Microsoft KB Archive/329811

= Security information is overwritten when using AP_SAME =

Article ID: 329811

Article Last Modified on 10/12/2005

-

APPLIES TO


 * Microsoft SNA Server 4.0
 * Microsoft SNA Server 4.0 Service Pack 1
 * Microsoft SNA Server 4.0 Service Pack 2
 * Microsoft SNA Server 4.0 Service Pack 3
 * Microsoft SNA Server 4.0 Service Pack 4
 * Microsoft Host Integration Server 2000 Standard Edition
 * Microsoft Host Integration Server 2000 Service Pack 1

-



This article was previously published under Q329811



SYMPTOMS
If the host supports persistent verification or already verified security, and an Advanced Program-to-Program Communications (APPC) application calls the TP_STARTED verb one time, followed by multiple [MC_]ALLOCATE requests using AP_SAME security for consecutive conversations, the User ID and password from one conversation may incorrectly be sent in the FMH-5 Attach request for a second conversation.

This problem does not occur if the Advanced Program-to-Program Communications (APPC) application issues a new TP_STARTED for every [MC_]ALLOCATE request.



CAUSE
For a conversation using AP_SAME security, the WAPPC32.dll stores the User ID (and password) in an internal control block during the short period of time between the arrival of the [MC_]ALLOCATE request and the receipt of the OPEN LU62 response from the server.

If a second [MC_]ALLOCATE is received on this Transaction Program (TP) during this period of time, and if it specifies a different User ID, the value is incorrectly overwritten.



SNA Server 4.0
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft SNA Server version 4.0 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

  Date         Time   Version      Size    File name -  Admin-Server Packages: 29-Oct-2002 13:46  4.0.0.606   217,040  Wappc32.dll

End-User (win9x) Packages: 29-Oct-2002 13:46  4.0.0.606    93,952  Wappc32.dll

NOTE: Because of file dependencies, the most recent fix that contains the preceding files may also contain additional files.

Service pack information
To resolve this problem, obtain the latest service pack for Microsoft Host Integration Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

328152 How to obtain the latest service pack for Host Integration Server 2000

Hotfix information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version      Size    File name ---  Admin-Server Packages: 29-Oct-2002 12:07  5.0.0.900  221,456  Wappc32.dll

End-User Packages: 29-Oct-2002 12:07  5.0.0.900  155,920  Wappc32.dll

NOTE: Because of file dependencies, the most recent fix that contains the preceding files may also contain additional files.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

This problem was corrected in Microsoft Host Integration Server 2000 Service Pack 2.



MORE INFORMATION
This problem was discovered by analyzing the failure of a multi-threaded COM application utilizing the Common Programming Interface for Communications (CPI-C) API. Under load, the security information from one conversation is incorrectly sent on a second conversation. SNA Application traces showed that two CMALLC requests were being issued at almost the same time, causing the problem to occur.

By default, the CPI-C API calls TP_STARTED only one time for any specific application, regardless of how many conversations that application uses. You can use the GETNEWTPID registry entry to force CPI-C to issue TP_STARTED for every CMINIT request.

For more information about the GETNEWTPID registry entry, click the following article number to view the article in the Microsoft Knowledge Base:

233373 CPIC App No Longer Limited to Single Local APPC LU

Additional query words: HIS HIS2k HIS 2000

Keywords: kbbug kbfix kbqfe kbhotfixserver KB329811

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.