Novell Client 4.91 SP5 for Windows (IR2)
This document (5167431) is provided subject to the disclaimer at the end of this document.
patches this patch supersedes
| File | Product | Status | Patch |
|---|---|---|---|
| Novell Client 4.91 SP5 for Windows IR1.exe | Novell Client 4.91 SP5 for Windows XP/2003 | Obsolete | Novell Client 4.91 SP5 for Windows (IR1) |
patches that supersede this patch
patch attributes
document
abstract
Novell Client 4.91 SP5 for Windows (IR2).exe" is a complete Novell Client 4.91 SP5 installation set which has been overlaid with the 491psp5_ir2.zip update, such that both Novell Client 4.91 SP5 and the IR2 update can be installed at the same time. The Novell Client 4.91 SP5 (IR2) update includes all the post-SP5 patches released through 25Jul2013; including 491psp5ir1_nicm.zip, 491psp5ir1_nmasclient_setup.zip, 491psp5ir1_noveap.zip, 491psp5ir1_nwfs_5.zip, and 491psp5_ir1_nwgina.zip.
Neither "Novell Client 4.91 SP5 for Windows (IR2).exe" nor the stand-alone 4.91psp5_ir2.zip update constitutes a new support pack, but is the Novell Client update package currently recommended for all Windows XP/2003 installations.
The product support lifecycle for Novell Client 4.91 (including any support packs) is as follows:
General Support Ends: 14 Oct 2010
Extended Support Ends: 08 Apr 2014
Self-Support Ends: 10 Mar 2015
For more information about the product support lifecycle, see http://support.novell.com/lifecycle/
details
System Requirements:
Windows XP - Because Windows XP SP2 is no longer supported by Microsoft, Novell recommends Windows XP SP3 for all customers. Note that Windows XP SP3 is explicitly required for this release only if enabling Novell Client 802.1x support (provided by noveap.dll).
Windows 2003 - For Windows Server 2003, SP2 should be installed.
Windows 2000 - Installing this release on Windows 2000 is not supported.
Installation:
(Default) Execute "Novell Client 4.91 SP5 for Windows (IR2).exe" (this file) to expand the files. By default, this will expand the files and launch setupnw.exe. If you do not wish to run setupnw.exe immediately, either un-check the box labeled "When done unzipping open: .\setupnw.exe", or simply decline the installation once setupnw.exe starts running.
Other installation options:
Open the folder where you expanded the installation set during the previous step, and do one of the following while logged on as a member of the Administrators group:
a) Run setupnw.exe to upgrade or install 4.91 SP5 (IR2) on any system running Windows XP/2003 (recommended).
b) Run acu.exe to upgrade or install 4.91 SP5 (IR2) on any system running Windows XP/2003.
c) Run setupsp.exe to update to 4.91 SP5 (IR2) on a Windows XP/2003 system already running 4.91 SP5 (IR1), 4.91 SP5, 4.91 SP4, 4.91 SP3, 4.91 SP2, 4.91 SP1 or the original Novell Client 4.91 for Windows XP/2003.
Or, if you are installing on a system with Novell Client 4.91 SP5 already installed, note that the stand-alone 491psp5_ir2.zip installation method is also available as another method for installing just the post-SP5 IR2 updates. To use this method, perform one of the following actions:
d) Run the _491psp5_ir2.bat file.
e) Right-Click on _491psp5_ir2.inf and then click on INSTALL.
Technical Support Information:
Fixes related to lgncxw32.dll, loginw32.dll, and nwgina.dll:
1. DLU Policy Filters not working for ZENworks 10.3. (Bug 603318)
2. Potential heap corruption on WINLOGON.EXE with third-party MPR login script providers. (Bug 559116)
3. Third party logon script won't execute. (Bug 403918)
4. NESCM: Issue with Smartcard removal behavior. (Bug 431161)
5. Optional Windows account audit event during eDirectory workstation unlock. See TID 7001002. (Bug 460905)
6. Remove forgotten password link from non-eDirectory login dialog modes. (Bug 422718)
7. Invoking forgotten password from workstation unlock dialog conflicts with ZENworks workstation login. (Bug 447092)
8. Unable to browse contexts when class definition more than 16KB. (Bug 474918)
9. Fire LDAP Contextless Login during PassiveModeNDSLogin. (Bug 470228)
Support has been implemented for triggering LDAP Contextless Login during PassiveModeNDSLogin processing. Similar to LDAP Contextless Login processing that occurs during AutoAdminLogon and TSClientAutoAdminLogon, with this update installed LDAP Contextless Login will occur by default during PassiveModeNDSLogin, if LDAP Contextless Login is enabled on the LDAP Contextless Login tab of the Novell Client Properties.
If a situation were to arise where it is desired to have LDAP Contextless Login enabled on the machine, but NOT have LDAP Contextless Login fire during PassiveModeNDSLogin processing, it is possible to "opt out" of the PassiveModeNDSLogin LDAP Contextless Login processing by creating the following registry-based policy value:
[HKEY_LOCAL_MACHINE\Software\Novell\Login]
"AllowPassiveModeNDSLoginContextlessLogin"=dword:00000000
If this registry value exists and is set to 0x00000000, no LDAP Contextless Login will be triggered during PassiveModeNDSLogin. If this value is set to 0x00000001 or does not exist in the registry, then the LDAP Contextless Login feature of the Novell Client will engage during PassiveModeNDSLogin.
10. Allow suppression of LDAP Contextless Login error messages. (Bug 343524)
Some customer scenarios would prefer that the LDAP Contextless Login feature of the Novell Client would "silently fail" without presenting any additional error messages to the end-user. Support for a registry-based policy has been added as follows:
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Graphical Login\NWLGE\LDAP Contextless]
"DisableErrorMessages"=dword:00000001
If this registry value exists and is set to 0x00000001, no error messages will be presented by the LDAP Contextless Login feature of the Novell Client. If this value is set to 0x00000000 or does not exist in the registry, then the LDAP Contextless Login feature of the Novell Client will present error messages when LDAP-related operations have failed.
Note that in addition, when an otherwise "silent" eDirectory login would have occurred (e.g. TSClientAutoAdminLogon, PassiveModeNDSLogin, PassiveModeNDSLoginSilent), the LDAP Contextless Login error messages will now also be suppressed by default in these scenarios too. Only when the Novell Client login dialog is actually visible and interactive will the LDAP Contextless Login error messages be allowed to display.
11. Allow alternate credentials for PassiveModeNDSLogin. (Bug 473163)
The Novell Client "PassiveModeNDSLogin" configuration by default uses the Windows user account name and password received from MSGINA.DLL to attempt performing an eDirectory login after MSGINA.DLL's Windows account logon has already occurred. For more information on "PassiveModeNDSLogin", please see the Novell Support Knowledgebase (http://www.novell.com/support/).
Some customer scenarios desire using the MSGINA.DLL-driven login experience achieved by PassiveMode, but need for the "PassiveModeNDSLogin" functionality to use a statically-configured set of eDirectory credentials instead of defaulting to the Windows account name and password.
This NWGINA.DLL implements support for an optional "PassiveModeNDSLoginDefaultUsername" configuration value under [HKEY_LOCAL_MACHINE\Software\Novell\Login]. In addition, support for an encrypted "NovellDefaultPassword" value has been added. (The encrypted password is stored using the Windows LsaStorePrivateData API, similar to how Windows 2000 and later support storing the encrypted password for Windows AutoAdminLogon.) Finally, support for an optional clear-text "PassiveModeNDSLoginDefaultPassword" configuration value under [HKEY_LOCAL_MACHINE\Software\Novell\Login] is also provided.
If "PassiveModeNDSLoginDefaultUsername" and either "PassiveModeNDSLoginDefaultPassword" or the LSA-encrypted "NovellDefaultPassword" are configured, NWGINA.DLL will use this username and password specification instead of the Windows account username and password when performing PassiveModeNDSLogin processing.
If one or both of the "PassiveModeNDSLoginDefaultUsername" and "NovellDefaultPassword" / "PassiveModeNDSLoginDefaultPassword" values are missing, NWGINA.DLL will continue defaulting to using the Windows account username and password.
If both the LSA-encrypted "NovellDefaultPassword" value and the "PassiveModeNDSLoginDefaultPassword" clear-text registry value are defined, the clear-text "PassiveModeNDSLoginDefaultPassword" value will take precedence.
A command-line utility "PassiveModeAlternateCredentials.exe" is also provided in the attached .ZIP. If you run PassiveModeAlternateCredentials.exe without any parameters, it will display the following help screen explaining the usage:
PassiveModeNDSLogin Alternate Credentials Utility
PassiveModeAlternateCredentials.exe 4.91.5.4
Useage:
PassiveModeAlternateCredentials.exe username password
PassiveModeAlternateCredentials.exe /DELETE
username - The simple common name of an eDirectory user object
expected to be found in the default context of the location
profile or via LDAP Contextless Login, or the full DN form
(with leading period character) of an eDirectory user object.
password - The password that corresponds to the eDirectory user.
/DELETE - Removes any existing PassiveModeNDSLogin alternate
credential configuration that exist on the local machine.
Example:
PassiveModeAlternateCredentials.exe .admin.novell mypassword
PassiveModeAlternateCredentials.exe admin mypassword
PassiveModeAlternateCredentials.exe /DELETE
Note this PassiveModeAlternateCredentials.exe utility is not "installed" by the included .INF; it's simply available for an administrator to use for easily setting the "PassiveModeNDSLoginDefaultUsername" and encrypted "NovellDefaultPassword" values used by this feature.
To disable use of the alternate credentials, run "PassiveModeAlternateCredentials.exe /delete" to remove all forms of the PassiveModeNDSLogin alternate credential configurations. Alternatively, simply delete the "PassiveModeNDSLoginDefaultUsername" registry value from [HKEY_LOCAL_MACHINE\Software\Novell\Login], and the password value will be ignored if still set via the LSA-encrypted "NovellDefaultPassword" or "PassiveModeNDSLoginDefaultPassword" clear-text configuration values.
12. Kerberos Realm is not read from the location profile. (Bug 506133 )
13. PassiveModeNDSLogin contextless login support causes LDAP lookup during workstation unlock. (Bug 492289)
14. Login failure when UPN name is not derived from / equal to the SAM account name. (Bug 536411)
15. ZESM integrated authentication with NWGINA. (See TID 7005278)
16. Failed unlock attempt with Windows credentials counts as more than one attempt for intruder detection. See TID 7005411. (Bug 564778)
17. Failed unlock attempt with Windows credentials reports "incorrect password" when account is locked. See TID 7005412. (Bug 579629)
18. Validate correct version of ZESM is present before invoking it. (Bug 594986)
19. Match MSGINA behavior by setting USERDNSDOMAIN even during cached domain logon. See TID 7005824. (Bug 591564)
12. ZENworks 11 DLU support
13. Potential WINLOGON.EXE crash when attempting DLU with mix of ZENworks agent components. See TID 7007021. (Bug 639375)
14. ZENworks Desktop Management DLU login breaks with inventory-only agent installed. (Bug 622562)
Fixes related to nwfs.sys, nwdns.sys, and nwslp.sys:
1. DNS SearchList policy suffix list only processed at boot time. (Bug 585886)
2. Directory Map objects which do not include a specific subdirectory fail. (Bug 629703)
3. Improve directory listing performance in large directories. (Bug 624328)
4. Expire DFS junction info instead of requiring reboot to learn new junction target. (Bug 592177)
5. Incorrect modification timestamp displayed for subdirectories. (Bug 418607)
6. Microsoft Word hangs when saving to a NetWare volume with Symantec Antivirus installed. (Bug 423954)
7. Internal error 0x8891 persists after NCP reconnect. (Bug 425105)
8. Windows crash if bad address cache handle interface does not exist. (Bug 291165)
9. Internal Error 8868. (Bug 437212)
10. Error opening Compressed Caseware file on DFS Junction. (Bug 467133)
11. Microsoft Office applications hang when saving from 4.91 SP5. (Bug 471049)
12. IP address costing of 1 does not connect to correct host address. (Bug 484684)
13. NDS name resolution method fails with 4.91 SP5. (Bug 494023)
14. Novell client fails when network interface Bind list too large. (Bug 499328)
15. NetWare semaphore-based application fails with 4.91 SP5. (Bug 521704)
16. DFS queries can contain uninitialized data in VLDB message. (Bug 518203)
17. Applications crash with post-4.91 SP5 NWFS.SYS update. (Bug 515589)
18. Blue screen when Extended Attribute is near 64KB in size. (Bug 509572)
19. ICMP Echo costing of eDirectory referrals always selecting first referral. See TID 7004589. (Bug 542871)
20. Caching can stop working after a Windows logout or RUNAS.EXE session. (Bug 516371)
21. Problem resolving eDirectory alias objects after applying post-4.91 SP5 NWFS.SYS. (Bug 568925)
22. Blue screen when attempting to query Extended Attribute (EA) with invalid path. (Bug 574143)
23. DFS junction resolve failure after TCP-level communication timeout occurred. (Bug 722324)
24. Citrix XenDesktop 5 pass-through authentication not working with Novell Client. See TID 7010126. (Bug 714254)
25. JetStream-level authentication failure message not handled properly by Novell Client. (Bug 693727)
26..Memory crash on Windows 2003 when nt!CcUninitializeCacheMap did not complete in a timely manner. See TID 7007926. (Bug 670820)
27. Specifying DELETE_ON_CLOSE to CreateFile can incorrectly return ERROR_DELETE_PENDING. See TID 7008947. (Bug 437199)
28. DFS junction resolve failure due to VLDB TCP connection not being discarded after errors. (Bug 634819)
29. IBM Lotus Notes byte range lock request does not lock the requested byte range. (Bug 646328)
30. Potential data corruption when Sophos LAN Crypt writing encrypted data to network. (Bug 651779)
31. Novell Client 4.91 sp5 compatibility with Symantec Guardian Edge. See TID 7008640. (Bug 686331)
32. Connection leak after administrative password reset and NCP auto-reconnect. (Bug 754333)
33. DFS junction resolution failure when junction or target directory matches volume name. (Bug 753687)
34. DFS junction resolution failure can result in incorrect target being accessed. (Bug 753667)
35. Creation time stamp becoming set to 01 Jan 1985 after upgrading anti-virus software. (Bug 753100)
36. DFS junction resolution failure when nested junctions are present. (Bug 726861)
37. Address security vulnerabilities reported in TID 7012497 and CVE-2013-3956. (Bug 821841)
Fixes related to srvloc.sys:
1. Potential deadlock during Windows startup or shutdown. (Bug 614798)
2. VPN connection over EDVO card fails with 4.91 SP5 (Bug 501172)
3. SRVLOC needs to default to single equals for SLPv2. See TID 3890003. (Bug 299617)
4. SRVLOC should not duplicate queries when multiple IP addresses bound to same NIC. (Bug 345815)
Fixes related to noveap.dll:
The changes made in this build rely upon new interfaces that were introduced in Windows XP SP3; it is not backwards-compatible with XP SP2 or earlier versions. Due to design changes, enabling the debug log is now different from older versions of NOVEAP.DLL. See TID 7005241 for more information about debug options.
1. 802.1x error "No connections to authenticate" on Windows XP SP3. (Bug 397557)
2. Wireless interfaces configured for 802.1x authentication type of "DOT11_AUTH_ALGO_RSNA" not correctly recognized.
3. Network adapter becomes disabled when enabling 802.1x authentication. See TID 7008098. (Bug 701413 )
Fixes related to novnpnt.dll:
1. Wrong path count sent by client during the purge of a subdirectory. (Bug 478114)
2. Login to workstation only & persistent mappings triggers intruder lockout. See TID 7000595. (Bug 473364)
Fixes related to the UNC Path Filter (ncfilter.sys, ncrecognizer.sys, ncuncfilter.sys, iwclient.inf, and setup2k.inf):
As a result of certain architectural problems with the UNC Path Filter resulting in various functionality and system crash problems for some installations of the Novell Client, Novell has completely re-written the UNC Path Filter for the Novell Client 4.91 SP5 for Windows XP/2003. This new filter driver has dependencies on the 4.91 SP5 version of the Novell Client, so it is not supported on 4.91 SP4 or earlier. It also requires Windows XP or Windows 2003, and is therefore not supported on Windows 2000.
1. NWSETUP ActiveX potential denial of service security issue. (Bug 543682)
2. Add AuthenTec and UPEK GINA chaining recognition to Novell Client installation and un-installation. (Bug 530213)
2. Cannot access Netware volumes via UNC if client is not first in provider order. (Bug 485944)
3. After applying SP5 you can no longer stop and start the workstation service. (Bug 469681)
4. Novell Client 4.91 SP5 NWFILTER prevents joining domain as part of sysprep processing. (Bug 465147)
5. NWFILTER seems to be inert or mis-engaged depending on when Microsoft Client was installed. (Bug 457844)
6. NO_MORE_IRP_STACK_LOCATIONS on Server 2003 SP1 with NWFILTER. (Bug 410767)
Fixes related to XPLAT libraries (audwin32.dll, calwin32.dll, clnwin32.dll, clxwin32.dll, locwin32.dll, ncpwin32.dll, and netwin32.dll):
1. Race condition in NETWIN32 could potentially hang Windows service processes. (Bug 596758)
2. Unchecked strcpy in NETWIN32!NWDSSetContext for DCK_TREE_NAME. (Bug 585184)
3. Connection not authenticated when NWDSLoginEx API perfor
Fixes related to NMAS (Novell Modular Authentication Service):
1. Password policy display shows invalid information when NMAS "Microsoft password complexity" policy enabled. (Bug 504671)
Fixes releated to nicm.sys:
1. Random crash in NICM.SYS due to KEVENT in non-resident memory. (Bug 475274)
file contents
| Files Included | Size | Date |
|---|---|---|
| Novell Client 4.91 SP5 for Windows IR2.exe | 36.6 MB (38473400) | 2013-07-26 16:05:00 |
| readme_5167431.html | N/A | 2013-08-09 12:00:17 |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.
© 2007 Novell, Inc. All Rights Reserved.