Novell Secret Store Locked message appears while attempting to logon to Windows

  • Document ID:7007625
  • Creation Date:20-Jan-2011
  • Modified Date:30-Apr-2012
    • Micro Focus Products:
      Client for Open Enterprise Server (Novell Client)
      eDirectory
      SecureLogin
      ZENworks Configuration Management

Environment

Novell Client for Windows 2000/XP/2003
Novell eDirectory
Novell SecureLogin
Novell ZENworks 10 Configuration Management
Novell ZENworks 11 Configuration Management

Situation

When attempting to Logon to a Windows 2000 or Windows XP device that has both Novell Client32 and the ZENworks Configuration Management agent installed, user's may be prompted by two warning Dialogs.
 
The first dialogue states: "Novell Secret Store Locked" and provides a prompt to provide the Previous NDS password.
Regardless of the password provided, a second Warning Dialogue will appear.
The second dialogue states: "Unlock SecretStore Failed:  The password you have entered did not successfully unlock secretstore"

Resolution

In order to make use of any of the fixes or patches shown below, a registry value must be created:
See the online documentation Section 31.1.6, Authenticating in to a ZENworks Server That Has Novell SecretStore Configured in VI Users, part of ZENworks 10 Configuration Management System Administration Reference

<b>For ZCM 10.3.x: </b>This is fixed in version 10.3.3 - see KB 7007641 "ZENworks Configuration Management 10.3.3 - update information and list of fixes" which can be found at https://www.novell.com/support

Workaround: if it is not possible to upgrade to 10.3.3 at this time, in the interim Novell has made patches available for testing, in the form of Field Test Files (FTFs): they can be obtained at the following locations
ZCM 10.3.2: https://download.novell.com/Download?buildid=sRy0mH3CLQg~ as "ZCM 10.3.2 Login delay reading Secret Store fix - see TID 7007547"
ZCM 10.3.1: https://download.novell.com/Download?buildid=mK0hjVQxzSo~ as "ZCM 10.3.1 Login delay reading Secret Store fix - see TID 7007547"
These patches should only be applied if the symptoms above are being experienced, and are causing problems.

These patches have had limited testing, and should not be used in a production system without first being checked in a test environment. Some Patches have specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using these patches, by using the feedback link on this TID.

<b>For ZCM 11: </b>A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=nYTDFuoYGFU~ as "ZCM 11.0 Login delay reading Secret Store fix - see TID 7007547". This Patch should only be applied if the symptoms above are being experienced, and are causing problems.

This Patch has had limited testing, and should not be used in a production system without first being checked in a test environment. Some Patches have specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using this Patch, by using the feedback link on this TID.

As a workaround, Rename NWSSO.DLL on the client device. 

Note that in addition to preventing ZCM from using Secret Store, renaming NWSSO.DLL will also disable any other resources that use Secret Store, such as SecureLogin when installed in Secret Store mode, or the Novell Client for Windows when the "Enable Single Sign On" box has been checked on the "Single Sign On" tab in properties of the client.