This release includes the below new feature and fixes for mentioned issues.

Enhanced NCP Server Side Copy:

- The “OES Copy” feature’s ability to use NCP Server Side Copy for file copy operations occurring within the same NCP server has been extended to provide this same capability during Windows File Explorer Copy-and-Paste, Cut-n-Paste and Drag-and-Drop operations, even when not explicitly using the “OES Copy” feature.

Issues Fixed:

1. Possible blue screen when accessing NSS DFS junction-based paths at the same time DFS junction information refresh is occurring. (Issue 868178)

2. TSClientAutoAdminLogon can intruder lock the account if the eDirectory password is no longer the same as the Windows password. (Issue 843042)

3. NCP connections may be unavailable at the user desktop if a UPN-based Windows account logon was additionally prefixed with an explicit domain name. (Issue 793049)

Defects/Issues Addressed:

1. OES Copy shell extension enhanced to utilize NCP server-side copy capabilities when possible. (OCTUS52A692011)
2. Possible kernel-mode crash when VLDB server fails to respond on an established VLDB connection. (OCTCR52A769251)
3. Saving from LibreOffice with a hash symbol in the path could fail to remove temporary file. (OCTCR52A636069)
4. Advanced Authentication integration could filter out needed credential providers in some scenarios. (OCTCR52A634081)

Defects/Issues Addressed:

1. An application which calls WNetGetConnection with a NULL buffer may fail (OCTCR52A729069)

2. The "Suppress Single Sign-On" check box may not appear with current NMAS client version (OCTCR52A729094)

3. File names in excess of 128 characters in the Windows drivers folder may prevent NCFSD.SYS from loading (OCTCR52A744056)

4. Update Agent may attempt to install based on administrator internal major and minor version only, without checking for downgrade (OCTCR52A745071)

5. Invalid custom Welcome screen credential tile bitmap may fail overall credential provider field initialization (OCTCR52A749119)

6. Enabling CustomStrings in INSTALL.INI may cause application crash in NCLangParser.dll (OCTCR52A751091)

Defects/Issues Addressed:

1. Credential provider tiles may become hung if input is allowed to time out (OCTCR52A721012)

2. OES-specific property pages may not appear for some paths (OCTIM52A626143)

3. Possible hang when Windows network provider order is being changed (OCTCR52A632017)

4. LDAP Contextless Login now considers preferred server when causing an initial NCP connection (OCTIM52A616177)

5. Windows 7 platforms may show Exception Processing Message 0xC0000135 from WINLOGON.EXE (OCTIM52A707036)

6. Possible kernel-mode crash when handling file system change notification request (OCTCR52A630106)

7. Mapped drives may not disappear from File Explorer views when disconnecting NCP connection (OCTCR52A627092)

8. Updated branding and icons to reflect Open Text company name. Note the installation set self-extract package now extracts to "C:\Open Text" by default

Defects/Issues Addressed:

1. Applications using Windows WNet APIs to perform eDirectory authentication could fail, including ZENworks and NET.EXE command lines (Defect ID: - 595027)

2. Presence of Citrix Application Protection component could lead to failure to execute eDirectory login scripts during login (Defect ID: - 545045)

3. Invoking the CTRL-ALT-DEL Change Password option could fail to present the dialog for choosing which eDirectory and Windows resources to perform password change (Defect ID: - 601057)

Long Path Support
The Client for Open Enterprise Server 2 SP7 release has eliminated limitations in the kernel-mode drivers which prevented Microsoft Windows file system APIs from working on NCP-based paths which were close to or in excess of the Microsoft Windows "MAX_PATH limit" of around 260 characters. Windows applications specifically designed to take advantage of paths longer than the traditional Microsoft Windows MAX_PATH limit can now successfully specify such paths over NCP.

NCP Encryption TLS 1.3 Support
On Windows 11 and later platforms, the NCP encryption feature now supports using TLS 1.3 when negotiating encryption protocol with the NCP server.

Platform Support:
- Supports Windows 11, version 22H2 (x64)

Defects/Issues Addressed:

1. Client for Open Enterprise Server 2 SP6 (IR1) and earlier unable to run successfully on Windows 11 Insider Preview 22557/Windows 11 2022 H2 and later, citing “a certificate has been explicitly revoked”.

2. If TCP-level VLDB communication is blocked, all VLS connection slots become full after repeated failed attempts to traverse DFS junctions. Once the connection slots are full, even if TCP-level communication to the VLDB is then restored, DFS junctions continue to fail until the workstation is rebooted.

3. eDirectory AutoAdminLogon will fail if a clear-text eDirectory AutoAdminLogon password has not been provided, instead of falling back to using the Windows AutoAdminLogon password for the eDirectory AutoAdminLogon. (OCTIM52A507238)

4. If NetIQ Advanced Authentication client is installed on a machine where Client for Open Enterprise Server is already installed, the NetIQ credential provider will appear and be used successfully. This continues until someone visits Client Properties and saves any change, at which point the pre-existing Client Properties settings to use Client for Open Enterprise Server credential provider will be re-asserted. Now in SP7, presence of the NetIQ credential provider is recognized as a state to be maintained when visiting Client Properties, until a different credential provider mode is explicitly selected. (OCTIM52A499791)

5. NCCredProvider was failing to call ZENworks DLU LocalPreLogonNotify callback if a UPN username had been entered by the user, because the domain value was intentionally blank in this case.

6. Provide customer with new “Enforce eDirectory Desktop Login With NetIQ Credential Provider” policy to allow opting-out of Advanced Authentication enforcement for eDirectory-only logins performed from the desktop. (OCTIM52A499791)

7. AutoAdminLogon processing could fail to proceed to checking for eDirectory AutoAdminLogon, if and when a Windows domain-involved Windows AutoAdminLogon returns ERROR_TRUSTED_RELATIONSHIP_FAILURE when trying to determine the SID of the Windows AutoAdminLogon user. (OCTIM52A507238)

8. Checking for an existing mapped drive letter could potentially fail due to case-sensitivity.

Defects Fixed:
------------------------

1) OCTCR52A414024 Having LDAP Contextless Login caching enabled could create random initial NCP connections

2) OCTCR52A397425 When AutoAdminQueryNDS is enabled, the ForceLastUserName policy would not be applied

3) OCTCR52A382073 When AutoAdminQueryNDS is enabled, every Windows account logon uses AutoAdminLogon credentials

4) OCTCR52A380500 Uninstalling the latest client to re-install an older version could result in files from the latest client being retained

5) OCTIM52A339003 AutoAdminLogon could fail when the configured Windows user account was an Azure Active Directory account

6) OCTCR52A333010 LDAP Contextless Login errors could be hidden when logging in with the credential provider

7) OCTIM52A229001 Deleting a folder could fail if any of the file name exceeded 128 characters

8) OCTIM52A136048 Potential buffer overrun when the WNetGetUniversalName API is called for path longer than MAX_PATH

9) OCTCR52A131055 When DontDisplayLockedUserId is enabled, a Change Password with Advanced Authentication enabled can fail

10) OCTCR52A80039 LDAP Contextless Login could return a context with some Unicode characters still escaped

What’s New in Client for Open Enterprise Server 2 SP6
Platform Support
Client for Open Enterprise Server 2 SP6 and later supports Windows 10 update (version 21H1).
Supports Windows 10 Multiple Credential Provider Selection

Client for Open Enterprise Server 2 SP6 optionally supports a Windows 10 credential provider behavior which allows users to select among multiple installed credential providers if necessary easily. When enabled, the Client for Open Enterprise Server credential provider appears in the “Sign-In Options” list along with the other available credential providers for the Windows user accounts.

By default, Client for Open Enterprise Server still operates in the “legacy mode” that presents only the last logged-on user and the “Other User” credential. Starting with Client for Open Enterprise Server 2 SP6, both modes of operation are available to provide whichever behavior would best accommodate the login needs of a workstation.
Custom Re-branding

The Custom Branding feature provides a text-based branding change to customize any string or a specific keyword as per the requirement. The feature also offers multi-language support to customize the strings as per the language preference in which Client for OES was installed.
NCP Encryption and Multi Factor Authentication Enhancement

The Client for Open Enterprise Server 2 SP6 provides support for NCP Encryption and Multi Factor Authentication capability on the volume level as well. Now each volume can be separately configured for encryption or Multi Factor Authentication.

For information on the NCP server side configuration for Volume Encryption, see Managing NCP Security Configurations in the OES 2018 SP3: NCP Server for Linux Administration Guide.
Azure based Active Directory Login Support

The Client for Open Enterprise Server 2 SP6 now provides Azure Active Directory Support. Users can now login to a Microsoft-hosted Azure Active Directory domain using the Client for Open Enterprise Server.
Salvage and Purge Enhancements for Search Filters and Search Subdirectories

The Client for Open Enterprise Server 2 SP6 provides filter options in Salvage and Purge window to help customers navigate the exceedingly long lists of available files. This filter option enables a user to generate and implement an ability to filter the list by different criteria. For example, a specific filename pattern, or a specific date range for the file's deletion timestamp, or a specific date range for the file's creation or modification timestamp.

One can now browse through the deleted subdirectory files from the Salvage/Purge window with the Include Subdirectory Files checkbox option.

Client for Open Enterprise Server 2 SP5 (IR2) (06Nov2020)

1. Possible memory corruption if the NCP Encryption initialization failed unexpectedly. (Bug 1173526)
2. Unlock workstation may require entering old password if expired eDirectory password was changed during logon. (Bug 1173022)
3. Secure Login unable to learn new Windows account password during password change. (Bug 1172634)
4. Remote Desktop login could cause "invalid parameter" to be shown during subsequent non-RDP unlock attempts. (Bug 1172238)
5. Unable to delete folder after creating and closing Microsoft Office documents within folder. (Bug 1153584)
6. The "S R W E C M F A" labels above the Trustee Rights checkboxes could become mis-aligned on some displays. (Bug 1013270)

Client for Open Enterprise Server 2 SP5 (IR1) (27Jul2020)

1. Possible bugcheck in NCIOM.SYS using eDirectory-based UNC path. (Bug 1172610)

2. Cryptic error message provided when user is not allowed to change password. (Bug 1172489)

3. Possible bugcheck during an unexpected failure to load NCFSD. See TID 7024688. (Bug 1172307)

4. Cryptic error message provided when password does not meet password policy. (Bug 1171929)

5. Password expiration on non-English workstations could show blank prompts. (Bug 1171855)

6. Once enabled in Client Properties, Force Password Change could not be disabled. (Bug 1171573)

7. Using Refresh button or F5 key in Salvage Files list could create duplicate entries. (Bug 1151476)

8. Using Run Logon Scripts Synchronously policy could cause long delays if script execution required prompting. See TID 7023452. (Bug 1105790)

The feature NCP Encryption on OES is a security feature that increases the security of data transmitted across networks between the NCP server and clients.

The Client for Open Enterprise Server 2 SP5 and later provides support for NCP Encryption capability on the OES 2018 SP2 or later server. The following are the new parameters introduced in the Client Properties to support this functionality:

• NCP Encryption
• Cipher Strength

For more information on the parameters, see Advanced Settings in the Client for Open Enterprise Server Administration Guide.

For information on the NCP server side configuration for NCP Encryption, see Managing NCP Security Configurations in the OES 2018 SP2: NCP Server for Linux Administration Guide.

The Advanced Authentication capability on the Client for Open Enterprise Server 2 SP5 is enhanced to support the Multi Factor Authentication (MFA) on the OES 2018 SP2 server. For more information on the NCP server side configuration for MFA, see Managing NCP Security Configurations in the OES 2018 SP2: NCP Server for Linux Administration Guide.

The Client for Open Enterprise Server 2 SP5 supports the Open Enterprise Server (OES) 2018 SP2 release.

Previously, the eDirectory password expiry was handled after the execution of the eDirectory login scripts on the user’s desktop. Now, the eDirectory password expiration is handled during the login of the user and changing the passwords during the grace login period.

• If the Password Expiry Warning option is enabled, the user is alerted to change the password before the actual expiry date.
• If the Force Grace Login Password Change option is enabled, the user must change the password before the expiry of the grace login. Else the user will not be able to login.

In cases where the eDirectory account also defines the Windows account, updating the eDirectory password prior to the Windows account improves Domain Services for Windows and other domain account synchronization scenarios.