Changing the Startup Order

How can I change the startup order of applications? I placed an application in the Startup folder, but SecureLogin doesn't recognize it.

Answer: Most likely, a password-protected application is starting before SecureLogin is initialized and able to process login requests. Try one of the options in Changing the Startup Order of Applications.

Entering a Passphrase

What's a passphrase? After I set up SecureLogin, a dialog box instructs me to enter my passphrase. However, the entry fields don't let me know which box is the passphrase box.

Answer: SecureLogin has two passphrase components: the passphrase question and the passphrase answer. If someone changes your password and tries to log in as you, that person must correctly answer the passphrase answer to the passphrase question that displays at relogin.

If you encounter the passphrase question, just answer it. An additional dialog box will instruct you to enter your Directory password, so that you can log in.

No User ID

Why doesn't a user ID appear when I'm prompted for a passphrase question?

Answer: The schema probably hasn't been extended for your store. Extend the schema for your Directory or environment.

No Passphrase Policies on Windows NT Domains

I created a passphrase policy on my Windows NT domain, but the clients don't seem to see it. Why?

Answer: Because of limitations in the domain system, passphrase policies aren't supported in Windows NT Domains.

Can't Log In Again to a Web Site

After changing a SecureLogin password to match a Web site password, why can't I log in to the Web site?

Answer: Internet Explorer's AutoComplete function can cause this problem. Disable AutoComplete.

Scenario. While in disconnected mode, Sandy successfully enters a SecureLogin username and password for a Web site. Using a script at the Web site, Sandy changes the password and then edits the SecureLogin entry, so that the SecureLogin password matches the Web site. The single sign-on login for the Web site now fails.

Sandy disables Internet Explorer's AutoComplete function and is able to log in.

Scripts for Web Sites

What's the best way to log in to Web sites?

Answer: Because SecureLogin recognizes a login panel on a Web page, the easiest method to create scripts for Web sites is to use the pop-up wizard. The second option is to run the wizard manually.

Why is SecureLogin unable to log me in to some Web sites?

Answer: You might need to change a registry entry value.

1. Open the registry and browse to HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin \Logging.

2. Set the "IESSO" DWORD value to 0.

   This setting logs any messages received from a SecureLogin script running in conjunction with Internet Explorer. The log file gets saved as C:\SSODebug.txt. Information in the log file can help in troubleshooting login scripts for Web sites that are difficult to log in to.

Task Bar Icon Stays Active

Why does the SecureLogin icon remain active? I used the User Preferences page to turn off the SecureLogin icon on the task bar. Then I refreshed the data.

Answer: This setting is only read at startup. After you restart your workstation, the task bar won't display the icon.

Novell SecureLogin Is Missing from the Program Group

When I click Start > Programs, Novell SecureLogin no longer appears in the Program group. How can I get it back?

Answer: Run the Repair option in Setup.exe.

No Attribute Mapping Tab

Why can't I locate the attribute mapping tab on the property page for the LDAP Group object? I'm trying to map protocom-SSO-Entries to the existing Prot:SSO entry.

Answer: You probably haven't installed the LDAP snap-in to ConsoleOne. Download the snap-in from the Novell Product Downloads Web page.

1. In the Search for a Product Download section, click Category.

2. From the Choose a Category drop-down list, select ConsoleOne Snap-ins.

3. From the Choose a Platform drop-down list, select NetWare.

4. Click Submit Search.

5. Under the eDirectory section, click Download for the 8.7 Snap-in for ConsoleOne.

   HINT:  To select Download, you might have to scroll to the right side of the screen. If you click 8.7 Snap-in for ConsoleOne, the Web site displays information about downloading but doesn't actually download the product.

Terminal Launcher Doesn't Run

Why do I get an error message when TLaunch launches an emulator?

Answer: You probably typed the function name incorrectly in the HLLAPI Function text box while configuring Terminal Launcher.

Typical error messages for this scenario indicate that TLaunch was unable to do the following:

• Connect to the presentation space.
• Load the .dll file.
• Find the entry point.

Use Dependency Walker to find the HLLAPI function export name, then enter it exactly.

Can't View Shadow Variables

What can't I view shadow variables?

Answer: You are probably running SecureLogin in a mixed SecureLogin 3.51.2 and SecureLogin 3.0.x environment. When you run SecureLogin in a mixed environment, you lose some SecureLogin 3.51.2 functionality.

Shadow variables are User-object variables that you can view from the server. When viewing the User object from the server, you can go into the user application details and view and manipulate the variables that the user has for the application.

Shadow variables are used for SecretStore so that you can see that variables like username or password exist. You can read the value of non-protected variables, for example Username.

Shadow variables act as a transfer station for data between the administrator and the user's SecretStore.

By using management utilities such as ConsoleOne and MMC, you can change the values of shadow variables. For example, you can reset a password to an application so that a user can log in. You can't view the actual value of password fields, but you can reset the values.

Error Codes for LDAP

Where can I find information about error codes for LDAP?

Answer: Get information from LDAP Server Return Codes, in the Novell Developer Kit (NDK).

1. Navigate to LDAP and NDS^® Integration, select LDAP and NDS, then select LDAP Server Return Codes.

2. Expand LDAP Server Return Codes, then select an option from the following:

   • LDAP Client Return Codes
   • LDAP Server Return Codes
   • LDAP Result Code Structure

Resolving Error -426

What causes error -426?

Answer: The sysuser and syspassword values are empty. Either slinac.dll or slnmas.dll (the Novell NMAS client) was unable to get your credentials during the login.

When you log in with a biometric device to a Novell network, the NMAS client on the workstation won't be able to get your eDirectory credentials and store them in the sysuser and syspassword variables. The software works as designed when you use any NMAS method other than NDS.

To resolve this issue, don't use the sysuser and syspassword variables. Instead, user $Username and $Password.

If you encounter this issue with a Citrix* or Terminal Server installation, verify that you registered the slinas.dll while you were in install mode. Otherwise, the new slinas.dll will only be registered for the current user instead of being registered system-wide.

Resolving Error -602

How do I fix error -602?

Answer: Error -602 is "No Such Value". This is an NDS error code. Search on this error number at Novell Support Knowledgebase.

HINT:  Don't include the - (hyphen) when you type 602 into the Knowledgebase search box.

Resolving Error -672

Why did I receive error -672? When I logged in for the first time, I entered a passphrase and answer, but I couldn't save the data to the directory.

Answer: -672 is an NDS error: Access Denied. Most likely, Novell SecureLogin tried to write the passphrase information to the prot: * attributes but the user didn't have sufficient rights. As administrator, you need to run the rights assignment part of schema.exe, which is typically located in the c:\Program Files\novell\securelogin directory.

Resolving Error -1644

Why do I get error -1644 during installation?

Answer: You are probably installing on a Windows 2000 workstation. To install the SecureLogin client there, you must have Power User or Administrator privileges to the workstation.

Error Parsing Line

How do I resolve "Error parsing line"?

Answer: Put a Messagebox command between lines of the script.

If a script breaks down, SecureLogin typically displays "Error parsing line" to inform you that the script isn't working. However, occasionally the script breaks down even though there is no error parsing a line. By putting the Messagebox command between lines of the script, you can see exactly where the script stops functioning.

The following sample illustrates using the Messagebox command.

Type $Username 
Messagebox "This is the first message box after username" 
Type $Password 
Messagebox "after password" 
Click #1 
Messagebox "after click#1" 
Click #2 
Message box "after click#2"

If the message box with the text "This is the first message box after username" appears, you know that the first line of the script executed successfully. To allow the script to continue to the next line, click OK on the message box.

For more information, see "MessageBox" in the Nsure SecureLogin 3.51.2 Scripting Guide.

Program Conflict

What causes the Program Conflict message? During installation, I checked Start SecureLogin Now. However, I get this message: "Unable to load all entry points from access library (ssman.dll). Please check that it is in the path and the correct version."

Answer: If the Program Conflict message appears during installation, make sure that previous Novell Single Sign-on software components have been uninstalled or otherwise removed from the system.

Also, delete the following entries (if they exist) from the registry:

• HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Single Sign-on
• HKEY_LOCAL_MACHINE\SOFTWARE\Passlogix

Support for Swing/AWT Standard Applications

SecureLogin 3.51.2 supports Swing/AWT Standard Applications. Java support requires the Sun Java JRE 1.4.2.

To get this file:

1. Go to http://java.sun.com.

2. Select Java 2 Platform, Standard Edition (J2SE), then click the J2SE 1.4.2 link.

3. Scroll to the Download J2SE v 1.4.2 section.

4. Select the link under the JRE column for your platform.

SecureLogin Displays LDAP Login Dialog Box after Workstation Unlock

After unlocking the workstation, SecureLogin displays the LDAP Login dialog box if all of the following occur:

• SecureLogin is installed in eDirectory mode with LDAP as the protocol
• NMAS component is selected during SecureLogin installation.
• NSL LDAP is installed as GINA

When the unlock occurs, SecureLogin cannot determine who actually unlocked the workstation. During the next refresh cache event, SecureLogin prompts to reauthenticate to ensure that the same user has unlocked the workstation.

SecureLogin refresh cache event occurs whenever any of the following happens:

• The user right-clicks the SecureLogin status bar (system tray) icon and selects Advanced, Refresh Cache
• The user double-clicks the SecureLogin status bar icon
• The user relaunches slproto.exe (path: Start > Programs > Novell SecureLogin)
• The refresh cache is exceeded

If the user clicks Cancel, SecureLogin attempts to switch to Offline mode. If the user is configured to not allow an Offline cache, it results in the message You are not logged into a directory and SecureLogin was unable to find any cached user data and SecureLogin closes down.

If the user has Offline cache enabled, then SecureLogin continues to operate in Offline mode until the workstation is rebooted or the user correctly logs in to SecureLogin.

It is recommended that the user enters login credentials instead of cancelling the login dialog box.