The MS$Same value is passed as a user name and password (832582)


The information in this article applies to:

  • Microsoft SNA Server 4.0
  • Microsoft Host Integration Server 2000

SYMPTOMS

When you activate a COM Transaction Integrator (COMTI) component that is configured to use the explicit security callback routine, the activation is not successful. Additionally, the mainframe reports a security violation.

An Event ID 401 is posted in the application event log that indicates that the mainframe rejected the attempt to connect because of a security failure. Review of a Data Link Control trace to the mainframe shows that the MS$SAME value was passed as a username and password.

CAUSE

This problem occurs because null values are returned from the explicit security callback routine.

RESOLUTION

To resolve this problem, review the custom code that is used to return values to the calling COMTI component. Additionally, you may find it helpful to step through the code in Visual Studio or to use some other method to capture what is returned on the call to the security package.

STATUS

This behavior is by design.

MORE INFORMATION

To confirm this issue, take a Tracebits trace and take a Data Link Control trace on either the Host Integration Server computer or on the SNA Server computer to verify what is being passed in the ATTACH request to the mainframe and to determine whether the explicit security call completed successfully.

Note the difference between the two following trace code samples. Although both the successful callback and the unsuccessful callback show "security callback succeeded", you must see two more lines of information:
  • When the callback is successful, the line that ends with the words "security callback succeeded" is followed by two lines that end with the words "got userid" and "got pswd". The fact that these two lines of code are present confirms that the callback was successful.
  • When the callback is not successful, the lines that end with the words "got userid" and "got pswd" are not present. The fact that these two lines are absent indicates that the values returned by callback are not valid.

Successful callback

3588 00000e80 Nov 12 17:23:50.562	14040	LU 6.2 Transport Connect explicit security callback succeeded.
3588 00000e80 Nov 12 17:23:50.562	14040	LU 6.2 Transport Connect got userid. 
3588 00000e80 Nov 12 17:23:50.562	14040	LU 6.2 Transport Connect got pswd. 
3588 00000e80 Nov 12 17:23:50.562	14040	LU 6.2 Transport Connect Using Non-link model RemoteTp=XXXX.

Unsuccessful callback

3588 00000d5c Nov 12 17:30:56.328	14040	LU 6.2 Transport Connect explicit security callback succeeded. 
3588 00000d5c Nov 12 17:30:56.328	14040	LU 6.2 Transport Connect Using Non-link model RemoteTp=XXXX.

Sample trace data

The ATTACH part of the Data Link Control trace data will show that the username and password were sent to the host. 
---- Element at address 024E1B68, start 10, end 268 

0B912040 0502FF00 03D10000 08C3E2E2     <j @.....J...CSS>

E3C1F0F2 7C120802 D4E25BE2 C1D4C508     <TAXX|...MS[SAME.>

01D4E25B E2C1D4C5 1910E5C5 D9C9E9D6     <.MS[SAME..
This code sample is followed by a response from the host that clearly indicates a security violation: 
  ---- Element at address 024E2918, start 10, end 161 ----
0B810107 07080F60 5180008E 12E10010     <.a.....`Q.......>
0E10000B 11040806 A961D6E2 4040007A     <........zaOS@@.z>
C1E3C2F7 F0F0F1F7 C940E3D7 40A28583     <xxxxxxxxx@TP@sec>
A49989A3 A840A589 969381A3 8996954B     <urity@violationK>
4040D781 99A39585 9940D3E4 40E2C1C1     <@@Partner@LU@XXX>
C9D4E2C1 F8409985 918583A3 858440A3     <XXXXX@rejected@t>
88854081 93939683 81A38540 998598A4     <he@allocate@requ>
85A2A340 82858381 A4A28540 81A4A388     <est@because@auth>
969989A9 81A38996 95408388 858392A2     <orization@checks>
0868189 9385844B                        <@failedK        >
The FMH7 code sample that follows includes sense data of 080F 6051 in the last line. This data, according to the formats guide and APPC reference manual, indicates the following:

Secondary Return Code = 080F6051 (AP_SECURITY_NOT_VALID)

----------------------------------------------- 17:30:56.0812
01020DB2->1F000007 LU 6.2   
          MSGID:RDAT   MSGTYP:FMH7   

---- Header  at address 01AF54C0, 1 elements ----
01070000 0000003C 05000000 01002805     <.......<......(.>
   
---- Element at address 024E3480, start 13, end 19 ----
0707080F 605180 <....`Q. >

Event ID 401 in the application event log

The Tracebits trace will also show the 401 event posted to the application event log.
3588 00000d5c Nov 12 17:30:56.812	14066	LU 6.2 Transport ReceiveAndWait Error log data=ATB700XXX TP security violation.
  Partner LU XXXXXXXX rejected the allocate request because authorization checks failed.
3588 00000d5c Nov 12 17:30:56.812	10003	Logging system warning event, ID=401. 
3588 00000d5c Nov 12 17:30:56.828	14065	LU 6.2 Transport ReceiveAndWait Exit Error DISP_E_EXCEPTION.
Modification Type:MajorLast Reviewed:2/11/2004
Keywords:kbprb KB832582 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.