Microsoft KB Archive/216558

From BetaArchive Wiki

Article ID: 216558

Article Last Modified on 9/22/2005



APPLIES TO

  • Microsoft SNA Server 3.0 Service Pack 4
  • Microsoft SNA Server 4.0



This article was previously published under Q216558


SYMPTOMS

Password changes initiated from either direction (from Windows NT to host systems or from host systems to Windows NT) may not complete properly, causing single sign-on (SSO) to fail.

CAUSE

If Host Security Services are running on different computers running Windows NT Server, recycling (rebooting) one of these servers may cause the internal remote procedure call (RPC) binding to break between the other server or servers, causing password synchronization and single sign-on (SSO) to fail.

For additional information on Host Security Services in a multi-domain environment, see the following article in the Microsoft Knowledge Base:

194695 How to Configure Host Security for a Multi-Domain Environment


RESOLUTION

SNA Server 4.0

To resolve this problem, obtain the latest service pack for SNA Server version 4.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

215838 How to Obtain the Latest SNA Server Version 4.0 Service Pack



SNA Server 3.0

To resolve this problem, obtain the latest service pack for SNA Server version 3.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

184307 How to Obtain the Latest SNA Server Version 3.0 Service Pack




STATUS

Microsoft has confirmed that this is a problem in SNA Server versions 3.0, 3.0 SP1, 3.0 SP2, 3.0 SP3, 4.0, 4.0 SP1, and 4.0 SP2. This problem was first corrected in SNA Server version 3.0 Service Pack 4 and SNA Server version 4.0 Service Pack 3.

MORE INFORMATION

An example of where RPC bindings are used is when a password change request is initiated. For example, the .dll that intercepts password changes is Snapwchg.dll. This .dll relies upon the RPC service and will not be able to carry out its function if the underlying RPC bindings break.

Snapwchg.dll is installed on the same domain controller where the Windows NT Account Synchronization Service (SNAPMP) is installed. If a failure occurs during this time, the following will be observed in the application log on that domain controller.

Event 630

RPC Layer returned error 0x5 (Access is denied.) This may happen if host security is not installed or the user account the service is running under, is not privileged to send messages to the remote end.


On the SNA Server where Host Account Synchronization Service is installed (SNAHOSTPROCESS), the following error will be recorded in the application log of that computer.

Event 401

Single Sign-On request for [Domain_Name]\[User_Id] failed - failed to communicate with the host account cache for host domain [Host_Security_Domain_Name]

In addition to these event errors, if a internal Host Security trace (Hprintx.atf) is run during this time, it will show the following:

SendGenericMessage About to invoke RPC on binding
dc76dcd0-c084-11cf-a65e-0020afc28c52@ncacn_ip_tcp:[Server_Name]
013a:0148 11:23:27.0139 stisupp.cpp(2612)

SendGenericMessage RPC on binding
dc76dcd0-c084-11cf-a65e-0020afc28c52@ncacn_ip_tcp:[Server_Name]
returned error: 0x6BE (The remote procedure call failed. )


Additional query words: hostsec

Keywords: kbbug kbfix kbsna300sp4fix kbsna400sp3fix kbqfe kbfaq kbhotfixserver KB216558