Article ID: 216558
Article Last Modified on 9/22/2005
APPLIES TO
- Microsoft SNA Server 3.0 Service Pack 4
- Microsoft SNA Server 4.0
This article was previously published under Q216558
SYMPTOMS
Password changes initiated from either direction (from Windows NT to host systems or from host systems to Windows NT) may not complete properly, causing single sign-on (SSO) to fail.
CAUSE
If Host Security Services are running on different computers running Windows NT Server, recycling (rebooting) one of these servers may cause the internal remote procedure call (RPC) binding to break between the other server or servers, causing password synchronization and single sign-on (SSO) to fail.
For additional information on Host Security Services in a multi-domain environment, see the following article in the Microsoft Knowledge Base:
194695 How to Configure Host Security for a Multi-Domain Environment
RESOLUTION
SNA Server 4.0
To resolve this problem, obtain the latest service pack for SNA Server version 4.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
215838 How to Obtain the Latest SNA Server Version 4.0 Service Pack
SNA Server 3.0
To resolve this problem, obtain the latest service pack for SNA Server version 3.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
184307 How to Obtain the Latest SNA Server Version 3.0 Service Pack
STATUS
Microsoft has confirmed that this is a problem in SNA Server versions 3.0, 3.0 SP1, 3.0 SP2, 3.0 SP3, 4.0, 4.0 SP1, and 4.0 SP2. This problem was first corrected in SNA Server version 3.0 Service Pack 4 and SNA Server version 4.0 Service Pack 3.
MORE INFORMATION
An example of where RPC bindings are used is when a password change request is initiated. For example, the .dll that intercepts password changes is Snapwchg.dll. This .dll relies upon the RPC service and will not be able to carry out its function if the underlying RPC bindings break.
Snapwchg.dll is installed on the same domain controller where the Windows NT Account Synchronization Service (SNAPMP) is installed. If a failure occurs during this time, the following will be observed in the application log on that domain controller.
Event 630
RPC Layer returned error 0x5 (Access is denied.) This may happen if host security is not installed or the user account the service is running under, is not privileged to send messages to the remote end.
On the SNA Server where Host Account Synchronization Service is installed (SNAHOSTPROCESS), the following error will be recorded in the application log of that computer.
In addition to these event errors, if a internal Host Security trace (Hprintx.atf) is run during this time, it will show the following:
Additional query words: hostsec
Keywords: kbbug kbfix kbsna300sp4fix kbsna400sp3fix kbqfe kbfaq kbhotfixserver KB216558