Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Single Sign-On Is Not Successful While the Backup HAC Is Updating the Local Database

Single Sign-On Is Not Successful While the Backup HAC Is Updating the Local Database

View products that this article applies to.



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/EN-US/ ) Description of the Microsoft Windows Registry

↑ Back to the top

Symptoms

Applications that are configured to use the Single Sign-On (SSO) feature may not connect to a host system if the backup Host Account Cache database is restoring a transaction log when the database receives an SSO account lookup request. The specific symptoms of the problem depend on the application, but the error messages indicate that the logon is not successful because the user credentials that were forwarded to the host system were incorrect.

The following events may be logged in the application event log when this problem occurs:

Event ID: 1335
Source: SNA Host Security
Description: OLEDB function call failed.
Error message: Database 'SnaUdb' cannot be opened. It is in the middle of a restore.

-or-

Event ID: 401
Source: SNA Server
Description: Single Sign-On request for Domain\User failed - failed to communicate with the host account cache for host domain Host Security Domain

If the application that is affected is a COMTI application, the following events may be logged on the system that is running the COMTI application:

Event ID: 401
Source: COMTI
Description: (401) COM Transaction Integrator Received SNA-defined Error Log Data text:

DFHAC2047 date time While performing an attach for node LU Name a security violation was detected.

-or-

Event ID: 102
Source: COMTI
Description: (102) COM Transaction Integrator reported the following exception to the client:

Component: Component Name
Method: Method Name

Exception description: (1419) The LU 6.2 user ID or password were not valid for host. If your application explicitly supplies host security credentials using the callback facility, enter a user ID and password that are valid for the host. If you are using Host Integration Server 2000 integrated host security, contact the system administrator.

↑ Back to the top

Cause

The Host Account Cache database uses a log shipping mechanism for database synchronization. When the master Host Account Cache database is updated, the log shipping mechanism sends a message to the backup Host Account Cache databases. The message indicates that an update is available. The backup Host Account Cache databases connect to the master Host Account Cache database to copy the latest transaction log that contains the updates. After the backup Host Account Cache database successfully copies the transaction log, the transaction log is imported to update the local database. While the transaction log is being imported, the backup Host Account Cache database cannot perform SSO account lookups. If a backup Host Account Cache database receives an SSO account lookup request while the transaction log update is being performed, an error message is returned to the application that is requesting the SSO account lookup, and the account lookup is not successful.

↑ Back to the top

Resolution

Service pack information

To resolve this problem, obtain the latest service pack for Microsoft Host Integration Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
328152� How to obtain the latest service pack for Host Integration Server 2000

Hotfix information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date         Time   Version    Size     File name
   ----------------------------------------------------
   23-Jun-2003  22:47  5.0.0.920  119,056  Hsdbrepl.dll     
   23-Jun-2003  22:47  5.0.0.920  155,920  Snapwchg.dll     
   23-Jun-2003  22:47  5.0.0.920  147,728  Snarpc.dll       
   23-Jun-2003  22:47  5.0.0.920   49,424  Snasii.dll       
   23-Jun-2003  22:47  5.0.0.920  147,728  Snapmp.exe       
   23-Jun-2003  22:47  5.0.0.920  360,720  Snaudb.exe       
   23-Jun-2003  22:47  5.0.0.920  127,248  Udbmgmt.exe      
   23-Jun-2003  22:47  5.0.0.920   57,616  Udconfig.exe
Note Because of file dependencies, the most recent fix that contains these files may also contain additional files.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in Microsoft Host Integration Server 2000 and Host Integration Server 2000 SP1. This problem was corrected in Microsoft Host Integration Server 2000 Service Pack 2.

↑ Back to the top

More information

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

The Host Account Cache database has been updated to support SSO account lookup retries when errors occur during the first SSO account lookup request. To enable SSO retries, apply the update, and then add the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnaDatabase\Parameters registry entry. Follow these steps, and then quit Registry Editor:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following key in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnaDatabase\Parameters
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type SSO_RETRY_COUNT, and then press ENTER.
  5. On the Edit menu, click Modify.
  6. Type 3, and then click OK.
The value for SSO_RETRY_COUNT defines the number of retries that the Host Account Cache tries when an error occurs during a SSO account lookup. The value of 3 in the steps is just an example. The default value for SSO_RETRY_COUNT is 0 if the registry entry is not defined. The delay between each retry is 0.5 seconds.

If the error is returned because the backup Host Account Cache database is in the middle of a transaction log restore, a value between 3 and 5 is sufficient. Most transaction log restores take less than 1 second to complete.

Note Enabling the SSO retry functionality does not prevent the event message from being logged when an error occurs during the initial SSO account lookup. If the SSO retry is enabled and an SSO account lookup request is received while the backup Host Account Cache database is performing a restore, event 1335 is still logged in the application event log. The SSO account lookup completes successfully during one of the retry attempts even though you receive the event message.

↑ Back to the top

Keywords: KB822205, kbhotfixserver, kbqfe, kbfix, kbbug

↑ Back to the top

Article Info
Article ID : 822205
Revision : 4
Created on : 10/26/2005
Published on : 10/26/2005
Exists online : False
Views : 389