After installing Client for Open Enterprise Server, the Windows July 2015 release may not load normally

  • 7017838
  • 12-Jul-2016
  • 16-Sep-2016

Environment

Client for Open Enterprise Server 2 SP4
Novell Client 2 SP4 for Windows
Windows 10 (Build 10240, July 2015, Threshold 1, TH1)
Windows 10 Enterprise 2015 LTSB (Build 10240, July 2015, Threshold 1, TH1, Long Term Servicing Branch)
UEFI Secure Boot enabled (Unified Extensible Firmware Interface)

Situation

On some Windows 10 machines, after installing Client for Open Enterprise Server the machine immediately boots into "Automatic Repair" mode.  The "Startup Repair" option is unable to fix the boot issue.

This behavior can happen on Windows 10 July 2015 (build 10240) installations where no Windows Updates have been applied yet, and where the UEFI Secure Boot feature is enabled.  A related behavior will happen on Windows 10 July 2016 (build 14393) and later releases, but for a different reason explained in TID 7017720 (https://support.microfocus.com/kb/doc.php?id=7017720).

Resolution

Fixed in Client for Open Enterprise Server 2 SP4 (IR4) or later.

Client for Open Enterprise Server 2 SP4 (IR4) is shipped as a Microsoft-signed driver set for Windows 10.  So the Secure Boot concerns for Build 10240 (July 2015) and Build 14393 (July 2016) are resolved by the fact the boot-mode drivers have a Microsoft signature embedded in them.

Cause

The original July 2015 release of Windows 10 ("1507", "Threshold 1", "TH1", "build 10240") appears to have a bug or behavior for Secure Boot platforms, which Microsoft subsequently addressed in post-July 2015 Windows Updates.  This issue does not occur once Windows Updates are applied to the existing July 2015 release, or if the Secure Boot machine is updated to the November 2015 release of Windows 10 ("1511", "Threshold 2", "TH2", "build 10586").

Therefore in many cases where Secure Boot is enabled, the issue might still never be encountered. Either because Windows Update was already allowed to run prior to installing any third-party drivers, or because a release of Windows 10 later than build 10240 was installed. But when intentionally or unintentionally attempting to install Client for Open Enterprise Sever before allowing Windows Updates to apply to a Windows 10 build 10240 machine in Secure Boot mode, the issue would be encountered.

However, starting with the July 2016 release of Windows 10 ("1607", "Redstone 1", "RS1", "build 14393"), Microsoft intentionally changed the behavior and signing requirement defaults when Secure Boot mode is enabled.  For a description of the behavior and potential issues when installing on Windows 10 July 2016 and later, please refer to KB 7017720 (https://support.microfocus.com/kb/doc.php?id=7017720).

Additional Information

On Windows 8 and above, Microsoft Secure Boot uses the Unified Extensible Firmware Interface (UEFI) during the system start-up to ensure that unauthorized software cannot be loaded on the machine.  Part of this process involves verifying that system drivers are signed by an approved digital signature.  See "Secure Boot Overview" https://technet.microsoft.com/en-us/library/hh824987.aspx.