Default Novell Login mode for Windows 2008 R2 servers?

We're using Novell Client 2 SP3 for Windows 7 (IR6).
All our Windows 7 workstations behave so that the Novell Logon is always the default (ie: you do CTRL-ALT-DEL and always get the Novell Logon first), then of course you get logged into ZCM and then our MS AD environment.
However, using the SAME client with the SAME settings (unattend.txt or whatever) on a Windows 2008 R2 server with Citrix OR TS enabled, yields different results.
Sometimes you get just the Windows logon (and then of course, you're not logged into eDirectory), sometimes you get the Novell one first.
Any ideas on what setting to check?
On 4.951 SP5 there was Gina chaining, but Windows7/2008 use credential provider order (I think), but I have no idea why it would behave differently.
Thanks!

Originally Posted by Alan Adams
kjhurni <[email protected]> wrote:
> So we tested on a non-Citrix server (but it still has Terminal Services
> enabled).
>
> It seems if someone goes in via the console (vmware or rdp) and does a
> "workstation only" login (I should say specifically where you pick the
> option to NOT use the Novell Client), that's where the issue arises.
>
> So is there a Novell Client setting to use to always make it use the
> Client? (I thought I had that set already)
> Or is this a Terminal Server issue and we need to look somewhere in MS
> land?
I'm not clear exactly on what you're seeing, but it sounds like you're
describing going to the interactive console login process and picking
"a completely non-Novell Client-related credential".
Meaning once you have selected the credential and can see the username
and the password field you need to enter the password in to, there is
NEITHER a "Novell Logon" nor "Computer Only Logon" link offered on
that credential, because that credential isn't one generated by Novell
Client / NCCredProvider at all.
I agree, if that's what you mean, that it sound like the kind of
process we were suspecting could be occurring, where Windows now
defaults to "the last credential provider you used" and that's NOT
Novell Client because some other credential was selected and used
during the previous login.
Normally, simply having "Novell Login = ON" does cause "Novell Client
to be the only credential provider available", but that statement
really only holds true on a "standard Windows machine" where only the
Microsoft-supplied in-box credential providers are present.
The way Novell Client achieves this is to actually "filter out" a
couple of the Microsoft in-box credential providers, so that instead
of seeing "both the Microsoft-generated credential tiles and the
Novell Client NCCredProvider-generated credential tiles as ones you
can choose from", by filtering out the Microsoft credential providers
you end up seeing only NCCredProvider-generated credentials.
Meaning, instead of getting a Windows-only credential tile generated
by Microsoft's in-box "PasswordProvider" credential provider
(AUTHUI.DLL) /AND/ the Novell Client NCCredProvider-generated
credential tiles, you instead only get the NCCredProvider-generated
tiles, and if you want to login Windows-only you have to select
"Computer Only Logon" from the NCCredProvider-generated credential.
But the behavior you're seeing, and a behavior not uncommon with
third-party credential providers, is that some other product wanted to
extend the functionality of Microsoft's in-box "PasswordProvider"
credential provider. So this third-party /also/ filters Microsoft's
"PasswordProvider" credential provider out (just like NCCredProvider
does), but then internally the third-party "wraps" the Microsoft
"PasswordProvider" credential provider in order to present "99% normal
PasswordProvider behavior, but with 1% of new third-party-specific
behavior."
Which means, from a Windows perspective, these credentials are now
being created by the third-party "wrapper", not the Microsoft
"PasswordProvider" credential provider directly. So even though
Novell Client filtered "PasswordProvider" out, there is this new
unique third-party wrapper's credential tiles still being shown, which
just happen to "look at feel just like PasswordProvider but with 1% of
additional third-party-specific functionality."
From your perspective, it simply looks like "Novell Client never
disabled Microsoft's PasswordProvider", which in actuality we have
filtered it out, but some other third-party is "making their own
instances of Microsoft's PasswordProvider credentials." Since the
credentials are no longer being created by a credential provider which
has Microsoft's well-known GUID for the "PasswordProvider" credential
provider, filtering out that GUID no longer stops the credentials from
"appearing anyway".
One option is to add the GUID of the third-party wrapper (whomever
that is) to the Novell Client's "FilterList" value under
[HKEY_LOCAL_MACHINE\Software\Novell\Authentication\ NCCredProvider].
This is where the Microsoft "PasswordProvider" GUID is already listed,
and you would just add the additional GUID(s) to this REG_MULTI_SZ
list value.
Maybe the third-party has some additional functionality or utility
knowledge that they learn by wrapping Microsoft's credential provider,
but in your case you are wanting to select the NCCredProvider-based
credential anyway, so you're not going to be selecting the
third-party's "wrapped" Microsoft PasswordProvider credential. And
the fact that the third-party's "extra" credential tiles are being
offered and can be "accidentally" selected is breaking your desired
default behavior of "always send the end-users to NCCredProvider."
If it's not clear what credential provider / wrapper on the system may
be doing this, export
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential
Providers] to a .REG file and then just cut-n-paste the .REG file text
contents into a post here.
Alan Adams
Novell Client CPR Group
[email protected]
Novell, Inc.
www.novell.com
Thanks Alan,
In this case it seems simply putting the Novell Client on a Windows server with Terminal Services enabled is enough to cause the issue.
On an actual server login (ie: Vmware console) you press CTRL-ALT-DEL
You see the Novell Login section (this is server 2012 R2, BTW) with the userid/password
2 lines below it it says:
Computer Only Logon
If you choose Computer Only Logon
Then it "stays" at Computer Only Logon for all subsequent logons/reboots.
I'm going to guess it's probably a Windows setting (we only have a few GPO settings pushed out to servers via AD).
Anyway, here's the reg key contents:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{1b283861-754f-4022-ad47-a5eaaa618894}]
@="Smartcard Reader Selection Provider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{1D7BE727-4560-4adf-9ED8-5EEC78C6ECFF}]
@="CtxKerbProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{1ee7337f-85ac-45e2-a23c-37c753209769}]
@="Smartcard WinRT Provider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{2135f72a-90b5-4ed3-a7f1-8bb705ac276a}]
@="PicturePasswordLogonProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{25CBB996-92ED-457e-B28C-4774084BD562}]
@="GenericProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}]
@="NPProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{600e7adb-da3e-41a4-9225-3c0399e88c0c}]
@="CngCredUICredentialProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}]
@="PasswordProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}\LogonPasswordReset]
@="{8841d728-1a76-4682-bb6f-a9ea53b4b3ba}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{8FD7E19C-3BF7-489B-A72C-846AB3678C96}]
@="Smartcard Credential Provider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{94596c7e-3744-41ce-893e-bbf09122f76a}]
@="Smartcard Pin Provider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{cb82ea12-9f71-446d-89e1-8d0924e1256e}]
@="PINLogonProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}]
@="CertCredProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}]
@="WLIDCredentialProvider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Authentication\Credential Providers\{f9cf286d-a029-41f9-86f6-90acf0618aa4}]
@="NcCredProvider"
Hope this helps.

Similar Messages

  • How to stop booting windows in recovery mode (for windows 2008 and 2012 editions)

    Hi ,
    we are configure hyper-v cluster contain about 100 VM , if a host is down (unplanned failover )  its VM restarted but in the recovery mode on another hosts.
    pls tell me How  to disable  booting in recovery mode ?
    thanks,
    Ramy Shaker

    These two should sort it.
    bcdedit /set {default} recoveryenabled No 
    bcdedit /set {default} bootstatuspolicy ignoreallfailures
    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Oracle Client for Windows 2008 R2

    is there a 10g or 11g cleint available for Windows 2008 R2? The latest Win64 or Windows 2008 clients all give me an error that saus it supports versions up to 6.0 and I have version 6.1

    There is a work around that can help to install 11g release 1 on windows 2008 R2
    The installer can be executed in compatability mode by right clicking on setup.exe and select "Troubleshoot compatibility" then "Troubleshoot Program" then check option "The program worked in earlier versions of windows......." then choose "Windows Server 2003 (with service pack 1)" and in the last step click "start the program" button.
    hope tihs will start installing Oracle 11g Release 1 on Windows Server 2008

  • Error - iTunes Library .iti file is locked on a disk or you do not have permission for this file. I can open itunes in the compatibility mode for Windows XP Service Pack 3 ???

    In Windows 8 I received the error iTunes Library .iti file is locked on a disk or you do not have permission for this file. I can open itunes in the compatibility mode for Windows XP Service Pack 3.
    I've tried changing permissions and sharing - nothing seems to work. mat be a Windows 8 issue???

    You also need to make sure you have both read and write permission for the file, or for the whole iTunes folder for that matter.  That's also done in Get Info for the file or folder concerned.
    Read the part about changing permissions on the iTunes folder in: https://discussions.apple.com/message/11583914

  • Record the CPU Load in a log for Windows 2008 R2

    Use performance monitor and log it to a file.

    Hi,
    I am an Oracle DBA. I need to record the load of the CPU for windows 2008 R2. Load in the sense Total Memory, Available Memory, Cached and Free. All together into a log.
     Kindly suggest me on the same.
    Thank you.
    This topic first appeared in the Spiceworks Community

  • Remote Agent for ACS for Windows 2008 R2 64-bit

    Hi,
    We having difficulties with installing remote agent on windows 2008 R2 64-bit server and got the attached error.
    Our ACS is 4.2.0.124 and remote agents we tried are :Remote-Agent-ACSse-win-v4.2.1.15-K9.zip and Acs-4.2.1.15.9-RA.zip.
    I see following urls says it does not support Windows 2008 R2 and also 64-bit Windows,
    https://supportforums.cisco.com/message/3135061#3135061
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289019
    However following url says its support 2008 R2 with 64-bit version
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Release_Notes/acs421_rn.html
    Appreciate if someone can adivse us what vesion (file name) of Remote Agent can support (or working) for Windows 2008 R2 64-bit.
    thanks in advance

    Hi Tarik,
    What I wanted to say that the below url says that ACS 4.2 does not support on 64-bit OS:
    ACS Requirements
    You must use ACS Remote Agent for Windows, version 4.2, with ACS SE, version 4.2. We do not support other Cisco Secure ACS releases.
    Note ACS Remote Agent 4.2 for Windows does not support 64-bit operating systems.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289019
    However could you please let me know what exact Remote Agent file you recommend to use for windwos 2008 R2 64-bit Server. The ACS SE version that I have is 4.2.0.124.
    Thanks

  • Is it appropriate to apply the hardening settings for Windows 2008 R2 server to Windows 2008 server?

    We would like to adopt the hardening recommendation for Windows 2008 R2 from CIS to all our DC servers. However, but then we found some of our DC in remote sites are Windows 2008 server only.
    Is the hardening settings from Windows 2008 R2 from CIS also applicable to Windows 2008 DC?
    Thanks for your attention.

    Yes, this should be fine. Hardening only specific security settings, registry keys etc and there's not much difference if you consider hardening.
    Just for reference, here's the difference between 2008 and R2 :
    http://technet.microsoft.com/en-us/library/dd391932(WS.10).aspx
    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
    the thread.

  • Oracle for Windows 2008 R2

    Hi,
    I have try to install oracle 10g database on Windows 2008 R2 Standard Edition. But none of the 64 bit installation are not working.
    Checking operating system version: must be  5.1 or 5.2 .    Actual 6.1
    Failed <<<<
    I check for specific Installation for this windows version, but i couldn't find it.
    Can someone give me advise for this.
    Thanks.

    Hi,
    see Oracle 10g Installation on Windows Server 2008 RC2
    Beware that for Windows 2008 R2 you need at least 10.2.0.4. Install 10.2.0.3 found on technet and upgrade from Metalink Patch.
    Herald ten Dam
    http://htendam.wordpress.com

  • EBS software or installer for windows 2008 R2 84 bit

    Not able to find the oracle EBS software or installer for windows 2008 R2 64 bit operating system. Let me know if Oracle EBS media is available for windows 2008 R2 64bit operating system

    Hi;
    The Oracle E-Business Suite Rapid Install media for Windows presently only supports an installation on 32-bit Microsoft Windows Server (2003, 2008).
    Please see:
    Migrating Oracle E-Business Suite R12 to Microsoft Windows Server 2008 R2 [ID 1188535.1]
    Oracle E-Business Suite Installation and Upgrade Notes Release 12 (12.1.1) for Microsoft Windows Server (32-bit) [ID 761567.1]
    Regard
    Helios

  • I need the link to download Adobe Flash Player 64 bit for Windows 2008 server

    I need the link to download Adobe Flash Player 64 bit for Windows 2008 server

    http://get.adobe.com/flashplayer/
    The page has javascript to determine OS and bit rate. it WILL provide you the correct download.

  • J2sdk1_4_2-? version for Windows 2008

    Hi All,
       We need the exact j2sdk version to install on windows 2008.The operating system is 64-bit version with xeon processor. If it is possible then send the exact sun path to download.
    Thanks & Regards,
    Sridhar M.

    Hi,
    Yes you are right there are no certified JRE/JDK for Windows 2008.
    Sun JDK 1.4.2 is required for SAP SAP NetWeaver 7.0  and works well but it's not tested on windows 2008.
    also check https://www.sdn.sap.com/irj/sdn/windows?rid=/webcontent/uuid/901e077f-d0c5-2a10-90ba-bb5b8acc243c
    regards,
    kaushal

  • GX600 enable VT, for example for Windows 2008 HyperV

    Hi.
    Is there a modified BIOS to enable VT on the GX600, for example for Windows 2008 HyperV?
    Using forum search I only found https://forum-en.msi.com/index.php?topic=121665.0
    Thank you & Bye

    You can try using Auditpol.exe: http://technet.microsoft.com/en-us/library/cc731451%28v=ws.10%29.aspx
    This
    posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
    Microsoft
    Student Partner 2010 / 2011
    Microsoft
    Certified Professional
    Microsoft
    Certified Systems Administrator: Security
    Microsoft
    Certified Systems Engineer: Security
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft
    Certified Technology Specialist: Windows 7, Configuring
    Microsoft
    Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer
    Thanks but I guess, auditpol ca be used only to manipulate system audit policies. how do I specify a folder and user in auditpol ? I could not find or understand how folder can be included with auditpol command line options.
    Thanks !

  • Can I change InDesign CC 2014 to default to cmyk mode for pantone colors instead of lab?

    I work for a large corporation with close to 1000 sales people so we have a POD vendor who manages a website for the sales people to order our literature.  Our colors were all great and now with InDesign CC 2014 using lab values instead of cmyk for pantones our colors are off.  Is there a way to set InDesign CC 2014 to default to cmyk mode for pantones instead of lab?
    Thanks,
    Dave

    so we have a POD vendor who manages a website for the sales people to order our literature.
    The Pantone + Solid ink libraries only have one Lab definition. You can force a conversion to process CMYK via Ink Manger and the converted output values will depend on the document's CMYK profile.
    If you prefer a single, device dependent CMYK definition for a solid ink simulation, you now have to use the Pantone + Bridge library—those colors are defined as process CMYK—or you can go back to the legacy solid library

  • SAP Cryptographic Library for Windows 2008

    Hello,
    Do you know where can i find SAP Cryptographic Library for Windows 2008 x64?
    I was trying to find it in swdc, but there's only for Windows 2003 - and it's not working with 2008.
    Best regards
    Bartosz

    Hi,
    Just an information from my experience : I have never been able to download any release of the SAP Crypto library contrary to what all the documentation and SAP notes tell.
    We had always to ask our SAP representative and to wait for several weeks to receive a DVD by physical mail.
    Regards,
    Olivier

  • MPIO versions for Windows 2008 SP1 and R2?

    Where can I find a list of the latest versions numbers of MPIO for Windows 2008 SP1 and R2?

    Hi,
    Do you mean the latest version of mpio.sys file?
    After search I think the latest version of mpio.sys is 6.1.7601.21687, Date is 19-Mar-2011.
    For all supported x64-based versions of Windows Server 2008 R2
    Collapse this tableExpand this table
    File name
    File version
    File size
    Date
    Time
    Platform
    Mpio.sys
    6.1.7600.20928
    156,544
    19-Mar-2011
    07:34
    x64
    Mpio.sys
    6.1.7601.21687
    156,544
    19-Mar-2011
    07:45
    x64
    For all supported IA-64-based versions of Windows Server 2008 R2
    Collapse this tableExpand this table
    File name
    File version
    File size
    Date
    Time
    Platform
    Mpio.sys
    6.1.7600.20928
    353,664
    19-Mar-2011
    06:52
    IA-64
    Mpio.sys
    6.1.7601.21687
    353,664
    19-Mar-2011
    06:50
    IA-64
    For more information please refer to following MS articles:
    "0x000000D1" Stop error occurs in the Mpio.sys driver in Windows Server 2008 R2
    http://support.microsoft.com/kb/2511962
    "msdsm.sys” and “mpio.sys" files version after SP2 installation
    http://social.technet.microsoft.com/Forums/en/winserverClustering/thread/c18b5111-9888-4aba-bda5-22a54b7227d9
    Lawrence
    TechNet Community Support

Maybe you are looking for

  • Possibly mundane Mini-DVI to VGA into an external monitor problem

    Hi, I've had a look over the interwebs regarding my problem and it seems as if it's not unusual to have external monitor problems but I'm not sure if mine is slightly different: I had a perfectly working set up with my new Macbook (the white one, '06

  • Invalid mediafile parameter.

    What is wrong in these Applet tags >>>>>>>>>>>> <APPLET codebase="file:/home/lando/JavaProject5/build/classes/" code="TVApplet.class" param name=file value="calcioMO.avi" width=350 height=200 ></APPLET> Applet code >>>>>>>>>>>>> URL codeBase = getDoc

  • Mac Air Crashed New Mac Need help syncing

    My Mac Book Air Crashed. My back up to my music was my IPad. I was able to get my purchased music from to sync with the new Ipad, or rather authorized. I want to get my pics and music from my IPad to the new computer. This is music from old CDs I had

  • Tables pop to second page

    I can not get my table to stay on the first page of its section (page 3 in the example picture). Whenever I put content into it it pops to the next page (page 4). Is there a solution for this?

  • IOS 5 not syncing music, photos, videos, podcasts

    I've got iPhone 3GS and I've just upgraded to iOS5. It nicely backed everything up over WiFi and all my apps are back on the phone almost in the same order (with a few extras) as before. But there is one huge problem - none of my other content would