NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Section 3.8, You are not Prompted to Re-authenticate even if forceAuth is Enabled
Section 3.9, Configuring an Additional Replica Does Not Work When Secret Store is Enabled
Section 3.11, Access Gateway Does Not Accept New Client Connections
Section 3.12, Authentication Occurs for Revoked Certificates
Section 3.13, Webtrends Does Not Read Log Files with Extended Logging
Issue: You cannot edit or view an existing Attribute Mapping from the Administration Console. (Bug 789663)
Workaround: None.
Issue: The load balancer continues to send browser requests even though the Identity Server is in a non-responsive state. (Bug 797770)
Workaround: None.
Issue: When you set the value of TCP Connect Options to more than 1440 seconds, the configuration update for Access Gateway fails. (Bug 796078)
Workaround: None.
Issue: In Microsoft Windows, the Access Gateway does not create extended logs for reverse proxy requests configured for extended logging. (Bug 797559)
Workaround: None.
Issue: If the Java JRE 1.7.0_21 plugin is enabled in the browser, the SSL VPN client installation (both traditional and ESP enabled) fails. (Bug 822759)
Workaround: Install the SSL VPN client by using a browser with JRE plugin older than version 1.7.0_21.
Issue: Kerberos Constrained Delegation fails single sign-on authentication to the ADFS server. (Bug 819139)
Workaround: None
Issue: When users authenticate to the Identity Server and get the password expired message, they are not redirected to the Password Management Servlet defined for that contract. (Bug 814057)
Workaround: None.
Issue: The Name Password Form contract does not prompt users to be re-authenticated when forceAuth is enabled. (Bug 814785)
Workaround: None.
Issue: When you enable the eDirectory user store to use secret store, the port listed is 389 and you cannot click and the communication with the newly added replica fails. (Bug 811887)
Workaround: Remove the SecretStore entry, add the replicas with secure LDAP and add the SecretStore entry again.
Issue: The Identity Injection policy configured to inject the query string parameter causes looping if a query string parameter already exists in the URL. (Bug 813132)
Workaround: None.
Issue: The Access Gateway stops accepting new client connections. (Bug 813132)
Workaround: To fix this issue, see TID 7010977.
Issue: When you select the revoked certificate and continue with the authentication process, the browser should display an error message that the certificate has been revoked. (Bug 805216)
Workaround: After revoking the certificate, restart the Identity Server.
Issue: Webtrends perform data analysis based on the Access Gateway HTTP logs. When you upgrade to 3.2.1 IR1a, webtrends cannot read log files with extended logging enabled. (Bug 822598)
Workaround: None.
Issue: After migrating to the primary Administration Console, removal of the eDirectory replica from 3.1 SP4 secondary Administration Console fails. (Bug 822206)
Workaround: Wait for 20 to 30 minutes until eDirectory replica status changes to Up (ndsstat -s command). Once status is up, the eDirectory replica can be removed.