Known Problems in This Release

The basic firewall application and Security Dynamics' ACE software do not work under the Solaris 7 operating environment.

In the Open Windows(TM) environment with the NetFile application, the mouse buttons may not work as expected. Using the right mouse button is a workaround.

Browser issues:

• In NetMail (Java), when a message that has one or more attachments is sent, the Netscape browser may crash on the sender's machine. The mail and attachment are received correctly on the receiver's machine.

• Cookies must be enabled by the user's browser or the login sequence will continue to return the user to the login screen. To check on the Netscape browser setting, select Edit, select Preferences, then select Advanced. Occasionally, a user will receive a warning that the preferences are not set to accept cookies, even though the preferences are set to accept cookies.

• Netscape browser and Netlet. The Netlet is not able to use the "Automatic Proxy Configuration" in the Advanced Proxies preferences. If your browser is set up to use automatic proxy configuration, make sure that, at a minimum, you have entries for "HTTP Proxy" and "Security Proxy" in the Manual Proxy Configuration preference page before using any Netlet-related functions.

• In Netscape 4.06 in the Solaris operating environment, Java frames and dialogues may not appear until the mouse is moved.

• With Microsoft Windows, the NetMail local installer bookmark saved can bring up the incorrect browser. If you install NetMail locally, check the box to run NetMail at the end of the installation, create a bookmark of the page, and then select the bookmark, the page will run in the "default browser" that Microsoft Windows knows about. This may not be the browser you are currently running. The workaround is to install with the "default browser" that your system knows about.

• With Microsoft Windows, the Netscape browser may hang when you close the GO-Joe or pcANYWHERE applications.

• With Microsoft Windows, text in "Edit Appointment" in NetCalendar can appear blurred. Refresh the screen to correct this.

• Caching in Netscape Navigator versus Internet Explorer. Netscape does not distinguish between dynamic and persistent caching. In cases where no caching is allowed, nothing is written to disk. When the http headers "Pragma:no-cache" and "Expires:date" are used, no data is written to disk; pages that were sent and displayed with these headers cannot have the source viewed and you cannot go "back" to them. If you have a current active session, such pages may be reloaded, but otherwise they are not accessible. Netscape stores its cached objects under scrambled names. Internet Explorer appears to always write objects (for example, pages or images) to disk. The names used are the names of the object in clear text. As long as the browser is active, the objects can be accessed and viewed. To prevent Internet Explorer from writing to disk, you can set the browser preference "view/internet options/advanced/do not save encrypted pages to disk." However, this has a side effect of denying the user permission to open any non-HTML page in the browser. Users who want to open and view files with NetFile or who want to open attachments with NetMail are advised not to enable this setting. In the case where this browser preference is set, the user receives an error message: "Your security settings do not allow this file to be downloaded." When the browser is shut down, the objects disappear; however, as long as the browser is active, even if the i-Planet session has ended, a user who knows where to look could be able to see files that were displayed with NetFile, and anything that was displayed in a browser page, such as email attachments from NetMail Lite.

• NetMail in Internet Explorer with aliases. Occasionally, the list of aliases or the alias content may seem incorrect. To fix this, restart the NetMail client.

• NetMail and large attachments. If end users set their NetMail preferences through NetMail Session-Preferences-Cache to load attachments on disconnect and the attachments are very large, they may get uid/port number errors. These errors mean that the applet is out of memory. The user must print or save the files.

• NetMail Lite doesn't display the list of messages when some email includes very large attachments.

• NetMail can't remove more than one level of folder directories properly.

• NetMail Lite properties and NetCalendar preference changes are lost when the user logs off.

• NetCalendar doesn't show appointment reminders.

• Changing the default view in NetCalendar from "week" does not work.

• NetMail local installer may generate a JavaScript error.

• In URLs, extra colons (:) are replaced by "%3A" in the URL because certain browsers do not handle embedded colons.

• Small browser windows. Java applications, which are a part of the i-Planet installation (NetFile, NetMail) are launched by the i-Planet Desktop using separate browser windows. These new windows do not contain navigation buttons and, by design, cannot be resized. In certain situations, the End of Session page or the Desktop Login page is presented to the user in one of these small browser windows. When this occurs, the user should return to the i-Planet Desktop browser and click Refresh to present the Login page in that large browser window.

• The desktop is not refreshed before an application is started.

Session timeout and session maximum time. After 30 minutes of inactivity or 120 minutes of total session time, a user is required to relogin to the i-Planet server before continuing. The login page will be displayed in the application or in the browser window that is currently being used. If the login page is not visible, the user should return to the main browser window and log in. It may be necessary to restart the browser in some cases. Operations that may span the maximum session time, such as FTP, could result in data loss if the session times out. The system administrator can change the values for both the inactive timer and the maximum session timer in the Administration Console.

SSL certificates and keys. To back up your certificate files, copy the following files from /etc/opt/SUNWstnr to a safe place: .rppass (the password file), rp.CAstore (the CA root certificate file) and rp.keystore (the certificate file). If you ever need to restore a certificate, you can copy these three files back to /etc/opt/SUNWstnr. This applies to both the i-Planet gateway and the i-Planet server.

Installation may appear to hang. If a package seems to be taking more than five minutes to install, check the log file for the installation. The installation script could be waiting for a yes or no answer to an unexpected question on the input line that the user did not see. This could result from an old package that was not removed from a prior installation, or from insufficient disk space in the / partition.

In a nondefault (customized) installation, if you select the same port numbers for the i-Planet gateway and i-Planet server, turn on SSL between the gateway and the server, and then turn off SSL, the software will not work correctly. The workaround is to change one of the port numbers in the platform.conf file on the i-Planet server.

If you install using the default port numbers, and have SSL turned on between the i-Planet gateway and the i-Planet server, if you want to do remote administration, you must add the following lines to the /etc/opt/SUNWstnr/gateway/secureURL.conf file on the i-Planet gateway:

https://server_name:443
https://server_ip_address:443

If you install in a directory other than /opt (the default installation directory), you must copy the license configuration file to your installation directory for licensing to work. As root, use the command:

# cp /opt/SUNWste/license_tools/LIC_CONFIG_FILE.i-Planet2.0
\
/your_install_dir/SUNWste/license_tools

If you place a firewall between the i-Planet gateway and the i-Planet server, you should open the well-defined ports between the gateway and the server, such as 8080 and 443 (for a default installation), and the ports for the services that the Netlet needs to connect to.

If the i-Planet server cannot resolve the name of the i-Planet gateway, you must add the gateway name and IP address to the /etc/hosts file.

If you have dual interfaces with the same name on the i-Planet gateway, after installing the i-Planet server you must edit the platform.conf file on the server. Modify the trustedProxyFullURL parameter to match the external interface IP address of the gateway.

If you are using a web proxy host with SSL between the i-Planet gateway and the i-Planet server, https traffic does not go through the web proxy host.

Netlet supports only 20 Netlet rules. The sum of the enabled, predefined rules and the user-defined rules cannot be more than 20. If there are more than 20 rules, the Netlet will not start and an error message will be displayed in the Java console.

GraphOn GO-Joe software is not supported on X86 clients, and does not run under the Solaris 7 operating environment in 64-bit mode. To determine whether you are using the 32-bit mode or the 64-bit mode, use the dmesg command.

RADIUS support and support for next token and new PIN modes for SecurID authentication require installation of an upcoming patch.