roles Based Provisioning Module setup errors. This can happen when the Roles Based Provisioning Module configuration fails because of a problem with the driver configuration process. In this case, the integrated installer configuration summary displays a message indicating that the Roles Based Provisioning Module configuration passed, but the Roles Based Provisioning Module configuration has setup errors. The defect number is 641557.
If you create a role or resource assignment, and then remove it, you see a message indicating that the assignment has been removed, but the assignment is still listed. If you refresh the page, you see that the assignnent has been removed. This is caused by a caching issue.
The search feature in the Orch Chart Portlet does not work if the Entity type being displayed has a dash (-) in the name. At this time, the product does not support Entities with dashes in their names.
If you deploy the Roles Based Provisioning Module on JBoss 5.1.0 Enterprise Application Platform (EAP), you might see multiple warrnings and errors in the startup log.
The problem is that the RBPM installer uses the community version of the messaging-jboss-beans.xml file as a template to generate its own version of the file. Unfortunately, the EAP version is very different in many aspects, including the definitions of QueueMODefinition and TopicMODefinition.
The workaround for this issue is to replace the the messaging-jboss-beans.xml file you have with the modified XML file shown below. The file needs to be in the IDMProv/deploy/messaging folder.
<?xml version="1.0" encoding="UTF-8"?> <!-- ======================================================================== Copyright (c) 2009 Novell, Inc. All Rights Reserved. THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES NO PART OF THIS WORK MAY BE USED, PRACTICED, PERFORMED COPIED, DISTRIBUTED, REVISED, MODIFIED, TRANSLATED, ABRIDGED, CONDENSED, EXPANDED, COLLECTED, COMPILED, LINKED, RECAST, TRANSFORMED OR ADAPTED WITHOUT THE PRIOR WRITTEN CONSENT OF NOVELL, INC. ANY USE OR EXPLOITATION OF THIS WORK WITHOUT AUTHORIZATION COULD SUBJECT THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY. ======================================================================== --> <!-- Messaging beans $Id: messaging-jboss-beans.xml 88672 2009-05-11 20:49:47Z anil.saldhana@jboss.com $ --> <deployment xmlns="urn:jboss:bean-deployer:2.0"> <!-- messaging application-policy definition --> <application-policy xmlns="urn:jboss:security-beans:1.0" name="messaging"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="dsJndiName">java:/IDMUADataSource</module-option> <module-option name="principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option> <module-option name="rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option> </login-module> </authentication> </application-policy> <bean name="SecurityStore" class="org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore"> <!-- default security configuration --> <property name="defaultSecurityConfig"> <![CDATA[ <security> <role name="guest" read="true" write="true" create="true"/> </security> ]]> </property> <property name="suckerPassword">changeit</property> <property name="securityDomain">messaging</property> <property name="securityManagement"><inject bean="JNDIBasedSecurityManagement"/></property> <!-- @JMX annotation to export the management view of this bean --> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.messaging:service=SecurityStore",exposedInterface=org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStoreMBean.class)</annotation> <!-- Password Annotation to inject the password from the common password utility <annotation>@org.jboss.security.integration.password.Password(securityDomain="messaging",methodName="setSuckerPassword")</annotation> --> </bean> <bean name="MessagingDeploymentTemplateInfoFactory" class="org.jboss.managed.plugins.factory.DeploymentTemplateInfoFactory"/> <bean name="QueueTemplate" class="org.jboss.profileservice.management.templates.JmsDestinationTemplate"> <property name="info"><inject bean="QueueTemplateInfo"/></property> </bean> <bean name="QueueTemplateInfo" class="org.jboss.profileservice.management.templates.JmsDestinationTemplateInfo"> <constructor factoryMethod="createTemplateInfo"> <factory bean="DSDeploymentTemplateInfoFactory"/> <parameter class="java.lang.Class">org.jboss.profileservice.management.templates.JmsDestinationTemplateInfo</parameter> <parameter class="java.lang.Class">org.jboss.jms.server.destination.QueueServiceMO</parameter> <parameter class="java.lang.String">QueueTemplate</parameter> <parameter class="java.lang.String">A template for JMS queue *-service.xml deployments</parameter> </constructor> <property name="destinationType">QueueTemplate</property> </bean> <bean name="TopicTemplate" class="org.jboss.profileservice.management.templates.JmsDestinationTemplate"> <property name="info"><inject bean="TopicTemplateInfo"/></property> </bean> <bean name="TopicTemplateInfo" class="org.jboss.profileservice.management.templates.JmsDestinationTemplateInfo"> <constructor factoryMethod="createTemplateInfo"> <factory bean="DSDeploymentTemplateInfoFactory"/> <parameter class="java.lang.Class">org.jboss.profileservice.management.templates.JmsDestinationTemplateInfo</parameter> <parameter class="java.lang.Class">org.jboss.jms.server.destination.TopicServiceMO</parameter> <parameter class="java.lang.String">TopicTemplate</parameter> <parameter class="java.lang.String">A template for JMS topic *-service.xml deployments</parameter> </constructor> <property name="destinationType">TopicTemplate</property> </bean> </deployment>
If you have workflows that are recursive in nature (that execute loops), you might see a StackOverflowError at execution time. Java does not handle the stack space for recursive type functions effectively. Therefore, in recursive workflows, you need to increase the stack size for the JVM. The JVM defaults to 512K. You might want to increase the stack size to 1M.
To increase the stack size, you can include the -Xss1M setting with the JAVA_OPTS in your start JBoss script file.
JAVA_OPTS="-server -Xss1M -Xms512M -Xmx512M -XX:MaxPermSize=512m"
If you perform a default eDirectory installation and apply a password policy that has an Email Password to User action) to an existing user, then you log in as this user and perform a forgotten password procedure, you might see a message that says Univeral Password is not set after answering the challenge response questions.
To fix this issue:
Add the following two lines to the pre_ndsd_start script located at /opt/novell/eDirectory/sbin (formerly in /etc/init.d):
NDSD_TRY_NMASLOGIN_FIRST=true export NDSD_TRY_NMASLOGIN_FIRST
This should be done on any server that might handle NMAS logins via LDAP.
Restart eDirectory to apply the change.
For more information, see “How to Make Your Password Case-Sensitive” in the Novell eDirectory 8.8 What’s New Guide.
If your server is set up with Simplified Chinese as the number format (by using
), PostgreSQL will not install successfully. Do not use the Simplified Chinese Number format on the server that PostgreSQL will be installed on.You might encounter the following issues as you use iManager:
When you are using iManager, particularly the Policy Builder, Internet Explorer 7 continually prompts you for access to the Clipboard. To disable prompting:
Click
> .Click the
tab, then click .Click
> , then select .After you restart Internet Explorer, the prompting stops.
If you want to use the NDS-to-NDS Driver Certificates Wizard, you must download and install the iManager plug-in for Novell Certificate Server.
You might encounter the following issues during uninstallation of the Identity Manager Metadirectory engine and drivers.
Manually remove the DXMLnotes.pkg package.
The uninstall log files are created in the temp directory.
The jar files that reside in the lib directory are not removed.
The uninstaller uninstalls other installed components.
The Identity Vault uninstallation hangs when you run the nds-uninstall command.
To successfully uninstall the Identity Vault:
Stop the DHost from the Task Manager.
Start the NDS service.
Start the uninstallation program.
For more information on uninstalling the Roles Based Provisioning Module, refer to uninstallation details in the Identity Manager Roles Based Provisioning Module 4.0.1 User Application: Installation Guide.
The following command might fail with an exit value of 1:
cmd /c copy "C:\Users\Administrator\AppData\Local\Temp\2\I1285831815\Windows\resource\jre\..\iawin64_x64.dll" "C:\Program Files (x86)\Novell\Identity Manager\Uninstall_Roles_Based_Provisioning_Module_for_Novell_Identity_Manager\resource\iawin64_x64.dll
The uninstaller does not remove the <system drive>\Novell\conf folders.
and theTo work around this issue, manually remove these folders.
If you select Brazilian Portuguese, Danish, Dutch, English, French, German, Italian, Swedish, Spanish, or Russian as your choice of language for installing Identity Manager 4.0.1, the installer displays corrupt characters during installation.
If you select English, the installer contains a corrupt character on the Select Language page of the installation program. However, the characters display correctly for the Asian languages when the installer is run on Asian Windows.
For the characters to display correctly, ensure that you change the default font of your Windows machine to Lucida Console by using the following steps before installing Identity Manager:
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage and change the OEMCP value from 850 to 1252.
For Russian, change the OEMCP value from 866 to 1251 in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage directory.
Go to cmd in the text box, then press Enter to launch the command prompt.
, typeRight-click the title bar of the cmd window to open the pop-up menu.
Scroll down in the pop-up menu and select the
option to open the Console Windows Properties dialog box.Click the Raster to Lucida Console ( ).
tab and change the default font fromClick
.Restart the machine.
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2011 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.