Installing or Upgrading the Purchased Product

This release of Access Manager 3.2 SP1 includes enhancements and resolves several previous issues. The fixes included in this release supercede the fixes included in the 3.2 IR1 release. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs.

You can post feedback in the Access Manager forum. For TIDs and Cool Solutions articles, go to Access Manager Support forum and select Access Manager for the Product and Articles / Tips in the Advanced Search options.

For more information about this release and for the latest release notes, see the Access Manager Documentation Web site. To download this product, see the Access Manager Product Web site.

For the list of software fixes and enhancements in the previous release, see 3.2 IR1 Readme.

What's New?

The following outline the key enhancements provided by this version, as well as issues resolved in this release:

Operating System Support
Dependant Components
Compatibility with Office 365
Enhancements and Software Fixes - Administration Console
Enhancements and Software Fixes - Identity Server
Enhancements and Software Fixes - Access Gateway Appliance and Access Gateway Service (Fixes common to both Access Gateway Appliance and Access Gateway Service)
Enhancements and Software Fixes - Access Gateway Appliance (Fixes only for Access Gateway Appliance)
Known Issues in this Release

Operating System Support

This Service Pack adds support for the following platforms, in addition to the platforms introduced in the 3.2 release:

RHEL 6.3
SLES 11 SP2 64-bit (only for non-appliance Access Manager)

For detailed information on hardware requirements, supported operating systems, and browsers, see Installation Requirements in the Access Manager 3.2 Installation Guide.

Dependent Components

This release updates the following components:

eDirectory : The version of eDirectory is updated to 8.8.7.
Apache : The version of Apache is updated to 2.2.22.

Compatibility with Office 365 Services

You can use your existing LDAP credentials for single sign-on access to the Office 365 services. Single sign-on access is achieved by implementing federated authentication through SAML 2.0 where Access Manager acts as an identity provider and Office 365 acts as a service provider. For more information on configuring single sign-on with Office 365, see Additional Resources.

Enhancements and Software Fixes - Administration Console

Access Manager 3.2 Service Pack 1 includes software fixes that resolve several previous issues in the Administration Console.

Anonymous Simple Bind is Enabled by Default

Issue:	When you perform an LDAP search on a 3.2 server without username and password, the server incorrectly lists all the objects in the Access Manager container. This is not correct as anonymous simple bind should be disabled by default on the 3.2 server. (Bug 762310)
Fix:	Anonymous simple bind is disabled by default. An LDAP search without username and password does not display user objects.

The Administration Console Restore Script Does Not Restore a Renamed File

Issue:	Access Manager creates a backup zip file when you run the `./ambkup.sh` script located at `/opt/novell/devman/bin` to backup the configuration for the Administration Console. If you rename this file and restore the backup file running the `./amrestore.sh` script, the script fails. (Bug 763615)
Fix:	The `amrestore.sh` script restores backup files that have been renamed.

Error Installing the Audit Server on a 64-bit Platform

Issue:	The `install.sh` script reports an error stating that the Audit server has to be installed on a separate 64-bit machine. (Bug 745025)
Fix:	The installation script no longer generates a warning message because you can install the Audit server on a 64-bit machine.

Administration Console Fails to Renew eDirectory Certificate on a Secondary Server

Issue:	The eDirectory certificate is automatically updated on the primary Administration Console and not on the secondary Administration Console. As a result, you cannot log in to the secondary Administration Console. (Bug 716560)
Fix:	The eDirectory certificates are automatically renewed on the primary and secondary Adminstration Consoles.

Administration Console Creates Many LDAP Connections to the eDirectory

Issue:	The Administration Console establishes a large number of LDAP connections to the eDirectory resulting in performance issues. (Bug 761356)
Fix:	Fixed the code that incorrectly releases the connection resources.

Enhancements and Software Fixes - Identity Server

Access Manager 3.2 Service Pack 1 includes software fixes that resolve several previous issues in the Identity Server.

An LDAP Search With Special Characters in User Distinguished Name Fails

Issue:	When you perform an LDAP search with special characters in the user distinguished name, the search fails. The PasswordFetch class does not support special characters in the user distinguished name. (Bug 755510)
Fix:	PasswordFetch Class supports special characters in the user distinguished name. The LDAP search works without any errors.

Vulnerability Issue for Cross-Site Scripting in the Identity Server

Issue:	The Web application does not sanitize the input given by the user in the `login.jsp` file and therefore makes the target URL vulnerable. (Bug 765801)
Fix:	The Web application encodes the user input in the login.jsp file and the target URL is not vulnerable to cross-site scripting attacks.

ESP Considers Xms Value for Connection Throttle Calculations

Issue:	Instead of considering the Xmx value for throttle calculation, the Identity Server and the Embedded Service Provider (ESP) consider the Xms value and connection throttling occurs earlier in the process than expected. (Bug 766098)
Fix:	The Identity Server considers the Xmx value for connection throttling.

Kerberos Does Not Redirect to the Password Management Servlet

Issue:	When Kerberos identifies a user whose access has expired, it does not redirect to the password management servlet. This results in an HTTP status 500 error. (Bug 765042)
Fix:	The Kerberos authentication contract allows you to access a protected resource. The Access Gateway Service receives an assertion and gives access to the password change URL.

User Request to the Identity Servers During the Initialization Process Results in the HTTP Status 500 Error

Issue:	When the Identity Server is restarted or started for the first time, any request from the browser to the Identity Server during the initialization process returns an HTTP status 500 error. (Bug 63899)
Fix:	A warning message now informs users that the service is not initialized completely.

Enhancements and Software Fixes - Access Gateway Appliance and Access Gateway Service (Fixes common to both Access Gateway Appliance and Access Gateway Service)

Access Manager 3.2 Service Pack 1 includes software fixes that resolve several previous issues in the Access Gateway Appliance and Access Gateway Service.

Session Stickiness to the Back-End Web Server is Not Persistent

Issue:	The session persistence to the back-end Web server is lost intermittently between the parent proxy service and the path-based child proxy services. If the session remains persistent on the parent proxy service, the child proxy session might not be persistent and vice versa. This can lead to the services being unavailable and form fill issues. (Bug 757444)
Fix:	The session persistence to the back-end Web server remains intact.

Unresponsive Listener on Local Port

Issue:	The local port listener does not respond because the Access Gateway Embedded Service Provider (ESP) does not cache the policy definition. (Bug 767659)
Fix:	The Access Gateway (ESP) retrieves the policy definition with the configure request for the first policy and responds from the ESP cache for subsequent requests.

The Idle Timeout Setting is Not Updated in the Access Gateway Appliance

Issue:	The value of Idle Timeout does not update the Keep Alive Interval value in the Access Gateway Appliance. (Bug 759120)
Fix:	When you change the value of the Idle Timeout, the Keep Alive Interval value also updates.

Web Server Failover Not Available With the Access Gateway Service

Issue:	In the Access Gateway Service, you cannot specify Web server failover in the `TCP Connect Options for Web servers` option.(Bug 771386)
Fix:	You can now specify Web server failover in the `TCP Connect Options for Web servers` option in the Access Gateway Service and the Access Manager Appliance.

AutoSubmit Displays a Blank Page When the Page Has Multiple Forms

Issue:	When a page that has multiple forms is auto-submitted, a blank page is displayed instead of a page with the values that were submitted. (Bug 774822)
Fix:	Auto submitting a page with multiple forms displays a page with the values that were submitted.

Apache Crashes While Sending Form Filled Policy Request With DumpSoapMessages Option Enabled

Issue:	When you have Form Fill policy enabled with the `DumpSoapMessages` advanced option set to `on`, and then access a protected resource, it causes Apache to crash. (Bug 773635)
Fix:	Accessing Form Fill policy with the `DumpSoapMessages` advanced option set to `on` for a protected resource works without causing Apache to crash. For more information about this option, see Advanced Gateway Service Options in the Access Gateway Guide.

Error Code Indicates Incorrect Severity

Issue:	The `error_log` file records entries with severity as critical. This is incorrect as these messages are recorded due to internal Access Gateway processing. (Bug 678039)
Fix:	Messages that are not critical are logged as informational messages.

The Access Gateway Returns an Invalid Location Header

Issue:	Several path-based proxies in the `/otr/company` format, point to the same Web server. This results in errors in service selection if the path has multiple forward slashes (/). (Bug 732649)
Fix:	Accessing the Path-based Multi-homing accelerator with different paths work fine when all the proxies point to a common Web server.

TLS Handshake Error When the Access Gateway Service Performs a Heartbeat Check on a Web Server

Issue:	Some firewalls blacklist the IP address of a Web server when TCP connect is performed. Due to this the web page cannot be accessed. (Bug 756756)
Fix:	This issue is fixed by setting the advanced option `EnableWSHandshake` to `on` so that the Access Gateway Service does a TCP connect and SSL handshake with the SSL-enabled Web server at the backend. For more information about this option, see Advanced Gateway Service Options in the Access Gateway Guide.

The Access Gateway Appliance Passes Health Check After Reaching Low Memory Threshold

Issue:	The Access Gateway Appliance passes the health check even after the ESP reaches low memory threshold. This leads to new authentication requests being rejected but the L4 switch continues forwarding the requests to the Access Gateway Appliance and the users receive 503 errors. (Bug 759065)
Fix:	Changes are done to calculate free memory instead of total memory and checks are introduced to calculate device health when a heartbeat is received.

The Audit Event Logs Display the IP Address of L4 Switch As the Source IP Address

Issue:	When the X-Forwarded-Header and Audit are enabled, the audit event logs show the source IP address of the L4 switch instead of the IP address of the Access Gateway Service. (Bug 766750)
Fix:	A new field is added to the event log to indicate the client IP address of the X-Forwarded-Header.

Access Gateway Stops Responding to Client Requests During Log Rotation

Issue:	The Access Gateway Service crashes during the log rotate process. (Bug 768876)
Fix:	The logging process is changed by redirecting the error logs from the httpd child processes to syslog. For more information, see TID 7010977.

Page Redirection Error While Accessing a Resource

Issue:	When you access a resource through the Web browser, `The page isn't redirecting properly` error is shown on the Mozilla Firefox browser. But on an Internet Explorer browser the redirection results in an infinite loop. This happens during the login process after the credentials are submitted to the Identity Server. (Bug 760768)
Fix:	Session information is updated in the Identity Server.

ActiveMQ Web Console Goes Into A Non-Responding State Due to Many Open Files

Issue:	When alerts are enabled, each child process of Apache requests ActiveMQ for creating a queue. ActiveMQ creates a queue depending on the process ID and assigns a queue ID. When Apache restarts, the child process again requests ActiveMQ to create the queue with the process ID and over a period of time ActiveMQ becomes non-responsive. (Bug 746349)
Fix:	Each httpd child process does not request the ActiveMQ process to create queues.

Access Gateway Service Proxy in Tunnelling Mode Terminates Connections Randomly Under Heavy Load

Issue:	When the Access Gateway Service is used for tunnelling under heavy load, many users get disconnected at random intervals ranging from 5 minutes to 45 minutes. (Bug 732328)
Fix:	The memory corruption issue is resolved.

Empty Authentication Header Variable Causes Application to Crash (HTTP 500 error)

Issue:	If you try to access a protected or public resource that has an Identity Injection policy assigned before the authentication process is completed, then the users get an HTTP 500 error. (Bug 769430)
Fix:	Ensure that `NAGGlobalOptions RemoveEmptyHeaderValue` is set to `on`. For more information about this option, see Advanced Gateway Service Options in the Access Gateway Guide.

Unexpected Non-Redirected Login Behavior

Issue:	When non-browser based clients with form-based Non-redirected login enabled provide an invalid Authentication Header to the proxy service, the proxy redirects the request to the Identity Server. (Bug 764827)
Fix:	Incorrect credentials from clients return a 401 status code error instead of redirecting the request to the Identity Server.

Non-Redirected Login Is Not Working

Issue:	An Identity Injection policy configured for a protected resource with Non-Redirected Login works the first time, but fails during subsequent requests. (Bug 759509)
Fix:	This issue occurs because the session cache did not have complete information for Non-Redirected Login. The session cache is now updated with Liberty ID and this is subsequently used in ESP policies.

Difference in the Content Exchanged Between the Access Gateway Appliance and the Web Server

Issue:	There is difference in the data exchanged between the Access Gateway Appliance and the Web server. (Bug 739096)
Fix:	The difference in content exchanged between the Access Gateway Appliance and the Web server is resolved.

The Navigation Page of Vibe Not Appearing Intermittently

Issue:	The header page of Vibe does not load and this leads to issues in displaying the Vibe navigation page. (Bug 756636)
Fix:	The issue with memory pointers is resolved and the pages load without error.

Accessing a Hyperlink From MS-Office Applications Results in An Error

Issue:	Clicking a hyperlink to a URL that is a protected resource from an Excel, Word or Powerpoint document returns `Unable to authenticate 404-esp` error. (Bug 765666)
Fix:	This issue is resolved by sharing cookies between MS-Office applications and the Web browsers. The right login URL is displayed when Web browsers are launched from MS-Office applications.

The Identity Server Is Not Updated With Session Details of the Access Gateway Appliance

Issue:	The Identity Server is not updated with the user session details of Access Gateway Appliance. This cause the Identity Server to timeout. (Bug 773018)
Fix:	This issue has been fixed by modifying the time-to-live calculations.

Provide a Way to Cache More Than 1 MB

Issue:	Apache does not cache a file if the file size is more than 1 MB. (Bug 758173)
Fix:	Introduced the advanced option `CacheMaxFileSize`. The default value is increased to 5 MB. For more information about this option, see Advanced Gateway Service Options in the Access Gateway Guide.

Inconsistent Behaviour of the Upgrade Script Across All Components

Issue:	The prompts displayed during upgrade are inconsistent across the Administration Console, the Identity Server and the Access Gateway. (Bug 772368)
Fix:	The prompts displayed during upgrade process are similar.

302 Redirect Occurs After Updating the Configuration

Issue:	ESP clears the cached session and failover details after each configuration request due to change in the Access Gateway configuration. This results in 302 redirects for existing sessions. After the Identity Server configuration is updated, it results in a 302 error. (Bug 774728)
Fix:	ESP does not clear the existing session details after updating the configuration.

Error Connecting To the Data Store From the Administration Console

Issue:	When you go to the Access Gateway configuration page and the response of the Access Gateway is delayed, the following message is displayed: `Error connecting to data store`. (Bug 775222)
Fix:	The `tomcat7.conf` file includes the java option `JAVA_OPTS= "${JAVA_OPTS} -Djsse.enableCBCProtection= false"` which improves the LDAP connection speed and the Access Gateway connects to the data store without any errors.

Secret Store Does Not Work When Form Fill Advanced Options Are Enabled

Issue:	Form credentials that are written successfully in secret store during initial Form fill request, is not written correctly to the secret store if the following advanced options are enabled: (Bug 775826) `NAGGlobalOptions InPlaceSilent= on NAGGlobalOptions InPlaceSilentPolicyDoesSubmit=on`
Fix:	The credentials are written correctly to the secret store when the Form Fill Advanced options are enabled.

The Access Gateway Does Not Retain a Session After Idle Time Intervals

Issue:	When accessing protected resources through multiple domains at different idle time intervals, you have to re-authenticate because the details of the session you have accessed is not retained. (Bug 783946)
Fix:	The details of the session you have accessed is retained and you do not have to re-authenticate.

The Access Gateway Does Not Cache the Identity Injection Policy Attribute Values

Issue:	The Access Gateway does not cache the Identity Injection policy attribute values after the first request. For subsequent requests the policy evaluation request is resent to the ESP. (Bug 784417)
Fix:	The policy evaluation request is serviced from the cache.

Enhancements and Software Fixes - Access Gateway Appliance (Fixes only for Access Gateway Appliance)

Access Manager 3.2 Service Pack 1 includes software fixes that resolve several previous issues in the Access Gateway Appliance.

Missing Access Gateway Appliance Statistical Details

Issue:	Clicking `View` in the `Server Activity` tab or in any other tab does not display all statistical details for the Access Gateway Appliance. (Bug 741570)
Fix:	The issue is resolved by populating the correct value in the fields.

Form Fill Policy with Auto Submit Enabled Fails on Pages That Has Form Tags Inside Java Script

Issue:	When the form that is filled with Auto Submit enabled, fails when pages have form tags inside the Java script. (Bug 777640)
Fix:	The form when filled and auto-submitted to the Web server, does not fail if the pages have form tags inside the Java script.

Error Installing Access Gateway Appliance in a Non-English Language

Issue:	While installing the Access Gateway Appliance, when you select a language other than English (default language) in the license screen, an error occurs. (Bug 771055)
Fix:	You can select other languages including the default English language in the license screen during the Access Gateway Appliance installation without any errors.

Return to Top

Installing or Upgrading the Purchased Products

After you have purchased Access Manager 3.2 SP1, log in to the Customer Centre and follow the link that allows you to download the software.

The following files are available:

Filename	Description
AM_32_SP1_AccessManagerService_Linux64.tar.gz	Contains the Access Manager Service for Linux.
AM_32_SP1_AccessManagerService_Win64.exe	Contains the Access Manager Service for Windows Server 2008.
AM_32_SP1_AccessGatewayAppliance_Linux_SLES11_64.iso	Contains the Access Gateway Appliance.
AM_32_SP1_AccessGatewayAppliance_Linux_SLES11_64.tar.gz	Contains all patches from 3.2 to 3.2 SP1 for the Access Gateway Appliance.
AM_32_SP1_AccessManagerAppliance_Linux_SLES11_64.iso	Contains the Access Manager Appliance.
AM_32_SP1_AccessManagerAppliance_Linux_SLES11_64.tar.gz	Contains all patches from 3.2 to 3.2 SP1 for the Access Manager Appliance.
AM_32_SP1_AccessGatewayService_Win64.exe	Contains the Windows Identity Server and Windows Administration Console for Windows Server 2008.
AM_32_SP1_AccessGatewayService_Linux_64.tar.gz	Contains the Access Gateway Service for SLES 11 and RHEL 6.2 or higher version.
AM_32_SP1_ApplicationServerAgents_AIX.bin	Contains the Agents service for AIX platform.
AM_32_SP1_ApplicationServerAgents_Linux.bin	Contains the Agents service for Linux platform
AM_32_SP1_ApplicationServerAgents_Solaris.bin	Contains the Agents service for Solaris platform
AM_32_SP1_ApplicationServerAgents_Windows.exe	Contains the Agents service for Windows platform.

If you have purchased a previous release of Access Manager (3.1.4, 3.1 SP4 IR1, 3.2 or 3.2 IR1) and need to move to 3.2 SP1, download the patch files from Novell Downloads.

Following are the supported upgrade/migration paths for 3.2 SP1:

Source	Destination
3.1 SP4	3.2 SP1
3.1 SP4 IR1	3.2 SP1
3.2	3.2 SP1
3.2 IR1	3.2 SP1

Upgrading or Migrating from 3.1 SP4 to 3.2 SP1
Upgrading from 3.2 Onwards

Upgrading or Migrating from 3.1 SP4 to 3.2 SP1

If you are on Access Manager 3.1 SP4, you can directly upgrade to 3.2 SP1 without moving to 3.2.

If your base platform is SLES 11 SP1 or a Windows 2003 server, you need to migrate whereas if your base platform is Windows 2008, you can directly upgrade to Access Manager 3.2 SP1.

To migrate your Access Manager components, see Migrating Access Manager in the NetIQ Access Manager Migration and Upgrade Guide.

To upgrade your Access Manager components, see Upgrading Access Manager in the NetIQ Access Manager Migration and Upgrade Guide.

To Upgrade from 3.2 Onwards

If you are already on Access manager 3.2, you can directly upgrade to 3.2 SP1 using the instructions at Upgrading from Access Manager 3.2 to 3.2 IR1 or 3.2 SP1 in the NetIQ Access Manager 3.2 Installation Guide.

Return to Top

Verifying Version Numbers

It is important to verify the version number of existing Access Manager components before you upgrade or migrate to 3.2 SP1. This ensures that you have the correct version of files on your system.

Verifying Version Number Before Upgrading to 3.2 SP1
Verifying Version Number After Upgrading to 3.2 SP1

Verifying Version Number Before Upgrading to 3.2 SP1

In the Administration Console, click Access Manager > Auditing > Troubleshooting > Version.
Examine the value of the Version field to see if it displays a version that is eligible for upgrading to 3.2 SP1.

Component 3.1 SP4 3.1 SP4 IR1 3.2 3.2 IR1

Administration Console 3.1.4.27 3.1.4.57 3.2.0.327 3.2.0.370

Identity Server 3.1.4.27 3.1.4.57 3.2.0.327 3.2.0.370

Access Gateway 3.1.4.27 3.1.4.57 3.2.0.327 3.2.0.370

Access Gateway Appliance 3.1.4.27 3.1.4.57 3.2.0.327 3.2.0.370

SSL VPN 3.1.4.27 3.1.4.57 3.2.0.327 3.2.0.370

Verifying Version Number After Upgrading to 3.2 SP1

In the Administration Console, click Access Manager > Auditing > Troubleshooting > Version .
Examine the value of the Version field to see if it displays 3.2 SP1 version.

Component Versions

Administration Console 3.2.1.57

Identity Server 3.2.1.57

Access Gateway 3.2.1.57

Access Gateway Appliance 3.2.1.57

SSL VPN 3.2.1.57

Known Issues in this Release

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

Issues With Extended Logging

Issue:

If you enable extended logging you will see the following issues: (Bug 750355, 783159, 783160, 783163, 783161)

Strings ”%t\ and %r\” appear twice in the LogFormat value.
Many Log Format options get logged without any information.
Value of Log Format does not change.
Hard disk space gets exhausted due to large number of log files. (Only observed on RHEL 6.3 platform)

Workaround:

No workaround for any of the above issues. If you enable extended logging on RHEL 6.3, ensure you limit the number of files to 2 and set the size for log rollover to 1 MB.

Issues With Form Fill Policy

Issue:

If you enable a form fill policy, you will see the following issues:(Bug 774324, 784216,784612 )

When the form fill policy stores values in shared secrets and the form is auto-submitted with mask data, the combo box values are not masked.
When the form fill policy is enabled for a protected resource and the form is auto-submitted without action field, auto submit fails.
When the form fill policy is enabled and the form is auto-submitted, the POST data is sent in chunks. This issue is seen only with Internet Explorer 7 browsers.

Workaround:

No workaround for any of the above issues.

Issues with Sharepoint

Issue:

If you have configured Sharepoint as a path-based multi-homing service with the Remove path on filloption enabled, the following issues occur:

Few internal links fail to connect
Help and Cancel buttons don't work.(Bug 700552)

Workaround:

To workaround this issue, use domain-based multi-homing with the Remove path on fill option enabled.

Script File to Reimport SSL VPN Not Available

Issue:	The script file to reimport SSL VPN into the Administration Console from the `/opt/novell/devman/jcc/conf` where the Access Gateway and SSL VPN are installed, is not available.(Bug 768102)
Workaround:	Import SSL VPN manually.

Customized Logout Pages Not Available After Upgrade

Issue:	In Windows, if you have customized the `logoutSuccess.jsp`, `nidp.jsp` files, and `nidp` images located at `/opt/novell/nam/idp/webapps/nidp/jsp`, the files and images are not retained in the Identity Server and Access Gateway when you upgrade. (Bug 770066)
Workaround:	Restore these files manually.

Alert About Authentication Error After Migration to 3.2 SP1

Issue:

After migrating to 3.2 SP1, when you log in to the Administration Console, the following alert is displayed:

Datastore authentication error, bad password or certificate.

(Bug 753007)

Workaround:

This alert can be ignored because it does not have any impact on the functionality..

Configuration Changes on Access Gateway Service Leads to Apache Restart

Issue:	Any configuration changes on the Access Gateway Services leads to restart of Apache service, which results in service interruption. (Bug 778475)
Workaround:	No workaround.

Target Value of Intersite Transfer URL Contains Non-Standard URL

Issue:	If you configure Identity Server to be an Identity provider with another service provider to support single sign-on, the intersite transfer URL that contains the target value is modified to include a non-standard URL. This issue results in authentication failure. (Bug 781812)
Workaround:	No workaround.

Only One eDirectory Replica Addresses Admin Connections

Issue:	If you have less than three eDirectory replicas in the cluster, admin connections for some operations are addressed by only one replica instead of being distributed across all replicas. This issue can lead to performance degradation. (Bug 757512)
Workaround:	Ensure that you have three or more eDirectory replicas in a cluster. Configuring eDirectory with high memory also ensures that there are no performance issues.

Error Rewriting Published DNS Name

Issue:	Page not found error is displayed as the Access Gateway Service does not rewrite to a published DNS name if the back-end host name specified within a URL is embedded in a `span` tag. (Bug 784210)
Workaround:	No workaround.

Using SSL VPN Client Through Internet Explorer Browser in Kiosk Mode Shuts Down Windows Explorer

Issue:	When you access SSL VPN client in Kiosk mode through an Internet Explorer browser, it shuts down all instances of Windows Explorer on the system. (Bug 781727)
Workaround:	No workaround.

lcache Runs as a Non-Root User after Failing Unexpectedly

Issue:	The lcache process (Novell Nsure Audit Platform agent) runs as a root user. However, after failing unexpectedly the process runs as a non root user. (Bug 770037)
Workaround:	For information on resolving this issue, see TID 7010978.

Return to Top

Previous Releases

This version also includes enhancements added in Access Manager 3.2 IR1

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.

Return to Top

Legal Notice

THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
© 2012 NetIQ Corporation and its affiliates. All Rights Reserved.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
Check Point, FireWall-1, VPN-1, Provider-1, and SiteManager-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.
Access Manager, ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Cloud Manager, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PlateSpin, PlateSpin Recon, Privileged User Manager, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its affiliates in the USA. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
EXCEPT AS MAY BE EXPLICITLY SET FORTH IN THE APPLICABLE END USER LICENSE AGREEMENT, NOTHING HEREIN SHALL CONSTITUTE A WARRANTY AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF FITNESS FOR A PARTICULAR PURPOSE ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW AND ARE EXPRESSLY DISCLAIMED BY NETIQ, ITS SUPPLIERS AND LICENSORS.

Return to Top