Microsoft KB Archive/242987

= Host Security Domain Disappears from SNA Server Manager =

Article ID: 242987

Article Last Modified on 6/24/2004

-

APPLIES TO


 * Microsoft SNA Server 3.0 Service Pack 4
 * Microsoft SNA Server 4.0
 * Microsoft SNA Server 3.0 Service Pack 2
 * Microsoft SNA Server 3.0 Service Pack 3
 * Microsoft SNA Server 3.0 Service Pack 4
 * Microsoft SNA Server 4.0
 * Microsoft SNA Server 4.0 Service Pack 1
 * Microsoft SNA Server 4.0 Service Pack 2
 * Microsoft SNA Server 4.0 Service Pack 3

-



This article was previously published under Q242987



SYMPTOMS
Host Security Domains (HSDs) may intermittently disappear from the SNA Server Manager. When this occurs, the following host security features no longer function:


 * Single Sign-On (SSO)
 * Password replications to or from a host (for example, a mainframe or AS/400) system



CAUSE
When the SNA Host Account Cache (HAC) service (Snaudb.exe) operates in a backup role, it receives a new copy of the master database when it detects that its local copy is out of sync with the master copy. The backup SNA HAC service incorrectly stops itself after it successfully copies and reads the master Host Account Database. The local copy of the Host Account Database is deleted when the backup SNA HAC service stops. If the system running the backup SNA HAC service is promoted to be the primary domain controller (PDC) for the Windows NT domain while the HAC service is stopped, the HAC service becomes the Primary (or Master) HAC the next time it is started. It then creates a new Host Account Database because it does not have a local copy. When this occurs, the Host Security Domains that existed in the previous Host Account Database no longer exist. The SNA Server Manager sends RPC messages to the Host Account Database to get a list of the defined Host Security Domains when the SNA Server Manager is open. Because the HAC does not have any HSDs defined, it does not return any. Therefore, the SNA Server Manager does not display any HSDs. Because a new Host Account Database is created, the SSO and password replication features no longer function until the database is repopulated.



RESOLUTION
To resolve this problem, obtain the latest service pack for SNA Server 4.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

215838 How to Obtain the Latest SNA Server Version 4.0 Service Pack



STATUS
Microsoft has confirmed that this is a problem in Microsoft SNA Server versions 3.0, 3.0 SP1, 3.0 SP2, 3.0 SP3, 3.0 SP4, 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3.

This problem was first corrected in SNA Server 4.0 Service Pack 4.



MORE INFORMATION
After you apply the update, the backup SNA Server HAC services will no longer stop after they successfully copy and read the master Host Account Database.

The following is a sequence that can lead to the problem described in this article:


 * 1) Backup Host Account database determines it is out of sync with the master database.The master database is successfully copied to the local system and is successfully read.The SNA HAC service stops, which causes the local Host Account Database to be deleted.The system running the backup SNA HAC service is promoted from a Backup Domain Controller (BDC) to a PDC because the original PDC is no longer available for some reason.The SNA HAC service is started. It starts as the Primary (or Master) HAC, as it determines its role from role of the Windows NT Server is it running on.A new Host Account Database is created because the local copy no longer exists.SNA Server Manager is opened and the Host Security Domains that used to be listed are no longer shown. In addition, the host security features no longer function correctly.
 * 2) The master database is successfully copied to the local system and is successfully read.The SNA HAC service stops, which causes the local Host Account Database to be deleted.The system running the backup SNA HAC service is promoted from a Backup Domain Controller (BDC) to a PDC because the original PDC is no longer available for some reason.The SNA HAC service is started. It starts as the Primary (or Master) HAC, as it determines its role from role of the Windows NT Server is it running on.A new Host Account Database is created because the local copy no longer exists.SNA Server Manager is opened and the Host Security Domains that used to be listed are no longer shown. In addition, the host security features no longer function correctly.
 * 3) The SNA HAC service stops, which causes the local Host Account Database to be deleted.The system running the backup SNA HAC service is promoted from a Backup Domain Controller (BDC) to a PDC because the original PDC is no longer available for some reason.The SNA HAC service is started. It starts as the Primary (or Master) HAC, as it determines its role from role of the Windows NT Server is it running on.A new Host Account Database is created because the local copy no longer exists.SNA Server Manager is opened and the Host Security Domains that used to be listed are no longer shown. In addition, the host security features no longer function correctly.
 * 4) The system running the backup SNA HAC service is promoted from a Backup Domain Controller (BDC) to a PDC because the original PDC is no longer available for some reason.The SNA HAC service is started. It starts as the Primary (or Master) HAC, as it determines its role from role of the Windows NT Server is it running on.A new Host Account Database is created because the local copy no longer exists.SNA Server Manager is opened and the Host Security Domains that used to be listed are no longer shown. In addition, the host security features no longer function correctly.
 * 5) The SNA HAC service is started. It starts as the Primary (or Master) HAC, as it determines its role from role of the Windows NT Server is it running on.A new Host Account Database is created because the local copy no longer exists.SNA Server Manager is opened and the Host Security Domains that used to be listed are no longer shown. In addition, the host security features no longer function correctly.
 * 6) A new Host Account Database is created because the local copy no longer exists.SNA Server Manager is opened and the Host Security Domains that used to be listed are no longer shown. In addition, the host security features no longer function correctly.
 * 7) SNA Server Manager is opened and the Host Security Domains that used to be listed are no longer shown. In addition, the host security features no longer function correctly.

Every 15 minutes, backup Host Account Databases check with the master database to see if they're are still in sync. The databases use generation (for example, sequence) numbers to keep track of the changes that are made to the database. The generation numbers are incremented by 1 for each change that is made. If the backup database's generation number differs from the master database's generation number by 5 or more, the backup copies the master database locally.

Starting with SNA Server 4.0 SP3, a backup HAC service will no longer delete its local Host Account database when the service is stopped if the master account database on the PDC is unavailable. For additional information about the update that prevents the backup host account database from being deleted when the master host account database is unavailable, click the article number below to view the article in the Microsoft Knowledge Base:

240108 Backup Host Security Cache Deleted on Exit

Keywords: kbbug kbfix kbsna400presp4fix kbqfe kbsna400sp4fix KB242987

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.