NetIQ CloudAccess and NetIQ MobileAccess

Version 2.0

Release Notes

Date Published: December 2013
 

 

What's New?

System Requirements

Installing This Version

Verifying the Installation

Known Issues

Contact Information

Legal Notice

 

 

NetIQ CloudAccess is an appliance that provides a simple, secure way to manage access to Software-as-a-Service (SaaS) applications for corporate users. It provides out-of-the box security and compliance capabilities for SaaS services including full user provisioning, dynamic credentialing, privileged user management, single sign-on (SSO), and compliance reporting.

NetIQ MobileAccess is an appliance that enables user access to protected resources from mobile devices. It provides convenient access for users, as well as the ability for administrators to customize viewing options and remotely manage registered devices.

This version includes new features, improves usability, and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the CloudAccess forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click Add Comment at the bottom of any page in the HTML version of the documentation posted at the NetIQ Documentation page. To download this product, see the CloudAccess product website.

What's New?

The following sections outline the key features and functions provided by this version:

NetIQ MobileAccess

Administrators can now enable user access to SSO, proxy, and SaaS applications from supported mobile devices. MobileAccess features are available for all application connectors that CloudAccess supports.

Configurable options in NetIQ MobileAccess include the following:

  • Which applications users should be able to access on mobile devices
  • The preferred viewer for the application on the mobile device
  • Whether users are required to provide a PIN to use the MobileAccess app on their mobile device

The MobileAccess app that users install on their mobile devices enables them to access corporate and SaaS applications from those devices. Administrators can also make the MobileAccess app available to users in a private corporate store. Once users have installed the app and registered their device, they can access assigned applications using their corporate user name and password.

Administrators can unregister user mobile devices in the administration console. So, if a registered mobile device is lost or stolen, or an employee leaves the company, you can ensure that unauthorized users cannot access corporate resources. Users can also unregister their own mobile devices if necessary, either from their device or from the appliance administration console.

For more information about installing, configuring, and using NetIQ MobileAccess, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.

Notes

  • If you purchased a full CloudAccess 2.0 license, your license includes all of the MobileAccess features. Installing the CloudAccess appliance gives you all of the MobileAccess features automatically.
  • If you purchased MobileAccess without CloudAccess, your license entitles you to a 90-day trial of CloudAccess. At the end of that period, you are expected to purchase the appropriate license for CloudAccess or discontinue use of the CloudAccess features. For more information about product licensing, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.

Appmarks

Appmarks are bookmarks for applications that you can configure for your users. Once you have configured a connector for an application, you configure one or more appmarks to enable users to access the application in different ways. You can configure one or more appmarks for any proxy connector, SaaS connector, or SSO connector.

When you configure an appmark, you specify whether you want the application to launch in a desktop browser or on a supported mobile device, or both. Appmarks offer significant flexibility, enabling you to customize your users’ experience using different view options and variables. For more information, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.

New and Updated Connectors

The following new and updated connectors are included in this release:

  • The new Simple Proxy connector is a simplified version of the Access Gateway component found in the Access Manager product. If you have an application on a web server that you want to protect, but you also want users to be able to access, you can configure the Simple Proxy connector to provide access to the application.
  • The new Bookmarks connector enables you to create links to web applications that are accessible from the browser landing page or directly from the MobileAccess app on users’ mobile devices. You can also create links to other iOS applications from the MobileAccess app.
  • CloudAccess now includes an embedded connector for NetIQ Access Manager, which you can use to connect to an existing Access Manager installation. You can add appmarks to enable users to access NetIQ Access Manager resources.
  • The Access Connector Toolkit is now included in CloudAccess, enabling administrators to more easily create custom connectors. The Access Connector Toolkit also includes the following enhancements:
    • Ability to specify the logout protocol (POST vs Redirect)
    • Improved handling of the signing certificate
    • Various usability improvements
  • The connector for Office 365 has been updated to support enhancements in CloudAccess 2.0.

For more information about all connectors, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.

Ability to Use Google Analytics as an External Dashboard

CloudAccess now includes Google Analytics as an external dashboard, enabling administrators to monitor general system health and usage. You can monitor and generate reports for the following:

  • Unique logins per month or year, so you can compare usage against purchased entitlements
  • Authentication sources used (such as eDirectory)
  • Failed authentication attempts
  • Resources accessed, whether SAML service provider or proxy resources

You can view and print or export the data to a .csv file. For more information about using Google Analytics as an external dashboard, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.

Enhancements and Software Fixes

NetIQ CloudAccess 2.0 includes the following enhancements, as well as software fixes that resolve several previous issues.

Installation of Connector for Office 365 Fails when L4 Switch Is In Round Robin Mode

The installer for the connector for Office 365 now works correctly with all L4 switch configurations. (841341)

Google Apps Mail Attachment Limit

The connector for Google Apps maximum attachment size for the Google Apps Mail proxy has been increased from 10 MB to 25 MB.

Health Status Indicates that No Time Server Is Configured

CloudAccess now displays health status correctly when you add a node to the cluster. (816968)

Reports May Not Accurately Show Approvals

When you use policy mapping to map an Active Directory group to a Google Apps resource with approval required, the Overview report, the Resource by Resource report, and the Resource by User report now show the actual current state of the user's resource allocation. (789437)

Some Authorizations Appear Twice in Reports with Roles

Reports with roles no longer display duplicate entries for users. (837443)

Return to Top

System Requirements

This version of the NetIQ CloudAccess product supports upgrades only from NetIQ CloudAccess 1.5. There are some major considerations that will determine the best way for you to upgrade your environment from CloudAccess 1.5 to CloudAccess 2.0. Updating your CloudAccess 1.5 environment to CloudAccess 2.0 requires manual steps, since upgrading an existing cluster through the update channel is not supported in this release. Before you begin the upgrade process, review the upgrade sections in Chapter 2 of the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide and plan your upgrade carefully to minimize impact to users.

Note
CloudAccess 2.0 requires the Connector for Office 365 version 1.5.1. If you are currently using the Connector for Office 365 version 1.5 with CloudAccess 1.5, you must update the connector to version 1.5.1 before you can use it with CloudAccess 2.0.

The prerequisites for the NetIQ MobileAccess appliance, and the steps for installing and configuring the appliance, are the same as those for CloudAccess. For more information, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.

Return to Top

Installing This Version

To install CloudAccess or MobileAccess, see Chapter 2 "Installing CloudAccess" of the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.

Return to Top

Verifying the Installation

Complete the following steps to verify that the installation was successful.

To check the installed version:

  1. Access the Admin page at https://dns_of_appliance/appliance/index.html, then log in with the appliance administrator credentials.
  2. Click the appliance, then click About. The version listed in the window should be 2.0-build number.

Return to Top

Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

Initialization Issues

Initialization Takes a Long Time to Display

Issue:

The initialization page takes a long time to display if there is no DHCP server in your environment. The initialization page eventually appears and assigns a 192.168.xxx IP address to the appliance.

Workaround:

Edit the VMX file for the appliance before the first boot. For more information, see “Configuring the Appliance without a DHCP Server” in the NetIQ CloudAccess Installation and Configuration Guide.

Changes to the Preferred DNS Server During Initialization Result in a Static IP Address

Issue:

If you want to change the preferred DNS server, you must select Use the following IP address in Step 1 on the initialization page, which assigns a static IP address to the appliance. (754137)

Workaround:

After the initialization process completes, on the Admin page, change the IP address from static to DHCP.

Re-running Initialization Resets Custom Branding to Default

Issue:

If you implement custom branding in your CloudAccess or MobileAccess 2.0 environment and then re-run the initialization process to modify the DNS server or make other changes to an existing cluster, branding is reset to the default settings. (852663)

Workaround:

This is the intended behavior in CloudAccess and MobileAccess 2.0. Before you re-run the initialization process on an existing CloudAccess 2.0 or MobileAccess 2.0 cluster, ensure that you back up your customized branding files so that you can reuse them.

Note
Custom branding implemented in a CloudAccess 1.5 cluster is also reset when you upgrade to CloudAccess 2.0. However, the 1.5 branding files are not compatible with CloudAccess 2.0 and cannot be reused following an upgrade. For more information about custom branding in an upgrade scenario, see the NetIQ CloudAccess and MobileAccess Installation and Configuration Guide.

Administration Issues

Deleting a Node from the Cluster Removes the Node from the Interface, but the VMware Image Still Runs

Leaving the VMware image running allows users to authenticate to a node that does not exist on the Admin page. When you delete a node from the cluster, the appliance deletes the node from the interface, but the VMware image still exists and is running. (755006)

Use the following procedure to delete a node from a cluster:

  1. Remove the node from the L4 switch.
  2. Delete the node from the cluster on the Admin page.
  3. Stop the VMware image on the ESX server.
  4. Delete the VMware image on the ESX server.

CloudAccess Cannot Set TenantName Attribute on Events Sent to Sentinel

Issue:

CloudAccess cannot currently set the TenantName attribute on events sent to Sentinel using the Sentinel Link collector. As a result, for events received from CloudAccess, reporting and identity tracking functionality does not work properly within Sentinel. (812159)

Workaround:

No workaround is available at this time.

Browser Errors If Kerberos Is Not Enabled in the Browser

Issue:

If Integrated Windows Authentication is enabled in CloudAccess, and a user is logged in to a domain where Kerberos is configured but Kerberos is not enabled in the browser, if the user enters invalid credentials at the OSP prompt or clicks Cancel, different browsers may display errors or may not behave as expected. (802257)

Workaround:

To prevent this issue, ensure that Kerberos is configured in the browser.

Adding a Large Number of Users Takes Time

Issue:

The initial import of a large number of users (for example, 20,000 or more) from the identity source can take several hours, and the administration console does not currently provide a warning to administrators before beginning the process. The health status in the console may report the following warnings on and off while users are being imported: Driver seems unresponsive | Provisioning | bis_AD_a4uLn | Driver seems unresponsive. (853863)

Workaround:

If you have a large number of users in your environment, ensure that you allow several hours for the provisioning process to complete. Once users are added, performance of other administration tasks in the console improves considerably.

Provisioning Issues

User Email Address Changes in Active Directory Are Not Provisioned to Salesforce

Issue:

User email address changes in Active Directory are not provisioned to Salesforce. (717153)

Workaround:

No workaround is available at this time.

Approval-Based Provisioning Continues Despite Removing the User from a Mapped Group

Issue:

If a user is removed from a mapped group when there is an outstanding approval request, CloudAccess provisions the deleted user to the SaaS application when the administrator grants the approval. (752527)

Workaround:

Verify that the user is a member of the group before granting approval, or deny the request after removing the user from the group.

Re-enabled User Has Role That Was Previously Assigned

Issue:

If you assign a user to a role in CloudAccess and then remove that user from the identity source, CloudAccess does not automatically remove the role assignment. So, if the user's context in the identity source is later restored, CloudAccess shows that user as having the same role that was previously assigned. (765609)

Workaround:

To work around this issue, before you remove a user in the identity source, ensure that you have revoked all roles from that user on the Roles page in CloudAccess.

eDirectory User Objects with Other Name Are Created with Unpredictable CN Value

Issue:

In eDirectory, the CN attribute is used to provision user accounts, and it is also used to look up the user when the user tries to log in to the CloudAccess or MobileAccess system. eDirectory also provides the Other name field, which appends additional values to the underlying CN attribute. When the CN values are queried, the order in which the values are returned is unpredictable, causing multiple issues. User objects that have values for "Other name" in eDirectory may be created in the identity vault with a CN that is set to one of the values in "Other name" rather than the original CN value. As a result, attempts to log in to the appliance or the OSP with the original user name may fail. (845116)

Workaround:

NetIQ strongly discourages use of "Other name" in eDirectory. This issue does not occur in Active Directory because the lookup attribute (sAMAccountName) has a single value.

To restore functionality to a user account that has been renamed, but is unable to log in because of the CN mismatch, delete the account in the eDirectory identity source, enable the Relaxed User Matching option on the eDirectory identity source connector and click Apply, then recreate the user account in the eDirectory identity source with the desired CN value for the login user name. You will also need to update group memberships, etc. Once you have recreated the account, disable relaxed user matching on the eDirectory identity source connector.

Relaxed User Matching Does Not Work with eDirectory Renamed User Objects

Issue:

When using the Relaxed User Matching option with an eDirectory identity source, renaming user objects in eDirectory could present unexpected results. If you enable relaxed user matching, CloudAccess tries to match an existing account in the appliance using the CN attribute. If you rename a user object in eDirectory, the CN attribute is effectively changed, so the user matching does not find the existing account, and a new account is created on the appliance. (848860)

Workaround:

NetIQ recommends using relaxed user matching only when necessary to re-create users (with the same name) that have been previously deleted. If you do not enable relaxed user matching, renaming in eDirectory works as expected.

Policy Mapping Issues

No Connectors Are Displayed on the Policy Mapping Page

Issue:

The Policy Mapping page does not display the connectors for the SaaS applications.

Solution:

There are two possible solutions:

  • Verify that the connectors are configured properly and enabled. For more information, see the appropriate sections for configuring connectors in the NetIQ CloudAccess Installation and Configuration Guide.
  • Click the Refresh List icon in the upper-right corner of the Policy Mapping page.

CloudAccess Does Not Reconcile Pending Approvals with Changes to Policy Mappings

Issue:

CloudAccess does not reconcile pending approvals with changes to policy mappings. Users with pending approvals are granted the pending requests even if the mappings were removed after the requests were launched. (787938)

Workaround:

If a policy mapping for a resource occurs by mistake, decline all the requests for that resource. If a policy mapping for a resource occurs correctly, but then the mapping is removed, simply decline all outstanding approval requests. You can often avoid this issue by ensuring that requests are approved or denied in a timely manner.

Using Multiple Browsers or Browser Windows Can Result in Duplicate Mappings

Issue:

If you simultaneously use more than one browser or browser window to map authorizations, CloudAccess does not warn you if you inadvertently do the same mapping in two different browsers. Clicking Refresh displays two identical mappings on the Approvals page, but only one of them is a valid mapping. If you remove one of the mappings, CloudAccess may not actually deprovision the user until you remove the authorization that is mapped to the group. (815825)

Workaround:

You can avoid this issue by using only one browser when creating policy mappings. To work around this issue, on the CloudAccess Policy page, manually remove all duplicate authorization mappings from the role, then map the desired authorizations back to the role.

Using Wildcards for Filtering on Roles Page Does Not Work As Expected

Issue:

If you use wildcards such as an asterisk (*) or question mark (?) in the Filter field on the Roles page, CloudAccess does not correctly filter results. (813540)

Workaround:

No workaround is available at this time. To ensure accurate results, do not use wildcards for filtering on the Roles page.

Reporting Issues

Reports Display Information from Deleted Connectors

Issue:

After you delete connectors, reports still contain information about the deleted connectors. (756690)

Workaround:

No workaround is available at this time.

Mapping Report Displays Numeric Values Appended to Data in the Authorization Name Column

Issue:

The numeric value in the mapping report appears after deleting and recreating mappings for connectors. (753321)

Workaround:

No workaround is available at this time.

User Issue

Google Users Can No Longer Log in After Enabling Single Sign-On

Issue:

After implementing CloudAccess, you might have some issues with existing Google Apps for Business accounts. Any users that either do not exist in the identity store, or are not merged with the existing Google account, can no longer log in to the Google domain. For example, user jsmith has an account in Google Apps for Business. You implement CloudAccess with single sign-on. User jsmith attempts to log in to the Google domain and fails. Google Apps for Business does not allow direct login and single sign-on to the domain.

Solution:

Give users authorization to access the Google Apps for Business resource through CloudAccess.

  1. (Conditional) If the matching account exists in Active Directory, skip to Step 2. Otherwise, create a matching account in the identity store (Active Directory).
  2. Grant the user authorization to the Google Apps for Business resource by adding the user to the proper group in Active Directory. Or, map the Active Directory group to the Google Apps for Business group through the Policy Mapping page. For more information, see “Loading Google Apps for Business Authorizations” in the NetIQ CloudAccess Installation and Configuration Guide. The two accounts merge when the user receives authorization for Google Apps for Business through the Policy Mapping page. CloudAccess automatically generates a new password and resets the Google Apps for Business password. When users access the resource after the merge occurs, they automatically log in to Google Apps for Business through single sign-on.

Time Synchronization Issue

CloudAccess depends on timestamps to function properly. Time must be synchronized between each CloudAccess node in the cluster. If time is not synchronized, provisioning fails, configurations fail, and authentication for users fails. Ensure that all nodes in the cluster reside in the same time zone.

Connector Issues

Logging Out of Identity Provider Welcome Page Does Not Result in Logout from SaaS Connectors

Issue:

Logging out of the Identity Provider welcome page may not result in logout from the SaaS accounts, depending on support and configuration for SAML Single Logout at the SaaS provider. Many SaaS providers do not support the SAML Single Logout service. The same issue exists with service provider-initiated logouts. (753156, 837076)

Workaround:

Close the browser to allow the abandoned browser session to time out, so the session cannot be accessed again.

Admin Page Does Not Provide a Way to View SaaS Metadata

Issue:

The Admin page in CloudAccess does not currently provide a means of viewing the critical content in an uploaded metadata file, such as when configuring the connector for Salesforce. (793495)

Workaround:

No workaround is available at this time. Since metadata for connectors must be unique, ensure that the metadata file is correct before uploading it.

Access Connector Toolkit Does Not Provide a Logout Option

Issue:

The Access Connector Toolkit does not currently provide a logout option, though the session does time out after 60 minutes of inactivity. (789303)

Workaround:

Close the browser after you finish working in the Access Connector Toolkit.

Office 365 Installer May Fail During CloudAccess Credential Validation or Login

Issue:

When you install the connector for Office 365 on the Windows server, the installer prompts you for login credentials and the DNS name for the CloudAccess cluster. When you click Next, the installer validates your credentials against the CloudAccess appliance. Intermittently, the installer displays an error message incorrectly stating that the credentials are invalid. After the installer has gathered the remaining information required for installation, another failure may occur and the installer may display the following message: Incorrect username or password provided. Please verify the NetIQ CloudAccess credentials. (775245)

Workaround:

Click Next repeatedly without modifying the credentials you entered. Validation eventually succeeds and the installer advances to the next step.

Display Name Does Not Change in Office 365 after Changing in Identity Source

Issue:

If you change the display name of a user in Active Directory or eDirectory, the display name in Office 365 is not updated accordingly. CloudAccess constructs the display name from the first and last name and does not synchronize the display name and full name from the identity source. (794602)

Workaround:

To work around this issue, change the user's first and last name in the identity source instead of the display name.

Renaming Authorization at Office 365 Account Requires Policy Remapping in CloudAccess

Issue:

If an authorization at the Office 365 account is renamed, any existing policy mappings in CloudAccess are lost, because CloudAccess uses the account name rather than the underlying static ID of the authorization for policy mapping. (811460)

Workaround:

No workaround is available at this time. After changing the Office 365 authorization name, use Policy Mapping to re-map and Approvals to re-approve if necessary.

Office Web Apps Cannot Be Assigned or Unassigned Without SharePoint Online

Issue:

When assigning or unassigning Office 365 subscriptions to users, if you select Office Web Apps, you must also select SharePoint Online. This is a Microsoft Office 365 dependency, and the Office 365 admin portal page displays an error if you attempt to do this. The Policy page in CloudAccess does not actually prevent you from assigning Office Web Apps by itself, but nothing happens and the logs show "Unable to assign this license." In addition, if you assign several subscriptions to a user, and you include Office Web Apps but do not include SharePoint Online, none of the other licenses in that operation are applied until you add SharePoint Online. This behavior occurs on the Office 365 admin portal page as well as in CloudAccess.

Workaround:

Ensure that when you assign or unassign Office Web Apps to a user, you also assign or unassign SharePoint Online.

CloudAccess Does Not Support Multiple Connectors for Office 365

Issue:

Since the connector for Office 365 no longer uses ADFS, CloudAccess does not support multiple connectors for Office 365. Office 365 requires a unique SSO and SLO URL for each domain. When you configured multiple connectors, the same SSO and SLO URL is used for all instances. (847116)

Workaround:

No workaround is available at this time.

Connectors for Office 365 that are Configured for Domain and Subdomains Do Not Work Correctly

Issue:

If you configure a connector for Office 365 for a parent domain and then configure connectors for one or more child domains, users in the child domains do not see their assigned appmarks. Office 365 sends the same metadata for each domain, so the OSP shows only one of them. Users with policy mappings to the first connector installed can still see their appmarks. (847293)

Workaround:

No workaround is available at this time.

Users Who Are Provisioned to Multiple Google Domains Cannot Access Original Mailbox

Issue:

If you provision a user to multiple Google Apps domains and select the Enable email proxy option in the administration console, the user cannot open the mailbox for any domain except the last domain to which the user was provisioned. This issue occurs because the dovecot mail proxy uses an attribute from the user object that is single-valued, so it is set with the name of the last Google domain to which the user was provisioned. (819157)

Workaround:

No workaround is available at this time.

Service Provider-Initiated Login to Salesforce and NetIQ Access Manager Does Not Work Correctly

In Safari or Internet Explorer 9, if you attempt a service provider-initiated login from Salesforce, the Salesforce site does not send a SAML2 AuthnRequest XML document with the SAML Request. As a result, the Welcome page appears instead of the logged-in Salesforce page. This is Salesforce behavior and cannot be addressed in the Connector for Salesforce. This behavior does not occur in Internet Explorer 10. The same behavior occurs with the Connector for NetIQ Access Manager using Safari or Internet Explorer 9 or 10. (813313)

Behavior of Service Provider-Initiated Login To Salesforce When Kerberos Is Enabled

If you have Kerberos enabled on your CloudAccess cluster, service provider-initiated login attempts to Salesforce may result in the browser being left at the OSP welcome page after authenticating to the OSP instead of being redirected back to Salesforce. This issue occurs only if Kerberos is enabled on the CloudAccess cluster, but it occurs regardless of whether Kerberos single sign-on (SSO) occurs to the OSP or another authentication is used instead (for example, when the workstation is not a member of the Active Directory domain).

You can prevent or address this issue by changing an option on the Single Sign-On Settings page at Salesforce. This page includes a new radio button named Service Provider Initiated Request Binding with two options: HTTP POST (selected by default) and HTTP Redirect. If you have Kerberos enabled on your CloudAccess cluster, select HTTP Redirect instead of the default HTTP POST option. If you do not have Kerberos enabled on the CloudAccess cluster, you do not need to change this option.

This issue occurs on workstations running Windows 7 and Internet Explorer 9, but does not occur with Firefox on Windows 7.

Single Sign-On to Box.com Fails if User Session Timeout Is Set to 75 Minutes Or Longer

Issue:

If you set the user session timeout for the cluster to 75 minutes or longer, the Box connector displays an error when users attempt to use single sign-on to Box. (814752)

Workaround:

To ensure that single sign-on works for the Box connector, set the User session timeout value to 74 minutes or less. This is a cluster-level setting so it will affect behavior of user sessions not using Box as well.

Field in Simple Proxy Connector Configuration Does Not Work Correctly

Issue:

When configuring a Simple Proxy connector, specifying a query string or file name in the Connects to field does not currently work as expected. For example, if you specify the location of a specific YouTube video, when the user clicks the appmark to open the video, the browser displays the default YouTube page instead of opening the video itself. (853483)

Workaround:

Take the query string out of the Connects to field and add it to the end of the URL field in the appmark editor. For example, instead of specifying http://www.youtube.com/watch?v=jAZveG_ptVU&sns=em in the Connect to field for a YouTube video, enter the following in the Connect to and URL fields:

Connects to: http://www.youtube.com/watch
URL: https://${PublicDNS}${PathFrag}?v=jAZveG_ptVU&sns=em

Similarly, for a file name of http://151.155.160.14/examples/servlets/helloworld.html, specify the following:

Connects to: http://151.155.160.14/examples/servlets
URL: https://${PublicDNS}${PathFrag}/helloworld.html

MobileAccess Issues

Safari on Mobile Devices Cannot Access OSP Welcome Page Once the MobileAccess Connector Is Enabled

Issue:

Logins to the OSP Welcome page from the Safari browser on a mobile device no longer work once the MobileAccess connector has been enabled in the administration console. When the MobileAccess connector is enabled, support for mobile devices requires that the MobileAccess app be installed on those mobile devices. (838977)

Workaround:

This is intended behavior.

Cannot Install MobileAccess App Using Link in Safari

Issue:

Installing the MobileAccess app by clicking a link that points to the CloudAccess cluster DNS does not currently work correctly. If you click the link and then click OK to close the popup message, Safari displays a blank page and the smart app banner that is used to install the app from the App Store does not appear. This issue occurs in the Safari browser on iOS 7 devices, but does not occur on iOS 6 devices. (846705)

Workaround:

No workaround is available at this time.

Upgrade Issues

Office 365 Admin Password Appears in the Windows Event Log

Issue:

If you upgrade to CloudAccess 2.0, but leave the connector for Office 365 at version 1.5 and then change the Office 365 admin password through the CloudAccess administrative console, the Office 365 admin password appears in the Windows event log. (851648)

Workaround:

Before using the connector for Office 365 with CloudAccess 2.0, ensure that you upgrade the connector for Office 365 to version 1.5.1.

During Upgrade, Promote to Master Appears to Have Completed Unsuccessfully

Issue:

When upgrading the CloudAccess 1.5 appliance to CloudAccess 2.0, it may appear that the promote to master process has completed unsuccessfully. For several minutes after the spinners have stopped, the node being promoted shows red health (driver Configuration Replicator unresponsive) and failed command status. Once the promote process completes several minutes later, health and command status goes green. (850262)

Workaround:

If you are upgrading from CloudAccess 1.5 to 2.0, wait for the promote to master process to finish successfully and display green health status before performing any other tasks in the administration console. This issue does not occur when promoting a node to master in a pure CloudAccess 2.0 cluster.

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

Return to Top

Legal Notice

THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NONDISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.

For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.

This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or nondisclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the US Government or by a US Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.

© 2013 NetIQ Corporation and its affiliates. All Rights Reserved.

For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.

Return to Top