Host Security Domain Disappears from SNA Server Manager

ID: Q242987

The information in this article applies to:
  • Microsoft SNA Server, versions 3.0, 3.0 SP1, 3.0 SP2, 3.0 SP3, 3.0 SP4, 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3

SYMPTOMS

Host Security Domains (HSDs) may intermittently disappear from the SNA Server Manager. When this occurs, the following host security features no longer function:

  • Single Sign-On (SSO)
  • Password replications to or from a host (for example, a mainframe or AS/400) system


CAUSE

When the SNA Host Account Cache (HAC) service (Snaudb.exe) operates in a backup role, it receives a new copy of the master database when it detects that its local copy is out of sync with the master copy. The backup SNA HAC service incorrectly stops itself after it successfully copies and reads the master Host Account Database. The local copy of the Host Account Database is deleted when the backup SNA HAC service stops. If the system running the backup SNA HAC service is promoted to be the primary domain controller (PDC) for the Windows NT domain while the HAC service is stopped, the HAC service becomes the Primary (or Master) HAC the next time it is started. It then creates a new Host Account Database because it does not have a local copy. When this occurs, the Host Security Domains that existed in the previous Host Account Database no longer exist. The SNA Server Manager sends RPC messages to the Host Account Database to get a list of the defined Host Security Domains when the SNA Server Manager is open. Because the HAC does not have any HSDs defined, it does not return any. Therefore, the SNA Server Manager does not display any HSDs. Because a new Host Account Database is created, the SSO and password replication features no longer function until the database is repopulated.


RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Microsoft SNA Server version 4.0 service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp
The English version of this fix should have the following file attributes or later:

File name Date Time
Snaudb.exe 11/01/99 08:56AM
Snahsmsg.dll 11/01/99 08:56AM

NOTE: Because of file dependencies, the most recent fix that contains the above files may also contain additional files.


STATUS

Microsoft has confirmed this to be a problem in Microsoft SNA Server versions 3.0, 3.0 SP1, 3.0 SP2, 3.0 SP3, 3.0 SP4, 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3.


MORE INFORMATION

After you apply the update, the backup SNA Server HAC services will no longer stop after they successfully copy and read the master Host Account Database.

The following is a sequence that can lead to the problem described in this article:

  1. Backup Host Account database determines it is out of sync with the master database.
  2. The master database is successfully copied to the local system and is successfully read.
  3. The SNA HAC service stops, which causes the local Host Account Database to be deleted.
  4. The system running the backup SNA HAC service is promoted from a Backup Domain Controller (BDC) to a PDC because the original PDC is no longer available for some reason.
  5. The SNA HAC service is started. It starts as the Primary (or Master) HAC, as it determines its role from role of the Windows NT Server is it running on.
  6. A new Host Account Database is created because the local copy no longer exists.
  7. SNA Server Manager is opened and the Host Security Domains that used to be listed are no longer shown. In addition, the host security features no longer function correctly.
Every 15 minutes, backup Host Account Databases check with the master database to see if they're are still in sync. The databases use generation (for example, sequence) numbers to keep track of the changes that are made to the database. The generation numbers are incremented by 1 for each change that is made. If the backup database's generation number differs from the master database's generation number by 5 or more, the backup copies the master database locally.


Starting with SNA Server 4.0 SP3, a backup HAC service will no longer delete its local Host Account database when the service is stopped if the master account database on the PDC is unavailable. For additional information about the update that prevents the backup host account database from being deleted when the master host account database is unavailable, click the article number below to view the article in the Microsoft Knowledge Base:
Q240108 Backup Host Security Cache Deleted on Exit

Additional query words:

Keywords : sna3 sna3sp1 sna3sp2 sna3sp3 sna3sp4 sna4 sna4sp1 sna4sp2 sna4sp3
Version : WINDOWS:3.0,3.0 SP1,3.0 SP2,3.0 SP3,3.0 SP4,4.0,4.0 SP1,4.0 SP2,4.0 SP3
Platform : WINDOWS
Issue type : kbbug


Last Reviewed: November 13, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.