Novell Client 2 SP1 for Windows Readme

April 6, 2011

1.0 Naming Conventions

Novell Client for Windows Vista refers to the first version of the Novell Client for Windows Vista product.

Novell Client SP1 for Windows Vista refers to the first support pack release of the Novell Client for Windows Vista product.

Novell Client 2 for Windows Vista/2008 refers to the most recent major version, which added Windows Server 2008 support in addition to Windows Vista.

Novell Client 2 SP1 for Windows refers to the latest release of the Novell Client for Windows, which added Windows 7 and Windows Server 2008 R2 support in addition to Windows Vista and Windows Server 2008.

2.0 What’s New in Novell Client 2 SP1 for Windows

The following changes are included in Support Pack 1.

2.1 Support for Windows 7 and Windows Server 2008 R2

The Microsoft Windows 7 and Windows Server 2008 R2 platforms are now supported by the Novell Client, in addition to the Windows Vista and Windows Server 2008 platforms. The same Novell Client 2 SP1 for Windows installation set can be used to install the Novell Client on all four platforms.

See Section 3.1, Supported Windows Platforms for more information on supported Windows editions and configurations.

3.0 Installation

3.1 Supported Windows Platforms

IMPORTANT:The Novell Client for Windows is only for Windows 7, Windows Vista, Windows Server 2008 R2 or Windows Server 2008 on x86 or x64 platforms. This client will not run on Windows XP, Windows Server 2003, or earlier Windows platforms.

The Novell Client for Windows is supported on the following platforms:

  • Windows 7 (x86 or x64)

    (Ultimate Edition, Enterprise Edition, or Professional Edition)

  • Windows Vista (x86 or x64)

    (Ultimate Edition, Enterprise Edition, or Business Edition)

  • Windows Server 2008 R2 (x64)

    (Enterprise Edition, or Standard Edition)

  • Windows Server 2008 (x86 or x64)

    (Enterprise Edition, or Standard Edition)

The Novell Client for Windows might run but is not supported on Windows Starter, Home Basic, and Home Premium editions. On Windows Server platforms, the Novell Client for Windows might run but is not supported on Datacenter Edition, Web Server Edition, or on Server Core installations using any edition.

3.2 Supported Server Platforms

The Novell Client for Windows supports Novell Open Enterprise Server (OES) 1, OES 2, NetWare 5.1, NetWare 6.0, and NetWare 6.5.

3.3 Installing the Novell Client

To install the Novell Client 2 SP1 for Windows, run the setup.exe file located in the C:\Novell\Novell Client 2 SP1 for Windows directory.

3.4 Uninstalling a Later Novell Client to Reinstall a Previous Novell Client Version

The NMAS client installed with Novell Client for Windows includes NICI as a required dependency. Uninstalling the Novell Client automatically uninstalls the NMAS client, but intentionally does not uninstall NICI because other applications on the workstation besides NMAS or the Novell Client may still be using NICI services.

If you uninstall the Novell Client with the intention of installing a previous version of the Novell Client, it is recommended that you also uninstall NICI (and NICI for Windows x64, if running Windows x64) before re-installing the previous Novell Client for Windows release.

Attempting to install the initial an earlier Novell Client for Windows without first removing NICI can result in one or more of the following issues:

  • During installation of the Novell Client for Windows on Windows Vista x64, the NMAS Challenge/Response method will report a 1603 error. This is because the NMAS client included in the initial release cannot resolve its required dependencies using the newer version of NICI still present on the machine.

  • When starting up, the Windows welcome screen on Windows x64 displays an error, such as The procedure entry point CCSX_Authenticate could not be located in the dynamic link library ccswx64.dll.

  • The NICI installer of the older NICI version can damage the existing newer NICI installation. For example, attempting to install NICI 2.7.3 when NICI 2.7.4 is already present, or attempting to install NICI 2.7.4 when NICI 2.7.6 is already present. Subsequent attempts to use NICI can report -1471 0xFFFFFA41 NICI_E_SELF_VERIFICATION errors due to the damaged NICI installation.

If you fail to follow these guidelines, features that require NMAS will not function, due to one or all of the above conditions.

These guidelines and issues also apply to installing the Novell Client on a Windows Server 2008 machine where Novell eDirectory 8.8 SP5 or later has already been installed. Novell eDirectory on Windows Server 2008 includes NICI 2.7.6 or later, and installing previous versions of the Novell Client which include NICI 2.7.4 or earlier can cause the NICI installation to become damaged.

3.5 The Total Path to the Installation Set Must Not Exceed 214 Characters.

The path to any and all files within a Novell Client for Windows installation set must not exceed 256 characters.

Currently this means the directory path into which you extract the installation set must not exceed 214 characters. This limit is relative to the traditional MAX_PATH or 256-character limit in Windows applications, but also takes into account additional path space that is needed for running the installation.

If the installation set is being accessed from a remote network location, for example \\servername\volumename, the length of the network server and volume name also counts against the maximum depth, due to underlying processing that makes use of the real path to the installation set. Even if a mapped drive letter and/or the map root feature is used for accessing the installation set, the limit is measured as if a UNC path had been used.

4.0 Known Issues

4.1 Novell Products Not Supported with the Novell Client for Windows

The NetWare Administrator utility (nwadmn32.exe) and ConsoleOne are not supported on Windows 7 or Windows Vista or with the Novell Client for Windows, except where explicitly declared by the ConsoleOne release notes.

4.2 Welcome Screen Issues

4.2.1 After Installing the Novell Client, Local User Tiles Are No Longer Visible During Login

If you install the Novell Client for Windows on a machine with multiple local users, after rebooting, you are asked to log in to the Novell Client. At this point, there are only two available tiles: one for the local administrator user, and one for the Novell Client. You will no longer see the individual tiles for the local users.

This is working as designed. The Novell Client for Windows follows Microsoft’s recommendations to filter out the local user accounts after installing the Novell Client. If you install the workstation into a Microsoft Domain, the local user tiles are also filtered out, and the Novell Client follows this behavior.

4.2.2 Welcome Screen Cancel Button

When logging in to eDirectory via the Windows welcome screen, the Cancel button that is displayed is not active and therefore cannot be clicked.

4.2.3 Fast User Switching/Connecting via Remote Desktop Connection

When logging in to a Windows workstation using the Novell welcome screen, Novell connections made during the login will persist only if the Windows account you specify is not currently logged on to the workstation. If the Windows account specified is already logged in, Windows will reconnect you to that existing session when you log back in to the workstation, regardless of what eDirectory credentials might have been supplied, or whether they're the same as the eDirectory credentials already in use for that running session (if any).

This applies to both Fast User Switching and connecting via Remote Desktop Connection.

4.3 Authentication Issues

4.3.1 Authenticating to a Novell Server Through a UNC Path

If you log in to a Novell server using a UNC path in Windows Explorer and specify more than just the server and volume, the Windows Explorer window will appear in the foreground and the Results page will appear in the background.

If you specify only the server and volume, authenticating with a UNC path works correctly.

4.3.2 Windows Service Processes Cannot Passively Authenticate to eDirectory.

Windows service processes running on Windows 7 and Windows Server 2008 R2 (such as the Microsoft Internet Information Services (IIS) service, or other application-specific Windows service processes) will not passively authenticate to eDirectory upon attempting to access a UNC path which resolves to a Novell resource.

Only a Windows service process containing application code that supports making Windows WNetAddConnection or direct Novell API calls to perform explicit authentication to eDirectory were able to access Novell resources when running on Windows 7 or Windows Server 2008 R2.

Starting in Novell Client 2 SP1 (IR6) and later, a new configuration has been added to permit optionally performing an eDirectory login on the Windows service process' behalf when the Windows service is starting up.

For additional information on how to configure this new functionality, please see TID 7008266.

4.4 Using Ctrl+Alt+Del to Change Your Password

If you are currently authenticated to eDirectory, after entering your old password and new password, you will see a Change Password dialog box after clicking the Submit button. From the Change Password dialog box, you can choose which resources you want the password change to go to.

If you are not currently authenticated to eDirectory, the password change will only be performed for your Windows account.

4.5 MSDIA80.DLL File Installed to Root of Windows System Drive

When installing the Novell Client for Windows on an x64 version of Windows, an MSDIA80.DLL file might appear in the root of the Windows system drive. This is a known issue of the Microsoft Visual Studio 2005 SP1 VCREDIST_x64.EXE installer. For more information, see KB 927665. Note the hotfix available for KB 927665 is for Microsoft Visual Studio 2005, not SP1.

4.6 Enabling 802.1X Authentication

The Novell Client for Windows includes the ability to enable 802.1X authentication, but this feature is currently supported on Windows Vista platforms only. Configuration of 802.1X authentication on Windows 7 currently fails once the Novell Client 802.1X feature is enabled. This issue is being examined for future versions of the Novell Client.

To enable 802.1X authentication, right-click the Red N icon, then click Novell Client Properties. On the Advanced Login tab, select 802.1X Authentication in the Parameter list box, then set it to On. The 802.1X tab now appears on the Novell Login dialog box. You can use the 802.1X tab on the Novell Login dialog box to turning 802.1x on or off on a per-login basis.

For more detailed information, see Configuring 802.1X Authentication in the Novell Client 2 SP1 for Windows Administration Guide.

4.7 Mapped Drive Icon Doesn’t Update on Re-Authentication

When you detach from a mapped Novell drive, the mapped drive icon displayed in Windows Explorer changes to a red X to indicate that the mapped drive is no longer accessible. If you use the Red N icon to re-authenticate to the Novell tree (and you selected the Check to always map this drive letter when you start Windows option when you originally mapped the drive), the mapped drive icon does not update to show that the drive is accessible again.

4.8 LDAP Contextless Login Differences in the Novell Client for Windows

The LDAP Contextless Login feature in the Novell Client for Windows includes the following limitations for those familiar with the Novell Client 4.x for Windows XP/2003.

  • When invoking Show Advanced Options from the Novell welcome screen (the login dialog seen at boot time and when logging out of Windows Vista), the LDAP Contextless Login lookup cannot be triggered when viewing the eDirectory tab. If LDAP Contextless Login is enabled, a lookup is performed after the user attempts to log in to eDirectory from the welcome screen.

    This is different from the LDAP Contextless Login behavior when running LOGINW32.EXE or selecting the Novell Login option from the Red N menu on the desktop. In those instances, you can see the effect of the LDAP Contextless Login lookup prior to actually proceeding with the eDirectory login.

  • The options to search eDirectory using information other than a complete username (for example partial usernames using wildcards, or alternate attributes such as phone number or e-mail address) have been disabled in the Novell Client for Windows. Only complete usernames can be used for LDAP Contextless Login.

4.9 Login Profiles

4.9.1 Using DHCP in Login Profiles

If <DHCP> is chosen as an option in a login profile for Tree, Context, or Server, it cannot be removed by simply editing the field when logging in or by saving the profile on successful login. Any values entered in these fields during login will not be saved when <DHCP> is enabled for that field. This is working as designed.

4.9.2 Disabling the Login Profile List

If you set the Login Profile List option (available on the Advanced Login tab in the Novell Client for Windows Properties dialog box) to Off (meaning that the Login Profile drop-down list will not be displayed on the Novell Login dialog box), your next login will automatically use the last profile you logged in with.

If you want to use the default profile when the Login Profile List option is turned off, make sure that you log in using the default before you turn the option off.

4.10 Using the Force Grace Login Password Change Option

If you set the Force Grace Login Password Change option (available on the Advanced Login tab in the Novell Client for Windows Properties dialog box) to On (it is Off by default), the Novell Login will require a password change on the next-to-last grace login instead of the last grace login.

To work around this issue, use one of the following options:

  • Avoid this setting. Users are prompted to change the password on every grace login, but on the last one they have the option of canceling out and potentially getting locked out if they log out one more time without changing the password.

  • Add one to the number of grace logins. The message will tell users that they have four, three, then two grace logins, and then they will be required to change the password.

  • Suggest that users change their password while they still have two or more grace logins.

4.11 Disk Space Restrictions Ignored

If File Caching is enabled for the client, both user and directory disk space restrictions (quotas) on NSS volumes are ignored. Novell does not plan to remove this limitation in the future.

For information on File Caching, see “Advanced Settings” in the administration guide for the client.

For information on disk space restrictions, see the NSS documentation in the Open Enterprise Server 2 documentation or the equivalent for your servers.

4.12 Potential System Crash with File Caching Enabled

When accessing files from a Novell server, under certain conditions the Windows machine may potentially freeze or blue screen. This issue is known to be related to the File Caching functionality in the Novell Client, but no corrective fix is currently available to eliminate this issue if it occurs.

To work around this issue, do the following:.

  1. Right-click the Red N in the System Tray.

  2. Click Novell Client Properties.

  3. Select the Advanced Settings tab.

  4. Select File Caching and set it to off.

For additional information, see TID 3532535.

4.13 File Caching Settings Ignored

The Novell Client for Windows ignores the SET CLIENT FILE CACHING ENABLED parameter on NetWare servers. Caching is on by default. Setting the parameter to on or off has no effect on the Novell Client behavior. This set parameter does still affect the NCP server’s behavior with regard to granting level 1 oplocks when requested.

To disable caching for a client, do the following:

  1. Right-click the Red N in the System Tray.

  2. Click Novell Client Properties.

  3. Select the Advanced Settings tab.

  4. Select File Caching and set it to off.

For information on File Caching, see “Advanced Settings” in the administration guide for the client.

4.14 Use Administrator Privileges Functionality Might Not Work on Non-English Windows

The Update Agent feature in the Novell Client 2 for Windows Vista/2008 and earlier may be unable to successfully provide the Use Administrator Privileges functionality on some non-English versions of Windows, or on any machine where the built-in Windows Administrators group has been renamed.

This issue is addressed in the Novell Client 2 for Windows Vista/2008 (IR1a) and later, but either the Novell Client 2 (IR1a) or the Novell Client 2 SP1 for Windows will need to be manually installed on such machines before being able to successfully use the Update Agent feature to perform successful future upgrades via the Use Administrator Privileges functionality.

For more information and potential workarounds, please see TID 7002896.

4.15 Exceeding Disk Quota Is Reported As Out Of Disk Space Error

When a user or directory quota has been exceeded, the expected error condition will reflect only out of disk space, in whatever manner the application chooses to report this error condition. The error status will not differentiate between the disk is out of total physical space and the current user or directory quota has been exceeded.

4.16 Login Script Execution Starts Before User’s Desktop

When logging in to both eDirectory and Windows through the credential provider of the Novell Client, the processing of login scripts stored in eDirectory now starts at the same time other login scripts are processed, such as the Windows user login script. This means that eDirectory login script execution will start (but not necessarily finish) before the user's Desktop is built.

In addition, existing Windows policies such as Run logon scripts synchronously now apply to how the Novell logon script execution will be handled. This appears to be the default behavior in Windows Server 2008 with Terminal Services, but the policy may need to be explicitly set in other Windows configurations.

If you require that logon script processing must finish before the user's desktop is built, you can enable this Windows policy in the Group Policy Editor (GPEDIT.MSC) under Computer Configuration > Administrative Templates > System > Scripts > Run logon scripts synchronously. Note the same policy is also available as a User Configuration policy.

4.17 Roaming User Profile Paths Saved On Non-Windows Servers

In Windows 2000 SP4 and Windows XP SP1 and later, by default Windows will require that the roaming profile directory successfully pass a test for specific Windows-based permissions. This test fails against Novell paths since permissions are based on eDirectory permissions instead of Windows permissions, and can fail against Windows- or other non-Windows-based servers as well.

Windows defines a Do not check for user ownership of Roaming Profile Folders policy CompatibleRUPSecurity) to allow opting out of this security check where necessary. Enabling this policy is required to successfully store roaming profiles on a Novell server or other Windows or non-Windows server where the security check cannot succeed.

In the Novell Client for Windows XP/2003, installation of the Novell Client automatically enabled the CompatibleRUPSecurity policy by default, regardless of whether it was known that user profiles were being saved to Novell paths. Administrators who did want to allow the new Microsoft security test to be performed had to override and disable the policy.

Installation of the Novell Client on Windows Vista and later does not enable the CompatibleRUPSecurity policy by default. Administrators must enable this policy if they intend to store roaming profiles on Novell or non-Novell servers that will fail the Microsoft security check.

NOTE:In addition to being able to push this policy setting out with normal Novell ZENworks or Microsoft Group Policy methods, the Novell Client also provides a parameter Allow Roaming User Profile Paths to non-Windows servers in Novell Client Properties. This parameter can be set during installation through use of a Novell Client Properties File (NCPF), for example UNATTEND.TXT.

For additional related information, please see TID 10074402.

4.18 Installation From A Non-NSS Novell Server Volume May Fail

Installing the Novell Client from an installation set stored on a Traditional File System (TFS) volume may fail when an older Novell Client is being used to access the Novell server.

This issue is addressed in the Novell Client 2 SP1 for Windows and later, but the Novell Client 2 SP1 for Windows will need to be manually installed before being able to successfully use an installation set stored on a TFS volume during future installations and upgrades.

NOTE:The same root cause and fix can also affect other product installation sets, or applications that will attempt to perform byte range locking against files stored on a TFS volume. The Novell Client 2 SP1 for Windows or later is needed to run these applications successfully from a TFS volume.

4.19 After Disconnecting From eDirectory Tree, Switch User and Change Password Attempts May Continue Prompting For Novell Credentials

If a user logs into eDirectory using Novell Logon from the Windows welcome screen, but then subsequently logs out of eDirectory or clears all of their eDirectory connections, subsequent attempts to invoke the CTRL+ALT+DEL Change Password functionality or Switch User can potentially prompt for eDirectory credentials in addition to Windows credentials as though the user session is still logged into eDirectory.

This represents an unintentional behavior, and is being examined for future versions of the Novell Client. The workaround is to proceed with the attempt to provide eDirectory credentials. This will fail specifically on the eDirectory credential verification, but should fall back to using or prompting for Windows credentials.

4.20 Exceeding A User Volume Restriction Or Directory Space Restriction Quota Reports Out Of Disk Space

The error that Windows or an application reports when a user space restriction or directory space restriction has been exceeded on a Novell Server will not be distinguishable from any other out of disk space message. The error status being returned reflects only the insufficient disk space condition, and does not imply or distinguish between insufficient quota conditions.

4.21 Windows Program Compatibility Assistant May Be Invoked After Successfully Running NCIMAN.EXE on Windows 7 or Windows Server 2008 R2

After running the Novell Client Installation Manager (NCIMAN.EXE) application on Windows 7 or Windows Server 2008 R2, Windows may prompt with the Program Compatibility Assistant as though NCIMAN.EXE was an installation program that may not have completed successfully.

NCIMAN.EXE is not actually a program that attempts to install or uninstall any part of Novell Client software, and is just a tool for creating and editing Novell Client Property Files (NCPF), such as an UNATTEND.TXT file.

This warning can be ignored by simply selecting the This program installed correctly link offered by the Windows Program Compatibility Assistant.

4.22 Detaching From eDirectory Tree In Novell Connections Window May Present Error

When detaching from an eDirectory tree using the Novell Connections window, an error may be reported for the detach attempt even though the eDirectory tree connection was successfully cleared.

This issue was addressed in the Novell Client 2 SP1 (IR2) and later.

4.23 TSClientAutoAdminLogon May Not Use The Profile Specified In DefaultLoginProfile

As part of establishing a TSClientAutoAdminLogon policy, it is required to create a DefaultLoginProfile value to specify which Novell Client login profile should be used for the eDirectory portion of the login.

For Windows Server configurations where only a single Novell Client login profile exists anyway (for example, Default), there is no issue and the single profile will be successfully used. But it has been observed that when more than one login profile is defined, it is possible for the TSClientAutoAdminLogon attempt to use the last-used Novell Client login profile for a user instead of the login profile explicitly specified in the DefaultLoginProfile configuration.

This represents an unintentional behavior, and is being examined for future versions of the Novell Client. The workaround if this issue is encountered is to define and use just a single Novell Client login profile, at least on Windows Server machines on which Terminal Services and TSClientAutoAdminLogon are expected to be used.

4.24 A Kernel-Mode Bugcheck May Occur If eDirectory Connections Are Cleared While A File Copy Operation Is In Progress

If a file copy operation is in progress with many and/or large files and the user attempts to either clear their eDirectory connections or change whom they are logged into eDirectory as while the file copy operation is still in progress, it has been observed that instead of the expected file access failure it is possible for the workstation to report a blue screen or kernel-mode bugcheck.

This issue is being examined for future versions of the Novell Client. The workaround is to recommend that users not attempt to clear their existing eDirectory login or NCP connections out from under a file copy operation that is in progress.

4.25 Running PUTTY.EXE From A Novell Path May Cause Workstation Hang

Running PUTTY.EXE from a Novell path can sometimes cause the workstation to become non-responsive. Analysis has shown that the Novell NCP server appears to become non-responsive to the workstation right at the time SSH-specific communication is attempted by PUTTY.EXE.

This issue is being examined for future versions of the Novell Client and/or the Novell NCP servers.

4.26 Login From Windows Welcome Screen May Not Use Windows Username From Novell Client Login Profile

In cases where the Novell Client credential provider used by the Windows welcome screen login is switched between Computer Only Logon mode and Novell Logon mode prior to performing a Novell Logon login attempt, the Windows account name used during the login attempt might be whatever Windows account name was specified in the Username field while the credential provider was in Computer Only Logon mode, instead of the correct Windows account name saved and retrieved from the Windows tab of the effective Novell Client login profile.

This represents an unintentional behavior, and is being examined for future versions of the Novell Client. The workaround is to avoid the switch between Computer Only Logon mode and Novell Logon mode when possible. And when the issue does occur, provide the correct Windows account credentials in the Windows logon fields that appear after the attempt to use the incorrect Windows account name.

4.27 Compressed Folders Shell Extension May Fail When File Caching Is Disabled

When the File Caching parameter in Novell Client Properties dialog is set to Off, attempting to select multiple files on a Novell path and invoke Send to Compressed (zipped) folder results in an error stating that the .ZIP file is corrupt or invalid.

This issue is being examined for future versions of Novell Client. The workaround is to create the Compressed Folder (.ZIP) file on a non-Novell path, and then drag the files from the Novell path to this compressed folder.

4.28 Password Change Or Synchronization May Attempt To Include Windows Account Even When Password Not Currently In Sync

When performing a password change using the Novell Client in response to an expired eDirectory password, or when performing a password change using the "Novell Password Management" change password option from the red 'N' menu, it is possible for the Windows account to be included in the list of resources for which the password should be changed, even though the Windows account password is not currently in sync with the eDirectory password(s) that are being changed.

This condition will result in a password change failure unless the Windows account is de-selected before committing to the password change attempt, since a different "old password" is required for the Windows account as opposed to the "old password" currently known and being used to change the eDirectory account(s).

The password on multiple resources (Windows and/or eDirectory connections) can only be changed together if the passwords are currently in sync. If one or more of the resources have a password that is not yet in sync with the desired password, change the password for those individual resources separately such that they will be in sync with the rest of the resources during future password changes.

If its desired that the Windows account never be included in the list of resources for which the password change is being attempted, set the "Windows Password Synchronization" parameter to "Off" in the Novell Client Properties.

4.29 File Byte Range Locking Failures In Novell Client 2 (IR1a) And Later

Novell Client 2 (IR1a) and Novell Client 2 SP1 can exhibit an issue in which byte range locking against Novell files inappropriately fails as though the file is still locked, when in reality the byte range in question should have already been released. The workstation would issue lock release NCPs for the requested range, but the server would continue to deny NCP clients access to the range as though it was still locked.

This issue was addressed in the Novell Client 2 SP1 (IR1) and later. For additional information, please see TID 7005097.

4.30 Failures Installing, Uninstalling, and Using the Novell Client if Novell iPrint is Installed Before the Novell Client

The Novell iPrint 5.32 and iPrint 5.30 clients contain an issue in which incorrect security is established on the [HKEY_LOCAL_MACHINE\Software\Novell] registry key, if and when the Novell iPrint client was the first installed software that needed to create this registry key. This registry security issue is addressed in the Novell iPrint 5.35 client and later.

If the Novell iPrint 5.32 or iPrint 5.30 client is installed prior to the Novell Client 2 SP1 for Windows, the security that is established on the [HKEY_LOCAL_MACHINE\Software\Novell] registry key causes incorrect security to be propagated to the Novell Client's own registry sub-keys. In addition, the incorrect registry security can cause the Novell NMAS Challenge Response Method installation to fail with Error 1603, due to incorrect registry security which was propagated to the Novell NMAS Client's registry sub-keys.

The Novell Client 2 SP1 (IR1) contained some mitigation for this issue that could clean-up the incorrect registry security established by Novell iPrint and proceed with a successful Novell Client installation if the Novell Client 2 SP1 or earlier Novell Client installation had not already been attempted and failed after installing the Novell iPrint client. If a failed Novell Client installation had already been attempted after installing the Novell iPrint client first, the Novell Client 2 SP1 (IR1) installation will still fail due to the improper registry security which has already been established.

The Novell Client 2 SP1 (IR2) contains further mitigation which will actually clean up the registry security issue created by the Novell iPrint client, and furthermore will clean up the incorrect security which may have already been propagated to the Novell Client registry sub-keys and the Novell NMAS Client sub-keys. So on a machine where the Novell iPrint 5.32 or iPrint 5.30 client was installed prior to the Novell Client for Windows, but a Novell Client for Windows installation has already subsequently failed, the primary corrective action to perform is to install Novell Client 2 SP1 (IR2) on top of the previously failed Novell Client for Windows installation.

There is however one scenario under which even the Novell Client 2 SP1 (IR2) fix will be unable to detect and clean-up registry security problems which still exist due to the Novell iPrint client installation. This problem scenario occurs specifically when all of the following conditions are met:

  • Novell iPrint 5.32 or iPrint 5.32 was installed before the first Novell Client installation.

  • Novell Client 2 SP1 or earlier was installed without NMAS, and with or without NICI.

  • Same machine was then upgraded to Novell Client 2 SP1 (IR1); installed with or without NMAS, and with or without NICI.

  • Same machine was then upgraded to Novell Client 2 SP1 (IR2); installed with or without NMAS, and with or without NICI.

In this specific sequence where the initial failed Novell Client installation was performed after explicitly deselecting Novell NMAS from being installed with the Novell Client, the subsequent mitigations for the Novell iPrint security issue performed by the Novell Client 2 SP1 (IR1) and Novell Client 2 SP1 (IR2) installations are unable to detect or correct that further clean-up of the Novell iPrint registry security permissions is still necessary.

The symptoms that occur when a machine is still in this broken state include a crash that occurs whenever the Novell Client login dialog would have been presented. For example, when attempting to invoke the "Show Advanced Options" link on the Windows welcome screen, the Windows LogonUI.exe process can crash. When trying to invoke "Novell Login" from the red 'N' menu in the Windows taskbar notification area (systray), the Novell NWTRAY.EXE process can crash.

Unfortunately the incorrect permissions established on the registry by Novell iPrint client will also prevent successful un-installation from being performed after the machine is already in this state. This remaining scenario where the Novell iPrint registry permissions are not successfully cleaned up is being examined for additional mitigation in future versions of the Novell Client.

5.0 Unsupported Functionality

5.1 Mapping RDN Paths

Relative distinguished name paths are not supported for mapping network drives. For example \\tree\server_volume.context. (note the trailing period) is not supported whereas \\tree\server_volume.context (no trailing period) is.

6.0 Fixes Since the Last Release

  • User is not able to reset password on Windows x64. (Bug 560295)

  • DHCP for SLP blocked by Windows 7 firewall (Bug 552022)

  • Show system tray icon should not require reboot; fix Configure System Tray Icon dialog layout. (Bug 549963)

  • ZEN Credential Provider does not appear if Novell Client is uninstalled. (Bug 548772)

  • NWTRAY.EXE potentially causing Windows logon to hang at blank desktop. (Bug 548167)

  • EXCEPTION_DOUBLE_FAULT blue screen due to kernel stack overflow during Windows boot-up. (Bug 544219)

  • Mapped drives potentially report as zero bytes total and available after Bug 398635 fix. (Bug 536148)

  • Terminal client authentication fails using UPN syntax username@domain.name. (Bug 534584)

  • Error: No route to the server could be found when using 802.1x on Vista. (Bug 532539)

  • Potential hang when accessing file system with IR1 (Bug 530335)

  • Citrix-specific use case of passing eDirectory DN from terminal client is not successful. (Bug 526016)

  • Allow to select and detach multiple items at a time in Novell Connections window. (Bug 524971)

  • Bugcheck 0x50 when creating subfolders on a Novell volume. (Bug 513960)

  • TSClientAutoAdminLogon fails to retain the Novell connections after successful login. (Bug 508995)

  • Login script and stream file access failing against some eDirectory servers. (Bug 507996)

  • Installation from DVD/CD on Windows 7 fails. (Bug 507432)

  • Win7: eDirectory login from credential provider results in no NCP connections at desktop. (Bug 504933)

  • UNC Path Filter configuration parameter in NCPF uses confusing language. (Bug 504099)

  • File is deleted when save fails on a NetWare volume. (Bug 499947)

  • Update usage of consolidated debug logging code for installation modules. (Bug 493736)

  • Redirecting IE7 Favorites in Vista to NetWare Home Directory fails. (Bug 493285)

  • Upgrade fails when the Use administrator rights feature on non-English and/or machines where the Administrator’s alias has been renamed. (Bug 491575)

  • Credential provider should not invalidate the credentials passed by mstsc when Novell login fails. (Bug 489794)

  • Unable to open multiple instances of MS Access database. (Bug 486646)

  • Login with non-Novell Credential Provider setting out-of-sync with NCNetProvider. (Bug 485595)

  • Windows Explorer parent window can be closed when invoking Novell login window while accessing a volume via UNC path. (Bug 483276)

  • NCIMAN still shows Client as a property section in the left-hand tree control. (Bug 483270)

  • Cannot rename directory after subordinate file is modified via Office 2007. (Bug 482447)

  • Did you forget your password link is missing in the credential provider if Enable Password Field is disabled. (Bug 482345)

  • Unable to login with the user having dot in context via red-N when LDAP contextless login is enabled. (Bug 475054)

  • Unable to browse Contexts in Advanced login tab when schema class exceeds 16KB. (Bug 474918)

  • Improved feedback when Cancel button is clicked or invalid password is entered in Verify Password window of Challenge/Response Administration. (Bug 468349)

  • Unable to rename a file for whom Modify and File Scan rights are enabled. (Bug 462926)

  • Invoking Update Agent from Remote Desktop or terminal session fails. (Bug 461558)

  • Forgotten Password policy does not prompt the user to reset the password from credential provider. (Bug 458896)

  • Remove Show system tray icon option in the Configure System Tray Icon dialog of the Red N menu. (Bug 458288)

  • Novell Client installation fails from traditional (TFS) NetWare volume. (Bug 446015)

  • Error: Failed to Retrieve Effective Rights when viewing rights on traditional (TFS) volume. (Bug 445961)

  • File cannot be deleted if eDirectory user is switched during file copy. (Bug 425407)

  • JPG file is lost on a volume where space restriction is exceeded. (Bug 425073)

  • Applications and installers fail when running from traditional (TFS) NetWare volume. (Bug 398635)

  • Port improved Forgotten Password message feedback changes from XP/2003 Bug 347706. (Bug 388542)

  • Debug output emitted in free build of NWGetObjectNamesBegin / NWGetObjectNamesNext APIs. (Bug 383434)

  • Improve Novell Client installation to suppress Cancel buttons where cancel is not supported. (Bug 372673)

  • Improve Novell Client installation to ensure NICI cannot be removed while still required. (Bug 299524)

  • Novell Client uninstall cleanup of additional registry settings. (Bug 294262)

  • Implement pre-login check to ensure network redirector is ready before proceeding with login. (Bug 289407)

  • Novell Client uninstall cleanup of additional folders when possible. (Bug 286466)

  • Update Agent Previous Install Location text box shows wrong location. (Bug 276804)

7.0 Readme Changes

There have been no changes to this SP1 readme since the initial SP1 release on January 12, 2010.

8.0 Documentation

For information on installing, using, and administering the Novell Client for Windows, see http://www.novell.com/documentation/vista_client/index.html.

For information on Login Scripts, see the Novell Login Scripts Guide.

9.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2008-2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.

For Novell trademarks, see the Novell Trademark and Service Mark list.

All third-party trademarks are the property of their respective owners.