Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

"Incorrect Pin" error message is hidden on workstation unlock attempt

This document (7009747) is provided subject to the disclaimer at the end of this document.


Windows 7 workstation
Novell Client 2 for Windows
Novell Enhanced Smart Card Method


Users log in with a smart card, lock the workstation, and then enter an incorrect pin when attempting to unlock the workstation

“Incorrect pin" error message is hidden. 

User sees no error message after entering the wrong pin when attempting to unlock workstation.
Workstation appears to be hung   (it isn't really hung, it is waiting user input on an error message that is not visible)


Enable the NMAS tab in properties of the Novell Client on the workstation. 

Right click on the red N in the system tray.
Select "properties."
Select "System Login Profiles."
Highlight the profile being used and click "properties."
Click on the NMAS tab and check the box for "Enable Tab."


Reported to Engineering

Additional Information

The presence of the NMAS tab is what instructs the Novell Client to invoke NMAS related functions and services.  With the NMAS tab present the Novell Client calls the NMAS “unlock workstation” API.  When the NMAS tab is not present the Novell Client calls the standard eDirectory “verify password” function. 

Because of differences in these two “unlock” calls, the “incorrect pin” error message is not properly associated with the Novell Client when the eDirectory “verify password” unlock is called.  Subsequently, the Novell Client has no control of the window handle for the error message, and cannot control where the message is presented.  The error message could appear anywhere, likely behind another window.

More detail:

When the NMAS tab is enabled the Novell Client calls the NMAS API (NMAS_C32UnlockWorkstation).  The Novell Client is able to explicitly pass a parent window handle that any method-specific UI should use as their parent window handle, and the message appears in plain view as desired.

However,  when the NMAS tab is NOT present the Novell Client calls “NWDSVerifyObjectPassword.”  This call looks at the user's default NMAS sequence as defined in eDirectory, and calls the appropriate NMAS method(s) to unlock the workstation, whether that be a password, a pin, a biometric or whatever.  This prompt bypasses the Novell Client.  Because the Novell Client has no knowledge that an NMAS sequence has been invoked, it cannot pass a parent window handle to an NMAS method UI to control where the error message appears.  As a result the error message can appear anywhere, and may not be visible. 


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7009747
  • Creation Date:15-NOV-11
  • Modified Date:26-APR-12
    • NovellClient for Open Enterprise Server (Client)
      Identity Assurance Solution Client (IASC)

Did this document solve your problem? Provide Feedback