| || || |
This document was published at: http://knowledgebase.citrix.com/kb/entry.jspa?externalID=CTX102685
Document ID: CTX102685, Created on: Sep 19, 2003, Updated: Sep 19, 2003
Products: Citrix MetaFrame Password Manager 2.0
Citrix Systems, Inc.
Citrix MetaFrame?Password Manager
Copyright ?2003, Citrix Systems, Inc. All rights reserved.
All trademarks and registered trademarks are the property of their respective owners.
Welcome to Citrix MetaFrame Password Manager
Citrix MetaFrame Password Manager is a component product of the MetaFrame Access Suite. Designed to work seamlessly with all products in the MetaFrame Access Suite, MetaFrame Password Manager provides password security and single sign-on access to Windows, Web, proprietary, and host-based applications, whether running in the MetaFrame Access Suite environment or on the local desktop device. Users authenticate once with a single password and MetaFrame Password Manager does the rest, automatically logging on to password-protected information systems, enforcing password policies, monitoring all password-related events, and even automating end-user tasks, including password changes. MetaFrame Password Manager makes connecting to secure applications faster and more secure, and lowers the costs of support for IT organizations.
This Readme contains the following information:
?Limitations and known issues
MetaFrame Password Manager includes several documentation files to assist you in your use of the product. The documentation files are available from the \Documentation folder of the MetaFrame Password Manager CD-ROM.
When you install the MetaFrame Password Manager Console, the Administrator's Guide and this readme are installed to the following location:
install_directory\Citrix\MetaFrame Password Manager\Console\Docs
Limitations and Known Issues
?Early Adopter Program: Upgrades from the Early Adopter Program release are not supported. Several features, including licensing and synchronization, have undergone significant changes since the Early Adopter Program release of Citrix MetaFrame Password Manager.
The license repository for the Early Adopter Program release (SSOLicenseRepo for Active Directory or SSOLicenseRepo.bin for Shared Folder implementations) must be removed before you open License Administration or the console.
?License Expiration: Technical Preview, Early Adopter Program, and Evaluation licenses expire in 90 days without warning.
?Network Shares as Synchronization Points: If you configure a network share as your synchronization point and the server hosting the sharepoint does not have sufficient disk space, a permission error message appears when the agents attempt to synchronize their data. Citrix recommends 30KB per user or 2KB per application.
?License Repository Permissions: If you store your license repository in a shared folder, your user account must have read/write permissions for the shared folder before you launch the console or License Administration. If you store your license repository in Active Directory, your user account must be a member of the Domain Administrators group.
?Extended character support for Windows NT: Extended character support is limited on Windows NT. The supported characters are listed in the codepages available from http://www.microsoft.com/globaldev/reference/.
?Universal Principle Names (UPN): When using UPN to log on to applications, do not define an application definition that includes a third field for entering the domain. The agent cannot provide credentials correctly to the associated application.
?Field Matching and Windows Authentication: On Windows XP and Windows Server 2003 systems, the agent cannot recognize dialog boxes that require field matching to distinguish between them, for example, Network Connection and Office XP password dialog boxes. You must create application definitions for these dialog boxes using the console.
?Network Connections on Windows 2000: If the user name is preconfigured as a static field in Windows 2000, the MetaFrame Password Manager Agent cannot submit credentials for authentication.
?Event Log Errors: MetaFrame Password Manager events are cached on a per-user basis and written to the Windows Event log every 15 minutes or when the agent starts up. This behavior has two effects. First, all the entries are placed into the Windows Event log with the same time stamp. Second, with roaming profiles, events that occur on one server may be stored in a different server's event log.
?WinZip Support: The application definitions included with MetaFrame Password Manager support WinZip 8.1 Service Release 1 and earlier.
?Terminal Emulators: The mfrmlist.ini file lists compatible terminal emulators for MetaFrame Password Manager and is available from the \Helper\Emulator folder in the installation directory for the agent. At the time of this release, Citrix has completed testing on a subset of the listed emulators. For more information and assistance with your implementation of terminal emulators, contact your Citrix representative.
MetaFrame Password Manager Agent
?Custom Agent Installation: If you select Custom during installation of the agent, the custom settings are retained if you click Back in the setup wizard and selecting Typical. You must cancel the setup wizard and start it again to reset the option for agent installation.
Do not deselect the Authenticators node during a custom installation.
?Right-clicking the Agent Icon: If a user right-clicks the agent icon in the Windows taskbar twice, the agent attempts to store credentials for an application.
?Change Password Wizard: If an application requests a password change and the user enters a new password that is rejected by the application, the application generates an error message and prompts the user to specify another password or cancel. The agent does not recognize the failure of the initial password change and stores the failed password in the local store, preventing the user from logging on to the application.
The user must open Logon Manager, select the application, and configure the correct password. If the user changes the password in the application successfully, the new password must be added to Logon Manager; otherwise the user must specify the original password to prompt the application for a password change.
?Agent Unable to Connect to the Synchronization Point: If the agent cannot connect to the synchronization point, the agent continues to function using information from the local storage but does not notify the user.
?Synchronizing Agent Configurations: If you change the settings for an agent, the agent may need to be restarted for the settings to be applied.
?Suppressing Reboot for Installations of the Agent: You can suppress the reboot process after installing the agent using the following command:
msiexec reboot=suppress /i path_to_msi_file_and_its_filename
For example: msiexec reboot=suppress /i c:\temp\setup.msi
?Auto-recognize: If a user disables Auto-recognize for one or more credentials configured for an application, the credentials are not included in the list of available credentials. In addition, if you disable Auto-recognize for all the credentials assigned to Program Neighborhood or Program Neighborhood Agent, the agent does not locate any of the credentials and prompts for a new configuration.
MetaFrame Password Manager Console
?Password Sharing Groups and Password Policies: If you select different options in the Change Password wizard for applications that belong to the same password sharing group, password changes cannot be synchronized across all applications in the group. Applications in the same password sharing group must use the same password policy.
?Password Sharing Groups and Event Logging: Password changes implemented by the password sharing group feature do not generate a credential change event identifier. The password change event is not recorded in the event log by MetaFrame Password Manager.
?Password Changes and Password Policies: If an application is subscribed to a password policy and the application is configured to allow a manual password change, the password policy is not enforced when a user specifies a password. However, automatic password generation will adhere to the specified password policy.
?MaxRetryAttempts Setting Under AccessManager node: The MaxRetryAttempts counter should be set to one less than the actual number of retry attempts expected. To determine how the agent keeps track of the number of retry attempts, use the following equation:
N + 2 = number of retries,
where N represents the value entered in the console.
?Removing Application Definitions: If your agents synchronize application definitions and you later remove application definitions from the console or change which application definitions are to be synchronized, the deleted application definitions are disabled on the agent. If a user configured credentials for the deleted application definitions, the definitions appear in Logon Manager but do not function or display an error message to the user.
?Large Font Mode and the Web Application Wizard: If you switch the display settings on your computer to display large fonts, the Web Application wizard does not display correctly and you cannot configure Web applications.
MetaFrame Access Suite Integration
?MetaFrame Secure Access Manager 2.0 and Website Viewer CDA: If a user browses to a Web site requiring authentication using the Website Viewer CDA and selects Never when prompted to store credentials, the agent does not allow the user to configure logon information for the same Web site again. To store credentials for the Web site, the user can browse to the Web site using a Web browser, not Website Viewer.
?Web Interface for MetaFrame XP 3-field template: If you configure support for Web Interface for MetaFrame XP using the 3-field template and a user enters the wrong credentials, the agent does not recognize the URL rendered by Web Interface for MetaFrame XP that prompts the user to attempt a new logon with two fields. To avoid this error, you must include the second URL in the application definition for Web Interface for MetaFrame XP.
?MetaFrame Published Resources: Each MetaFrame published application accessed using the agent generates a new agent icon in the Taskbar when session sharing is not used.
?Aggressive Synchronization and MetaFrame Presentation Server: When the agent is installed on a MetaFrame Presentation Server, aggressive synchronization is enabled by default.
?Installing the Agent on a MetaFrame Presentation Server: When the agent is installed on a MetaFrame Presentation Server, the agent may display the following error message on startup - "Sorry, incorrect Password. Please try again."
WARNING! Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
The error is generated because of incorrect registry settings. To resolve this issue, delete all registry entries under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Citrix\MetaFrame Password Manager\.
The MetaFrame Password Manager discussion board is at http://www.citrix.com/cdn
Citrix Systems, Inc.
851 West Cypress Creek Road
Fort Lauderdale, Florida 33309 USA
Copyright ?2003 Citrix Systems, Inc. All rights reserved.
| || || || |