Client for Open Enterprise Server 2 SP4 (IR3)
Novell Client 2 SP4 for Windows 10 (IR2)
Novell Client 2 SP4 for Windows 10 (IR1)
After applying MS KB 3185614, after an otherwise successful logon to Windows and eDirectory using the Client for Open Enterprise Server's credential provider, the eDirectory login scripts do not run.
Subsequent login from the Micro Focus Client system tray icon, or using LOGINW32.EXE successfully executes the login script.
The problem is not known to be seen after updating to Windows 10 build 1607 (Anniversary Update), even with the "Cumulative update for Windows 10 Version 1607: September 20, 2016 (KB 3193821)" released for that platform.
Windows 10 Enterprise 2015 LTSB (1507, TH1, build 10240) is NOT affected by this issue, even once the "Cumulative update for Windows 10: September 13, 2016 (KB3185611)" is applied. Note there isn't a Windows 10 1511 LTSB branch; only 1507 (TH1 and 1607 (RS1).
Microsoft has included the fix for this issue in "Cumulative update for Windows 10 Version 1511: November 8, 2016" (KB3198586) (https://support.microsoft.com/en-us/kb/3198586) and later roll-up packages for Windows 10 1511. Any Windows 10 1511 machine still running the previous September 2016 update should apply the November 2016 or later update to eliminate this issue.
Alternative solutions or workarounds that are also available for Windows 10 1511 platforms include:
1. Update the installed version of Windows to Windows 10 1607. If the "Windows 10 1607 (Feature Release)" is not already being offered through Windows Update, the Windows 10 1607 release can be obtained by using the "Get the Anniversary Update now" link on the Windows 10 update history page. Applying any available post-Windows 10 1607 updates may also be required.
2. If staying on the Windows 10 1511 release, do not allow the Microsoft "Cumulative update for Windows 10 Version 1511: September 13, 2016 (KB 3185614)" to be applied by Windows Update or any other source. If the KB 3185614 update has already been applied to the machine, remove this update using the "View installed updates" link from the Add/Remove Programs control panel applet.
3. If you must run on Windows 10 1511 with the "Cumulative update for Windows 10 Version 1511: September 13, 2016 (KB 3185614)" applied, you can work around the issue by running Microsoft's RegEDIT.exe and renaming the "FilterList" value under [HKEY_LOCAL_MACHINE\Software\Novell\Authentication\NCCredProvider] to a name such as "FilterList.disabled" or similar.
The trade-off with the workaround is that you will begin seeing multiple Windows user account credentials shown on the Windows logon screen, similar to if you set "Client Logon" to "Off" in the Client Properties. This may be confusing or unclear to the workstation user. The workstation user will need to continue correctly selecting the "last logged on user" credential, or the blank "Other User" credential, which will continue being shown in addition to all the other new credentials being displayed.
The "FilterList" value can be restored at any time by simply renaming it back to "FilterList". Note a future Client for Open Enterprise Server installation may also cause the "FilterList" value to be re-created as part of the installation or upgrade process.
Note: Workaround #3 of disabling the FilterList also causes the eDirectory authentication in an AutoAdminLogon setup to fail. This is the case whether you are using Windows AutoAdminLogon/eDirectory AutoAdminLogon or Windows AutoAdminLogon/"Prompt for Network Login during Windows AutoAdminLogon" configurations. The eDirectory AutoAdminLogon won't happen in the first case, and the user won't be prompted to authenticate in the second case.
A behavior was introduced in the Microsoft "Cumulative update for Windows 10 Version 1511: September 13, 2016 (KB 3185614)" update that causes the Windows LogonUI.exe process to crash if the individual Windows user account credentials are not being shown on the Windows logon screen. When the LogonUI.exe process crashes during login, the Micro Focus Client for OES may not be able to setup for eDirectory login scripts to execute as part of the otherwise successful Windows user logon.