The information in this article applies to:
SYMPTOMS
An APPC application configured to use SNA Server's Single Sign-On (SSO) Privileged Proxy feature may fail to connect to the host if the primary domain controller (PDC) where the primary Host Account Cache (HAC) is running becomes unavailable. The APPC application will receive an error message indicating an invalid User ID or Password was used when the problem occurs. For example, an ALLOCATE issued by an APPC application may fail with an error code of 080F6051 (AP_SECURITY_NOT_VALID). Q235381 SNA Server Access Violation While Determining Proxy Privilege CAUSE
The SNA Server Host Security DLL (Snasii.dll) was originally designed to issue a GetDCName() call to locate a Windows NT Domain Controller so that it can determine what Windows NT groups the User ID specified by the application belongs to so that it can verify if the application's user context is authorized to make the request. The GetDCName() call always returns the name of the Windows NT PDC. The update discussed in article Q235381 includes a change such that the host security DLL calls GetAnyDCName() to do this same function. The GetAnyDCname() call returns the names of backup domain controllers (BDCs) as well as the PDC. The problem is that this call fails if the PDC is not available. RESOLUTIONTo resolve this problem, obtain the latest service pack for SNA Server version 4.0. For additional information, please see the following article in the
Microsoft Knowledge Base: Q215838 How to Obtain the Latest SNA Server Version 4.0 Service Pack WORKAROUNDMake sure the PDC for the Windows NT domain is available. STATUSMicrosoft has confirmed this to be a problem in Microsoft SNA Server versions 3.0, 3.0 SP1, 3.0 SP2, 3.0 SP3, 3.0 SP4, 4.0, 4.0 SP1, 4.0 SP2. This problem was first corrected in SNA Server version 4.0 Service Pack 3. MORE INFORMATIONThe Host Security DLL is updated to call NetServerEnum() if the GetAnyDCName() fails. The NetServerEnum () call does successfully return if the PDC is not available. The Host Security DLL is also updated to allow it to reconnect to a backup HAC if the primary HAC it is communicating with fails for some reason. With this update applied, the Host Security DLL can switch from the primary HAC to a backup HAC if the primary goes down. It can also locate a backup HAC at startup, even if the primary HAC is not running. This "hot backup" feature has the following requirements:
Q165385 Single Signon for APPC Applications Using Privileged Proxy Additional query words:
Keywords : sna4sp3fix sna3 sna3sp1 sna3sp2 sna3sp3 sna3sp4 sna4sp1 sna4sp2 |
Last Reviewed: December 22, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |