Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

FIX: Host Integration Server 2004 Client does not save the user supplied password when �User Supplied Credentials� is enabled


View products that this article applies to.

Summary

Microsoft Host Integration Server 2004 Client does not save the user supplied password when User Supplied Credentials is enabled. If User Supplied Credentials is enabled when Host Integration Server 2004 Client is configured, the Microsoft Host Integration Server Logon dialog box appears every time that the SnaBase application is initialized.

The logged on user must enter the following for validation by the Host Integration Server 2004 server:
  • A valid User name
  • A valid Password
  • A valid Domain
The SnaBase application writes the user supplied User name and the user supplied Domain to the registry in clear text after the User name and the Domain are first populated. The user supplied Password is not written to the registry. The Microsoft Host Integration Server Logon dialog box appears every time that the SnaBase application is initialized. This permits the logged on user to enter the password.

Earlier versions of SNA Server Client and of Host Integration Server 2000 Client permitted the user supplied Password to be written to the registry in clear text. This feature is removed from Host Integration Server 2004 to enhance the security of the product.

↑ Back to the top


More information

Host Integration Server 2004 Client has been updated so that the user supplied Password can be written to the registry in an encrypted format. The user supplied Password is written to the registry when This account is selected. You can find This account in the Advanced options dialog box of the Microsoft Host Integration Server 2004 Client Configuration Wizard.

User supplied credentials are only available when the Host Integration Server 2004 Client is configured with a deployment type of Everyone (run as application). The This account option will be disabled if Just me (run as application) or Windows Service is chosen as the deployment type in the Host Integration Server 2004 Client Configuration Wizard.

If This account is selected, the following boxes are enabled:
  • User name
  • Password
  • Domain
If the User name box and the Domain box are populated, and the Password box is blank, the User name value and the Domain value are written to the registry in clear text. The Password registry entry value is cleared. Therefore, the user is prompted with the Microsoft Host Integration Server Logon dialog box every time that the SnaBase application initializes.

If all three boxes are populated, the User name value and the Domain value are written to the registry in clear text. The Password value is written to the registry in an encrypted format.

The registry entries are written to the following location:

HKEY_Local_Machine\Software\Microsoft\SnaBase\Parameters

The registry entry locations are as follows:
  • Password, REG_Binary
  • UserName, REG_SZ
  • LogonDomain, REG_SZ
The password that is specified in the Host Integration Server 2004 Client Configuration Wizard is encrypted on a per-computer basis. If multiple users log on to the Host Integration Server 2004 Client servers, each user uses the configured user credentials to access their Host Integration Server 2004 servers.

This new feature does not let you use user specific credentials with an encrypted password on a single Host Integration Server 2004 Client server. If each user who logs on to the Host Integration Server 2004 Client servers requires a unique set of credentials to access the Host Integration Server 2004 servers, the Password box can be left blank. Each user can enter their unique credentials in the Microsoft Host Integration Server Logon dialog box. Alternatively, use the default setting of Logged on User. Logged on User lets Host Integration Server 2004 Client use the credentials of the currently logged on user to access the Host Integration Server 2004 servers.

The new encrypted password feature can be configured during an unattended installation and during a configuration of the updated Host Integration Server 2004 Client. To configure Host Integration Server 2004 Client to use specific user credentials during an unattended installation, follow these steps:
  1. Run the Setup.exe program to manually install Host Integration Server 2004 Client.
  2. Run the Microsoft Host Integration Server 2004 Configuration Wizard to manually configure Host Integration Server 2004 Client.
  3. In the Advanced options dialog box, click This account.
  4. Type the User name, the Password, and the Domain that you want to use to access the Host Integration Server 2004 servers.
  5. Locate the Summary page in the Host Integration Server 2004 Configuration Wizard. Click Save to save a copy of the client configuration in an XML file.

    You can use the XML file as input for both the Host Integration Server 2004 Client Setup.exe program and for the Configframework.exe program. You can use the XML file as input for an unattended installation and for a configuration of additional Host Integration Server 2004 Clients.
The User name setting, the Password setting, the Domain setting, and the This account setting are listed in the XML file as follows:
<AccountUserName>johnsmith</AccountUserName>
<AccountPassword>***Hidden***</AccountPassword>
<AccountDomain>domain1</AccountDomain>
<UserSuppliedCredentials>yes</UserSuppliedCredentials>
The Password value that you specified in the manual configuration of the initial Host Integration Server 2004 Client is not saved in the XML file. You have to modify the XML file to include the Password value. You have to do this before you use the XML file for an unattended installation. After you modify the XML file to include the Password value, the Password value exists in clear text in the XML file. Therefore, you must store the XML file in a secure location. Alternatively, you can remove the password after the unattended installation finishes.

For additional information about an unattended installation for Host Integration Server 2004, visit the following Microsoft Web site:If the credentials that you specified have to be changed after Host Integration Server 2004 Client is installed, you can use one of the following methods to change the credentials:
  • Run the Host Integration Server 2004 Configuration Wizard interactively to change the credentials.
  • Run the Host Integration Server 2004 Configuration Wizard by using the unattended command-line command. Specify a client configuration XML file that includes the updated credentials.
A supported feature that modifies the default behavior of the product is available from Microsoft. However, this feature is intended to modify only the behavior that this article describes. Apply this feature only to systems that specifically require it. This feature might receive additional testing. Therefore, if the system is not severely affected by the lack of this feature, we recommend that you wait for the next software update that contains this feature.

If the feature is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the feature.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific feature. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the feature is available. If you do not see your language, it is because the feature is not available for that language. The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version      Size    File name
   ------------------------------------------------
   24-Jan-2005  20:26  6.0.1827.0  304,640  Configframework.exe  
   24-Jan-2005  20:25  6.0.1827.0  301,056  Configframeworkui.dll  
   22-Jan-2005  00:18  6.0.1930.0  162,816  Hisconfig.dll    
   22-Jan-2005  00:02  6.0.1930.0   24,064  Hisconfigui.dll  
   22-Jan-2005  00:16  6.0.1930.0  214,016  Snabase.exe      
   22-Jan-2005  00:16  6.0.1930.0   23,552  Snareg.dll
Note Because of file dependencies, the most recent fix that contains the previous files may also contain additional files.

↑ Back to the top


Keywords: KB887701, kbbug, kbfix, kbinfo, kbhowto, kbqfe, kbhotfixserver, kbautohotfix

↑ Back to the top

Article Info
Article ID : 887701
Revision : 7
Created on : 12/4/2007
Published on : 12/4/2007
Exists online : False
Views : 432