Microsoft KB Archive/822205

= Single Sign-On Is Not Successful While the Backup HAC Is Updating the Local Database =

Article ID: 822205

Article Last Modified on 10/26/2005

-

APPLIES TO


 * Microsoft Host Integration Server 2000 Standard Edition
 * Microsoft Host Integration Server 2000 Service Pack 1

-



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
Applications that are configured to use the Single Sign-On (SSO) feature may not connect to a host system if the backup Host Account Cache database is restoring a transaction log when the database receives an SSO account lookup request. The specific symptoms of the problem depend on the application, but the error messages indicate that the logon is not successful because the user credentials that were forwarded to the host system were incorrect.

The following events may be logged in the application event log when this problem occurs: Event ID: 1335

Source: SNA Host Security

Description: OLEDB function call failed.

Error message: Database 'SnaUdb' cannot be opened. It is in the middle of a restore.

-or- Event ID: 401

Source: SNA Server

Description: Single Sign-On request for  failed - failed to communicate with the host account cache for host domain

If the application that is affected is a COMTI application, the following events may be logged on the system that is running the COMTI application: Event ID: 401

Source: COMTI

Description: (401) COM Transaction Integrator Received SNA-defined Error Log Data text:

DFHAC2047  While performing an attach for node   a security violation was detected.

-or- Event ID: 102

Source: COMTI

Description: (102) COM Transaction Integrator reported the following exception to the client:

Component:

Method:

Exception description: (1419) The LU 6.2 user ID or password were not valid for host. If your application explicitly supplies host security credentials using the callback facility, enter a user ID and password that are valid for the host. If you are using Host Integration Server 2000 integrated host security, contact the system administrator.



CAUSE
The Host Account Cache database uses a log shipping mechanism for database synchronization. When the master Host Account Cache database is updated, the log shipping mechanism sends a message to the backup Host Account Cache databases. The message indicates that an update is available. The backup Host Account Cache databases connect to the master Host Account Cache database to copy the latest transaction log that contains the updates. After the backup Host Account Cache database successfully copies the transaction log, the transaction log is imported to update the local database. While the transaction log is being imported, the backup Host Account Cache database cannot perform SSO account lookups. If a backup Host Account Cache database receives an SSO account lookup request while the transaction log update is being performed, an error message is returned to the application that is requesting the SSO account lookup, and the account lookup is not successful.



Service pack information
To resolve this problem, obtain the latest service pack for Microsoft Host Integration Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

328152 How to obtain the latest service pack for Host Integration Server 2000

Hotfix information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version    Size     File name 23-Jun-2003 22:47  5.0.0.920  119,056  Hsdbrepl.dll 23-Jun-2003 22:47  5.0.0.920  155,920  Snapwchg.dll 23-Jun-2003 22:47  5.0.0.920  147,728  Snarpc.dll 23-Jun-2003 22:47  5.0.0.920   49,424  Snasii.dll 23-Jun-2003 22:47  5.0.0.920  147,728  Snapmp.exe 23-Jun-2003 22:47  5.0.0.920  360,720  Snaudb.exe 23-Jun-2003 22:47  5.0.0.920  127,248  Udbmgmt.exe 23-Jun-2003 22:47  5.0.0.920   57,616  Udconfig.exe Note Because of file dependencies, the most recent fix that contains these files may also contain additional files.



STATUS
Microsoft has confirmed that this is a problem in Microsoft Host Integration Server 2000 and Host Integration Server 2000 SP1. This problem was corrected in Microsoft Host Integration Server 2000 Service Pack 2.



MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

The Host Account Cache database has been updated to support SSO account lookup retries when errors occur during the first SSO account lookup request. To enable SSO retries, apply the update, and then add the  registry entry. Follow these steps, and then quit Registry Editor:  Click Start, click Run, type regedit, and then click OK. Locate and then click the following key in the registry:

 

 On the Edit menu, point to New, and then click DWORD Value. Type SSO_RETRY_COUNT, and then press ENTER. On the Edit menu, click Modify.</li> Type 3, and then click OK.</li></ol>

The value for SSO_RETRY_COUNT defines the number of retries that the Host Account Cache tries when an error occurs during a SSO account lookup. The value of 3 in the steps is just an example. The default value for SSO_RETRY_COUNT is 0 if the registry entry is not defined. The delay between each retry is 0.5 seconds.

If the error is returned because the backup Host Account Cache database is in the middle of a transaction log restore, a value between 3 and 5 is sufficient. Most transaction log restores take less than 1 second to complete.

Note Enabling the SSO retry functionality does not prevent the event message from being logged when an error occurs during the initial SSO account lookup. If the SSO retry is enabled and an SSO account lookup request is received while the backup Host Account Cache database is performing a restore, event 1335 is still logged in the application event log. The SSO account lookup completes successfully during one of the retry attempts even though you receive the event message.

Keywords: kbbug kbfix kbqfe kbhotfixserver KB822205

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.