If you want to skip all the notes, you can skip directly to the patch lists below with these links.
Aug. 8, 2008 - Updated security services patch from SS205_NW.TGZ to
SS206_NW.TGZ. Updated NetWare 6.5 patch list with new NAMED.NLM to fix security vulnerability,
in case you are running NAMED on your server.
See any recent warnings I have listed here
See recent update notices I have listed here
Click here for BorderManager 3.9 patches
Click here for BorderManager 3.8 patches
Click here for BorderManager 3.7 patches
Click here for BorderManager 3.6 patches
Click here for BorderManager 3.5 patches
Click here for BorderManager 3.0 patches
Click here BorderManager 2.1 patches
Click here to jump to the General Notes section
*** CHECK THE PATCH README FILE BEFORE INSTALLING ANY OF THESE PATCHES! ***
Lots of people wonder what the current patches are for BorderManager, and in what order should they be installed. Here is what the Novell Sysops consider the best combination of NetWare and BorderManager patches. Not all of these patches are listed on the Minimum Patch List, and you may have to use FileFinder to get them, or even pull some of them from links at this website.
These are NOT the only patches out there for NetWare and a BorderManager server! There are many other patches which might be a good idea to have on your server, depending on version of NDS, other installed products, etc. I am trying to list the ones specific to BorderManager here.
Finally, I list the latest available patches that I know of here - including some that are beta and field test versions. (One reason you will often see patches listed here that are not on the Minimum Patch List). I typically do not list patches available only internally within Novell as a) it is hard for you to get them, and b) those patches are quite risky, and c) those patches are sometimes changing by the day. The versions I list here should be available through a download, although some older patches may no longer be on Novell's site.
Recent Warnings: (Updates - not warnings - are listed below)
Oct 25, 2007 - Warning 1. A number
of people have complained of multiple abends with BorderManager proxy
after installing NW65SP7. The issue *might* be related mostly to the TCPIP
stack, and also to SSL Proxy Authentication. It appears that NW65SP& has older
TCPIP files than in the TCP680B.EXE.ZIP patch. If you are seeing abends after
applying NW65SP7, please try manually installing the TCP680B.EXE.ZIP patch, and
also the latest Winsock patch for NetWare (WSOCK6M.EXE or later).
Oct 25, 2007 - Warning 2. A
vulnerability has been found with CLNTRUST.EXE. Download and install the
CLNTRUST.EXE patch from Oct 24, 2007 (or any later version). Check the readme.
Feb 3, 2007 - Warning. A number
of people have had some issues with the NW65SP6 patch, and there are post-SP6
winsock and clib updates that should be added after NW65SP6. The winsock patch
may not fix all the issues though, so if you want to hold steady at NW65SP5
for a while, it will be fine. There is a known bug in NW65SP6 that breaks
iPrint, and you should read tid 3233501. For a list of NW65SP6 issues, see the
Novell wiki entry at http://wiki.novell.com/index.php/Nw65sp6.
Sept. 12, 2006 - Warning. There are currently two
available post-SP4 BorderManager 3.8 beta patches: BM38SP4_IR3 and BM38SP4_IR5. A number of people
have reported problems with the IR5 version and have back-revved to IR3. The most common symptom
seems to be that certain web sitess become unavailable through proxy, but start workin again for
some period of time if you unload proxy and clear cache by reloading proxy with the -cc option. You
can choose to install either one. If you do back-rev from IR5, it seems sufficient to only backrev
the proxy.nlm module.
June 26, 2006 - Warning. The BM38SP4_IR4.EXE patch
for BorderManager 3.8 has been pulled due to an issue with PROXY.NLM. A replacement patch is
expected soon.
The problem symptom is that you start to be unable to access certain web sites, unless you unload and
reload proxy. At the same time, every time you access a problem site, the 'requests in progress'
statistic in the proxy console Current Activities screen increases, but never reduces. I have seen
servers with 3000 requests in progress (while only 10-12 fills were in progress) as a result of this
issue. The problem can occur with both forward and reverse proxy.
July 20, 2005 - Warning. The edir8736.exe patch has been pulled by Novell due to a potential issue that can result in corruption in NDS and loss of data. See this TID: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098331.htm
July 5, 2004 - Warning. Nothing definite yet, but there have been several Novell public forum users reporting ABENDs after applying BorderManager 3.8 SP2. Some reports say that the problem exists if you install SP2 before installing NW65SP2. One user reported that the problem went away after re-applying BM38SP2 after NW65SP2 and telling the patch to overwrite newer files. The problem seems to be related to ACLCHECK. Another report says the problem may appear if the beta SP2 was installed first. Finally, another report has the problem happening when a user browses to an HTTPS site. Personally, I have installed beta 1, and beta 2, and then BM38SP2 and still have not seen any abends. If you have problems after installing BM38SP2, backrev to BM38SP, or try backrevving just ACLCHECK to BM38SP1. If you do not have access to BM38SP1, I suggest you might want to wait a few days before installing SP2 and check back here.
April 28, 2004 - If you are using Mail Proxy, and have suddenly started seeing ABENDs, it may be related to a new spam or virus issue. Apparently certain emails with many addresses in the header can cause a problem with Mail Proxy. Novell is aware of the problem and a patch has been developed. You need to contact Novell with BorderManager version and valid email address. Ask Gonzalo (nicely) at morera@globalxs.nl for the patch. I suspect the patch will be publicly available soon, if it solves the problem without creating new issues.
Jan 11, 2003 - I added a note for some bugs below this section. I also wanted to finally tell people what the NW6RCONJ2A.EXE patch was all about. I had avoided telling about the bug until now to give people enough time to go about patching their servers before making it obvious what the bug was about. However, I keep getting new clients who have read my patch list here and just skipped that patch because they didn't think it was applicable to them. They are quite surprised when I connect to their BorderManager server over the Internet using RCONAG6 without a password! The version of RCONAG6 shipped with NW6SP2.EXE included a flawed version of RCONAG6. The bad version does not look at the password entry for the 'secure' (encrypted) port (2036 by default). Consequently, you can connect to a server without a password if that version of RCONAG6 is loaded, and the usual Novell default filter exceptions are in place. The NW6RCONJ2A patch fixes this problem. Also, if you want to know how to tighten up the default filter exceptions considerably, to avoid this issue in the first place as well as to prevent most spam relay issues, I urge you to get my book on BorderManager filtering, and read the advanced chapter.
WARNING - Your BorderManager 3.7 licenses may have expired! Please check the policy on your BorderManager license files (using NWADMN32) and see if you have licenses set to expire on December 8, 2002. If you purchased an English Red Box copy of BorderManager, you may have this situation, and you need to read this tip (#67) for a way to get your free replacement license.
********* RECENT UPDATE NOTES (There are more notes below the patch lists) *********
Apr. 24, 2008 - Updated winsock patch from wsock6n.zip to wsock6o.zip. Updated
NWLIB patch to nwlib6l.zip. Updated BM 3.9 patch list with released version of BM39SP1.ZIP.
Note that 'soon' an ISO image of 3.9 with the SP1 patch included is supposed to be released from
Novell. Also, the non-Vista VPN client 3.8.16 is supposed to be included in the ISO image,
instead of the 3.8.15 version in SP1. (You can download the 3.8.16 VPN client - it's listed under
BorderManager 3.8 patches.)
Mar. 23, 2008 - Updated BM 3.9 patch list with released
version of BM39SP1.EXE. Note that in a couple weeks an ISO image of 3.9 with
the SP1 patch included is supposed to be released from Novell. Also, the
non-Vista VPN client 3.8.16 is supposed to be included in the ISO image,
instead of the 3.8.15 version in SP1.
Mar. 5, 2008 - Posted link to beta copy of BM39SP1 patch.
This patch has bug fixes, and includes iManager 2.7 snapins. It does not yet
include the SurfControl-slow-rule-reading issue fix, but the non-beta final
release will. For now, if you are on the Novell newsgroups
(support-forums.novell.com) you should see a message from Mysterious in the
BorderManager install-setup group telling you to email him for a beta copy of
a new aclcheck.nlm to fix that problem.
Feb. 29, 2008 - Updated TCP version for NetWare 6.5 from
TCP681J to TCP681K.
Special Note! BorderManager 3.9sp1 (beta) is due for release today (Feb 29). I
have updated my proxy.cfg file in tip #63 with new parameters for this patch.
The beta version of this patch does not include a fix for certain SurfControl
issues yet, but the final version is supposed to include fixes.
Jan. 15, 2008 - Updated Winsock patches for NetWare 6.5, 6.0 and 5.1; changed from wsock6m.exe to wsock6n.exe.
Dec. 9, 2007 - Updated BorderManager 3.8 patches with post-SP5 patch BM38SP5_IR1.ZIP. Apply this patch after installing BM38SP5.
Oct 30, 2007 - Updated NetWare 6.5 patches with TCP681J.EXE replacing TCP680B.EXE.ZIP.
Oct 25, 2007 - Added warning about abends with NW65SP7 and proxy. Added warning about CLNTRUST.EXE vulnerability. Added mention of applying TCP680B.EXE.ZIP after NW65SP7. Updated NetWare patches with WSOCK6M.EXE. Updated Security Services patch 2.04 to 2.05. Added NW65SP7.ZIP. Added CLNTRUST.EXE patch.
Sep 12, 2007 - Updated BorderManager 3.9 patch list. Updated NetWare 6.5 patches with wsock6k.exe replacing wsock6l.exe.
Aug 15, 2007 - Added new TCPIP patch tcp680b for NetWare 6.5.
Apr 28, 2007 - General clean up of patch lists for all versions, including removing patches no longer available from Novell for older versions of NetWare. Updated BorderManager 3.9 patches.
Feb. 6, 2007 - Updated 6.5 patch lists with reference to Novell WIKI for patch NW65SP6. Added patch section on 3.9 (beta).
Feb. 5, 2007 - Updated NetWare 5.1, 6.0 and 6.5 patch lists with patch NWLIB6J.EXE.
Feb. 3, 2007 - Updated NetWare 5.1 and 6.0 patch lists with updated information on downloading eDirectory 8.7.3. Added wsock6k.exe patch to NetWare 5.1, 6.0 and 6.5 patch lists. Added a warning on potential NW65SP6 issues.
Nov. 11, 2006 - Updated BorderManager 3.8 patches with released vesion of BM38SP5. Updated BorderManager patches with VPN client 3.8.15. Updated NetWare 6.5 patches with NW65SP6. Updated NW 6.5, 6.0 and 5.1 patches with eDirectory 8.7.3.9 patch.
Oct. 23, 2006– Updated BorderManager 3.8 patches with beta 2 vesion of BM38SP5.)
Sept. 12, 2006– Updated NetWare 6.5 post-SP5 patches with the beta patch nw65sp5upd1.exe (contains a winsock fix, a memory management fix, etc.)
June 29, 2006– Updated BorderManager 3.8 post-SP4
interim patches - BM38SP4_IR5 (beta) has been released.
June 26, 2006– Updated BorderManager 3.8 post-SP4
interim patches - BM38SP4_IR4 has been pulled due to a problem with the PROXY.NLM version included.
Use BM38SP4_IR3 for now. If you have installed BM38SP4_IR4 already, simply backrev the PROXY.NLM to
the BM38SP4_IR3 version and reload proxy. The IR4 version has a problem that results in being
unable to access certain web sites while the 'requests in progress' statistic in the proxy console
current activity screen shows an increase each time you try to access the problem sites. The
statistic never reduces until you reload proxy.
Also updated the VPN client from BM3XVPN11.EXE to BM3XVPN12.EXE.
May 24, 2006– Updated BorderManager 3.8 post-SP4 interim patch, from BM38SP4_IR3.EXE to BM38SP4_IR4.EXE. Added NetWare 6.5 patch NW65OS5A.EXE.
Apr. 17, 2006– Added note about copying scm.jar file in regard to bm38sp4_ir3.exe patch.
Apr. 16, 2006– Replaced BorderManager VPN client with BM3XVPN11.EXE. Updated eDirectory patch from edir8737.exe to edir8738.exe.
Mar. 3, 2006– Replaced BorderManager 3.8 patch BM38SP4_IR2A.EXE with BM38SP4_IR3.EXE.
Feb. 2, 2006– Updated the NetWare 6.5 patches with NW65SP5.EXE. I have put it on all my NW 6.5 servers without incident, and have not heard much of anything bad about it, except that one of my clients reported an SMS problem backing up GroupWise with Veritas software. He backrevved some SMS modules to get around that one. For now, I will post both the SP5 and the SP4a patch sequences until I have a good comfort level with SP5.
Feb. 3, 2006– Update in regard to NW65SP5 issues. I know this is not a particularly good way/place to try to post defects in the latest service pack, but it's what is easily available to me! There have been reports, apparently duplicated by Novell, that downloading large files over SSL through Apache will eat up RAM in NILE and cause an abend. The easiest workaround is to backrev WSPSSL.NLM to the NW65SP4a version. A patch is in the works.
Jan. 17, 2006– Updated the BM38SP4_IR2.EXE patch to BM38SP4_IR2A.EXE.
Note: I know that NW65SP5 is out, and I am still evaluating it before updating my patch list here. (I've been a bit behind on my updates since Christmas.)
------- THERE ARE ADDITIONAL COMMENTS BELOW THE LIST OF PATCHES! -----
|
Get BorderManager 3.9. |
BorderManager 3.9 available since May 1, 2007. |
|
Install OES (Netware) SP3 or NetWare 6.5 sp6 or later |
I recommend installing no additional products other than iManager 2.6/2.7 and Apache2 (required for iManager). OES NetWare SP3 is the equivalent of NetWare 6.5 with service pack 6. You *must* use iManager 2.5, 2.6 or 2.7 to configure BorderManager 3.9, though you do not have to run iManager from the BorderManager server. If you started with an earlier version of NetWare 6.5 that has iManager 2.5 installed, you should be able to apply NW65SP6 to get iManager automatically upgraded to 2.6. NW65SP7 may upgrade iManager to version 2.7, and the BorderManager plugins for iManager 2.7 are in the BorderManager 3.9 SP1 patch. |
|
BorderManager 3.9 |
Install BorderManager 3.9. Novell is working on a ISO image (due out in early April) that will include 3.9SP1, and you definitely want to use that instead of the non-patched 3.9 version, as it fixes some installation issues. If you can't wait, try installing 3.9 and immediately install the 3.9SP1 patch. |
|
BM39SP1.zip |
Service Pack 1 for BorderManager 3.9, with bug fixes and both iManager 2.6 and 2.7 snapins. The snapins will also work for BM 3.8 VPN. Also includes Vista VPN client. Slightly older 3.8.15 non-Vista VPN client included by mistake, instead of the 3.8.16 version. |
|
WSOCK6O.EXE |
A winsock patch intended to be applied after NW65SP6 or NW65SP7. Also can be (probably) applied after NW6SP5 or NW51SP8 patches. |
|
NWLIB6L.ZIP |
A CLIB patch intended to be applied after NW65SP6. (Included in NW65SP7). Also can be applied after NW6SP5 or NW51SP8 patches. |
|
OPTIONAL - NW65SP7 |
The latest support pack for NetWare 6.5. If you install this patch, be sure to reinstall the TCP 681k (or later) patch described below, to address an abend issue. Also be aware that as of Feb 29, 2008, the only iManager 2.7 plugins to manage BorderManager are in the BM39SP1 patch. |
|
Security Services 2.0.6. |
There is a patch available for download that should update the server to NICI 2.7.3, NMAS 3.2.1 and NTSL 2.0.2 called ss206_NW.tgz. You can use WinRAR to open it. This patch can be installed after NW65SP6 or NW65SP7. If you cannot configure VPN ("PKI libraries are not available" error message in iManager), you probably need to install this patch. |
|
TCP681K.EXE |
Post-NW65SP6 and post-NW65SP7 patch for TCPIP. Fixes a number of abends and issues with BorderManager. If your transparent proxy is not working, you probably need to update TCPIP with this patch. |
|
RECOMMENDED - NAMED.NLM |
To fix a serious vulernability in DNS servers, download the latest NAMED.NLM for NetWare 6.5 server. This is a *must* if you happen to be providing DNS services to the Internet, and recommended if you are just running NAMED internally. It's an easy patch - just download NAMED.NLM, copy it to sys:system, and UNLOAD NAMED, then LOAD NAMED. I do not think this patch can be used on a NetWare 6.0 or 5.1 server, but I haven't tried it. |
|
INETCFG |
LOAD INETCFG at least once to transfers settings from autoexec.ncf. Reboot. |
|
Install 3.9 |
Note that I have updated the Lite version of my BorderManager book for 3.9, and a copy is on the 3.9 CD under the Documents/Craig Johnson directory. |
|
Install BM39SP1.ZIP |
BorderManager 3.9 service pack 1. |
|
iManager note |
If you have issues seeing the new Proxy Services and Access Rules menu entries for BorderManager 3.9, you need to be sure that you a) have the BorderManager.npm module installed, b) you have role-based services installed, and c) you have installed the BorderManager module into Role Based Services 2. If something went wrong in the installation, it is possible you may have to run the FILLATR.NCF utility to set up the needed schema extensions for the new iManager options for Access Control and Proxy Services to work. Be aware the iManager 2.7 needs BorderManager plugins from BM39SP1 to work. |
|
BorderManager installation problems |
There are some known issues with iManager and BorderManager 3.9. |
|
Get BorderManager 3.8 CD. Optional: Get BorderManager Companion CD if you want. |
You will need BorderManager 3.8 CD (or downloaded image, about 170MB). The companion CD about 450MB) is not needed with NetWare 6.5. A little note here - the shipping license for BorderManager 3.8 is ON THE PRODUCT CD in the LICENSES directory. If you have an EVAL COPY, you will NOT have the regular license, but will have only a trial license. |
|
Install NetWare 6.5 |
I recommend installing no additional products other than iManager and Apache2 (required for iManager). Warning! If you are in-place upgrading an existing BorderManager 3.8 server, from NW 6.0 for instance, the NW65 install will back-rev your filtering modules. In this scenario, you want to repeat the BorderManager patch installation after you get NetWare installed. You normally should install 3.8 before the NetWare upgrade, since older versions of BorderManager are not supported on NetWare 6.5. Once you have installed NetWare 6.5, reinstall the latest BorderManager patch to be sure the filtering modules have been updated. For example, NetWare 6.5 puts FILTSRV.NLM dated 1998, while BorderManager 3.8SP4 installs one from 2005. The older version of FILTSRV.NLM does not support NDS-based filtering, and you can get abends on the server trying to manipulate filters in FILTCFG with the wrong version of FILTSRV.NLM installed. |
|
INETCFG |
LOAD INETCFG at least once to transfers settings from autoexec.ncf. Reboot. |
|
NW65SP6.EXE |
If you are nervous about installing NW65SP6, you can still install the older NW65SP5.EXE and the post-SP5 patch NW65SP5UPD1.EXE patches. For a list of NW65SP6 issues, see the Novell wiki entry at http://wiki.novell.com/index.php/Nw65sp6. |
|
WSOCK6O.EXE |
A winsock patch intended to be applied after NW65SP6 or NW65SP7. Also can be (probably) applied after NW6SP5 or NW51SP8 patches. |
|
NWLIB6L.ZIP |
A CLIB patch intended to be applied after NW65SP6. (Included in NW65SP7). Also can be applied after NW6SP5 or NW51SP8 patches. |
|
OPTIONAL - NW65SP7 |
The latest support pack for NetWare 6.5. If you install this patch, be sure to reinstall the TCP 681k (or later) patch described below, to address an abend issue. Also be aware that the only iManager 2.7 plugins to manage BorderManager are in the BM39SP1 patch - I'd wait until you have the plugins before putting on this support pack. |
|
NW65SP5.EXE |
Only if you did not install NW65SP6 or NW65SP7!. |
|
NW65SP5UPD1.exe |
Only if you did not install NW65SP6 or NW65SP7, and did install NW65SP5! This patch contains several Post-SP5 beta patches rolled into one. Includes the former stand-alone patches nw65os5a.exe, n65nss5a.exe, nwlib6h.exe, and wsock6i.exe. |
|
EDIR8739.EXE |
Only if you did not install NW65SP6 or NW65SP7, which contains this patch already. Latest eDirectory patch. Requires eDirectory 8.7.3 to be installed first. Should be able to install on NW 5.1 (I haven't tried it, but the 8.7.3.8 patch worked), or NW 6.0. |
|
RECOMMENDED - NAMED.NLM |
To fix a serious vulernability in DNS servers, download the latest NAMED.NLM for NetWare 6.5 server. This is a *must* if you happen to be providing DNS services to the Internet, and recommended if you are just running NAMED internally. It's an easy patch - just download NAMED.NLM, copy it to sys:system, and UNLOAD NAMED, then LOAD NAMED. I do not think this patch can be used on a NetWare 6.0 or 5.1 server, but I haven't tried it. |
|
Install BorderManager 3.8 |
GUI installation routine in STARTX. Point to the root of the BorderManager CD files. By the way, I have seen two issues recently that caused me problems installing 3.8, though only (so far) on NW 6.0. The first was a failure to launch the GUI (STARTX). That problem was fixed with the GUIFIX patch from Novell. The other problem was a fatal error early in the install process. There is a TID on that, but the problem was fixed with the latest NICI patch. |
|
BM38SP5.EXE |
BorderManager 3.8 Service Pack 5. Does not require previous BorderManager 3.8 service packs to be installed first. |
|
BM38SP5_IR1.ZIP |
This interim patch contains updates to apply after installing BM38SP5.EXE. The updates include a new CLNTRUST.EXE, new AUTHCHK, ACLCHECK, PROXY and PROXYCFG modules. Some new options to PROXY.CFG are included, which I have added to my version in tip #63. |
|
TCP681K.EXE |
Post-NW65SP6 and post-NW65SP7 patch for TCPIP. Fixes a number of abends and issues with BorderManager. |
|
Security Services 2.0.6. |
There is a patch available for download that should update the server to NICI 2.7.3, NMAS 3.2.1 and NTSL 2.0.2 called ss206_NW.tgz. You can use WinRAR to open it. This patch can be installed after NW65SP6 or NW65SP7. If you cannot configure VPN ("PKI libraries are not available" error message in iManager), you probably need to install this patch. |
|
Configure Proxies, etc. |
Configure all legacy settings as before. Not much there has changed, but you can use multi-domain support with Mail Proxy now, using PROXY.CFG settings. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x VPN client. |
|
Configure legacy VPN (optional) |
The legacy VPN is unchanged, and is set in the same manner as before. The new VPN requires iManager support. |
|
Configure new VPN |
The new VPN capabilities can only be configured using iManager 2.01 or later. You can run iManager from a NetWare 6.5 server or from a Windows PC. All you need are the new VPN snapins. |
|
TUNEUP.NCF |
Run my TUNEUP.NCF file, or use your own settings. This file puts in settings as recommended in the proxy tuning tid for dedicated BorderManager servers. |
|
SurfControl v6.1 |
If you are using SurfControl, I recommend you get the latest version from www.surfcontrol.com. See tip #68 at this website for my experiences with it (all positive), and how to reconfigure your memory settings if you were using the older version. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. Note that there are other, later Client32 patches, but I leave it to you to figure them out! |
|
Get BorderManager 3.8 and the BorderManager Companion CD |
You will need both the BorderManager 3.8 CD (or downloaded image, about 170MB), AND the Companion CD (or downloaded image, about 450MB). |
|
Install NetWare 6.0 |
I recommend installing no additional products. |
|
NW6SP5.EXE |
Note: After installing this patch, you may have to remove a space after any ? commands in your autoexec.ncf. See tip #19. You may also need to manually load NCPL in autoexec.ncf to start certain Apache/Tomcat services. |
|
WSOCK6O.EXE |
A winsock patch intended to be applied after NW65SP6 or NW65SP7. Also can be (probably) applied after NW6SP5 or NW51SP8 patches. |
|
NWLIB6L.ZIP |
A CLIB patch intended to be applied after NW65SP6. (Included in NW65SP7). Also can be applied after NW6SP5 or NW51SP8 patches. |
|
eDirectory 8.6 or 8.7 (required) |
Most current recommended eDirectory on June 22, 2005 is 8.7.3. Download from http://download.novell.com. This file seems to have changed a bit over time, and can be a bit difficult to find. The file for NetWare is called eDir_873_nw_full.exe and is 194MB in size. There is also a CD ISO image available (eDir_873_nw_win.iso, 631MB, includes NetWare and Windows versions). BorderManager 3.8 requires at least eDirectory 8.6.2 installed on the server. (This does not mean DS version 8.82, it means DS versions in the 10,000 range. eDir 8.7.1 is DS version 10510.64). eDir 8.7.1 is supplied on the 3.8 Companion CD. |
|
EDIR8739.EXE |
Latest eDirectory 8.7.3.x patch. Requires eDirectory 8.7.3 to be installed first. Should be able to install on NW 5.1 (I haven't tried it, but the 8.7.3.8 patch worked), or NW 6.0, though there is no support for either 6.0 or 5.1. I recommend running DSREPAIR after every eDirectory patch. |
|
NICI 2.6.8 |
This NICI update is a prerequisite for the later Security and NMAS patches. This patch is no longer listed at Novell's web site, but can still be found on the Internet. The file you want is nici_u0.exe. |
|
Security Update 9 |
Included within the eDir 8.7.3.7 patch directory. (Look in the Security subdirectory structure of the patch). Requires NICI 2.6.7 or later to be installed first. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is SECUPD8.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
NMAS 2.3.8 or 2.3.9 |
Requires NICI 2.6.7 or later and Security Update 8 or 9 to be installed first. The NMAS 2.3.9 installation files are in the Security section of the eDir 8.7.3.7 patch. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is NMSRV238.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
INETCFG |
LOAD INETCFG at least once to transfers settings from autoexec.ncf. Reboot. |
|
Install BorderManager 3.8 |
GUI installation routine in STARTX. Point to the root of the BorderManager CD files. By the way, I have seen two issues recently that caused me problems installing 3.8, though only (so far) on NW 6.0. The first was a failure to launch the GUI (STARTX). That problem was fixed with the GUIFIX patch from Novell. The other problem was a fatal error early in the install process. There is a TID on that, but the problem was fixed with the latest NICI patch. |
|
BM38SP5.EXE |
BorderManager 3.8 Service Pack 5. Does not require previous BorderManager 3.8 service packs to be installed first. |
|
BM38SP5_IR1.ZIP |
This interim patch contains updates to apply after installing BM38SP5.EXE. The updates include a new CLNTRUST.EXE, new AUTHCHK, ACLCHECK, PROXY and PROXYCFG modules. Some new options to PROXY.CFG are included, which I have added to my version in tip #63. |
|
TCP610M.EXE |
Latest TCP patch (post-NW6SP5). |
|
Configure Proxies, etc. |
Configure all legacy settings as before. Not much there has changed, but you can use multi-domain support with Mail Proxy now, using PROXY.CFG settings.. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x VPN client. |
|
Configure legacy VPN (optional) |
The legacy VPN is unchanged, and is set in the same manner as before. The new VPN requires iManager 2 support. |
|
iManager 2.0 |
Although Novell has iManager 2.0 for NW 6.0, on the companion CD, there may or may not be compatibility issues with older products. Best to install iManager 2.0 from the Companion CD to a Windows PC, unless the BorderManager PC is running only BorderManager. Note that the BM38SP1 patch has some iManager snapin updates for Windows iManager. If installing iManager 2.0.1 from the Companion CD to NetWare 6.0, be sure to read tip #74 (iManager tips). My Beginner's Guide to BorderManager 3.x (both the full and the Lite version on the 3.8 product CD) has a chapter on installing iManager 2.0 on Windows. |
|
Configure new VPN |
The new VPN capabilities can only be configured using iManager 2.0. You can run iManager from a NetWare 6.5 server or from a Windows PC. All you need are the new VPN snapins. |
|
TUNEUP.NCF |
Run my TUNEUP.NCF file, or use your own settings. This file puts in settings as recommended in the proxy tuning tid for dedicated BorderManager servers. |
|
SurfControl v6.1 |
If you are using SurfControl, I recommend you get the latest version from www.surfcontrol.com. See tip #68 at this website for my experiences with it (all positive), and how to reconfigure your memory settings if you were using the older version. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
|
Get BorderManager 3.8 and the BorderManager Companion CD |
You will need both the BorderManager 3.8 CD (or downloaded image, about 170MB), AND the Companion CD (or downloaded image, about 450MB). |
|
Install NetWare 5.1 |
I recommend installing no additional products. Make at least a 4GB
legacy (not NSS) cache volume, with no suballocation, no compression and 8k or
16k block size. BorderManager proxy will NOT work well with NSS cache volumes.
Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB
is typically about right for 100-250 users. Be wary of using more than
10-12GB of cache space. See this TID first:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10082486.htm |
|
NW51SP8.EXE |
Note: After installing this patch, you may have to remove a space after any ? commands in your autoexec.ncf. See tip #19. |
|
NW51OS8A.EXE |
Warning! Do NOT install this on Small Business (SBS) servers, or your SBS licenses will not be usable. Should you have installed this patch on a SBS 5.1 server, you will need to copy back the SERVER.OLD file in C:\NWSERVER to SERVER.EXE there, and reboot. Once you install NetWare 5.1 SP8, you need to install this patch to fix various issues, including memory problems. |
|
NW51SP8NCP.EXE |
Once you install NetWare 5.1 SP8, you need to install this patch to fix a possible abend issue. |
|
WSOCK6O.EXE |
A winsock patch intended to be applied after NW65SP6 or NW65SP7. Also can be (probably) applied after NW6SP5 or NW51SP8 patches. |
|
NWLIB6L.ZIP |
A CLIB patch intended to be applied after NW65SP6. (Included in NW65SP7). Also can be applied after NW6SP5 or NW51SP8 patches. |
|
TCP587I.EXE |
Latest TCP patch for NetWare 5.1. |
|
eDirectory 8.6 or 8.7 (required) |
Most current eDirectory on June 22, 2005 is 8.7.3. Download from http://download.novell.com. This file seems to have changed a bit over time, and can be a bit difficult to find. The file for NetWare is called eDir_873_nw_full.exe and is 194MB in size. There is also a CD ISO image available (eDir_873_nw_win.iso, 631MB, includes NetWare and Windows versions). BorderManager 3.8 requires at least eDirectory 8.6.2 installed on the server. (This does not mean DS version 8.82, it means DS versions in the 10,000 range. eDir 8.7.1 is DS version 10510.64). eDir 8.7.1 is supplied on the 3.8 Companion CD. |
|
EDIR8739.EXE |
Latest eDirectory 8.7.3.x patch. Requires eDirectory 8.7.3 to be installed first. Should be able to install on NW 5.1 (I haven't tried it, but the 8.7.3.8 patch worked), or NW 6.0, though there is no support for either 6.0 or 5.1. I recommend running DSREPAIR after every eDirectory patch. |
|
NICI 2.6.8 |
This NICI update is a prerequisite for the later Security and NMAS patches. This patch is no longer listed at Novell's web site, but can still be found on the Internet. The file you want is nici_u0.exe. |
|
Security Update 9 |
Included within the eDir 8.7.3.7 patch directory. (Look in the Security subdirectory structure of the patch). Requires NICI 2.6.7 or later to be installed first. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is SECUPD8.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
NMAS 2.3.8 or 2.3.9 |
Requires NICI 2.6.7 or later and Security Update 8 or 9 to be installed first. The NMAS 2.3.9 installation files are in the Security section of the eDir 8.7.3.7 patch. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is NMSRV238.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
INETCFG |
LOAD INETCFG at least once to transfers settings from autoexec.ncf. Reboot. |
|
Install BorderManager 3.8 |
GUI installation routine in STARTX. Point to the root of the BorderManager CD files. By the way, I have seen two issues recently that caused me problems installing 3.8, though only (so far) on NW 6.0. The first was a failure to launch the GUI (STARTX). That problem was fixed with the GUIFIX patch from Novell. The other problem was a fatal error early in the install process. There is a TID on that, but the problem was fixed with the latest NICI patch. |
|
BM38SP5.EXE |
BorderManager 3.8 Service Pack 5. Does not require previous BorderManager 3.8 service packs to be installed first. |
|
BM38SP5_IR1.ZIP |
This interim patch contains updates to apply after installing BM38SP5.EXE. The updates include a new CLNTRUST.EXE, new AUTHCHK, ACLCHECK, PROXY and PROXYCFG modules. Some new options to PROXY.CFG are included, which I have added to my version in tip #63. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x VPN client. |
|
Configure Proxies, etc. |
Configure all legacy settings as before. Not much there has changed, but you can use multi-domain support with Mail Proxy now, using PROXY.CFG settings. |
|
Configure legacy VPN (optional) |
The legacy VPN is unchanged, and is set in the same manner as before, except that iManager rules are needed. The new VPN requires iManager 2 support. |
|
iManager 2 (on Windows) |
Unless you have a NetWare 6.5 server, which comes with iManager 2, or have installed iManager 2.0 on NetWare 6, you will have to install iManager 2.0 from the Companion CD to a Windows PC, and add the VPN snapins (vpn.npm file from the VPN directory on the BorderManager CD). Note that the BM38SP1 patch has some iManager snapin updates for Windows iManager. If installing iManager 2.0.1 from the Companion CD to NetWare 6.0, be sure to read tip #74 (iManager tips). My Beginner's Guide to BorderManager 3.x (both the full and the Lite version on the 3.8 product CD) has a chapter on installing iManager 2.0 on Windows. |
|
Configure new VPN |
The new VPN capabilities can only be configured using iManager 2.0.x. You can run iManager 2.0.x from a NetWare 6.5 or 6.0 server or from a Windows PC. All you need are the new VPN snapins. |
|
TUNEUP.NCF |
Run my TUNEUP.NCF file, or use your own settings. This file puts in settings as recommended in the proxy tuning tid for dedicated BorderManager servers. |
|
SurfControl v6.1 |
If you are using SurfControl, I recommend you get the latest version from www.surfcontrol.com. See tip #68 at this website for my experiences with it (all positive), and how to reconfigure your memory settings if you were using the older version. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
BorderManager 3.7 was officially released on April 17, 2002. There were some critical updates available by that date (or soon thereafter), which have now been included in the patches listed below. However, the first sets of CD's released included licenses that expired in December, 2002. After the licenses expired, unloading a licensed NLM (such as PROXY.NLM) or rebooting will cause that service to fail, since there will not be a valid license available when you restart the NLM. See tip #67 at this web site for instructions on how to get a replacement license from Novell.
BorderManager 3.7 is not supported and will not install on versions of NetWare prior to NetWare 5.1, or later than 6.0. This means you may need to upgrade NetWare before upgrading BorderManager. It also means you cannot install 3.7 on NetWare 6.5. Novell also recommends having the latest patches applied for older versions of BorderManager before upgrading. BorderManager 3.7 requires at least NW51SP4 or NW6SP1 to be installed first.
Note: BorderManager 3.7 has higher minimum RAM requirements than previous versions, ESPECIALLY if using SurfControl. Minimum recommended RAM for BorderManager 3.7 is 512MB. Add an additional 512 MB (1GB total RAM) if SurfControl is to be used. I will document some RAM-reducing options available when using SurfControl in my BorderManager 3.x book (Second Edition).
|
Install NetWare 6.0 |
Do NOT configure all disk space as NSS! Make at least a 4GB legacy CACHE volume, with no suballocation, no compression and 8k or 16k block size. BorderManager proxy will NOT work well with NSS cache volumes. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. See this TID first: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10082486.htm |
|
NW6SP5.EXE |
Note: After installing this patch, you may have to remove a space after any ? commands in your autoexec.ncf. See tip #19. You may also need to manually load NCPL in autoexec.ncf to start certain Apache/Tomcat services. |
|
WSOCK6O.EXE |
A winsock patch intended to be applied after NW65SP6 or NW65SP7. Also can be (probably) applied after NW6SP5 or NW51SP8 patches. |
|
NWLIB6L.ZIP |
A CLIB patch intended to be applied after NW65SP6. (Included in NW65SP7). Also can be applied after NW6SP5 or NW51SP8 patches. |
|
TCP610M.EXE |
TCPIP modules. Use the version in the NICI folder for all servers once NW6SP4 is installed. (Otherwise use Domestic version for BM 3.7 or earlier servers with VPN). Latest TCP patch (post-NW6SP5). |
|
eDirectory 8.6 or 8.7 (required) |
Most current eDirectory on June 22, 2005 is 8.7.3. Download from http://download.novell.com. This file seems to have changed a bit over time, and can be a bit difficult to find. The file for NetWare is called eDir_873_nw_full.exe and is 194MB in size. There is also a CD ISO image available (eDir_873_nw_win.iso, 631MB, includes NetWare and Windows versions). BorderManager 3.8 requires at least eDirectory 8.6.2 installed on the server. (This does not mean DS version 8.82, it means DS versions in the 10,000 range. eDir 8.7.1 is DS version 10510.64). eDir 8.7.1 is supplied on the 3.8 Companion CD. |
|
EDIR8739.EXE |
Latest eDirectory 8.7.3.x patch. Requires eDirectory 8.7.3 to be installed first. Should be able to install on NW 5.1 (I haven't tried it, but the 8.7.3.8 patch worked), or NW 6.0, though there is no support for either 6.0 or 5.1. I recommend running DSREPAIR after every eDirectory patch. |
|
NICI 2.6.8 |
This NICI update is a prerequisite for the later Security and NMAS patches. This patch is no longer listed at Novell's web site, but can still be found on the Internet. The file you want is nici_u0.exe. |
|
Security Update 9 |
Included within the eDir 8.7.3.7 patch directory. (Look in the Security subdirectory structure of the patch). Requires NICI 2.6.7 or later to be installed first. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is SECUPD8.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
NMAS 2.3.8 or 2.3.9 |
Requires NICI 2.6.7 or later and Security Update 8 or 9 to be installed first. The NMAS 2.3.9 installation files are in the Security section of the eDir 8.7.3.7 patch. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is NMSRV238.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
BorderManager 3.7 |
|
|
BM37SP3.EXE |
Service Pack 3 for BorderManager 3.7. |
|
BM37FP4E.EXE |
Post-BM37SP3 patch. Be sure to update proxy.cfg as well. See tip #63 here. If you make much use of stateful filters, and the server drops packets or seems slow, backrev IPFLT31.NLM to the version in BM37SP3.EXE. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
SurfControl v6.1 |
If you are using SurfControl, I recommend you get the latest version from www.surfcontrol.com. See tip #68 at this website for my experiences with it (all positive), and how to reconfigure your memory settings if you were using the older version. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x VPN client. |
|
NW6RCONJ2A.EXE |
(Only applies to NW6SP2.EXE). This patch addressed a serious security issue in RCONAG6 from NW6SP2.EXE. DO NOT SKIP THIS PATCH! WITH NW6SP2, YOU CAN CONNECT TO RCONAG6 ON THE 'SECURE' PORT WITHOUT A PASSWORD! |
|
TUNEUP.NCF |
Run my TUNEUP.NCF file, or use your own settings. This file puts in settings as recommended in the proxy tuning tid for dedicated BorderManager servers. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
|
Configure Proxy |
Configure all legacy settings as before. Not much there has changed, but you can use multi-domain support with Mail Proxy now, using PROXY.CFG settings. |
|
Install NetWare 5.1 |
Make at least a 4GB legacy (not NSS) cache volume, with no suballocation, no compression and 8k or 16k block size. BorderManager proxy will NOT work well with NSS cache volumes. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. See this TID first: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10082486.htm |
|
NW51SP8.EXE |
Note: After installing this patch, you may have to remove a space after any ? commands in your autoexec.ncf. See tip #19. |
|
NW51OS8A.EXE |
Warning! Do NOT install this on Small Business (SBS) servers, or your SBS licenses will not be usable. Should you have installed this patch on a SBS 5.1 server, you will need to copy back the SERVER.OLD file in C:\NWSERVER to SERVER.EXE there, and reboot. Once you install NetWare 5.1 SP8, you need to install this patch to fix various issues, including memory problems. |
|
NW51SP8NCP.EXE |
Once you install NetWare 5.1 SP8, you need to install this patch to fix a possible abend issue. |
|
WSOCK6O.EXE |
A winsock patch intended to be applied after NW65SP6 or NW65SP7. Also can be (probably) applied after NW6SP5 or NW51SP8 patches. |
|
NWLIB6L.ZIP |
A CLIB patch intended to be applied after NW65SP6. (Included in NW65SP7). Also can be applied after NW6SP5 or NW51SP8 patches. |
|
TCP587I.EXE |
Latest TCP patch for NetWare 5.1. |
|
eDirectory 8.6 or 8.7 (required) |
Most current eDirectory on June 22, 2005 is 8.7.3. Download from http://download.novell.com. This file seems to have changed a bit over time, and can be a bit difficult to find. The file for NetWare is called eDir_873_nw_full.exe and is 194MB in size. There is also a CD ISO image available (eDir_873_nw_win.iso, 631MB, includes NetWare and Windows versions). BorderManager 3.8 requires at least eDirectory 8.6.2 installed on the server. (This does not mean DS version 8.82, it means DS versions in the 10,000 range. eDir 8.7.1 is DS version 10510.64). eDir 8.7.1 is supplied on the 3.8 Companion CD. |
|
EDIR8739.EXE |
Latest eDirectory 8.7.3.x patch. Requires eDirectory 8.7.3 to be installed first. Should be able to install on NW 5.1 (I haven't tried it, but the 8.7.3.8 patch worked), or NW 6.0, though there is no support for either 6.0 or 5.1. I recommend running DSREPAIR after every eDirectory patch. |
|
NICI 2.6.8 |
This NICI update is a prerequisite for the later Security and NMAS patches. This patch is found at downloads.novell.com, not support.novell.com. Limit the search category at the web page to NICI and you will get a link to NICI 2.6.8 files. The file you want is nici_u0.exe. |
|
Security Update 9 |
Included within the eDir 8.7.3.7 patch directory. (Look in the Security subdirectory structure of the patch). Requires NICI 2.6.7 or later to be installed first. If you did not install eDir 8.7.3.7 you can download the Security Update 8 patch (SECUPD8.TGZ) separately from support.novell.com/filefinder. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file. |
|
NMAS 2.3.8 or 2.3.9 |
Requires NICI 2.6.7 or later and Security Update 8 or 9 to be installed first. The NMAS 2.3.9 installation files are in the Security section of the eDir 8.7.3.7 patch. (You can download the previous version - NMAS 2.3.8, from support.novell.com in the NMSRV238.TGZ file if you do not have the eDir 8.7.3.7 patch. Use WinRAR from www.rarlabs.com to explode the .tgz file). |
|
BorderManager 3.7 |
Note licensing issue with English-only CD's. |
|
BM37SP3.EXE |
Service Pack 3 for BorderManager 3.7. |
|
BM37FP4E.EXE |
Post-BM37SP3 patch. Be sure to update proxy.cfg as well. See tip #63 here. If you make much use of stateful filters, and the server drops packets or seems slow, backrev IPFLT31.NLM to the version in BM37SP3.EXE. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
TCP587I.EXE |
Latest TCP patch (post-NW51SP8) |
|
SurfControl v6.1 |
If you are using SurfControl, I recommend you get the latest version from www.surfcontrol.com. See tip #68 at this website for my experiences with it (all positive), and how to reconfigure your memory settings if you were using the older version. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x VPN client. |
|
TUNEUP.NCF |
Run my TUNEUP.NCF file, or use your own settings. This file puts in settings as recommended in the proxy tuning tid for dedicated BorderManager servers. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
|
Configure Proxy |
Configure all legacy settings as before. Not much there has changed, but you can use multi-domain support with Mail Proxy now, using PROXY.CFG settings. |
Note: BorderManager 3.6 is now considered end-of-life by Novell,
with support ending at the end of May 2003, and no further updates or patches
are being written for it.
Note: BorderManager 3.6 will not install on NetWare 6.5. The only version of BorderManager that
is supported on NetWare 6.5 is BorderManager 3.8.
Mar 9, 2001 - Installation of Older Files Problem: The BorderManager 3.6 installation has a
problem in the install script that causes it to copy all the files in the NIAS directory
from the CD on the server, even if they are older than the versions on the server! You MUST
reapply the latest service pack for NetWare after installing BorderManager 3.6 to correct this
issue. (This is regardless of whether you plan on using NIAS features or not).
|
Install NetWare 6.0 |
Do NOT configure all disk space as NSS! Make at least a 4GB legacy CACHE volume, with no suballocation, no compression and 8k or 16k block size. BorderManager proxy will NOT work well with NSS cache volumes. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. See this TID first: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10082486.htm |
|
NW6SP5.EXE |
Note: After installing this patch, you may have to remove a space after any ? commands in your autoexec.ncf. See tip #19. You may also need to manually load NCPL in autoexec.ncf to start certain Apache/Tomcat services. |
|
WSOCK6O.EXE |
A winsock patch intended to be applied after NW65SP6 or NW65SP7. Also can be (probably) applied after NW6SP5 or NW51SP8 patches. |
|
NWLIB6L.ZIP |
A CLIB patch intended to be applied after NW65SP6. (Included in NW65SP7). Also can be applied after NW6SP5 or NW51SP8 patches. |
|
ADMATTRS.EXE |
This patch creates NDS attributes for BorderManager relating to a Login Policy Object. NMAS may be installed by default, and installing BorderManager after NMAS can create problems! Before proceeding, see http://support.novell.com/servlet/tidfinder/2959071 |
|
BorderManager 3.6 |
When prompted to reboot do NOT reboot. Go on to the next step. If you cannot install BorderManager at all, see this note. |
|
BM36SP2A.EXE |
(Note: If running a small business server, you should also install the NIASSP1.EXE patch from the partner CD). See the Jan. 24, 2003 note at the top of this page. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
eDirectory 8.6 or 8.7 (optional) |
The latest version of eDirectory I tested with BorderManager 3.6 was 8.7.3.x. Download from http://download.novell.com. This file seems to have changed a bit over time, and can be a bit difficult to find. The file for NetWare is called eDir_873_nw_full.exe and is 194MB in size. There is also a CD ISO image available (eDir_873_nw_win.iso, 631MB, includes NetWare and Windows versions). |
|
EDIR8739.EXE |
Latest eDirectory 8.7.3.x patch. Requires eDirectory 8.7.3 to be installed first. Should be able to install on NW 5.1 (I haven't tried it, but the 8.7.3.8 patch worked), or NW 6.0, though there is no support for either 6.0 or 5.1. I recommend running DSREPAIR after every eDirectory patch. |
|
NICI 2.6.8 |
This NICI update is a prerequisite for the later Security and NMAS patches. This patch is no longer listed at Novell's web site, but can still be found on the Internet. The file you want is nici_u0.exe. |
|
Security Update 9 |
Included within the eDir 8.7.3.7 patch directory. (Look in the Security subdirectory structure of the patch). Requires NICI 2.6.7 or later to be installed first. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is SECUPD8.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
NMAS 2.3.8 or 2.3.9 |
Requires NICI 2.6.7 or later and Security Update 8 or 9 to be installed first. The NMAS 2.3.9 installation files are in the Security section of the eDir 8.7.3.7 patch. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is NMSRV238.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
NW6SP5.EXE |
Reinstall NW6SP5 to fix problems from the BorderManager 3.6 installation routine (where it overwrites certain newer files). |
|
TCP610M.EXE |
TCPIP modules. Use the version in the NICI folder for all servers once NW6SP4 is installed. (Otherwise use Domestic version for BM 3.7 or earlier servers with VPN). Latest TCP patch (post-NW6SP5). |
|
CSATPXY.NLM |
Get the CSATPXY.NLM from BM37SP2.EXE and use it on your 3.6 server to fix a logging bug. |
|
PROXY.NLM |
Note: You can use the PROXY.NLM from BM37FP4A.EXE or BM37SP3.EXE. Be sure to update proxy.cfg as well to avoid an abend. See tip #63 here. Use only the PROXY.NLM file from this patch. You can use PROXY.NLM from BM37FP4E.EXE if you also replace AUTHCHK.NLM from that patch. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x
VPN client. |
|
NW6RCONJ2A.EXE |
(Only applies to NW6SP2). This patch addressed a serious security issue in RCONAG6 from NW6SP2.EXE. DO NOT SKIP THIS PATCH! WITH NW6SP2, YOU CAN CONNECT TO RCONAG6 ON THE 'SECURE' PORT WITHOUT A PASSWORD! (This is fixed in NW6SP3.EXE) |
|
TUNEUP.NCF |
Run my TUNEUP.NCF file, or use your own settings. This file puts in settings as recommended in the proxy tuning tid for dedicated BorderManager servers. |
|
Install NetWare 5.1 |
Make at least a 4GB legacy (not NSS) cache volume, with no suballocation, no compression and 8k or 16k block size. BorderManager proxy will NOT work well with NSS cache volumes. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. See this TID first: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10082486.htm |
|
NW51NI1.EXE |
Only needed if you installed NW51SP3 or later before installing BorderManager. See TID 2960217. |
|
ADMATTRS.EXE |
Should only be needed if you have NMAS installed in your NDS tree. This patch creates NDS attributes for BorderManager relating to a Login Policy Object. Before proceeding, see http://support.novell.com/servlet/tidfinder/2959071 |
|
BorderManager 3.6 |
Don't install NW51SP3 first! If you installed NW51SP3 first, and have trouble here, see this tip. If you cannot install BorderManager at all, see this note. (I am not sure if this problem occurs with NW51SP4 or later). |
|
NW51SP8.EXE |
Note: After installing this patch, you may have to remove a space after any ? commands in your autoexec.ncf. See tip #19. |
|
NW51OS8A.EXE |
Warning! Do NOT install this on Small Business (SBS) servers, or your SBS licenses will not be usable. Should you have installed this patch on a SBS 5.1 server, you will need to copy back the SERVER.OLD file in C:\NWSERVER to SERVER.EXE there, and reboot. Once you install NetWare 5.1 SP8, you need to install this patch to fix various issues, including memory problems. |
|
NW51SP8NCP.EXE |
Once you install NetWare 5.1 SP8, you need to install this patch to fix a possible abend issue. |
|
WSOCK6O.EXE |
A winsock patch intended to be applied after NW65SP6 or NW65SP7. Also can be (probably) applied after NW6SP5 or NW51SP8 patches. |
|
NWLIB6L.ZIP |
A CLIB patch intended to be applied after NW65SP6. (Included in NW65SP7). Also can be applied after NW6SP5 or NW51SP8 patches. |
|
TCP587I.EXE |
Latest TCP patch for NetWare 5.1. |
|
BM36SP2A.EXE |
(Note: If running a small business server, you should also install the NIASSP1.EXE patch from the partner CD). See the Jan. 24, 2003 note on this page. |
|
PROXY.NLM |
Note: You can use the PROXY.NLM from BM37FP4A.EXE or BM37SP3.EXE. Be sure to update proxy.cfg as well to avoid an abend. See tip #63 here. Use only the PROXY.NLM file from this patch. You can use PROXY.NLM from BM37FP4E.EXE if you also replace AUTHCHK.NLM from that patch. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. |
|
eDirectory 8.6 or 8.7 |
The latest version of eDirectory I tested with BorderManager 3.6 was 8.7.3.x. Download from http://download.novell.com. This file seems to have changed a bit over time, and can be a bit difficult to find. The file for NetWare is called eDir_873_nw_full.exe and is 194MB in size. There is also a CD ISO image available (eDir_873_nw_win.iso, 631MB, includes NetWare and Windows versions). |
|
EDIR8739.EXE |
Latest eDirectory 8.7.3.x patch. Requires eDirectory 8.7.3 to be installed first. Should be able to install on NW 5.1 (I haven't tried it, but the 8.7.3.8 patch worked), or NW 6.0, though there is no support for either 6.0 or 5.1. I recommend running DSREPAIR after every eDirectory patch. |
|
NICI 2.6.8 |
This NICI update is a prerequisite for the later Security and NMAS patches. This patch is no longer listed at Novell's web site, but can still be found on the Internet. The file you want is nici_u0.exe. |
|
Security Update 9 |
Included within the eDir 8.7.3.7 patch directory. (Look in the Security subdirectory structure of the patch). Requires NICI 2.6.7 or later to be installed first. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is SECUPD8.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
NMAS 2.3.8 or 2.3.9 |
Requires NICI 2.6.7 or later and Security Update 8 or 9 to be installed first. The NMAS 2.3.9 installation files are in the Security section of the eDir 8.7.3.7 patch. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is NMSRV238.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
|
CSATPXY.NLM |
Get the CSATPXY.NLM from BM37SP2.EXE and use it on your 3.6 server to fix a logging bug. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x
VPN client. |
|
TUNEUP.NCF |
Remove the Minimum and Maximum Packet Receive buffer limits that NW51SP3 (possibly others) puts in AUTOEXEC.NCF, and run the TUNEUP.NCF file, or use your own settings. The limits from NW51SP3 are too low. |
|
Install NetWare 5.0 |
Make at least a 4GB legacy (not NSS) cache volume, with no suballocation, no compression and 8k or 16k block size. BorderManager proxy will NOT work well with NSS cache volumes. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. See this TID first: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10082486.htm |
|
NW50SP6A.EXE |
Install the previous support pack, then NW50SP6A.EXE (Installing NW50SP6A, with DS 8 running on NetWare, can cause a serious problem IF a previous NetWare support pack has not been installed). |
|
BorderManager 3.6 |
If you cannot install BorderManager at all, see this note. |
|
NW50SP6A.EXE |
Reinstall this patch due to the older NIAS files being installed by BorderManager 3.6. See the note above about the installation of older files problem. |
|
NICIE157.EXE |
This patch is no longer available from Novell but can be found on the Internet. Install the NICI 1.5.7 update, and reboot. See service pack issues. |
|
BM36SP2A.EXE |
BM36SP2A is not supported on NetWare 5.0, and the .IPS setup script prevents it from installing on NetWare 5.0. If you want to install this patch, use the modified install script HERE. |
|
NIASSP1.EXE |
Note: If running a small business server, you should also install the NIASSP1.EXE patch from the partner CD). See the Jan. 24, 2003 note on this page. |
|
PROXY.NLM |
Note: You can use the PROXY.NLM from BM37FP4E.EXE or BM37SP3.EXE. Be sure to update proxy.cfg as well to avoid an abend. See tip #63 here. Use only the PROXY.NLM and AUTHCHK.NLM files. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
CSATPXY.NLM |
Get the CSATPXY.NLM from BM37SP2.EXE and use it on your 3.6 server to fix a logging bug. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
|
TCP553V.EXE |
Not tested, but patch reports no compatibility issues reported. You may have to do an Internet search to find this patch. Do not install later versions of TCPIP on NetWare 5.0. See tip #6. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x
VPN client. |
|
TUNEUP.NCF |
Run my TUNEUP.NCF file, or use your own settings. This file puts in settings as recommended in the proxy tuning tid for dedicated BorderManager servers. |
|
Install NetWare 4.11/4.2 |
Make at least a 4GB legacy cache volume, with no suballocation, no compression and 8k or 16k block size. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. |
|
NW4SP9.EXE |
Install the latest NetWare 4.11/4.2 support pack. |
|
BorderManager 3.6 |
(Install it from the root of the CD!!!) |
|
NIASSP1.EXE |
(Note: If running a small business server, you should also install the patch from the partner CD). See the Jan. 24, 2003 note at the top of this page. |
|
BM36SP2A.EXE |
Last patch for BorderManager 3.6. |
|
PROXY.NLM |
Note: You can use the PROXY.NLM from BM37FP4A.EXE or BM37SP3.EXE. Be sure to update proxy.cfg as well to avoid an abend. See tip #63 here. Use only the PROXY.NLM file from this patch. You can use PROXY.NLM from BM37FP4E.EXE if you also replace AUTHCHK.NLM from that patch. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
|
NW4SP9.EXE |
Reinstall this patch due to the older NIAS files being installed by BorderManager 3.6. See the note above about the installation of older files problem. |
|
CSATPXY.NLM |
Get the CSATPXY.NLM from BM37SP2.EXE and use it on your 3.6 server to fix a logging bug. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x
VPN client. |
|
TUNEUP.NCF |
Run my TUNEUP.NCF file, or use your own settings. This file puts in settings as recommended in the proxy tuning tid for dedicated BorderManager servers. Add TUNEUP.NCF to AUTOEXEC.NCF |
Note: It is possible that you could manually apply the BM37SP2 or BMMACSSL1.EXE
proxy.nlm file to your 3.5 server, and gain those advantages. As an example of how close BorderManager 3.5
is to 3.7, you could use the PROXY.NLM from the latest BorderManager 3.7 patch (BM37FP4D when I wrote
this), if you also use the AUTHCHK.NLM from that patch, 3.5, 3.6 or 3.7, which gives all three
versions the same proxy.nlm version.
Note: BorderManager 3.5 will not install on NetWare 6.5. The only version of BorderManager that
is supported on NetWare 6.5 is BorderManager 3.8.
|
Install NetWare 5.1 |
Make at least a 4GB legacy (not NSS) cache volume, with no suballocation, no compression and 8k or 16k block size. BorderManager proxy will NOT work well with NSS cache volumes. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. See this TID first: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10082486.htm |
|
BorderManager 3.5 |
(Install it from the root of the CD!!!) If you cannot install BorderManager at all, see this note. |
|
NW51SP8.EXE |
Note: After installing this patch, you may have to remove a space after any ? commands in your autoexec.ncf. See tip #19. |
|
NW51OS8A.EXE |
Warning! Do NOT install this on Small Business (SBS) servers, or your SBS licenses will not be usable. Should you have installed this patch on a SBS 5.1 server, you will need to copy back the SERVER.OLD file in C:\NWSERVER to SERVER.EXE there, and reboot. Once you install NetWare 5.1 SP8, you need to install this patch to fix various issues, including memory problems. |
|
NW51SP8NCP.EXE |
Once you install NetWare 5.1 SP8, you need to install this patch to fix a possible abend issue. |
|
WSOCK6O.EXE |
A winsock patch intended to be applied after NW65SP6 or NW65SP7. Also can be (probably) applied after NW6SP5 or NW51SP8 patches. |
|
NWLIB6L.ZIP |
A CLIB patch intended to be applied after NW65SP6. (Included in NW65SP7). Also can be applied after NW6SP5 or NW51SP8 patches. |
|
TCPIP.NLM Note |
NW51SP8 puts on TCP 5.87g/97g. Do NOT try to run TCPIP.NLM 5.5x or earlier versions after installing NW51SP4 or later. SP4 puts on TCPIP 5.80/5.90j. If you feel that you need 5.53 (any version) for some reason, you need to uninstall SP4/SP5/SP6 and stay at SP3. You can use TCP553V.EXE for NW 5.1 SP3 servers. |
|
TCP587H.EXE |
Latest TCP patch for NetWare 5.1. Read the note above! |
|
BM35SP3.EXE |
Requires at least NW51SP2. If you install the NW51 service pack after this patch, reinstall this patch. See also a discussion of BorderManager filtering modules!) Has Code Red and RealAudio/RTSP fixes. |
|
BM36C02.EXE |
Will not install, and is not supported, but should run if you copy the files manually.... Your call if you want to try this. Should address the issue of NMAS / Login Policy Object incompatibilities with BorderManager. Also fixes an issue with abends relating to eDir 8.6.2. If you have a Site-to-Site VPN that enables IPX, and you lose IPX after this patch, see this tip. |
|
PROXY.NLM |
Note: You can use the PROXY.NLM from BM37FP4A.EXE or BM37SP3.EXE. Be sure to update proxy.cfg as well to avoid an abend. See tip #63 here. Use only the PROXY.NLM file from this patch. (If is possible the pxyauth.exe file may be usable as well, but I have not tested it now heard any feedback). You can use PROXY.NLM from BM37FP4E.EXE if you also replace AUTHCHK.NLM from that patch. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
|
BM35ADM7.EXE |
Addresses interoperability issues between the Login Policy Object created by NMAS / NetWare 6 install when BorderManager or RADIUS already exists in the tree. |
|
RADATR4.EXE |
If you are using RADIUS, install this update. |
|
eDirectory 8.6 or 8.7 (required) |
Most current eDirectory on June 22, 2005 is 8.7.3. Download from http://download.novell.com. This file seems to have changed a bit over time, and can be a bit difficult to find. The file for NetWare is called eDir_873_nw_full.exe and is 194MB in size. There is also a CD ISO image available (eDir_873_nw_win.iso, 631MB, includes NetWare and Windows versions). BorderManager 3.8 requires at least eDirectory 8.6.2 installed on the server. (This does not mean DS version 8.82, it means DS versions in the 10,000 range. eDir 8.7.1 is DS version 10510.64). eDir 8.7.1 is supplied on the 3.8 Companion CD. |
|
EDIR8739.EXE |
Latest eDirectory 8.7.3.x patch. Requires eDirectory 8.7.3 to be installed first. Should be able to install on NW 5.1 (I haven't tried it, but the 8.7.3.8 patch worked), or NW 6.0, though there is no support for either 6.0 or 5.1. |
|
NICI 2.6.8 |
This NICI update is a prerequisite for the later Security and NMAS patches. This patch is no longer listed at Novell's web site, but can still be found on the Internet. The file you want is nici_u0.exe. |
|
Security Update 9 |
Included within the eDir 8.7.3.7 patch directory. (Look in the Security subdirectory structure of the patch). Requires NICI 2.6.7 or later to be installed first. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is SECUPD8.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
NMAS 2.3.8 or 2.3.9 |
Requires NICI 2.6.7 or later and Security Update 8 or 9 to be installed first. The NMAS 2.3.9 installation files are in the Security section of the eDir 8.7.3.7 patch. This patch is no longer listed at Novell's web site, but can still be found on the Internet if you did not install eDir 8.7.3.7. The file you want is NMSRV238.TGZ. You can use WinRAR (from www.rarlabs.com) to extract the .tgz file contents. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x
VPN client. |
|
TUNEUP.NCF |
Remove the Minimum and Maximum Packet Receive buffer limits that NW51SP3 (possibly others) puts in AUTOEXEC.NCF, and run the TUNEUP.NCF file, or use your own settings. The limits from NW51SP3 are too low. |
|
Caution! |
Running the SYS:PUBLIC\BRDRMGR\SNAPINS\SETUP.EXE program to update the NWADMN32 snapin files after installing the BM35SP2 patch does NOT help to copy snapins to another server, because the patch doesn't update that directory. (The BorderManager server itself is correctly updated by installing the patch. Instead, manually copy the updated snapins from the BM35SP2 \public\win32\snapins directory to the BM server's \public\brdrmgr\snapins\data\border\win32\snapins directory. Then rerun the snapin setup against the desired servers. |
|
CP_SETUP.EXE |
Run the CyberPatrol CP_SETUP.EXE program to extract the new files and apply them, if you are using CyberPatrol. |
|
Install NetWare 5.0 |
Make at least a 4GB legacy (not NSS) cache volume, with no suballocation, no compression and 8k or 16k block size. BorderManager proxy will NOT work well with NSS cache volumes. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. See this TID first: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10082486.htm |
|
NW5SP2A.EXE |
(This patch is present on the BorderManager installation CD under the CSP directory. Installing NW50SP6A.EXE, with DS 8 running on NetWare, can cause a serious problem IF a previous NetWare support pack has not been installed). |
|
BorderManager 3.5 |
(Install it from the root of the CD!!!) If you cannot install BorderManager at all, see this note. |
|
NW50SP6A.EXE |
(Includes newer BorderManager filtering modules - Do NOT reboot yet!) |
|
NICIE157.EXE |
This patch is no longer available from Novell but can be found on the Internet. Install the NICI 1.5.7 update, and reboot. See service pack issues. |
|
BM35SP3.EXE |
(Requires NW50SP6 or later. If you install the NW5 service pack after this patch, reinstall this patch. You REALLY NEED TO read the discussion of BorderManager filtering modules if you choose to apply NW5SP5 and have not applied BM35SP1 before!) Has Code Red and RealAudio/RTSP fixes. |
|
BM36C02.EXE |
Will not install, and is not supported, but should run if you copy the files manually.... Your call if you want to try this. Should address the issue of NMAS / Login Policy Object incompatibilities with BorderManager. Also fixes an issue with abends relating to eDir 8.6.2. If you have a Site-to-Site VPN that enables IPX, and you lose IPX after this patch, see this tip. |
|
BM35ADM7.EXE |
Addresses interoperability issues between the Login Policy Object created by NMAS / NetWare 6 install when BorderManager or RADIUS already exists in the tree. |
|
RADATR4.EXE |
If you are using RADIUS, install this update. |
|
PROXY.NLM |
Note: You can use the PROXY.NLM from BM37FP4A.EXE or BM37SP3.EXE. Be sure to update proxy.cfg as well to avoid an abend. See tip #63 here. Use only the PROXY.NLM file from this patch. (If is possible the pxyauth.exe file may be usable as well, but I have not tested it now heard any feedback). You can use PROXY.NLM from BM37FP4E.EXE if you also replace AUTHCHK.NLM from that patch. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
49psp1a_netwin32.exe |
This is a patch for Client32 4.9sp1a that is supposed to fix the issue where you get a -601 error when accessing the BorderManager tabs in NWADMN32. |
|
TCP553V.EXE |
Not tested, but patch reports no compatibility issues reported. Do not install later versions of TCPIP on NetWare 5.0. See tip #6. |
|
NAT600D.EXE |
Newer version of NAT which (usually) fixes an issue with Client-Site VPN pinging private IP address of the BorderManager Server. |
|
SECUPD8.TGZ |
This file is no longer available from Novell but can be found on the Internet. This is a security update for various eDirectory versions to fix a potential problem. (Winzip or WinRar can decompress this file). Check the readme carefully before applying it. |
|
ADMN519F.EXE |
(NWADMN32 update that helps with snapin issues somewhat.) |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x
VPN client. |
|
TUNEUP.NCF |
Remove the Minimum and Maximum Packet Receive buffer limits if the support pack puts that in AUTOEXEC.NCF, and run the TUNEUP.NCF file, or use your own settings. (The limits from NW51SP3 are too low. I am not sure if NW51SP4 or later puts those settings in.) |
|
Caution! |
Running the SYS:PUBLIC\BRDRMGR\SNAPINS\SETUP.EXE program to update the NWADMN32 snapin files after installing the BM35SP2 patch does NOT help to copy snapins to another server, because the patch doesn't update that directory. (The BorderManager server itself is correctly updated by installing the patch. Instead, manually copy the updated snapins from the BM35SP2 \public\win32\snapins directory to the BM server's \public\brdrmgr\snapins\data\border\win32\snapins directory. Then rerun the snapin setup against the desired servers. |
|
CP_SETUP.EXE |
Run the CyberPatrol CP_SETUP.EXE program to extract the new files and apply them, if using CyberPatrol. |
|
Install NetWare 4.11 |
Make at least a 4GB legacy cache volume, with no suballocation, no compression and 8k or 16k block size. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. |
|
IWSP6A |
(Minimum, can also install NW4SP9. This patch is provided on the BorderManager 3.5 CD under the CSP directory. If you start with NW4SP9, you should re-install it after BorderManager 3.5 is installed.) |
|
BorderManager 3.5 |
(Install it from the root of the CD!!!) |
|
NW4SP9.EXE |
(Includes newer BorderManager filtering modules.) |
|
BM35SP3.EXE |
(Requires NW4SP9. If you install the NW4 service pack after this patch, reinstall this patch. You REALLY NEED TO read the discussion of BorderManager filtering modules if you choose to apply NW4SP8A and have not applied BM35SP1 before!). Has Code Red and RealAudio/RTSP fixes. |
|
BM36C01B.EXE |
Will not install, and is not supported, but should run if you copy the files manually.... Your call if you want to try this. Should address the issue of NMAS / Login Policy Object incompatibilities with BorderManager. Also fixes an issue with abends relating to eDir 8.6.2. If you have a Site-to-Site VPN that enables IPX, and you lose IPX after this patch, see this tip. |
|
BM35ADM7.EXE |
Addresses interoperability issues between the Login Policy Object created by NMAS / NetWare 6 install when BorderManager or RADIUS already exists in the tree. |
|
PROXY.NLM |
Note: You can use the PROXY.NLM from BM37FP4A.EXE or BM37SP3.EXE. Be sure to update proxy.cfg as well to avoid an abend. See tip #63 here. Use only the PROXY.NLM file from this patch. (If is possible the pxyauth.exe file may be usable as well, but I have not tested it now heard any feedback). You can use PROXY.NLM from BM37FP4E.EXE if you also replace AUTHCHK.NLM from that patch. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
RADATR4.EXE |
If you are using RADIUS, install this update. |
|
NAT600D.EXE |
Newer version of NAT which (usually) fixes an issue with Client-Site VPN pinging private IP address of the BorderManager Server. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x
VPN client. |
|
Caution! |
Running the SYS:PUBLIC\BRDRMGR\SNAPINS\SETUP.EXE program to update the NWADMN32 snapin files after installing the BM35SP2 patch does NOT help to copy snapins to another server, because the patch doesn't update that directory. (The BorderManager server itself is correctly updated by installing the patch. Instead, manually copy the updated snapins from the BM35SP2 \public\win32\snapins directory to the BM server's \public\brdrmgr\snapins\data\border\win32\snapins directory. Then rerun the snapin setup against the desired servers. |
|
CP_SETUP.EXE |
Run the CyberPatrol CP_SETUP.EXE program to extract the new files and apply them. |
|
TUNEUP.NCF |
Remove the Minimum and Maximum Packet Receive buffer limits if the support pack puts that in AUTOEXEC.NCF, and run the TUNEUP.NCF file, or use your own settings. Add TUNEUP.NCF to AUTOEXEC.NCF |
Note: BorderManager 3.0 is not supported on NetWare 5.1, 6.0 or 6.5. BorderManager 3.0 is also EOL (End Of Life), and no new patches are being created for it. If you have abends with BorderManager 3.0 and you have the patches listed below, upgrade to the latest released version of BorderManager.
|
NetWare 5.0 |
Make at least a 4GB legacy (not NSS) cache volume, with no suballocation, no compression and 8k or 16k block size. BorderManager proxy will NOT work well with NSS cache volumes. Proxy MUST have a dedicated volume for cache data (don't leave it on SYS). 4GB is typically about right for 100-250 users. Be wary of using more than 10-12GB of cache space. See this TID first: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10082486.htm |
|
BorderManager 3.0 |
If you cannot install BorderManager at all, see this note. |
|
NW50SP6A.EXE |
Do NOT reboot yet! -OR, install an earlier NetWare support pack BEFORE trying to install NW50SP6A. |
|
NICIE157.EXE |
This patch is no longer available from Novell but can be found on the Internet. Install the NICI 1.5.7 update, and reboot. See service pack issues. |
|
BM30SP3.EXE |
Requires at least NW 5.0 Support Pack 4 to be installed. This is a 56-bit version patch. It also includes a newer VPN client. |
|
BM3LICFX.EXE |
A licensing-related patch. |
|
BM3CP3.EXE |
This is a CyberPatrol 6/16/2000 update |
|
ADMN519F.EXE |
NWADMN32 update that helps with snapin issues somewhat. |
|
CLNTRUST.EXE |
A security-related patch to CLNTRUST which prevents a certain vulnerability. Also contains earlier bug fixes. This is newer than BM38SP5 or raw BorderManager 3.9 versions of CLNTRUST.EXE. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
RADATR4.EXE |
If you are using RADIUS, install this update. |
|
TCP553V.EXE |
Not tested, but patch reports no compatibility issues reported. Do not install later versions of TCPIP on NetWare 5.0. See tip #6. |
|
NAT600D.EXE |
Newer version of NAT which (usually) fixes an issue with Client-Site VPN pinging private IP address of the BorderManager Server. |
|
CLNTRUST patch |
Get the CLNTRUST.EXE file from newer BorderManager 3.x patches. The latest version of this file is found in the BM38SP5_IR1.ZIP patch. |
|
SECUPD5.TGZ |
This is a security update for various eDirectory versions to fix a potential problem. (Winzip or WinRar can decompress this file). Check the readme carefully before applying it. |
|
VPN client 3.8.16 |
Available for download. Latest version of the BorderManager 3.x
VPN client. |
|
TUNEUP.NCF |
Remove the Minimum and Maximum Packet Receive buffer limits if the support pack puts that in AUTOEXEC.NCF, and run the TUNEUP.NCF file, or use your own settings. Add TUNEUP.NCF to AUTOEXEC.NCF |
|
NetWare 4.11 |
Make at least a 4GB l |