Host Security: Memory Leaks, Database Corruption, Event Logging

• Microsoft SNA Server versions 3.0, 3.0 Service Pack 1 (SP1), 3.0SP2, and 4.0

SYMPTOMS

This article describes six issues related to the Host Security Integration feature included of SNA Server.

Issue 1

The following services use an excessive amount of non-paged pool memory:

• Host Account Cache service (Snaudb.exe)
• SNA Host Account Synchronization service (Hostproc.exe)
• SNA WinNT Account Synchronization service (Snapmp.exe)

Issue 2

The SNA WinNT Account Synchronization service generates two access violations for each password change request that it processes. The exception handler catches and ignores each of these access violations. There are no noticeable signs that these access violations occur and they do not result in any problems with the password change request. The access violations are only noticeable when you use a debugger to step through the application code.

Issue 3

The SNA WinNT Account Synchronization service leaks one handle and approximately 12 KB of memory each time a user account is added to the host account database with the SNACFG command-line configuration utility.

Issue 4

Event ID 3000 is incorrectly logged in the Windows NT Application Event Log by the AS/400 security provider when you are using the SNA Server Host Security features for AS/400 connections. Event 3000 should indicate the AS/400 security provider DLL (sec400.dll) has been loaded.

The following is an example of the incorrect event that is logged:

   Event ID: 3000
   Source: AS400 MDSI
   Description: Has been loaded by:

Issue 5

The Host Account Database service may corrupt its account database when an existing user record is modified or deleted and the user's host account name hash is not unique (that is, there is another user whose host account name hash has the same value). The database can also get corrupted when a new user is added to the database using a dummy host account and then modified with the correct host account info.

This problem can manifest itself in a number of ways. The following are some of the symptoms that can occur if the database becomes corrupted:

• Host Account Database service hangs or it stops responding to RPC requests.
• Single Signon requests fail randomly.
• SNACFG Host Security operations fail randomly.
• The Host Account Database service logs Events 1283 through 1305 in the Application Event Log when the database is corrupt. The exact event number depends on how the database is corrupted.

Issue 6

Single Sign-on does not work if the Host Account Cache service is not running when the SNA Server service starts. If the SNA Server service cannot contact the host security database when it is started, all single sign-on requests will hang and no errors will be reported to the application. The only recovery is to restart the SNA Server service. Starting the Host Account Cache service after the SNA Server service is started will not correct the problem.

STATUS

Microsoft has confirmed this to be a problem in SNA Server versions 3.0, 3.0 SP1, and 3.0 SP2. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

Microsoft has confirmed this to be a problem in SNA Server version 4.0. A supported fix is now available for SNA Server version 4.0, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information.

Keywords          : kbbug3.00 kbbug3.00.sp1 snahostsec kbbug3.00.sp2 kbbug4.00 kbnetwork
Version           : WINDOWS:3.0,3.0SP1,3.0SP2,4.0
Platform          : WINDOWS
Issue type        : kbbug
Solution Type     : kbfix