Environment
Novell ZENworks 10 Configuration Management with Support Pack
3 - 10.3
Novell ZENworks 11 Configuration Management
eDirectory-based User Source
eDirectory-based User Source
Situation
Login process pauses for around 45 seconds, the ZENLGN.LOG (see
KB 3418069 "How to enable debug logging for ZENworks 10 and 11
Configuration Management" for how to enable this log)
shows a delay attempting to read the Secret Store.
ZENLGN [2F8-2FC]
[15:23:29:312] About to call Read Secret Store
ZENLGN [2F8-2FC] [15:23:29:312] NWSSLoadDLL called!
ZENLGN [2F8-2FC] [15:23:32:343] WE ARE CALLING: 0x04D0D0E0
ZENLGN [2F8-2FC] [15:24:17:390] NWSSReadSecret Failed: 0xFFFFFCD3
ZENLGN [2F8-2FC] [15:23:29:312] NWSSLoadDLL called!
ZENLGN [2F8-2FC] [15:23:32:343] WE ARE CALLING: 0x04D0D0E0
ZENLGN [2F8-2FC] [15:24:17:390] NWSSReadSecret Failed: 0xFFFFFCD3
Resolution
Important: Whichever fix is in place, ZCM will no longer
attempt to communicate with the Secret Store. If, subsequently,
Secret Store is used in the organization, then the feature can be
re-enabled on a device-by-device basis, by creating in the registry
the DWORD HKLM\Software\Novell\ZCM\ZenLgn," EnableSecretStore" if
it does not already exist, and setting it to a value of
1.
For ZCM 10.3.2: This is fixed in version 10.3.3 - see KB 7007641 "ZENworks Configuration Management 10.3.3 - update information and list of fixes" which can be found at https://www.novell.com/support
Workaround: if it is not possible to upgrade to 10.3.3 at this time, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=sRy0mH3CLQg~ as "ZCM 10.3.2 Login delay reading Secret Store fix – see TID 7007547". This Patch should only be applied if the symptoms above are being experienced, and are causing problems.
For ZCM 11: A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=I3e6-LL97mM~ as part of "ZCM 11.0 - Cumulative Agent Patch 1". This Patch should only be applied if the symptoms above are being experienced, and are causing problems.This Patch has had limited testing, and should not be used in a production system without first being checked in a test environment. This patch has specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using this Patch, by using the feedback link on this TID.
For ZCM 10.3.1: Workaround: if it is not possible to upgrade to 10.3.3 at this time, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=mK0hjVQxzSo~ as "ZCM 10.3.1 Login delay reading Secret Store fix – see TID 7007547". This Patch should only be applied if the symptoms above are being experienced, and are causing problems.
As a workaround, rename NWSSO.DLL, which is installed with Novell Client32.
For ZCM 10.3.2: This is fixed in version 10.3.3 - see KB 7007641 "ZENworks Configuration Management 10.3.3 - update information and list of fixes" which can be found at https://www.novell.com/support
Workaround: if it is not possible to upgrade to 10.3.3 at this time, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=sRy0mH3CLQg~ as "ZCM 10.3.2 Login delay reading Secret Store fix – see TID 7007547". This Patch should only be applied if the symptoms above are being experienced, and are causing problems.
This Patch has had limited testing, and should not be used in a production system without first being checked in a test environment. Some Patches have specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using this Patch, by using the feedback link on this TID.
For ZCM 11: A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=I3e6-LL97mM~ as part of "ZCM 11.0 - Cumulative Agent Patch 1". This Patch should only be applied if the symptoms above are being experienced, and are causing problems.This Patch has had limited testing, and should not be used in a production system without first being checked in a test environment. This patch has specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using this Patch, by using the feedback link on this TID.
For ZCM 10.3.1: Workaround: if it is not possible to upgrade to 10.3.3 at this time, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=mK0hjVQxzSo~ as "ZCM 10.3.1 Login delay reading Secret Store fix – see TID 7007547". This Patch should only be applied if the symptoms above are being experienced, and are causing problems.
This Patch has had limited testing, and should not be used in a production system without first being checked in a test environment. Some Patches have specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using this Patch, by using the feedback link on this TID.
As a workaround, rename NWSSO.DLL, which is installed with Novell Client32.
Additional Information
The Secret Store is read to support the use of Smart Cards for
ZCM NMAS authentication, even if a smartcard is not used to
logon.
Long delays are seen when an eDirectory User Source is
configured and few if any servers are configured to support secret
store, which results in a significant delay attempting to read the
Secret Store.