Environment
Novell Client 2 SP3 for Windows
OmniPass Credential Provider
Motion J3600 tablet computer
OmniPass Credential Provider
Motion J3600 tablet computer
Situation
After installing Novell Client 2 SP3 for Windows 7 (IR7a) on a newly imaged workstation, the only option is a generic logon tile (such as a flower) labeled "Novell Logon". The user cannot get past the initial screen, because clicking on the tile or words "Novell Logon" does nothing.
Resolution
The solution is to remove/rename the OmniPass credential provider.
The OmniPass credential provider can be directly disabled by renaming the OmniPass credential provider in the registry, or by removing the Lenovo Fingerprint Manager software. Simply disabling the fingerprint reader does not resolve the problem, since apparently the OmniPass credential provider is still active even when the reader is disabled.
To disable the OmniPass credential provider in the registry:
Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers, rename {F3F1B0FA-4775-41d8-8578-436772D93FB4} to {_F3F1B0FA-4775-41d8-8578-436772D93FB4} (add an underscore).
Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters, rename {F3F1B0FA-4775-41d8-8578-436772D93FB4} to {_F3F1B0FA-4775-41d8-8578-436772D93FB4} (add an underscore).
The OmniPass credential provider can be directly disabled by renaming the OmniPass credential provider in the registry, or by removing the Lenovo Fingerprint Manager software. Simply disabling the fingerprint reader does not resolve the problem, since apparently the OmniPass credential provider is still active even when the reader is disabled.
To disable the OmniPass credential provider in the registry:
Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers, rename {F3F1B0FA-4775-41d8-8578-436772D93FB4} to {_F3F1B0FA-4775-41d8-8578-436772D93FB4} (add an underscore).
Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters, rename {F3F1B0FA-4775-41d8-8578-436772D93FB4} to {_F3F1B0FA-4775-41d8-8578-436772D93FB4} (add an underscore).
Cause
The OmniPass credential provider is preventing the Novell credential provider from working correctly.
Another credential provider Windows' LoginUI.exe calls before the Novell credential provider can filter out Novell Client's NCCredProvider GUID, either because they simply wanted to disable the Novell credential provider, or because they intend to "wrap" the Novell credential provider. As a result of "wrapping" the Novell credential provider, the Novell credential provider returns credential tiles to the third-party credential provider, who will in turn make decisions or modifications on what credential should be ultimately passed back to Windows' LogonUI.exe. If the other credential provider has not anticipated the correct behavior for each case/configuration of the Novell Client, the login process can unexpected fail, as in this case where the interface becomes unresponsive.
Another credential provider Windows' LoginUI.exe calls before the Novell credential provider can filter out Novell Client's NCCredProvider GUID, either because they simply wanted to disable the Novell credential provider, or because they intend to "wrap" the Novell credential provider. As a result of "wrapping" the Novell credential provider, the Novell credential provider returns credential tiles to the third-party credential provider, who will in turn make decisions or modifications on what credential should be ultimately passed back to Windows' LogonUI.exe. If the other credential provider has not anticipated the correct behavior for each case/configuration of the Novell Client, the login process can unexpected fail, as in this case where the interface becomes unresponsive.
Additional Information
Simply avoiding the problem by disabling the Novell credential provider also does not allow the user to login, since this exposes the problem described in TID 7014875, "Novell Client Credential Provider (login screen) cannot be disabled", which has the same resolution of removing the OmniPass credential provider.