Microsoft KB Archive/192412

= Changing service account for HSI services loses cryptographic key =

Article ID: 192412

Article Last Modified on 6/24/2004

-

APPLIES TO


 * Microsoft SNA Server 4.0 Service Pack 4

-



This article was previously published under Q192412



SYMPTOMS
Changing the service account for which the HSI (Host Security Integration) services run under, causes Host Security to function incorrectly.



CAUSE
When Host Security is initially installed, the service user account is given a cryptographic key based on the user ID that was chosen during the installation setup process. This information is then taken and put into the registry and is referenced when the HSI services start.

If the user account has changed, it will not match the original cryptographic key information, causing the Host Account Cache (HAC) to become corrupted and HAC lookups to fail. Reviewing the application log in the Event Viewer will show the following errors coming from source SNA Host Security:

Event ID 1244

Unable to import cryptographic key into container Supplied code

0x8009000d

Event ID 594

Host Process - was unable to create connection handle to connect to PMP

Event ID 629

Host Process - was unable to create connection handle to connect to UDB



WORKAROUND
Use the original Service Account and password that the Host Security Services were initially installed under.



STATUS
Microsoft has confirmed that this is a problem in SNA Server Service Pack 4.



MORE INFORMATION
HSI is comprised of three services: SNAPMP, SNADATABASE and SNAHOSTPROCESS. The SNAPMP and SNADATABASE services must run under the same service account because of the way that HSI was implemented. The SNAHOSTPROCESS service is installed with the core SNA gateway and can use a different service account.

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

235472 Host security services must run in same Windows service account

248354 Changing password on Host Security service account causes SSO to fail

Keywords: kbbug kbfaq kbpending kbsnaonly KB192412

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.