Host Account Cache Lookup Does Not Succeed if SNA Server Service Uses the System Account (318427)


The information in this article applies to:

  • Microsoft Host Integration Server 2000
  • Microsoft SNA Server 4.0
  • Microsoft SNA Server 4.0 SP1
  • Microsoft SNA Server 4.0 SP2
  • Microsoft SNA Server 4.0 SP3
  • Microsoft SNA Server 4.0 SP4
This article was previously published under Q318427

SUMMARY

If the SNA Server service (SNAservr.exe) is set to log on by using the local system account, Single Sign-On (SSO) requests that are sent to the Host Account Cache (HAC) service do not succeed.

The following event will be logged in the application event log of the computer that is running the HAC service:
EventID : 401
Source : SNA Server
Description : Single Sign-On request for [Domain]\[Userid] failed - failed to communicate with the host account cache for host domain [Host Security Domain Name>]
To resolve this problem, make sure that the SNA Server service is set to log on as a domain account with administrative privileges.

NOTE: By default the SNA Server service will not use the local system account because the SNA Server and Host Integration Server 2000 installation programs will prompt for account information. Also, the account that you use for the SNA Server service does not have to be the same account that you use for the Host Security Integration components.

MORE INFORMATION

The following is an excerpt from a UDBINTX.ATF trace file taken on the system that is running the HAC service: 
snarpc.cpp(132)    SrvrRpcProcessRequestInternal SrvrRpcProcessRequestInternal begin
snarpc.cpp(160)    SrvrRpcProcessRequestInternal About to call ProcessRequest
udbmsg.cpp(125)    udb_process_request Received Message type UDI_GET_HOST_UIDPW
udbauxil.cpp(726)  GetRpcClientInfo RpcImpersonateClient succeeded
udbauxil.cpp(735)  GetRpcClientInfo OpenThreadToken succeeded
udbauxil.cpp(440)  MyGetTokenInfo Required Token Information buffer length is : 20
udbauxil.cpp(452)  MyGetTokenInfo GetTokenInformation succeeded
udbauxil.cpp(757)  GetRpcClientInfo Got Client Userid: SYSTEM, Domain: NT AUTHORITY
                                                       ^^^^^^
udbauxil.cpp(440)  MyGetTokenInfo Required Token Information buffer length is : 68
udbauxil.cpp(452)  MyGetTokenInfo GetTokenInformation succeeded
udbauxil.cpp(531)  GetDomainAdmSid NetGetAnyDCName failed, error 1355, try to locate PDC
udbauxil.cpp(536)  GetDomainAdmSid NetGetDCName failed, Error  2453
udbmsg.cpp(130)    udb_process_request Client Id: SYSTEM, Domain: NT AUTHORITY, Is Admins: 0
udbmsg.cpp(188)    udb_process_request Get host userid and password request received
udbmsg.cpp(1059)   udb_get_host_uidpw Get host password for NT user Administrator, NT domain HISDOM
udbmsg.cpp(1060)   udb_get_host_uidpw pwszHostDomain is HSTSEC
udbmsg.cpp(1061)   udb_get_host_uidpw bPasswordFormat is 2
udbmsg.cpp(1126)   udb_get_host_uidpw Client doesn't have proper privilege for this request
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
udbmsg.cpp(1194)   udb_get_host_uidpw Get the NT User record with error: The request database access is denied
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
snasti.cpp(1499)   RpcMsgAllocate Allocated memory block size 92 at address 0x1270000
snarpc.cpp(164)    SrvrRpcProcessRequestInternal ProcessRequest returned 0xA160053B
snarpc.cpp(227)    SrvrRpcProcessRequestInternal ProcessRequest returned an out message of length 92
snarpc.cpp(249)    SrvrRpcProcessRequestInternal SrvrRpcProcessRequestInternal end
Modification Type:MinorLast Reviewed:4/27/2005
Keywords:kbinfo KB318427
©2004 Microsoft Corporation. All rights reserved.