Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Release Notes

Release Notes



Quest® Enterprise Single Sign-On

Version 8.0.6

Release Notes

May 2013


Contents

Welcome to Quest® Enterprise Single Sign-On

New in this Release

Resolved Issues

Known Issues and Warnings

Upgrade and Compatibility

System Requirements

Restrictions

Global Operations

Getting Started

For More Information

 


Welcome to Quest® Enterprise Single Sign-On

The term "Quest ESSO" is used to refer to packages, features, data, etc. that are common to Advanced Login module and SSOWatch module. For example, "Quest ESSO Console" is the console that manages both Advanced Login module and SSOWatch module.

Quest Enterprise SSO allows administrators to control user accesses to workstations and applications, and allows end-users to automate their accesses to applications by performing single sign-on (SSO).

Quest Enterprise SSO offers the following main functionalities:

  • A powerful Single Sign On: the SSO functionality allows the detection of application login windows and the automatic injection of authorized login credentials (user identifier and password).
  • It offers the main following features: administration of applications and their password policies, user delegation, re-authentication and audit collection.
  • Access control policies to workstations and applications.
  • The resources to reinforce the primary users authentication by replacing the basic password authentication by strong authentication methods such as cryptographic smart cards, USB tokens, Active RFID, certificates and biometrics. Strong Authentication is an optional component.
  • The capability to do "Fast User Switching" making it possible to share a workstation between several users without having to open a new Windows session.
  • Audit and Reporting providing ready-to-use reports on authentication, access and administration events. The reports can serve as proof of effective implementation of the access policy, and enable you to detect orphan accounts and so on.

 


New in this Release

New features in Quest® Enterprise Single Sign-On:

  • Multi User Desktop
  • Emergency plan
  • SSO improvements
  • SSO improvements
  • Windows 8 is supported with the following restrictions:
    • SSOWatch module: Badpassword screens are handled only once on ModernUI application, Field outlines are not underlined during configuration.
    • Advanced Login Module: Credential Providers V2 are not implemented. Credential Providers V1 are still used. Transparent locking is not supported.
  • Dashboards - Dashboards can be generated from the Quest ESSO Console on the following reports:
    • Authentication methods statistics
    • Authentication statistics
    • Failed authentication statistics
    • Password change statistics
    • Single sign on statistics
    • Bad password statistics
    • Password collect statistics
    • New: Controller audit load statistics
    • New: Application SSO statistics
    • Installed software modules
    Dashboards require Quest ESSO Controller in 8.0.6 version.

Multi User Desktop

Multi User Desktop provides advanced Fast User Switching features for computers used "simultaneously" by a large number of users (such as kiosk computers or computers used by medical staff in a hospital).

Multi User Desktop is an optional feature of SSOWatch module. It is available on computers where neither Advanced Login nor Integration with Windows Authentication is installed.

Emergency Plan

Emergency plan tries to answer to this problem: How can I quickly give users access to their SSO data?

With Quest ESSO 8.0.6:

  1. Users can reveal their passwords from the user web portal.
  2. Administrators can send SSO accounts to users by e-mail.
  3. Users can request to receive their SSO accounts on their e-mail box from the user web portal.

SSO improvements

  • Google Chrome is natively supported by SSOWatch module.
  • Quest ESSO diagnostic mode allows users of SSOWatch module to see why the SSO does not work

 


Resolved Issues

The following is a list of issues resolved in this Service Pack.

Feature Known Issue Defect ID
Quest ESSO Middleware
Description: IAMGetReport program crashes on Japanese platform external 45802
(internal 47288)
Description: WGSS Controller crashes when connection to Audit DB is broken. external 45870
(internal 47358)
Description: Smart card serial number not added to audit events external 45793
(internal 47273)
Description: WGSS crash at session opening in registry mode external 45536
(internal 46996)
Description: Controller crashes while downloading CRL if HTTP proxy set in Console starts with http: // external 45346
(internal 46722)
Description: Large number of SSO Events. external 43216
(internal 44240)
Description: Audit filter ignored. external 44492
(internal 45703)
Description: Problem to access controller servers. external 44567
(internal 45798)
Description: Controller WGSS abort in eDirectory configuration. internal 46592
Description: Unexpected stop of WGSS service in wgws__SetAccountData function when there are parameters. internal 46006
Description: WGSS does not start after migration from evolution 5 in case of openldap with SSL. internal 46061
Installation
Description: Wrong dialog layout while selecting installation folder. external 45960
(internal 47463)
Description: Problems with names and installation folders in OEM versions. external 45895
(internal 47386)
external 45896
(internal 47387)
external 45933
(internal 47429)
external 45934
(internal 47430)
Description: Registry keys (related to Microsoft's oleaut32.dll) are removed after upgrading. external 45843
(internal 47327)
Description: description fields in LDIF file are in French (in German environment). external 45681
(internal 47176)
Description: ESSO Web services: no translation available for Dutch language. external 45215
(internal 46608)
Description: Quest ESSO uses a version of PHP that is affected by multiple vulnerabilities.
Correction description: Use version 5.2.17 of PHP (instead of 5.1.4)
external 44335
(internal 45479)
Description: Problem at installation with QuickInstaller in AD\LDS mode. external 44766
(internal 46062)
Description: Import key problem with secondary controller. external 44824
(internal 46127)
Description: No RootDN discovery in LDAP configuration with OpenLdap. internal 47451
Description: Problem in Finnish administration tools web page. internal 46733
Description: Quick Install fails to connect to DB.
Correction description: Read MySQL ODBC driver name from MSI package file.
internal 45940
Description: Immediate lock of opened sessions after quick installation. internal 46217
Description: Upon update, existing installation folder is ignored for Agent MSI package. internal 46081
Multi-User Desktop
Correction description: Allow MUD user to select Password and SSPR authentication method while in transparent/control mode. external 45773
(internal 47259)
Description: Default action on Multi User Desktop is "Logoff".
Correction description: Change default action to "Disconnect".
external 44783
(internal 46075)
Description: Crash of Multi User Desktop.
Correction description: Biometrics thread cleanup.
external 44715
(internal 45996)
Description: In very specific circumstances, user B can view applications of user A.
Correction description: Add MUDDontHandleQueryEndSession and FUSKillRemainingProcesses registry values.
external 44535
(internal 45759)
Description: Improvement of the masking user's applications. external 44148
(internal 45151)
Description: Administrator can reveal user's applications.
Correction description: Add MUDDontAllowAdminToViewWindows registry value to always hide all windows of locked users, even if current user is an administrator.
external 43311
(internal 44416)
Description: Multi User Desktop welcome screen generates persistence on computer displays.
Correction description: Does not take focus or put welcome screen on foreground when screen saver is running.
external 45022
(internal 46454)
Description: MUD instability. external 44571
(internal 45802)
Description: MUD configuration problem at first installation. external 44773
(internal 46067)
Description: Problem to identify biometric fingerprint.
Abstract: Enhanced detection of ghostly fingerprints.
external 44468
(internal 45668)
Advanced Login
Description: An Access Point Profile is defined to use Transparent Lock. When the device is locked, it goes to the standard lock screen instead of displaying whatever is on the desktop.
Abstract: Incompatibility between TransparentScreenLock and SwitchUserInsteadOfLock.
external 45965
(internal 47478)
Correction description: Video readers taken into account into the activity not to automatically lock the station during a video on Windows 7. external 45855
(internal 47349)
Description: Cannot assign PKA card when certificate attribute contains a closing parenthesis character. external 45685
(internal 47184)
Description: On unlock user-id of last connected user is displayed. external 45869
(internal 47357)
Description: Screen automatically locked after 5 minutes though domain policy is set to 30 minutes.
Abstract: Automatic screen lock whereas Advanced Login not installed.
external 45986
(internal 47507)
Description: Lock of workstation during biometrics enrollment.
Correction description: Suspend inactivity timer during biometrics enrollment.
external 45519
(internal 47013)
Description: When USB or Omnikey5321 Mifare reader goes to sleep mode, Advanced Login stops. external 45847
(internal 47330)
Description: CPS card middleware hangs if given PIN is empty. external 45955
(internal 47454)
Description: Credential Manager crashes during wake-up when lock with biometrics is active. external 45604
(internal 47095)
Description: Some UPEK biometrics readers are not recognized by Quest ESSO, the Biometric tile dsiplays Waiting for Initialization .
Correction description: GetLocalBioReaders(): take into account "Authentication devices" class change of Authentec drivers (1.9.2.204)
external 45541
(internal 47015)
Description: SSPR 0x82002062 error in server mode and AD ADLDS. external 45756
(internal 47247)
Description: Smart card registration error with key pair.
Correction description: Always certificate serial number when PIVCompliantSerial is set.
external 45730
(internal 47245)
Description: Impossible to change primary password via CTRL+ALT+DEL with biometry on Windows 7. external 45602
(internal 47098)
Description: Session does not lock on smart card removal. external 45769
(internal 47265)
Description: When unlocking a session on a Windows 2008, the name of the user having opened the session could be wrong (could be the name of another user having a session active at the same time). external 45792
(internal 47271)
Description: Double card authentication with Microsoft DirectAccess.
Correction description: When DirectAccess asks for authentication, the Microsoft tiles are displayed.
external 45462
(internal 46928)
Description: Workstation unavailable after first boot if no connection to AD LDS.
Correction description: If WGSS cannot start after the first boot, the Microsoft tiles are displayed at next boot to unlock the workstation.
external 45353
(internal 46740)
Description: Error 0x81020024 at CPS card assignment in OpenLdap/Samba environment. external 45605
(internal 47096)
Description: Random problem of session lock when switching from card to password on Windows 7 with SwitchUserInsteadOfLock registry value set. external 45634
(internal 47128)
Description: Advanced Login tiles not displayed when access to a network drive. external 45518
(internal 46975)
Description: Is it possible to hide the authentication window under Windows 7?
Correction description: Add Software\Enatel\WiseGuard\AdvancedLogin\WaitingDialogHeight registry value (DWORD) to define window height. Formula is (height resolution) / (registry base value/10).
external 44624
(internal 45899)
Description: Function to used with Microsoft session opening client is impossible with Quest ESSO session opening client.
Correction description: Prevent session opened by Card from being unlocked by Password by DWORD Enatel\WiseGuard\AdvancedLogin\ImposeUnlockMethod.
external 45613
(internal 47103)
Correction description: Possibility to set DontCheckWindowsCredentials key in GPO. external 45445
(internal 46870)
Description: SSPR not usable when questions are too long. external 45354
(internal 46739)
Description: Impossible to unlock its own Advanced Login session if the user profile indicates a strong authentication is necessary. external 45323
(internal 46689)
Description: Roaming Webservices problem. external 45533
(internal 46994)
Description: Fingerprint enrollment always in high quality. external 45081
(internal 46453)
Description: Problem on offline RSA cache management.
Correction description: Do not display authentication window to refresh RSA Cache in case of offline mode.
external 44685
(internal 45974)
Description: Crash of Quest ESSO Credential Manager.
Correction description: Biometrics thread cleanup upon stop of Credential Manager.
external 44753
(internal 46043)
Description: Problem when renewing certificate.
Abstract: Reenrollment PKA error during change of certificate on card in non-Microsoft directory.
external 44499
(internal 46207)
Description: "Other user" tile not displayed when RDP client started in remote session. external 44657
(internal 46614)
Description: When going back from hibernate state, biometric authentication does not work. external 44728
(internal 46026)
Description: Quest ESSO service account does not the correct rights to enroll cards in PKA mode. external 45195
(internal 46571)
Description: "Your rights do not entitle you to unlock the computer" error message.
Abstract: Problem to migrate Windows credential when login id contains domain.
external 44875
(internal 46296)
Description: Crash of LogonUI.exe on Windows 7. external 44682
(internal 45976)
Description: After going from hibernate state, Advanced Login SSO GINA does not answer.
Abstract: After going from hibernate state, biometric device is not immediately available as USB connections are not yet operational.
Correction description: Access to the biometric device is now tried several times (30 times with 1 second between two attempts)
external 43330
(internal 44323)
Description: Password policy displayed when changing password after SSPR in disconnected mode and logon in connected mode.
Correction description: Show or hide password format helper in GINA. Registry DWORD WiseGuard\AdvancedLogin\ShowPasswordFormatHelper - 0 to hide, 1 to show - If absent, default value is 1, except in stand-alone mode where it is 0.
external 44898
(internal 46320)
Description: Problems after change of sAMAccountName. external 44603
(internal 45864)
Description: Visibility change: during automatic password change via a card authentication, a message appears.
Correction description: Make display of password-changed-on-token message by credential provider tiles (Vista/7/2008/...)
optional:
Registry DWORD DisplayTokenStoredPasswordChangedMessage under Enatel\WiseGuard\AdvancedLogin. 0 not to display, 1 to display
external 44634
(internal 45913)
Description: Impossible to personalize Advanced Login banner and the RFID tile. external 44937
(internal 46264)
Description: User asked to choose role (Windows account) on transparent re-lock from "switch user" / logon screen. internal 47325
Description: Biometrics fingerprint not usable in Bio-on-card at Windows 7 unlock internal 46947
Description: wgsens crash in remote desktop with card. internal 47031
Description: CPS card authentication problem with V2 library. internal 47227
Description: Excessive consumption of handles by CustomBioextensionBio-key.dll when it is not possible to determine if a driver is operational. internal 46755
Description: Error 0x81020027 or 0x81010009 when opening a session on Windows XP in multi-domain ADLDS. internal 47074
Description: Tile with flower (default Microsoft image) displayed on Windows 7 after reboot. internal 46958
Description: The transparent lock tile is displayed with the old style in Advanced Login internal 46249
Description: Wallpaper not updated for non-administrator users. internal 46956
Description: Session not locked on card withdrawal. internal 47030
Description: Display of reauthentication window in OTP mode for RSA cache management is not well managed.
Abstract: Problem on reauthentication for offline mode with OTP.
internal 46008
Description: Problem with delegated administration. internal 45446
Quest ESSO Console
Description: Naming problem in "allow the user to test the application with ssowatch".
Correction description: ssowatch changed to E-SSO.
external 45889
(internal 47376)
Description: Cannot add groups containing access points to the application access rules. external 45910
(internal 47395)
Description: Access point profile cannot be created with old directory schema. Error 0x81020064. external 45733
(internal 47255)
Description: Cannot assign CPS-like smart card in the Quest ESSO Console. external 45691
(internal 47190)
Description: WGSS service startup and queries are slow in Quest ESSO console. external 45594
(internal 47079)
Description: Cannot import CPS test CA certificate. external 45690
(internal 47186)
Description: Rate given in administration console and biometrics tab of access point profile does not correspond to the reality. external 44269
(internal 45417)
Description: A click on the title of the serial number column sorts the cards instead of the serial numbers. external 45152
(internal 46527)
Description: Quest ESSO Console: LDAP server access error during modification of a user password in the directory. external 44394
(internal 45579)
Description: Application name not set in Delete Account audit events. external 42873
(internal 43909)
Description: Problem with delegated administration. external 44539
(internal 45768)
Description: Scripting does not work when applied to an Organizational Unit (in AD mode) external 45201
(internal 46586)
Correction description: Administration console: Directory: Browsing right allows now to open the Enterprise SSO Studio in read only mode. external 44668
(internal 45955)
Description: Unclear error message when a not authorized administrator tries to reinitialize a primary password. external 45173
(internal 46542)
Description: Sending of SSO accounts to a user by email does not work if traces are not activated. external 45330
(internal 46700)
Description: Error 0x8200360f when trying to put a certificate on a Cryptoflex .NET card. external 44620
(internal 45892)
Description: "Delete all accounts" on application does not write an Audit event.
Abstract: Cannot view "Delete account" events from Application (they are visible from the User)
Correction description: Add application as an object of the Delete account event.
external 42873
(internal 43909)
Description: Error 0x81013106 when opening the console. external 44838
(internal 46150)
Description: User password not recognized after modification on Console with OpenLDAP directory. internal 47402
Description: PKA attribute not reinitialized after a card is black-listed. internal 47292
Description: Console crash during certificate emission, mainly if an error message or a warning is sent back by CA. internal 47152
Description: Number of active mobiles wrongly managed in console with AD/LDS directory. internal 47122
Description: Biometry and ADLDS: information tooltip contains incorrect data. internal 47062
Description: Button "Activate" of Emergency Plan present in the console even if Emergency Plan license is not installed. internal 46906
Description: Errors and Events does not show error messages for the selected language, only the default one. internal 46849
Description: In the console, incorrect parameter in Audit / Advanced Filter when adding a condition in audit search filter. internal 46834
Description: When a not enrolled mobile is added manually in the Console, it is not visible under "List of Mobile Devices" even if the option "Show phones that not enrolled yet" is checked. Only if the directory is ADAM/ADLDS. internal 46885
Description: Audit-ID not resolved in multi-domains ADLDS. internal 47063
Description: Problem at assign of Windows smartlogon card.
Abstract: Certificate emission step omitted during card assign in the console.
internal 46948
Description: Following migration to 8.06 display problem in the Console, biometric section, of user accounts having collected their fingerprints in a previous version than 8.0.6 internal 45991
Description: "delegate" column empty in "Delegation Modification" report. internal 46090
Description: System field of Information tab of an access point is not filled in in the console for ADLDS directory. internal 43358
Description: Cannot list the whole list of users in Reporting module. internal 46091
Description: Controller crashes when generating reports if Audit V2 translations data have not be inserted in the (Master) Audit DB. internal 46168
SSOWatch and Enterprise SSO Studio
Description: In case of new password the fields New password and Confirm password are filled. external 45656
(internal 47148)
Description: Adding the possibility of not doing SSO with Google Chrome to not activate the accessibility of it. external 45509
(internal 46968)
Description: Cannot define password field for basic authentication in Japanese Internet Explorer. external 45911
(internal 47411)
Description: Sometimes SSOwatch does not do a stop/start engine when a new user logs in on a non-hierarchical FUS PC and RFIDMode 2 external 45698
(internal 47225)
Description: When Enterprise SSO (ssoengine) is active, execution of Office help fails.
Abstract: Interaction with Office interactive guides locally on the station.
external 43820
(internal 44854)
Description: Problem with Quest ESSO client after changing the name of some default objects in the Console external 45786
(internal 47262)
Description: Empty SSO Test report file in Japanese environment. external 45835
(internal 47322)
Description: When one script is deleted from a technical definition containing several scripts, all are deleted. external 45750
(internal 47251)
Description: When resizing the script editor dialog, buttons may become invisible.
Correction description: Minimum size defined for the dialog to prevent the buttons from being invisible.
external 45808
(internal 47296)
Description: Problem at SSOWatch start on a cluster station. external 45741
(internal 47234)
Description: SSO does not work after session unlock if access point generic account configured in exclusive manner external 45748
(internal 47237)
Description: Change an application account is not passed on to other applications sharing the same account, it is necessary to perform a "Reset" on SSOWatch engine that information is taken into account in the accounts sharing. external 45726
(internal 47250)
Description: Wrong translated error message when a technical definition points to a not installed .exe file. external 45653
(internal 47142)
Description: With Firefox 18, impossible to realize SSO on web page when it is not in the first tab. external 45481
(internal 46925)
Description: Login problem with Chrome when using multi-accounts. external 45501
(internal 46950)
Description: Problem with collected accounts when using application test mode of SSO Studio. external 44754
(internal 46045)
Description: SSOWatch engine crash if Omnipro window displayed and "FUS extension DLL" installed. external 45115
(internal 46477)
Description: Application not renamed in SSOWatch list after a rename in the console, even after engine reinitialization. external 43381
(internal 43939)
Description: SAP Logon 7.20 not recognized by SSO. external 44814
(internal 46123)
Description: Credential Manager memory leak.
Correction description: Reduce memory of Credential Manager if HKLM\SOFTWARE\Enatel\WiseGuard\AdvancedLogin\WorkingSetSize (REG_DWORD) registry value is set to 0xFFFFFFFF
external 44369
(internal 45528)
Description: Biometrics enrollment tool cannot connect to device when LockWithBioScanMode option is set.
Correction description: Either wait for bioenroll to end (upon session opening) or forbid bioenroll tool from CAD security Panel.
external 45069
(internal 46465)
Description: Authentication "SSOWatch" window remains displayed after card withdrawal with Public Access FUS. external 41212
(internal 42268)
Description: External CustomScript DLL compatibility error. external 45249
(internal 46629)
Description: Quest ESSO crash after having entered identification information for IBM Lotus 8 mail application. external 44837
(internal 46151)
Description: Value of account parameter always forgotten. external 45014
(internal 46362)
Description: Abnormal password change request in SmartcardLogon or Session mode. external 45078
(internal 46443)
Description: Problem of password inheritance between SSO applications.
Abstract: SSO accounts wrongly updated because AD replication conflicts are not taken into account.
external 44604
(internal 45879)
Description: User can cancel SSO option not working properly with HLLAPI. external 45106
(internal 46462)
Description: No reauthentication request in session mode on SSO when restarting the engine external 44984
(internal 46328)
Description: Application roles are not sorted external 45189
(internal 46558)
Description: Firefox ESR 10.0.11 - Login Popup not detected. external 45017
(internal 46397)
Description: URL wrongly detected (sometime options, after ? character, are not take into account in URL detection with IE) external 44893
(internal 46206)
Description: After primary password change the SSO data is not reencrypted. This is followed by a problem to do the SSO data migration when SSOWatch asked for the old password.
Abstract: SSO is in offline mode while the primary password is changed.
external 43755
(internal 44815)
Description: Incoherency in encryption parameter between application profile and user security profile. external 44899
(internal 46216)
Description: User can close Reflection even when prompted for SSO data. external 45105
(internal 46472)
Description: Preset question selected by default instead of the user defined question when asking SSPR questions/answers external 44928
(internal 46394)
Description: Problems with Firefox ESR 10.0.7 and SSOWatch. external 44623
(internal 45961)
Description: SSOWatch engine not always reactivated at end of hibernation. internal 47199
Description: SSOWatch engine crash on Windows 7 during creation of SAP logon 710 account. internal 46455
Description: Problem at window close when creating a new account in Windows 8 without giving an account name. internal 46761
Description: Delegated accounts cannot be decyphered at logon. internal 46836
Description: PIN requested twice on authentication with some Gemalto smartcard when Gemalto tools are installed internal 45989
Description: Glink Hllapi application not recognized after migration from evolution 5. internal 46503
Description: Immediate desactivation of SSOWatch after reactivation. internal 46003
Description: Application profile displayed in Application Access tab of a user belonging to several groups is not the right one. internal 45884
Description: Crash of Credential Manager when trying to renew the certificate. Internal 46080
Self Service Admin Portal
Description: SSPR does not work if DOMAIN\USER or userdns@domaindns format is not followed. external 45700
(internal 47210)
Description: Wrong German translation in Web SSPR. external 45840
(internal 47324)
Description: Security issue with SSPR. external 45520
(internal 46979), external 45522
(internal 46981)
external 45524
(internal 46984)
Description: Logout button is not displayed on all pages. external 45527
(internal 46987)
Description: Session identifier can be preset. external 45523
(internal 46983)
Description: HTTPOonly flag not set in session cookie. external 45529
(internal 46989)
Description: Secure flag not set on session cookies. external 45525
(internal 46985)
Description: Site does not enforce SSL for sensitive information. external 45521
(internal 46980)
Description: Web server supports outdated SSLv2 protocol. external 45528
(internal 46988)
Description: Filter problem on "reinitialization data collect" function on Web portal. external 44934
(internal 46425)
Description: Delegated application present in list of applications to delegate in Self Service Admin portal. internal 45412
Description: No automatic SSO in access delegation authentication page. internal 45854
Description: Access to password reinitialization page is forbidden for an Quest ESSO user. internal 45847
Description: Get white page on SSPR/Self admin web portal.
Correction description: During update, update the PHP module for Apache if needed.
internal 46191
Description: Apache web server cannot find UASRes.dll of Apache server of Self Service Admin portal on x64 platform internal 46194
Description: SetAccountDataWithAccessV2 function does not allow to provision specific attributes via the Web Service. internal 45559
Description: Apache crash on Self Service Admin portal on user access delegation when user has no account and traces are active. internal 46386
Quest ESSO API
Description: Call to WG_GetUserAllowedApplicationRoles() does not allow to get list of associated parameters. external 45636
(internal 47130)

 


Known Issues and Warnings

Advanced Login with RDP connections on Windows XP

On Windows XP, the Remote Desktop Protocol (RDP) connections with a smart card are supported on Windows XP SP2/SP3 only.

Please note that Quest Software only supports this feature for Microsoft’s client portion of Remote Desktop. No other RDP clients are supported.

SSOWatch with AccessMaster

You must use SSOWatch that is delivered with AccessMaster. SSOWatch of Quest ESSO cannot be used with AccessMaster.

Integrating an Application with the HLLAPI Plug-in Depends on Many Factors

Successful integrating a terminal application with the HLLAPI module depends on many parameters:

  • Which terminal emulator is used
  • Which terminal protocol is used
  • The specific way in which the application implements login

The HLLAPI plug-in has been tested by Quest with the following emulators in some basic conditions:

  • Attachmate EXTRA! Mainframe Server Edition 8.1
  • Gallagher and Robertson Glink Professional Edition version 8.0.5
  • NetManage RUMBA version 7.4
  • Zephyr PASSPORT PC TO HOST (version 2007-914-S)
  • Distinct IntelliTerm 8.1

However, this does not mean that integrating any application with any terminal protocol will always work with the above emulators. In some cases, the specificities of applications means that successfully integrating them may require paid services from Quest Software or Quest Software partners.

Integrating a Third-party Card Management System (CMS) Is Not Possible in All Cases

Quest Software can integrate a third-party CMS with Enterprise SSO on a service basis. This requires paid professional services from Quest Software.

Once integrated, the third-party system replaces the CMS features of Quest ESSO Console.

Please be aware that, for this integration to be technically feasible, there are a number of technical prerequisites on the third-party CMS. Please contact Quest Software for a list of those prerequisites.

When Enterprise SSO Is Used with Novell NetWare, the NetWare Password Must Be the Same as the Windows Password

When Quest ESSO is used in Novell NetWare environments, please make sure that the NetWare password is always the same as the Windows password.

You must use a NetWare option to synchronize the Windows password with the NetWare password.

If this is not done, the user will need to perform a second authentication to Novell NetWare after his or her Windows authentication.

SSOWatch Internet Explorer plug-in Warnings

The following warnings apply to the new Internet Explorer 6.0,7.0, 8.0, 9.0, and 10 plug-in:

  • If a frameset contains a secure page that contains a combo box, SSOWatch cannot activate that combo box.

Some Features Are Available in English Language Only

The following will be displayed in English language only in localized versions:

  • Java Virtual Machine (JVM) configuration program (Java plug-in feature of SSOWatch)

 


Upgrade and Compatibility

Updating Quest ESSO modules

If the Quest ESSO Console and the Advanced Login modules are installed on a same system, when you update these Enterprise SSO modules, please bear in mind that:

  • The Quest ESSO controller component must be updated before any other modules.
  • You must update all the Quest ESSO modules installed on this station to the latest patch level.

Migration issues

Migration from an previous version to Advanced Login & E-SSO 8.0.6

Migration from WiseGuard 4.54 to Quest ESSO 8.0.6 requires advanced skills and integration service is required. Please contact Quest Support.

Migrating with Novell eDirectory

Due to an issue with Novell eDirectory 8.7.3, some LDAP object classes can't be updated using a script (the operation causes a server crash) and require manual operations.

Follow these steps (for every involved classes)

  • Start Novell ConsoleOne
  • Select the root of the eDirectory tree
  • Launch the Schema Manager tool ("Tools" menu, then "Schema Manager..." item)
  • Select the object class in the list.
  • Press the "Info..." button
  • In the new window, press the "Add Attributes..." button
  • According to your original installation add the following attribute types to the right-side list then press "OK":
    Migrating from WiseGuard 4.12
    Object class: enatelPersonalAllowedAppRole
    • Add attribute: enatelUserRoleObject
    • Add attribute: enatelApplicationProfileObject
    • Add attribute: enatelAccountType
    • Add attribute: enatelAccountFormat

    Object class: enatelComputerSecurityProfile
    • Add attribute: enatelSoftwareModuleDataPrivacyData
    • Add attribute: enatelSoftwareModuleRFIDData
    • Add attribute: enatelAuditFilterMode
    • Add attribute: enatelAuditFilterObject

    Migrating from WiseGuard 4.54 and Quest ESSO 8
    Object class: enatelComputerSecurityProfile
    • Add attribute: enatelSoftwareModuleDataPrivacyData
    • Add attribute: enatelSoftwareModuleRFIDData
    • Add attribute: enatelAuditFilterMode
    • Add attribute: enatelAuditFilterObject

Migrating with OpenLDAP

Quest ESSO 8.0.4 and 8.0.5 improve the way search requests are used with OpenLDAP. The new options used by Quest ESSO cannot be added to the already existing OpenLDAP environments.

In order to allow the migration of these previous installations, a specific schema file is provided (WiseGuard-from_4_54.schema). This file must be used in all migration cases.

IMPORTANT: The configuration of the Quest ESSO Services with an OpenLDAP repository requires advanced skills and integration service is required. Please contact Quest Support

 


System Requirements

Before installing Quest ESSO, ensure your system meets the following minimum hardware and software requirements:

Operating System Prerequisites

Agents Environment

Quest ESSO agents can be installed on the OS platforms detailed in the tables below. That concerns the following agents:

  • Advanced Login
  • SSOWatch
  • Quest ESSO Console
Operating System Service Packs 32bit Service Packs 64bit
Windows XP (Home or Professional Edition) SP1, SP2 and SP3 SP2 (cluster mode is not supported)
Windows 8 Pro/Windows 8 Enterprise Original Original
Windows 7 Original and SP1 Original
Windows Server 2003 Original, SP1, SP2, R1 and R2 R2 SP2
Windows Server 2008 R2 Original and R2 SP2 R2 SP2

NOTE:
Quest ESSO agents are not supported with the virtualization software such as VMware Workstation or Microsoft Virtual PC.

Controllers Environment

Quest ESSO Controllers can be installed on the OS platforms detailed in the tables below:

Operating System Service Packs 32bit Service Packs 64bit
Windows Server 2003 Original, SP1, SP2, R1 and R2 R2 SP2
Windows Server 2008 R2 Original and R2 SP2 R2 SP2

NOTE:
Quest ESSO Controllers are supported with the virtualization software such as VMware Workstation or Microsoft Virtual PC.

Citrix / Xenapp

Citrix XenApp (Citrix Presentation Server) 4.5, 5.0, 6.0 and 6.5 are supported

Quest ESSO can be installed in an environment where Samba is used as an authentication server and domain controller. The prerequisites are:

  • Samba must be version 3.0.x
  • Samba must use OpenLDAP (see OpenLDAP version after)

Hardware Prerequisites

  • SSOWatch module, Advanced Login module
    The Quest ESSO agents do not require significant resources on modern computers. The recommended minimal configuration on Windows XP and Windows 7 is the following:
    • 1 GHz Intel processor
    • 512 MB RAM
  • Quest ESSO Console and controller
    The Quest ESSO Console and controller must run on a recent configuration in order to access the audit base with satisfactory performance. The recommended minimal configuration is the following:
    • Intel Core 2 Duo processor
    • 2 GB RAM
  • Audit Database
    The size of the hard drive hosting the audit database depends on how long you want to keep the log on-line before archiving it. (The audit base does not need to reside on the Enterprise SSO server itself.). For a rough estimate use the following:
    • One log entry = 1000 bytes (including database index and other overhead)
    • Typical log activity = 20 log entries per user per day

LDAP Directories and Databases Versions

LDAP Directory Versions

Quest ESSO can access user information located in LDAP directories and use these directories to store SSO and security data. The directories supported by Quest ESSO are:

Active Directory
  • Windows 2000 Server SP4
  • Windows Server 2003 SP1 and SP2
  • Windows Server 2003 R2 SP1 and SP2
  • Windows Server 2008 SP1, SP2 and R2 SP1
AD LDS
  • ADAM or AD LDS version 1.1 (SP1) or later on Windows Server 2008 SP1, SP2 and R2 SP1
  • Windows Server 2003 SP2
Oracle Directory Server
  • Oracle Directory Server Edition 11g
  • Or Sun Java System Directory Server 5.2
389 Directory Server
  • 389 Directory Server 1.2. on Red Hat Linux
  • Or Fedora Directory Server 1.0.1 on Red Hat Linux
  • Or Fedora Directory Server 1.2 on Red Hat Linux
OpenLDAP
  • OpenLDAP Directory 2.4.X
    IMPORTANT: The configuration of the Quest ESSO Services with an OpenLDAP repository requires advanced skills and integration service is required. Please contact Quest Support
Novell eDirectory
  • Version 8.7.3 minimum
IBM Tivoli Directory Server
  • Version 5.2 with Fix Pack 003
  • Version 6.0

    Quest ESSO can use Microsoft AD LDS or ADAM to store SSO and security data.
    IMPORTANT: Don’t find the version you’re using? To obtain an up-to-date list of supported LDAP directories versions, please contact your Quest Software representative.

    Database Versions

    Quest ESSO controller can store a "master" audit base on a relational database. Quest ESSO has been validated with the following database versions running on Windows 2003/2008 Server Enterprise Edition:

    • Oracle from 8.1.7.4
    • Microsoft SQL Server 2000 and 2005
    • MySQL Server 5.0
    • IBM DB2 version 9.0

    The audit cache base can also be one of the database types listed here.

    If you want to use another type of relational database, please contact Quest Software for the feasibility and a cost evaluation.

    Link with User Provisioning

    The link with the User Provisioning requires User Provisioning 8.0 evolution 3 or I&AM 9.

    Supported Authentication Devices

    Smart Cards and USB Tokens

    The following middleware and authentication devices are compatible with these specific Quest ESSO modules:

    • Advanced Login can use the devices for user authentication
    • Quest ESSO Console can manage these devices and use them for the administrators’ authentication
    Smart-Card and USB Tokens Vendor Middleware
    ID Classic (Classic TPC) Gemalto Classic Client 6.2-005
    ID Classic IAS (IAS-ECC) Gemalto W7 - IAS ECC V2.0.20
    XP- Classic Client V8.0.9
    Cryptoflex .NET V2+, Cryptoflex e-gate 32K Gemalto No middleware
    Cyberflex 32K or 64K with PC/SC readers Gemalto ACS 5.6.4
    + Hot Fix 1
    Cyberflex and Oberthur smart cards ActivIdentity ActivClient 5.3.1
    CPS2ter and CPS3 GIP-CPS GIPS-CPS
    Cosmo 64 v5 Oberthur AWP (Authentic Web Pack) 3.6.2.2

    IMPORTANT: To request validation with other types of middleware and devices, please contact Quest Support.

    Please note that when using smart cards, you must use PC/SC smart card readers that are compatible with both the cards and the middleware detailed above.

    The only Certification Authority that is supported at the moment is the Microsoft Windows 2000/2003/2008 Certification Authority in an Active Directory configuration. Other Certification Authorities can be used via the PKCS import feature of the Quest ESSO Console.

    Advanced Login only supports the default "answer to reset" (ATR) of Gemalto Cryptoflex cards:

    • Cryptoflex 32K : 3b 95 XX 40 ff 64 02 01 XX XX
    • Cryptoflex e-gate 32K : 3b 95 XX 40 ff 62 01 02 XX XX

    Customized Cryptoflex cards are not supported.

    Biometric Devices

    Using Precise Biometrics

    Biometrics support requires that you purchase from Precise Biometrics™ a license of Precise BioMatch Pro Toolkit 2.3.0 for each workstation where biometric authentication will be performed.

    The list of biometric devices supported by Precise BioMatch™ Pro Toolkit 2.3.0 is currently the following

    WARNING:
    Some of these devices require a specific license of the Precise Biometrics software. Determine with the vendor which license is appropriate

    • Precise 100 A/AX/SC/MC/XS/BioKeyboard/PC-Card
    • Precise 200 MC
    • Precise 250 MC
    • IRIS BCR100T
    • IRIS Mobile SmartTerm St4E
    • AuthenTec AES4000 API-based readers
    • AuthenTec AES2501 API-based readers
    • Cherry FingerTIP Keyboards
    • UPEK ST1
    • UPEK ST2
    • Silex FUS-200N
    • Silex MUSB-200COMBO
    • Silex COMBO-Mini

    WARNING:
    For an up-to-date list, contact your Quest Software representative

    Using UPEK

    Advanced Login uses BSAPI 4.1.0.246 or PTAPI 3.11.0.236.

    These APIs support:

    • Intelligent readers based on the following chipsets: TCD21 (TFM), TCD41, TCD42, TCD50A, TCD50D. This includes EIKON, EIKON II and EIKON-To-Go external readers.
    • Sensor-only readers based on the following sensors: TCS4B, TCS4C, TCS5B, TCS4K, TCS5D
    • Area sensor readers: TCRU (using ST9 controller), EIKON Touch (using STM32 controller), TCEFC/TCEFD modules (using TCD50D controller)
    • SONLY devices with area sensors based on Cypress. (Supported only on Windows)

    On Windows, BSAPI.DLL supports also biometry-enabled composite devices manufactured by 3rd parties, if these conditions are met:

    • The composite device has AuthenTec sensor embedded, which is supported by BSAPI.
    • The manufacturer of the composite device provides original AuthenTec driver, which is modified for use with the composite device (e.g. it is registered for VID and PID of the composite device).

    Using BIO-Key

    Advanced Login 8.0.6 can use the BIO-key Biometric Service provider (BSP) version 01.09.920 or version 01.10.381 on 32-bit platform and BSP version 01.10.381 on 64-bit platform.

    The installation BIO-key BSP tool shows the list of supported devices.

    Using Hitachi

    Advanced Login 8.0.6 supports the Hitachi USB Finger Vein Biometric Scanner - Hitachi Finger Vein H1 Unit.

    RFID/HID devices

    XyLoc support requires that you obtain from Ensure Technologies the Software Development Kit in order to deploy on each workstation the ETSecure.dll.

    IMPORTANT:
    Xyloc devices are not supported with Microsoft RDP

    Advanced Login has been tested with the following MIFARE components:

    • SAGEMYpsid S1-IAS
    • Sagem Ypsid MatchOnCard
    • Classic TPC
    • Oberthur
    • Cyberflex 64k
    • Crypto.NET v2+
    • CPS3

    These tests have been done with the following reader: CardMan 5321, these RFID devices are natively supported (no middleware needed)

    Advanced Login is pre-configured with the following ATR (Answer To Reset):

    ATR BAGDE
    3b8f80010031b86404b0ecc1739401808290000e CPS3
    3b8f8001804f0ca000000306030001000000006a Mifare Standard 4K
    3b8f8001804f0ca0000003060300020000000069 Mifare Standard 1K
    3b8f8001804f0ca0000003060a001c000000007e HID iCLASS
    Start with 3b05 HID Prox 125kHz format H10320
    Start with 3b06 HID Prox 125kHz format H10301
    Start with 3b07 HID Prox 125kHz format H10302, H10304 and Corp 1k

    RFIDeas (www.rfideas.com) is natively supported by Advanced Login. No additional middleware or software development kit is needed.

    NOTE: pcProx Sonar of RFIDeas is compatible with Advanced Login and Multi User Desktop.

    SSOWatch Plug-in Requirements

    General requirements

    Plug-ins are extensions of SSOWatch. They provide SSO authentication methods for specific types of applications.

    These plug-ins are delivered with Enterprise SSO. Plug-ins are available for:

    • Microsoft Internet Explorer (for Internet Explorer 5.5, 6.0, 7.0, 8.0, 9.0 and 10)
    • Firefox 1.5, 2.0, 3.04 and higher (warning, due to an issue Firefox 3.0.0 to 3.0.3 are not supported) and 4.0, 5.0, 10, 11, 12, 13, 14 and 15. Firefox ESR 10 and 17. Firefox ESR is recommended by Quest Software because updates are less frequent and have less impact.
    • Chrome 22.0.1229
    • Sun Java SE Runtime Environnent (JRE) 1.4, 1.5 and 1.6
    • Lotus Notes versions 4.x, 5.x, 6.x, 7.x ,8.0 and 8.5.
    • Microsoft Telnet
    • HLLAPI (see Configuring the HLLAPI plug-in for supported emulators).
    • Script environment for Windows and HTML applications that are not covered by the standard SSOWatch process.

    Technical configurations may be redone when the internet browser version changed. This is mandatory for migration from Firefox 3 to Firefox 4 for example.

    SAP R/3 Plug-in Requirements

    The table below shows the supported versions of SAP R/3 components:

    SSOWatch Window Type SAP R/3 Client Version SAP R/3 Server Version (Minimum Kernel Patch Level)
    SAPGUI Scripting SAP GUI 6.20
    SAP GUI 6.40
    SAP GUI 7.10
    SAP GUI 7.20
    SAP GUI 7.30
    6.10 (360)
    4.6D (948)
    4.5B (753)
    4.0B (903)
    3.1I (650)

    IMPORTANT:
    The SAP web-based Start Center is compatible with SSOWatch, but you need to upgrade to SAPGUI Version 6.40 with Patchlevel 23.

    NOTE:
    The SAPLogin and SAPExpired window types defined in version 3.71 of SSOWatch remain available to ensure the continuity of deployed configurations. We recommend not using them for new deployments. Existing windows should be ported to SAPGUI Scripting window types.

    Supported HTTP server

    The following Quest ESSO features require an HTTP server:

    • Quest ESSO Web Service administration API
    • Quest ESSO Self Service Password Request feature

    Quest Software delivers an HTTP server with the Advanced Login (based on Apache 2.0). This web server is the only server supported by Quest Software.

    We strongly recommend you use the HTTP server delivered by Quest Software. Quest Software will not provide support for the above-mentioned features when used with any other server. As well, Quest Software will not support the bundled server for functions other than those that are strictly necessary for the above Advanced Login features.

    Supported Gemalto SA Server Version

    The integration between Quest ESSO and Gemalto Strong Authentication Server requires the installation of Gemalto SA Server in version 3, 4, or 5.1

    Configuring the HLLAPI plug-in

    The HLLAPI plug-in communicates with a terminal emulator through a DLL. Each emulator provides a different DLL for that purpose.

    To tell Enterprise SSO how to communicate with your terminal emulator, you need to edit the Microsoft Windows Registry and enter three values located under

    HKEY_LOCAL_MACHINE’\SOFTWARE\Enatel\SSOWatch\HLLAPI.

    • HllLibrary – the name of the emulator’s DLL (file name or full path) that gives access to the HLLAPI feature.
    • HllEntryPoint – the name of the relevant function in the DLL file.
    • HLLAPI-32bit – indicates whether the HLLAPI is in 32-bit mode (value=1) or not (value=0)
    HllLibrary HllEntryPoint HLLAPI­32bit
    Attachmate EXTRA!® Entreprise 2000 ehlapi32.dll hllapi 0
    Values used by the plug-in if the registry entries do not exist PCSHLL32.dll hllapi 1

    IMPORTANT:
    The Registry entry and associated values are not created during installation. You need to manually create the Registry entry:

    "HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HLLAPI"

    and the three values "HllLibrary", "HllEntryPoint" and "HLLAPI-32bit"

     


    Restrictions

    Windows Active Directory Inter-Domain Support with Quest ESSO in Temporary Restriction

    When a station is declared in several domains using Quest ESSO Console, there are restrictions in access for users who do not belong to the same domains as the station.

    WITH ADVANCED LOGIN WITHOUT ADVANCED LOGIN
    Users who belong to the same domain as the station Can authenticate
    SSO active
    Can authenticate
    SSO active
    Users who do not belong to the same domain as the station Cannot authenticate Can authenticate
    SSO not active

    This restriction exists:

    • With Controller, if the various domains the user belongs to are not located in the same Active Directory forest
    • Without Controller, if the middleware does not have a user account. In that case, deploying a user account for the middleware will lift the restriction.

    Active Directory Multi-domain and Multi-forest

    The multi-domains functions are managed in one forest only.

    LDAP Accounts Used by Quest ESSO Controllers Must Not Expire

    The technical LDAP accounts used by Quest ESSO controllers must not expire. This restriction will be lifted in the future.

    X64 Architecture Limitations

    Under x64 architectures the following features are not available:

    • FIPS mode
    • SSO Studio (personal and enterprise) cannot manage Firefox configuration on x64 computers if Firefox is used in win32 mode.
    • 64 bits Quest ESSO Agents cannot be used with a Fedora or 369 directory server.

    Cluster

    You cannot use temporary delegation if you mix some stations 8.0.5 or 8.0.6 with stations 8.0.4 in one cluster.

    Other limitations

    Import of XML objects cannot work depending of the characters set

    Java plug-in

    The Java plug-in supports the following object classes:

    AWT classes (and classes derived from these Swing classes (and classes derived from these) Oracle classes (exact classes only)
    Buttons java.awt.Button javax.swing.JButton oracle.forms.ui.VButton
    oracle.apps.fnd.ui.Button
    oracle.apps.fnd.ui.FormButton
    oracle.ewt.button.PushButton
    oracle.ewt.button.ContinuousButton
    Text fields java.awt.TextField javax.swing.JTextField
    javax.swing.JPasswordField
    oracle.forms.ui.VTextField
    oracle.ewt.lwAWT.lwText.LWTextArea
    Labels java.awt.Label javax.swing.JLabel oracle.ewt.lwAWT.LWLabel
    oracle.ewt.multiLineLabel.MultiLineLabel
    oracle.ewt.alert.BaseAlertPane$PreferredAspectLabel
    Others java.awt.Choice
    java.awt.Checkbox
    javax.swing.JComboBox
    javax.swing.JList
    javax.swing.JCheckBox
    oracle.forms.ui.VComboBox
    oracle.forms.ui.VCheckbox
    oracle.ewt.lwAWT.LWCheckbox

    If the java plug-in does not work with your application, an extension of the supported classes could be possible.

    IMPORTANT: The configuration of SSO for Java requires advanced skills. To deliver SSO access to Java applications, integration service is required. Please contact Quest Services info@quest.com

    SSO on Google Chrome

    Quest ESSO uses Microsoft Active Accessibility technology to perform SSO. This technology is supported by Google Chrome but not on HTTP authentication screens and not on the first screen. Thus, Quest ESSO cannot manage those screens.

    More generally, Quest ESSO can manage Google Chrome web pages only when the accessibility works.

    Google Chrome Accessibility does not support write functions. Quest ESSO cannot fill the fields with the API, therefore login, password and parameters are sent in blind mode with no guarantee to go in the right field.

    Quest ESSO Console

    Windows computers with Large Fonts or Extra Large Fonts configuration are not supported by Quest ESSO Console.

     


    Global Operations

    This release supports any single-byte character set. Double-byte or multi-byte character sets are not supported. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe.

    The release is localized to the following languages: French, German, Italian, and Spanish.

     


    Getting Started

    Contents of the Release Package

    The Quest® ESSO 8.0.5 CD contains the following:

    1. Quest® Enterprise Single Sign-On version 8.0.6
    2. Quest ESSO Documentation, including:
      • SSOWatch Administrator Guide
      • Quest ESSO Console Administrator Guide
      • Advanced Login Self Service Password Request Administrator Guide
      • Administrator Guide for Cluster Mode of Advanced Login
      • Quest ESSO Installation Guide
      • Advanced Login for Windows User Guide
      • Quest ESSO Quick Start Guide
      • Self Service Admin Portal User Guide
      • Session Management Administrator Guide
    3. Redistributables, including:
      • PostgreSQL 8.2 Database (only included for the 32 bits Quick Installation section)
      • Apache HTTP Server 2.0.55
      • Microsoft Visual C++ 2005 SP1 Redistributable (32 bit and non-Itanium 64 bit)

    Installation Instructions

    The 8.0.6 CD autorun now allows a Quick Installation on both 32 bits and x64 platforms

    Installation consists of these primary activities:

    1. Preparation of Active Directory (or other Directory) for use with Quest Enterprise Single Sign-on. This requires Domain and Schema Administrator rights to perform, but can be performed from any workstation (typically, can be performed from the primary server at the same time as server is configured.)
    2. Initialization of the primary server used with the Quest ESSO Console for Administration, as well as configuration of the audit database (If you use the quick installer, it directs you to download files from MySQL.com to setup the local audit database. You're still free to use manually the MSDE and Postgresql as alternatives, but those aren't described in the documentation). This is performed on the hardware server platform which will host the Administration middleware.
    3. Installation of the Quest ESSO Console. This is performed on an Administrative workstation
    4. Installation of the SSOWatch module of Quest ESSO and (optionally) Enterprise SSO Studio on client desktops.

    Please, refer to Quest ESSO Quick Start Guide for detailed instructions regarding installation steps.

     


    For More Information

    Contacting Quest Software:

    Email legal@quest.com
    Mail Quest Software, Inc.
    World Headquarters
    5 Polaris Way
    Aliso Viejo, CA 92656
    USA
    Web site http://www.quest.com

    Please refer to our Web site for regional and international office information.

    Contacting Quest Support:

    Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to SupportLink, our self-service portal. Visit SupportLink at http://support.quest.com.

    From SupportLink, you can do the following:

    • Retrieve thousands of solutions from our online Knowledgebase
    • Download the latest releases and service packs
    • Create, update and review Support cases

    View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures.
    The guide is available at: http://support.quest.com.

     


     

    © 2013 Quest Software, Inc. and/or its Licensors

    ALL RIGHTS RESERVED.

     

    This publication contains proprietary information protected by copyright. The software described in this publication is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical or otherwise without the prior written permission of the publisher

    If you have any questions regarding your potential use of this material, contact:

    Mail Quest Software World Headquarters
    LEGAL Dept
    5 Polaris Way
    Aliso Viejo, CA 92656
    Web www.quest.com
    Email legal@quest.com

    Refer to our Web site for regional and international office information.

     

    Trademarks

    Quest, Quest Software, the Quest Software logo, Aelita, AppAssure, Benchmark Factory, Big Brother, DataFactory, DeployDirector, ERDisk, Foglight, Funnel Web, I/Watch, Imceda, InLook, IntelliProfile, InTrust, IT Dad, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, NBSpool, NetBase, Npulse, PerformaSure, PL/Vision, Quest Central, RAPS, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL Watch, SQLab, Stat, Stat!, StealthCollect, Tag and Follow, Toad, T.O.A.D., Toad World, Vintela, Virtual DBA, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. The terms Evidian, AccessMaster, SafeKit, OpenMaster, SSOWatch, WiseGuard, Enatel a nd CertiPass are trademarks registered by Evidian. All other trademarks mentioned in this document are the propriety of their respective owners. For a complete list of Quest Software's trademarks, please see http://www.quest.com/legal/trademark-information.aspx. Other trademarks and registered trademarks are property of their respective owners.

     

     

    Disclaimer

    TThe information in this publication is provided in connection with Quest branded products from Evidian. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this publication. EXCEPT AS OTHERWISE SPECIFIED IN THE END USER LICENSE AGREEMENT FOR THIS PRODUCT, EVIDIAN AND QUEST ASSUME NO LIABILITY WHATSOEVER AND DISCLAIM ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO THIS PRODUCT, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL EVIDIAN OR QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS PUBLICATION, EVEN IF EVIDIAN OR QUEST HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Evidian and Quest make no representations or warranties with respect to the accuracy or completeness of the contents of this publication and reserve the right to make changes to specifications and product descriptions at any time without notice. Evidian and Quest do not make any commitment to update the information contained in this publication. The information and specifications in this publication are subject to change without notice.

     

     

    Self Service Tools
    Knowledge Base
    Notifications & Alerts
    Product Support
    Software Downloads
    Technical Documentation
    User Forums
    Video Tutorials
    RSS Feed
    Contact Us
    Licensing Assistance
    Technical Support
    View All
    Related Documents