Novell Nsure SecureLogin 3.51 March 24, 2004 1.0 Known Issues 2.0 What's New 3.0 Legal Notices 1.0 Known Issues 1.1 General Issues 1.1.1 Logging Out of Applications on Windows 98 Workstations If another application blocks the Log Off message on Windows 98 workstations, the log off feature might not completely log out of an application. 1.1.2 The NICI Client Isn't Uninstalled When SecureLogin is installed, the NICI client might be installed as well. However, if you uninstall SecureLogin, the NICI client remains. To uninstall the NICI client, use Add/Remove Programs. 1.1.3 Unable to Read the Schema Error Message On an eDirectory 8.7 Windows 2000 server, if ldapschema.exe is run on a Windows 98 workstation and the Windows 2000 server is running eDirectory 8.7 clients, the client is sometimes unable to read the schema error message. 1.1.4 System Variables ?sysuser and ?syspassword Are Unavailable In Active Directory for This Release When using the $sysuser or $syspassword variable as outlined in the documentation for this release, you will most likely receive the SecureLogin error Sys_Variable_NOT_AVAILABLE (-426). 1.1.5 Logging In As Administrator after a Reboot Depending on what files were locked and the options that you select during an install, you might need to reboot the workstation. In this case, at the end of the install a dialog box informs you to log in with administrative rights after the reboot. This dialog box applies only to Windows NT installations. After you install SecureLogin 3.51 on Windows NT workstations, and if the install required a reboot, use one of the following options: - Use ZENworks to install. Don't just use ZENworks to run setup.exe. Complete the following steps: 1. On a Windows NT workstation, create a snapshot of the SecureLogin install. 2. In ConsoleOne, create a ZENworks application object, based on the snapshot. 3. Associate the application object with the users. - Make sure that the first user to log in after the install or reboot has administrative rights to the workstation. 1.1.6 The DumpPage Command The DumpPage command only works on certain Web pages. 1.1.7 Configuring Secure Workstation to Close Programs If you have configured your Secure Workstation policy so that it won't forcefully terminate applications when executing a Close All Programs action, a potential problem exists when Secure Workstation encounters programs that don't shut down when they receive a Windows Close message. When the user is out of compliance with the policy (for example, the user has removed an authentication device), Secure Workstation continues to execute the action until the user is back in compliance with the policy. If the action is Close all Programs, and some programs will not close, Secure Workstation continues attempting to close these programs while the user is out of compliance with the policy. The result is that the Secure Workstation Is Closing Programs dialog box flashes in the top left portion of the screen every one or two seconds while the user is out of compliance with the policy. To work around this problem, we recommend that you do the following: 1. Configure Secure Workstation to forcefully terminate applications. 2. Set the number of seconds to wait before forcefully terminating applications to a sufficiently high value in your policy. When Secure Workstation closes programs, it first sends programs a Close message. It then waits the number of seconds specified in the policy before forcefully terminating applications that did not close in response to the Close message. This problem will be fixed in an upcoming release of SecureLogin. 1.1.8 Disconnecting When You Log Off If you have installed the following on a workstation, you are disconnected from both the Novell Client and LDAP connections when you log off: - SecureLogin in LDAP mode - The Novell Client - Secure Workstation If you require a different outcome, call Novell Technical Support. 1.1.9 Using Unique Names User IDs, applications, and password policies must all have unique names. Additionally, you cannot create an application named "Error." 1.1.10 Uninstalling the ZENworks for Desktops Management Agent Under the following conditions, you might not be able to log in to your workstation: - ZENworks for Desktops 4.01 Management Agent is installed. - SecureLogin is installed. - You uninstall ZENworks for Desktop Management Agent, then restart the workstation. To solve the problem: 1. Start the workstation in Safe mode. 2. Copy the nwgina.dll file to the windows\system32 directory. 1.1.11 Javasso Intermittently Grabbing IE Control IDs Javasso intermittently grabs the Internet Explorer window control IDs instead of the actual Java application Control ID's.The symptom of this issue is that the script that is generated contains control IDs such as Back or Home. These controls impact using the Javasso Wizard. If you get these controls in the script, delete the script and try again, repeating this process until the correct script is generated. 1.1.12 Using Registry Settings to Debug The option in the Settings tab does not start logging by itself. Debugging requires the registry settings as well. See TID 10088017. 1.1.13 Typing the .xml Extension When Exporting Settings The Import/Export option in the Copy Settings tab in the management utilities doesn't append the .xml extension to the exported file. You need to manually type the .xml extension when you export. Otherwise, SecureLogin won't be able to find the file to import it. 1.1.14 Copying Tlaunch.ini to a Safe Directory The installation program overwrites the tlaunch.ini file. Therefore, before upgrading or reinstalling SecureLogin, copy tlaunch.ini from the active directory (for example, Program Files\novell\securelogin) to a safe directory. If necessary, copy the saved file back to the original directory after the upgrade or reinstall. 1.1.15 Integration with NetIdentity The NetIdentity client might not work if SecureLogin is installed in LDAP non-eDirectory mode. 1.1.16 Closing SecureLogin before Upgrading Before upgrading from SecureLogin 3.0. to SecureLogin 3.51, close SecureLogin. The installation program can normally handle locked files. However, some problems can occur on Windows 9x computers due to the short-name limitation of 8.3 filenames. For example, the workstation might display an empty error message box titled SCPTEDIT2. 1.1.17 Displaying Default Logins ScptEdit doesn't display default logins. However, links are displayed through the main User IDs page. 1.1.18 Setting Preferences in 3.0 Mode If a SecureLogin 3.51 client in SecureLogin 3.0 mode sets a preference that should be filtered out, the data will still be saved to the local cache but not to the directory. The result is that a setting might appear to be set at the local client, but you can't see it in the directory. 1.2 LDAP Issues 1.2.1 AAVerify Isn't Supported on LDAP The AAVerify script command isn't supported when used in LDAP mode on Windows workstations. 1.2.2 No LDAP NMAS Support on Windows 98 For Novell SecureLogin 3.51, Novell Modular Authentication Service (NMAS) isn't supported through LDAP Authentication on the Windows 98 Platform. 1.3 NMAS Issues 1.3.1 The NMAS Client Isn't Uninstalled When SecureLogin is installed, the NMAS client and, optionally, a number of NMAS login methods can be installed as well. If the NMAS Client is installed, the Novell Client interface will change. (The password field disappears). However, if you uninstall SecureLogin the NMAS client remains, as does the different-looking Novell Client. The NMAS client, and any NMAS methods, can be uninstalled through Add/Remove Programs. 1.3.2 Simple Password Method Requires NMAS 2.2 If you plan to use the LDAP client and NMAS methods, do the following: - Set the simple passwords for the users. - Update the servers with the Simple Password Login method (LCM). If you are currently using the Simple Password method and plan to continue using it with SecureLogin 3.51, you must install the NMAS 2.2 version of the Simple Password Login Server Method before installing SecureLogin 3.51. 1.4 SecretStore Issues 1.4.1 Running SecretStore Mode on Windows 98 If you are running SecureLogin in SecretStore mode on Windows 98, full functionality might not be available. 1.4.2 Using SecretStore Mode to Manage SecretStore Users If users are running SecureLogin in SecretStore mode, you must use SecretStore mode to administer or manage those users. 1.4.3 Can't Delete UserIDs or Applications by Using SecretStore See TID 10091903 (http://support.novell.com/cgi-bin/search/ searchtid.cgi?/10091903.htm). 1.5 Active Directory Issues 1.5.1 Using Active Directory Mode to Reset a User's Password If you are in Active Directory mode on Windows XP and reset a user's password so that the user must change the password upon next logging in, Windows XP causes an error message to display when the user next logs in with SecureLogin. The error message "Unable to write blob" indicates that SecureLogin was unable to write the data. After the user clicks OK, the user goes into off-line mode. To solve this one-time problem, reboot the user's workstation. 1.5.2 Expired Passwords on Active Directory If Microsoft Active Directory has told a user to change a password during the next login, settings like Password Protect the System Tray Icon that result in you inputting a network password fail and a "wrong password" message is displayed. 2.0 What's New 2.1 Redesigned User Interface To make the user interface better and easier to use, SecureLogin 3.51 includes changes recommended by customers. 2.2 Install Options The installation program provides Complete and Custom options for the eDirectory, LDAP, Active Directory, Windows NT/2000 or Standalone installations. If you have already installed SecureLogin, the install provides Modify, Repair, and Remove options. 2.3 Automate.ini An automate.ini file enables you to customize installations before distributing SecureLogin. This file is in the \securelogin\client directory. 2.4 Silent Installs and Updates You can silently install or update SecureLogin 3.51. For information, see Using a Silent Install in the Nsure SecureLogin 3.5 Installation Guide. 2.5 Advanced Support for Internet Explorer To support content contained within a framed page, the Internet Explorer component has been reworked to support drop-down lists and radio buttons. 2.6 Non-Repudiation on Active Directory Increased support for moving User objects and resetting administrative passwords has been added. 2.7 Increased SecretStore Protocol Performance Making the SecretStore service faster has been a high priority. 2.8 LDAP Authentication Client A new LDAP login module is provided. You can use this module as a Windows GINA, credential manager or network provider. It doesn't require the Novell Client for Windows and is compatible with NMAS. 2.9 Java Application Support for Swing/AWT Standard Applications Java support requires the Sun Java JRE 1.4.2. To get this file: 1. Go to http://java.sun.com. 2. Select Java 2 Platform, Standard Edition (J2SE), then click the J2SE 1.4.2 link. 3. Scroll to the Download J2SE v 1.4.2 section. 4. Select the link under the JRE column for your platform. 2.10 Advanced Windows Scripting New functionality and scripting commands enable you to run scripts for additional Windows events. 2.11 Advanced Web Type The new Advanced Web type enables you to use new Advanced Web commands in scripts. 3.0 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. You may not export or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside. Copyright 2003 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher. ConsoleOne, NDS, Novell, Novell SecretStore, and ZENworks are registered trademarks of Novell, Inc. in the United States and other countries. eDirectory, NMAS, Nsure, and Novell Client are trademarks of Novell, Inc. All third-party trademarks are the property of their respective owners.