Article ID: 291805
Article Last Modified on 2/22/2007
APPLIES TO
- Microsoft Host Integration Server 2000 Standard Edition
- Microsoft SNA Server 4.0
- Microsoft SNA Server 3.0 Service Pack 2
- Microsoft SNA Server 3.0 Service Pack 3
- Microsoft SNA Server 3.0 Service Pack 4
- Microsoft SNA Server 4.0
- Microsoft SNA Server 4.0 Service Pack 1
- Microsoft SNA Server 4.0 Service Pack 2
- Microsoft SNA Server 4.0 Service Pack 3
- Microsoft SNA Server 4.0 Service Pack 4
This article was previously published under Q291805
SUMMARY
If the 3270SSOUserTag and 3270SSOPwdTag registry entries are modified to use the same string value, 3270 and LUAs (logical unit applications) that are configured to user Single Sign-On (SSO) will fail to log on to host applications.
The specific error that is returned will depend on the host application, but the logon fails because either the user ID or password sent to the host application is invalid.
To resolve this problem, obtain the latest service pack for Host Integration Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
328152 How to Obtain the Latest Host Integration Server 2000 Service Pack
MORE INFORMATION
The 3270/LUA SSO feature depends on the SNA Server service (Snaservr.exe) to scan data sent by the 3270/LUA application during the session startup sequence for special keywords that are defined in the registry on the SNA Server/Host Integration Server 2000 server. The 3270/LUA SSO feature also depends on the application allowing the special keywords to be passed to the SNA Server service as part of the application logon sequence instead of the actual host user ID and password. For 3270 emulators, SSO requires the emulator to support scripting that can be used to record the logon sequence. The script would then be modified to replace the "real" host user ID and password with the special SSO keywords.
For additional information about how to configure a logon script file for account lookups, click the article number below to view the article in the Microsoft Knowledge Base:
290508 Configuring the 3270 Emulator to Use SSO with the HAC
The system administrator can define the values for these special keywords if the defaults are not acceptable.
By default, the replacement string for the host user ID is MS$SAMEU and the replacement string for the host password is MS$SAMEP.
The registry settings used to specify these replacement strings are defined under the following key:
HKEY_LOCAL_MACHINE\CurrentControlSet\Services\SNASERVR\PARAMETERS
3270SSOPrefix: REG_SZ
This entry is the string to use as the special prefix tag in combination with the user name and password tags. The default value of this string is MS$.
3270SSOUserTag: REG_SZ
This entry is the string to use as the special tag in combination with the 3270SSOPrefix tag in defining the special user name string that will be replaced. The default value of this string is SAMEU.
3270SSOPwdTag: REG_SZ
This entry is the string to use as the special tag in combination with the 3270SSOPrefix tag in defining the special host password string that will be replaced. The default value of this string is SAMEP.
If the 3270SSOUserTag and 3270SSOPwdTag entries are changed to use the same string value (in other word, SAME), the SNA Server service will not be able to correctly replace each string with the "real" host user ID and password from the Host Account Cache (HAC) database. This results in a logon failure when trying to log on to the host application.
The two registry entries must be unique because the SNA Server service has to be able to handle both of the following cases:
- The user ID precedes the password in the logon message that is being sent to the host.
- The password precedes the user ID in the logon message that is being sent to the host.
To make sure that both of these cases are handled correctly, the values for 3270SSOUserTag and 3270SSOPwdTag must be unique.
Additional query words: HIS 2000
Keywords: kbinfo kbhostintegserv2000sp1fix kbhostintegserv2000presp1fix KB291805
