Section A.10.2, Cannot Delete Email Messages in Outlook Web Access
Section A.10.3, License Agreement Does Not Appear in GUI When Logged In as the View User
Section A.10.4, Trustedroot Configured .nas File Fails on Import
Section A.10.5, Server Might Abend When Restart Server is Entered on the iChain Server
Section A.10.6, Creating Custom Login Pages without a UTF-8 Charset
Section A.10.7, Issue With Compressed Data Not Being Sent From Web Servers
Section A.10.8, Nsure Audit Logging Issue When Using iChain to Log Events
Section A.10.9, Cannot Add a Second Server to an Accelerator
The [HTTP Headers] section of the proxy.cfg file is responsible for setting the Via host header. If the section is missing from the proxy.cfg file, a default Via host header is sent to the Web server, which consists of the host server name of the proxy (ICS_Server) and the proxy build number.
Use the following steps to edit this file, add the [HTTP Headers] section, and insert your values for the Via header:
At the command line, unlock the cole.
To enter debug mode, enter the following command.
debug
To stop the proxy, enter the following command:
_kill
Wait for the proxy to unload.
When the proxy has unloaded, edit the proxy.cfg file. Enter the following command:
edit sys:\etc\proxy\proxy.cfg
Add the [http headers] section with the Via host header values you need. Use the following fomat:
[HTTP Headers] ViaHeaderHostName = <@name> ViaHeaderBuildVersion = <version>
Replace <@name> with the host name, for example www.novell.com.
Replace <version> with the build version of the header, for example 3.0.223.
Save the changes.
Reboot.
You cannot delete email messages from the Microsoft* Outlook Web Access (OWA) Exchange server when secure exchange is enabled unless the Alternate hostname is the same as the Accelerator hostname. If these names are different, the MOVE method has a host header that matches the alternate hostname but the WebDAV destination header matches the accelerator hostname. This causes a 502 error when processing the request. If the Alternate hostname and the Accelerator hostname match, this error does not occur.
For more information about this issue, see TID 10091523.
The iChain GUI homepage shows that the server is not licensed when a user logs in using the View user account. If the user logs in using the Config user, the server shows that it is licensed. The issue is that when a user logs in with the View user account, the GUI does not make any LDAP queries to the ISO object, such as a query to obtain license information.
If you export a .nas file from a machine that has a trusted root configured on the Access Control tab, the .nas environment does not work when you restore the file. To prevent this issue, do not export the current.nas file unless you set the export trustedroot=yes and make it the default setting.
If you enter the Restart Server command at the NetWare command line, the server might abend and display the following error message:
Error ’Abend on p00: KiClearKernelSetJmp: passed on setjmp structure in at head of list. OS version: Novell NetWare 5.60.06. Running Process: Interrupt Services Routing (nested count 1) interrupt process: Console Command Process.
The correct way to shut down a proxy server is to use the shutdown or restart commands from the iChain command line interface or GUI.
This issue will not be resolved.
When you create or modify a custom login page, you must save it in the UTF-8 format. You can use <FORM...ACCEPT-CHARSET= “UTF-8”...> as the form statement on the login page. This is important because the decoder for the iChain login pages now assumes that the post data coming back from the browser is UTF-8. The HTTP/HTML specifications have no other mechanism in place to ensure that this is the case. This is necessary to support any usernames not into the 7-bit ASCII set.
For more information about this issue, see TID 10099466.
There are noted instances where a Web server fails to send compressed data to iChain, yet sends the compressed data to a browser. Some Web servers, including Microsoft Internet Information Services (IIS), do not respond with compressed (GZIP) data if a Via HTTP header is sent from a proxy to the Web server.
If you have iChain configured to use Nsure Audit to log events, the events that correspond with mutual authentication using revoked certificates might not be logged. This is because when certificate error pages are enabled, nothing is logged. When certificate error pages are disabled, a log entry is created but it uses the information from a previous successful login and not the current data.
If you add a second back-end Web server to an accelerator, the accelerator does not initialize. Instead, an error message appears. This might occur if you use a DNS name on the server instead of an IP address. If you try a second time to apply the configuration, the accelerator initializes properly and is functional.