DLU policy fails to apply after installing inventory only agent

  • 7006451
  • 15-Jul-2010
  • 06-Jul-2012

Environment

Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3
Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 5
Updated NWGINA.DLL supporting ZENworks Configuration Management 10.3
User Policy Package with Dynamic Local User (DLU) policy associated to logging-in user

Situation

Dynamic Local User (DLU) policy fails to create or manage the local Windows user account after installing or updating to ZENworks Configuration Management / ZENworks Asset Management 10.3 inventory-only agent.

Resolution

Update NWGINA.DLL to NWGINA.DLL 4.91.5.37 02AUG2010 (or later) by applying the patch file "Novell Client 4.91 Post-SP5 (IR1) NWGINA.DLL " (or later) from https://download.novell.com/Download?buildid=3EVvdCOU3Hc~

Workaround:

Create a Windows registry string value with name Version at HKLM\Software\Novell\ZCM matching the Version value at HKLM\Software\Novell\ZENworks.

Additional Information

A new registry key HKLM\Software\Novell\ZCM has been introduced with ZENworks Asset/Configuration Management 10.3 to better differentiate from other and legacy ZENworks products using HKLM\Software\Novell\ZENworks.

NWGINA.DLL, steering the Microsoft Windows 2000/XP  login process with installed Novell Client and/or ZENworks Desktop Management Agent, needs to detect the installed ZENworks product version to provide access to full login functionality.

In this case that the inventory only agent is installed, NWGINA finds that the new introduced ZCM registry key exists but can not read any version information. Still it can find that some Workstation Manager version must be installed since it can locate a required dll. So it concludes that some older ZENWorks for Desktops version must be installed while actually a recent ZENworks Desktop Management agent version is installed.

From a sample NWGINA.LOG file
"...
[12:01:46:734] [NWGINA-2FC-300] DetectInstalledZENVersion entered
[12:01:46:734] [NWGINA-2FC-300] RegQueryValueEx Failed:  2
[12:01:46:796] [NWGINA-2FC-300] DetectInstalledZENVersion returning ZEN3x
..."

After that a wrong code path is being used to trigger Dynamic Local User (DLU) functionality and the DLU policy fails to apply.

"...
[12:02:13:453] [NWGINA-2FC-300] GinaProcessDynamicLocalUser called!
[12:02:13:453] [NWGINA-2FC-300] CheckIfWorkstationManagerEnabled entered
[12:02:13:453] [NWGINA-2FC-300] Comparing configured tree : <eDirectory tree name>
[12:02:13:453] [NWGINA-2FC-300] Calling NWDSLogin
[12:02:13:453] [NWGINA-2FC-300] NWDSLogin Failed:  34960
[12:02:13:453] [NWGINA-2FC-300] GinaGetTreeContextPair called!
[12:02:13:453] [NWGINA-2FC-300] Context for tree <eDirectory tree name> is<user context>
[12:02:13:453] [NWGINA-2FC-300] GinaGetTreeContextPair returned 0
[12:02:13:453] [NWGINA-2FC-300] Failed NWDSLogin 0x8890
[12:02:13:453] [NWGINA-2FC-300] GinaRemoveBackslashesFromStrings entered
[12:02:13:453] [NWGINA-2FC-300] Workstation Manager is *NOT* configured on this workstation!
[12:02:13:453] [NWGINA-2FC-300] GinaProcessDynamicLocalUser exiting with 50
..."