Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
rchapman29
New Member.
4184 views

ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/3

Hi,

For a long time we have been customers of Secude who are the developers of FDE for ZCM 11.2. In the versions of FDE before ZCM 11.2, we always had the Single Sign On functionality between the Secude PBA and the Novell Client on Windows 7 with our Smart Card setup. This functionality had more or less (about 95% of the time) worked. Sometimes the PIN passthrough would work but not auto login, you had to hit enter yourself. But otherwise it was working.

Since we have now moved to ZCM 11.2 and started using the version of FDE with ZCM this functionality is no longer working. Well, it does something! As far as I can tell it makes the Advanced screen of the Novell Client show. Which when you click away, will then show you a login error with the following error code 0x8007001.

I have already an SR open for some time regarding this issue. Actually never heard anything back from Novell much about the status of the ticket until I gave up and gave them a poke. Only to be asked, "The Smartcard SSO is kerberos authentication, correct? Please take a look at TID 7010332 'Does ZCM support Kerberos authentication through Novell Client' (Support | Novell) that as published recently."

Actually we are not using Kerberos in our setup. As far as I am aware Kerberos is an Active Directory form of authentication. And seeing as we are a complete Novell customer (currently) with eDirectory etc etc, I dont know how the supporter could just simply jump to that conclusion. In fact I state in my SR what we are using which is Win7 x64 Pro, Novell Client SP2 IR2a, ZCM 11.2, NESCM 3.0.8. Which to me would suggest anything but Kerberos. But maybe that is just me!

Additionally I was then told that because I was not using Kerberos, that, that is why it does not work. I am a bit flabbergasted about this because in the doumentation it tells you what type of Novell Clients are working underneath the SSO section of the online manual for the FDE. Even more so because A: I know it was working with previous versions! e.g. With Windows 7 x64 Pro, Novell Client, NESCM 3.0.7, ZCM Agent 10.3.x and FDE 9.6 from Secude. And B: Why is it not possible for Novell to get the SSO functionality to work with there own products?

Maybe someone else is having the same issue. Maybe Shaun Pond will read this and then kick butt! Hopefully not mine.

One can only hope!

Regards

Robert
0 Likes
16 Replies
Calimero Trusted Contributor.
Trusted Contributor.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

Hi,

Similar issue here! I have Windows 7 Ent. + Novell Client 2 SP2 IR3 + ZCM 11.2.1 with DLU. I am using simple username password authentication with the same result :

Advanced screen of the Novell Client is shown and if I click ok I get the same error code : internal error 0x8007001.

I will open an SR right away. The SSO was my main argument to get the FDE licenses and could not possibly imagine it would not work with my configuration.

Regards,

Marc
0 Likes
bbeachem Absent Member.
Absent Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

@Marc Calimero - Are you doing clean installs of 11.2.1 or are they upgrades from an earlier version of ZCM 11.2?
@Robert Chapman - As you mentioned, we're using the 9.6 version of Finally Secure Enterprise for our Novell ZENworks FDE. Secude has changed something on their side that would require you to retest with the ZFDE 11.2.1 MU1 version. I will try and track down who owns this SR inside of Novell Support and have them work with you on upgrading to this version and retesting. Which version of FSE did you have this working on before (9.6.??? .. In need to know the ??? part of the version number)? I work on the FDE side on the Novell solution and need to try and isolate if it's something that has changed in the Secude side of things or the ZENworks authentication part.
Thanks!
0 Likes
rchapman29
New Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

bbeachem;2210429 wrote:
@Marc Calimero - Are you doing clean installs of 11.2.1 or are they upgrades from an earlier version of ZCM 11.2?
@Robert Chapman - As you mentioned, we're using the 9.6 version of Finally Secure Enterprise for our Novell ZENworks FDE. Secude has changed something on their side that would require you to retest with the ZFDE 11.2.1 MU1 version. I will try and track down who owns this SR inside of Novell Support and have them work with you on upgrading to this version and retesting. Which version of FSE did you have this working on before (9.6.??? .. In need to know the ??? part of the version number)? I work on the FDE side on the Novell solution and need to try and isolate if it's something that has changed in the Secude side of things or the ZENworks authentication part.
Thanks!


Hi,

I am pretty sure the last version that this was working with was 9.6.26. We are currently deploying Windows 7 even though this part isn't currently working so a lot of users where this was working are already moving over to the newer ZENworks etc. However I can check with one user that I know, who is currently still on the older system, so I can tell you for sure tomorrow.

Regards

Robert
0 Likes
Calimero Trusted Contributor.
Trusted Contributor.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

Hi bbeachem,

It's a clean install
0 Likes
shaunpond Absent Member.
Absent Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/3

Calimero,

what's your SR #?

--

Shaun Pond


0 Likes
Calimero Trusted Contributor.
Trusted Contributor.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

Hi Shaun,

Here's my Sr # : 10784870891

--

Marc
0 Likes
shaunpond Absent Member.
Absent Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/3

Rchapman29,

> Maybe Shaun Pond will read
> this and then kick butt!


what's the SR #?

--

Shaun Pond


0 Likes
rchapman29
New Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

spond;2210440 wrote:
Rchapman29,

> Maybe Shaun Pond will read
> this and then kick butt!


what's the SR #?

--

Shaun Pond



Hi,

here is my SR #10759285971.

I actually heard today that this issue is supposedly fixed in 11.2.1 MU1 and the guy who is looking after my SR offered to already send the link for testing MU1. But apparently its close to being released officially anyway. So I understood. At any rate I asked for the download.

I hope it is resolved, because this as well as the auto logon locally setting could make an SSO to desktop a real possibility 🙂

Regards

Robert
0 Likes
shaunpond Absent Member.
Absent Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/3

Rchapman29,

yeah Alan (who's the guy with your SR) wanted to the manual steps to
deploy, which I gave him. And I posted MU1 on Thursday

--

Shaun Pond


0 Likes
Highlighted
bbeachem Absent Member.
Absent Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

That is correct. This should be resolved in the 11.2.1 MU1 build.
0 Likes
bbeachem Absent Member.
Absent Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

I believe the updated FDE components that are available in 11.2.1 MU1 where manually updated by Alan on a failing setup and they unfortunately did not fix the issue. I hope that I am wrong, but nontheless I wanted to warn everyone to await confirmation before any wide scale deployment or update.
0 Likes
RATHL Absent Member.
Absent Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

bbeachem;2212471 wrote:
I believe the updated FDE components that are available in 11.2.1 MU1 where manually updated by Alan on a failing setup and they unfortunately did not fix the issue. I hope that I am wrong, but nontheless I wanted to warn everyone to await confirmation before any wide scale deployment or update.


Hello,

sorry, it's not solved. We get the same error with 11.2.1 MU1:(

Is there anyone who tested with 11.2.1 MU2?

Thanks!
0 Likes
rchapman29
New Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

RATHL;2228919 wrote:
Hello,

sorry, it's not solved. We get the same error with 11.2.1 MU1:(

Is there anyone who tested with 11.2.1 MU2?

Thanks!


Hi,

you are right it wasn't resolved in 11.2.1 MU2. Actually the fix needed to be applied to the Novell Client and not ZCM. We had been testing the fix for the last couple of weeks and for us it is now resolved. I see tonight that Novell have released Novell Client SP2 IR5 which should be containing the same fixes as what we have been supplied with. I will at least be installing the new client tomorrow for testing.
0 Likes
rchapman29
New Member.

Re: ZCM 11.2.1 FDE Single Sign On to Novell Client SP2 Ir2a/

rchapman29;2229751 wrote:
Hi,

you are right it wasn't resolved in 11.2.1 MU2. Actually the fix needed to be applied to the Novell Client and not ZCM. We had been testing the fix for the last couple of weeks and for us it is now resolved. I see tonight that Novell have released Novell Client SP2 IR5 which should be containing the same fixes as what we have been supplied with. I will at least be installing the new client tomorrow for testing.


Just as an additional update on this. All seems to be well with IR5. And we will be implementing SSO for all other users soon.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.