Tuesday, July 29, 2008

Pointsec for PC and the Novell GINA

I ran into a really strange problem today that I wanted to put out there for everyone to see. Yesterday I was leading a group of people through a class on how to install and remove Pointsec for PC, and about half of the class was made up of people who use Novell at their organization. So there were a bunch of Novell clients in the room. Then the strangest thing happened to one of them, his GINA just stopped accepting username and password. His computer would boot normally, but when the Novell GINA came up, there was no text box for him to type his username and password.

I have to say, for the record, that this whole class was cursed. Everyone was running into some kind of technical difficulty, including me. But then today I was leading another group of people through the class and another Novell GINA stopped working in exactly the same way. I could no longer write it off as a weird coincidence on that first guys machine, I believe I've run into a bug.

Here are the details and the fix. The user had installed Pointsec for PC. We hadn't made any changes to the precheck.txt file because I've never had any problem with Pointsec not working with Novell GINA in the default configuration. After working for the whole morning, we got to the part where everyone uninstalled Pointsec. The student uninstalled without incident and rebooted, and he got a deformed login screen. It didn't have any text boxes where you could put in a username and password! Both of the machines that were affected were running Novell client 4.9.1 on Windows XP. One of the machines was running Service Pack 3 and the other was still on Service Pack 2.

So how did it all get fixed? First the student booted the computer into safe mode and was able to get access to the computer. When the computer boots from safe mode, the Windows GINA comes up instead of the Novell GINA, so he logged into the computer with a local account. Then we opened regedit and navigated to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. There is a key called BaseGina which was set to NWGINA.DLL. We changed it to msgina.dll and rebooted the computer. Then he was able to log into the computer with the Windows GINA. From there he reinstalled the Novell client and was back in business.

Anyway, it's just a short and quick little entry so I can remember that this happened once and hopefully if there is someone out there with this problem they can get a push in the right direction. I wish I had a screenshot of the messed up GINA to show you, but such is life.

No comments: