Microsoft KB Archive/832582

= The MS$Same value is passed as a user name and password =

Article ID: 832582

Article Last Modified on 2/11/2004

-

APPLIES TO


 * Microsoft SNA Server 4.0
 * Microsoft Host Integration Server 2000 Standard Edition

-



SYMPTOMS
When you activate a COM Transaction Integrator (COMTI) component that is configured to use the explicit security callback routine, the activation is not successful. Additionally, the mainframe reports a security violation.

An Event ID 401 is posted in the application event log that indicates that the mainframe rejected the attempt to connect because of a security failure. Review of a Data Link Control trace to the mainframe shows that the MS$SAME value was passed as a username and password.



CAUSE
This problem occurs because null values are returned from the explicit security callback routine.



RESOLUTION
To resolve this problem, review the custom code that is used to return values to the calling COMTI component. Additionally, you may find it helpful to step through the code in Visual Studio or to use some other method to capture what is returned on the call to the security package.



STATUS
This behavior is by design.



MORE INFORMATION
To confirm this issue, take a Tracebits trace and take a Data Link Control trace on either the Host Integration Server computer or on the SNA Server computer to verify what is being passed in the ATTACH request to the mainframe and to determine whether the explicit security call completed successfully.

Note the difference between the two following trace code samples. Although both the successful callback and the unsuccessful callback show &quot;security callback succeeded&quot;, you must see two more lines of information:
 * When the callback is successful, the line that ends with the words &quot;security callback succeeded&quot; is followed by two lines that end with the words &quot;got userid&quot; and &quot;got pswd&quot;. The fact that these two lines of code are present confirms that the callback was successful.
 * When the callback is not successful, the lines that end with the words &quot;got userid&quot; and &quot;got pswd&quot; are not present. The fact that these two lines are absent indicates that the values returned by callback are not valid.

Successful callback
3588 00000e80 Nov 12 17:23:50.562  14040   LU 6.2 Transport Connect explicit security callback succeeded. 3588 00000e80 Nov 12 17:23:50.562  14040   LU 6.2 Transport Connect got userid. 3588 00000e80 Nov 12 17:23:50.562  14040   LU 6.2 Transport Connect got pswd. 3588 00000e80 Nov 12 17:23:50.562  14040   LU 6.2 Transport Connect Using Non-link model RemoteTp=XXXX.

Unsuccessful callback
3588 00000d5c Nov 12 17:30:56.328  14040   LU 6.2 Transport Connect explicit security callback succeeded. 3588 00000d5c Nov 12 17:30:56.328  14040   LU 6.2 Transport Connect Using Non-link model RemoteTp=XXXX.

Sample trace data
The ATTACH part of the Data Link Control trace data will show that the username and password were sent to the host. Element at address 024E1B68, start 10, end 268

0B912040 0502FF00 03D10000 08C3E2E2    

E3C1F0F2 7C120802 D4E25BE2 C1D4C508    

01D4E25B E2C1D4C5 1910E5C5 D9C9E9D6    <.MS[SAME.. This code sample is followed by a response from the host that clearly indicates a security violation: Element at address 024E2918, start 10, end 161 0B810107 07080F60 5180008E 12E10010    <.a.....`Q.......> 0E10000B 11040806 A961D6E2 4040007A    <........zaOS@@.z> C1E3C2F7 F0F0F1F7 C940E3D7 40A28583      A49989A3 A840A589 969381A3 8996954B     4040D781 99A39585 9940D3E4 40E2C1C1    <@@Partner@LU@XXX> C9D4E2C1 F8409985 918583A3 858440A3     88854081 93939683 81A38540 998598A4     85A2A340 82858381 A4A28540 81A4A388     969989A9 81A38996 95408388 858392A2     0868189 9385844B                       <@failedK        > The FMH7 code sample that follows includes sense data of 080F 6051 in the last line. This data, according to the formats guide and APPC reference manual, indicates the following:

Secondary Return Code = 080F6051 (AP_SECURITY_NOT_VALID)

--- 17:30:56.0812 01020DB2->1F000007 LU 6.2 MSGID:RDAT  MSGTYP:FMH7

Header at address 01AF54C0, 1 elements 01070000 0000003C 05000000 01002805    <.......<......(.> Element at address 024E3480, start 13, end 19 0707080F 605180 <....`Q. >

Event ID 401 in the application event log
The Tracebits trace will also show the 401 event posted to the application event log. 3588 00000d5c Nov 12 17:30:56.812 14066  LU 6.2 Transport ReceiveAndWait Error log data=ATB700XXX TP security violation. Partner LU XXXXXXXX rejected the allocate request because authorization checks failed. 3588 00000d5c Nov 12 17:30:56.812  10003   Logging system warning event, ID=401. 3588 00000d5c Nov 12 17:30:56.828  14065   LU 6.2 Transport ReceiveAndWait Exit Error DISP_E_EXCEPTION.

Keywords: kbprb KB832582

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.