4 Replies Latest reply on Dec 31, 2008 7:35 AM by Christopher-Boston

    Tip: Ignoring Novell's "The Tree or Server Could Not Be Found" error

      With the Netware client we're using, we found that when implementing SSO through Safeboot that if a laptop was off our network but on another network (such as home wireless) that the user would get an error regarding the tree or server not being able to be found. It asks the user if they want to continue to logon to NT without logging into Netware. This is happening because normally our users would know to check "Workstation Only" when on another network, but they don't get this option with Safeboot.

      Before I explain how I did it, I'll give the standard disclaimer that I do not work for McAfee or for Safeboot and I'm only posting this because I had to go through the motions to get this fixed anyway and I thought it might help some others out. This change may or may not be supported by McAfee. You should complete the steps on a test or proof of concept system and you should always backup any files before modifying or deleting them.

      Anyway, to get around this, I modified the SbGina.ini file on the client machines as follows:

      Step #1: Under Windows.NT.Logon added:
      Window11=NWGina.XP.SecurityError.LogonDialog


      Note that the "Window11" part of that needs to be sequential with your other "Windows" in that list, it should not duplicate another number and there should be no gaps in numbers. I put mine above the standard NWGina.XP.xxxx lines and moved the other numbers down, you can do yours just about however you like.

      Step #2: Created a new section as follows. This should be completely outside of any other sections in the INI file or the other sections may not work.
      [NWGina.XP.SecurityError.LogonDialog]
      ;NWGina version 4.0.91
      OS.MajorVersion=5
      OS.MinorVersion=1
      OrigDll.Name=NWGINA.DLL
      Window.Title=Novell Security Message
      Window.Class=#32770
      Dlg.CtrlId.OK=6


      Basically this is staying that when you find a window with the title "Novell Security Message" with a Class ID of #32770 on Windows 5.1 (XP), click the "6" button. The number 6 represents the ID of the Control that corresponds to the "Yes" option.

      If you're using a different version of the Novell client, your title or button may be different, you can try changing Trace.LogonWindowInfo setting to YES under the GLOBAL section and then reading the Trace.FileName log file (normally LOGONWND.TXT) to get the ID information.
        • 1. RE: Tip: Ignoring Novell's "The Tree or Server Could Not Be Found" error
          A very cool suggestion from Christopher...

          For those interested, the GINA module evaluates each section defined in sbgina.ini each time a window appears on the pre-boot screen. It will stop as soon as a match is made.

          Window1=MSGina.NT4.LogonDialog
          Window2=MSGina.W2K.LogonDialog
          Window3=MSGina.XP.LogonDialog
          Window4=MSGina.WIN2003.LogonDialog
          Window5=NWGina.NT.LogonDialog
          Window6=NWGinaJP.NT.LogonDialog
          Window7=FSSGina.XP.LogonDialog
          Window8=CSGina.W2K.LogonDialog
          Window9=CSCOGina.W2K.LogonDialog
          Window10=ODYGINA.W2K.LogonDialog
          Window11=PRM_GINA.XP.LogonDialog
          Window12=IPASS.XP.LogonDialog
          Window13=Aviator.XP.LogonDialog
          Window14=TRYIT.XP.LogonDialog


          You are not allowed to jump numbers, the list must be contiguous.

          Each section has some parameters which are used to determine whether that section matches what's on the screen.For example the section for W2003:

          [MSGina.WIN2003.LogonDialog]
          OS.MajorVersion=5
          OS.MinorVersion=02
          OrigDll.Name=MSGINA.DLL
          Window.Title=Any
          Window.Class=#32770


          Matches ONLY if the OS version is 5.02, the gina displaying the window is called msgina.dll, and the window class is #32770.

          The interesting section to note is the final one, "TRYIT.XP":

          [TRYIT.XP.LogonDialog]
          OS.MajorVersion=5
          OS.MinorVersion=1
          OrigDll.Name=Any
          Window.Title=Any
          Window.Class=#32770


          You can see this section matches ANY gina with the window class #32270 (the typical window class), and thus tries to punch in details using the default box id's on any gina that comes up on XP.

          Because of this, if you want to specify your own section, you must do it BEFORE the tryit one, as this section matches practically anything.

          If you add your custom section after (say Window15), it will never get tested as the tryit section is almost always going to match.
          • 2. Novell Tree
            Thank you both for your detailed information about GINA. I'm having a problem with Novell and SSO right now. My issue is Users are getting Tree cannot be found, but the tree name placed in the field is the Active Directory Name. When I check a user's SSO details in the SBAdmin tool their Domain details are getting cached as our AD. If i define the tree name and update they seem to be fine after that. I'm trying to figure out why some users on the first synchronization our AD name gets cached instead of our NW Tree.

            Any help would be appreciated.

            Thanks,
            • 3. RE: Novell Tree
              Dvanmeter
              We ended up just changing the Gina on Laptops to be MSGINA instead of NWGINA. You can do this reg change the safeboot installer. We had the problem where if you removed Novell then the computer was messed up because Safeboot tried to find the nwgina and it wasnt there.
              • 4. RE: Novell Tree


                Hi dvanmeter -

                I considered this as well, but I don't recall why we didn't use that. I'm sure it had to have something to do with making as few OS level changes as possible. Is your MSGINA chained somehow to NWGINA? If so, can you descibe how? And if not, can you explain how your users are getting authenticated to Netware (perhaps logging in manually after SafeBoot?).

                Thanks!
                Chris.