Novell Client for Windows 2000/XP/2003
On any version of the Novell Client for Windows XP/2003 up to and including 4.91 SP4, it is possible to encounter a situation where the Novell login dialog simply never appears after booting up the machine, and the interactive user is left viewing an empty desktop screen.
(Meaning no login dialog, not even Microsoft's, ever appears. Or, if the DisableCAD policy of Windows is set such that the user must press CTRL-ALT-DEL in order to see the login dialog, the user only sees an empty desktop after pressing CTRL-ALT-DEL at the prompt.)
Booting Windows into safe mode allows the MSGINA login dialog to be displayed instead. Changing the"Initial Novell Login" setting to "Off" in the "Advanced Login" tab of the Novell Client Properties from safe mode can allow the workstation to be used; but without an eDirectory login prompt being available during boot-up or after logging out from Windows.
This issue occurs when malformed data has been written to the Windows registry for the "LegalNoticeText" and/or"LegalNoticeCaption" Windows policies. The presence of this malformed data could cause Novell's NWGINA to enter into a tight loop and hang the WINLOGON.EXE process.
The presence of the malformed data will not necessarily be visible via REGEDIT, because the data consists of one or more"null" characters followed by one or more bytes of "random" data. Using the "Modify binary data" option in REGEDIT when editing one of the "LegalNoticeText" or "LegalNoticeCaption" REG_SZ values can reveal the presence of the additional malformed data.)
It has been observed that this malformed data can be created when using Microsoft's Local Security Policy editor to set the"LegalNoticeCaption" and/or "LegalNoticeText" values. If the policy editor is used to write out "blank" values, those "blank" values may or may not include additional bytes of random data in addition to the expected and intended single "null" character.
One manner in which this issue can be corrected is to explicitly update the registry with correct "blank" values in both of the LegalNotice policy locations, so that the additional malformed data is removed. For example, importing the following registry script would eliminate the issue:
Note this does not prevent the issue from being reintroduced at some later time, such as if the Local Security Policy editor is used to save "blank" values again in the future.