Login script does not run after applying Cumulative update for Windows 10 Version 1511: September 13, 2016 (KB3185614)

After applying MS KB 3185614, after an otherwise successful logon to Windows and eDirectory using the Client for Open Enterprise Server's credential provider, the eDirectory login scripts do not run.

Subsequent login from the Micro Focus Client system tray icon, or using LOGINW32.EXE successfully executes the login script.

The problem is not known to be seen after updating to Windows 10 build 1607 (Anniversary Update), even with the "Cumulative update for Windows 10 Version 1607: September 20, 2016 (KB 3193821)" released for that platform.

1. Update the installed version of Windows to Windows 10 1607.  If the "Windows 10 1607 (Feature Release)" is not already being offered through Windows Update, the Windows 10 1607 release can be obtained by using the "Get the Anniversary Update now" link on the Windows 10 update history page. Applying any available post-Windows 10 1607 updates may also be required.

or

2. If staying on the Windows 10 1511 release, do not allow the Microsoft "Cumulative update for Windows 10 Version 1511: September 13, 2016 (KB 3185614)" to be applied by Windows Update or any other source.  If the KB 3185614 update has already been applied to the machine, remove this update using the "View installed updates" link from the Add/Remove Programs control panel applet.

or

3. If you must run on Windows 10 1511 with the "Cumulative update for Windows 10 Version 1511: September 13, 2016 (KB 3185614)" applied, you can work around the issue by running Microsoft's RegEDIT.exe and renaming the "FilterList" value under [HKEY_LOCAL_MACHINE\Software\Novell\Authentication\NCCredProvider] to a name such as "FilterList.disabled" or similar.

The trade-off with the workaround is that you will begin seeing multiple Windows user account credentials shown on the Windows logon screen, similar to if you set "Client Logon" to "Off" in the Client Properties.  This may be confusing or unclear to the workstation user.  The workstation user will need to continue correctly selecting the "last logged on user" credential, or the blank "Other User" credential, which will continue being shown in addition to all the other new credentials being displayed.

The "FilterList" value can be restored at any time by simply renaming it back to "FilterList".  Note a future Client for Open Enterprise Server installation may also cause the "FilterList" value to be re-created as part of the installation or upgrade process.

Note: Workaround #3 of disabling the FilterList also causes the eDirectory authentication in an AutoAdminLogon setup to fail. This is the case whether you are using Windows AutoAdminLogon/eDirectory AutoAdminLogon or Windows AutoAdminLogon/"Prompt for Network Login during Windows AutoAdminLogon" configurations. The eDirectory AutoAdminLogon won't happen in the first case, and the user won't be prompted to authenticate in the second case.