This section contains explanation on some of the user authentication related problems. To troubleshoot other problems you might encounter during authentication, see TID 3273870 in the Novell Support Knowledgebase.
Large number of concurrent client logins might result in login failures
How do I enable debug logs on Windows 2003, Windows XP, and Windows Vista devices?
Unable to log into the ZENworks Server when logging in to a Windows Vista device
A DSfW user is unable to use Kerberos authentication to log into a device
Seamless Authentication fails on a Windows XP virtual device
Unable to seamlessly log in to Novell SecureLogin on a device that has Novell ZENworks installed
ZENworks login fails for eDirectory users having simple passwords
Incorrect username displayed in the ZENworks Login screen
Click the desktop Start menu > Run.
In the Run window, specify control userpasswords2, then click OK.
Double-click the username and edit both the User Name and Full Name of the user.
Click OK.
Unable to log in to the ZENworks Server
Large number of concurrent client logins might result in login failures
On a Windows server:
Log in as an administrator.
Open the ZENworks_Install_path\share\ats\catalinabase\conf\server.xml file.
In the Define a SSL Coyote HTTP/1.1 Connector on port 2645 section, change the value of the Connector acceptCount to the desired value. A value of 300 is optimal.
Restart the Authentication Token Service:
On the desktop, click Start > Run.
In the Run window, specify services.msc, then click OK.
Restart CasaAuthTokenSvc.
On a Linux server:
Log in as root.
Open the /srv/www/casaats/conf/server.xml file.
In the Define a SSL Coyote HTTP/1.1 Connector on port 2645 section, change the value of the Connector acceptCount to the desired value. A value of 300 is optimal.
Restart the Authentication Token Service:
At the server prompt, go to /etc/init.d/.
Run the casa_atsd restart command.
How do I enable debug logs on Windows 2003, Windows XP, and Windows Vista devices?
How do I enable the CASA debug logs?
Unable to log into the ZENworks Server when logging in to a Windows Vista device
Open the Registry Editor.
Go to HKLM\Software\Protocom\SecureLogin\.
Create a DWORD called ForceHKLMandNoDPAPI, and set the value to 1.
Restart the device.
The settings assigned to an eDirectory user are not applied on the device where the user has logged in
For example: Assume that user1 and user2 have the same username and password:
User1: CN = bob, OU = org1, O = Company1 (bob.org1.company1)
User2: CN = bob, OU = org2, O = Company1 (bob.org2.company1)
When user2 specifies the username and password to log in to a device, user1 is logged in to the device instead of user2 because user1 appears first in the search performed by Novell CASA. The settings assigned to user1 are applied on the device.
The ZENworks login screen is not displayed on a device if Novell Client has been uninstalled from the device
A DSfW user is unable to use Kerberos authentication to log into a device
or
Use Microsoft Management Console (MMC) for creating DSfW users because the value of the user’s UserPrincipalName attribute is set by default.
Unable to create a keytab file for a DSfW server
Unable to find the user in the specified domain
Run the following command to ensure that the DSfW services are running properly:
xadcntrl status
(Conditional) If the DSfW services are not running properly, run the following command to restart the DSfW services:
xadcntrl reload
Run the following command to create the keytab file again:
ktpass /princ host/atsserver.myserver.com@MYSERVER.COM -pass atsserver_password -mapuser domain\atsserver -out atsserver.keytab -mapOp set -ptype KRB5_NT_PRINCIPAL
Seamless Authentication fails on a Windows XP virtual device
Unable to seamlessly log in to Novell SecureLogin on a device that has Novell ZENworks installed
On a device that has ZENworks installed, if Novell SecureLogin does not start seamlessly after the device desktop opens, the authentication registry keys might not be properly set on the device.
Open the Registry Editor.
Go to HKLM\SOFTWARE\Novell\NWGINA\.
Create a DWORD called PassiveMode and set its value to 1.
Ensure that HKLM\Software\Novell\Login\LDAP\GinaLoginDone is set to 0.
Log in to the device again.
ZENworks login fails for eDirectory users having simple passwords
Disabling the ZENworks Credential Provider on a Device
Open the Registry Editor.
Go to HKLM\SOFTWARE\Novell\ZCM\ZenLgn.
Create a DWORD called DisableZENCredentialProvider and set its value to 1.
Restart the device and log in.
IMPORTANT:If you enable the HKLM\SOFTWARE\Novell\ZCM\ZenLgn registry key, you can not manage pre-login, post-login, and pre-desktop policies through ZENworks. The Full Disk Encryption (FDE) feature is also impacted.
Unable to login to ZENworks
DLU with smart card uses PIN for Windows user account