ZENworks 11.1a Zone. Managed devices running Windows 7 SP1 32-bit. Two user sources defined: AD and eDirectory. Usernames & passwords are synced between the two (thank you IDM!). Workstation has Novell Client 2 SP2 for Windows 7. Workstation is also attached to Active Directory domain. User logs into the workstation via the Novell Client and the DefaultDomain key in the registry is pointed to the Active Directory domain.
When both user sources are defined in the ZCC, even though I've set the default user source to eDirectory (using the DefaultRealm registry value), I'm still getting a ZCM User Login prompt!
1) If I set up just the eDirectory user source in the ZCC, the workstation logs in without a prompt -- passive mode login OK
2) If I set up just the Active Directory user source in the ZCC, same thing -- workstation logs in without a prompt -- passive mode login OK
3) If I define both user sources, even with the DefaultRealm Registry value set to the eDirectory user source, I get a ZCM User Login prompt!
I've tried adding the "EnableSeamlessLogin" value to 1 and that hasn't helped -- still get the prompt.
I've enabled debug logging in ZENLGN and CASA and I can see errors:
ZENLGN.LOG
zmd-messages.log
casaauthtoken.log
It's almost like ZCM is not getting both the user sources login info passed through for some reason. Also weird, is that when the ZENworks User Login window does pop up, I can select EITHER user source and login manually with that same username/password as I did in the Novell Client and it logs in OK! Why can't it just do that automatically? :)
I need these workstations to authenticate to the eDirectory user source for now and then eventually flip to Active Directory, so I cannot disable the passive mode login.
I have also confirmed that both forward and reverse DNS is working properly.
Thanks for any help!!
When both user sources are defined in the ZCC, even though I've set the default user source to eDirectory (using the DefaultRealm registry value), I'm still getting a ZCM User Login prompt!
1) If I set up just the eDirectory user source in the ZCC, the workstation logs in without a prompt -- passive mode login OK
2) If I set up just the Active Directory user source in the ZCC, same thing -- workstation logs in without a prompt -- passive mode login OK
3) If I define both user sources, even with the DefaultRealm Registry value set to the eDirectory user source, I get a ZCM User Login prompt!
I've tried adding the "EnableSeamlessLogin" value to 1 and that hasn't helped -- still get the prompt.
I've enabled debug logging in ZENLGN and CASA and I can see errors:
ZENLGN.LOG
Code:
ZENLGN [388-3A8] [16:58:22:403] Returned from calling ZENLogin in agent service
ZENLGN [388-3A8] [16:58:22:403] ZenLgnLogin returning 1244
ZENLGN [388-3A8] [16:58:22:403] ZenLgnAttemptWithoutPrompt Returning 1244...
ZENLGN [388-3A8] [16:58:22:403] Passive Login Failed: 0x000004DC
ZENLGN [388-3A8] [16:58:22:403] RegQueryValueEx on value DisablePassiveModeLoginPrompt Failed: 2
ZENLGN [388-3A8] [16:58:22:403] Launching the ZEN login dialog promptCode:
[DEBUG] [12/28/2011 16:58:22.247] [1244] [ZenworksWindowsService] [9] [] [CommonCasa] [] [ObtainAuthToken took exception: -939589601 System.Exception: -939589601
at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid, String()& extraData)
at Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken, String()& ExtraAttribs)] [] []
[DEBUG] [12/28/2011 16:58:22.247] [1244] [ZenworksWindowsService] [9] [] [CommonCasa] [] [Stack Trace: at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid, String()& extraData)
at Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken, String()& ExtraAttribs)] [] []Code:
[4C8-520] [14:02:33] CASA_AuthToken -CreateGetAuthPolicyResp- Parse error 35
[4C8-520] [14:02:33] CASA_AuthToken -CreateGetAuthPolicyResp- End, retStatus = C7FF001F
[4C8-520] [14:02:33] CASA_AuthToken -ObtainAuthTokenFromServer- Failed to create GetAuthPolicyResp object, error = C7FF001FI need these workstations to authenticate to the eDirectory user source for now and then eventually flip to Active Directory, so I cannot disable the passive mode login.
I have also confirmed that both forward and reverse DNS is working properly.
Thanks for any help!!