2    Advanced Server Problems and Restrictions

The following sections describe problems and solutions and restrictions for this release.

2.1    General Problems and Restrictions

The following sections describe general ASU server problems and solutions and restrictions.

2.1.1    Restoring Permissions of Default Shares

If a default share such as the C$ share is deleted and recreated, the ACL may not be correct. You must enter the acladm -O command to restore the default ACLs.

2.1.2    Browsing the ASU Server from a Windows XP Workstation

When browsing an ASU server using the Network Neighborhood interface on a Windows XP workstation, you must select the ASU server's primary name and not its extra listen name (if any). Selecting an ASU server's extra listen name will cause the following error message to be displayed on the Windows XP workstation:

\\node_name is not accessible, you might not have permission to use this network resource.
Contact the administrator of the server to find out if you have access permissions.
 
The network path was not found.

You specify extra listen names for an ASU server by using the asusetup utility or by setting the value of the SYSTEM/CurrentControlSet/Services/AdvancedServer/Parameters/ExtraListenNames registry entry.

2.1.3    Logging on to Windows XP Workstations from an ASU Domain Controller

Users cannot logon to Windows XP workstations from an ASU domain controller and the following error message is displayed on the Windows XP workstation:

Windows cannot connect to the domain, either because the domain controller 
is down or otherwise unavailable, or because your computer account was not found.
Please try again later. If this message continues to appear, contact your system 
administrator for assistance.

To fix this problem, make the following changes on the Windows XP workstations:

  1. Edit the Local Group Policy to disable Autoenrollment:

    1. From start menu, click Run and enter gpedit.msc.

    2. Select Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Autoenrollment Settings.

    3. From the Autoenrollement Settings Properties window select the Do not enroll certificates automatically button and select OK.

    4. Exit the Local Group Policy Editor.

  2. Set the registry entry REQUIRESIGNORSEAL to 0:

    1. From the start menu, click Run and enter regedt32.

    2. Select HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\REQUIRESIGNORSEAL and choose Modify from the pull down menu.

    3. From the Edit DWORD Value window, set the value data field to 0 and select OK.

  3. Reboot the Windows XP workstation.

Note

When Windows XP workstations join an ASU domain controller, a NetLogon system 5723 Error may be logged in ASU system event log. You can ignore this event. For more information see the Microsoft Article Q310461.

2.1.4    Identifing ASU Server Name on Windows XP Workstations

On Windows XP workstations, the Explorer and Microsoft Word File Save Window list ASU disk shares in one of the following ways:

$sharename on 'Advanced Server for Unix ($server)' on ($drive)  
 
users on 'Advanced Server for Unix (josb84)' on (Y:)  
 

Because of the default size of the File Save window, the ASU server name might be truncated, making it difficult to identify disk shares that have the same name but are on different ASU servers.

To fix this problem, change the value of the SrvComment registry parameter to a shorter string. Follow these steps to use the regconfig registry editor to change the value of the SrvComment registry parameter to ASU. The backslash ( \ ) at the end a line indicates continuation. Enter the entire command, then press the Enter key.

# regconfig SYSTEM/CurrentControlSet/Services/\    
Lanmanserver/Parameters SrvComment REG_SZ "ASU"

Restart the ASU server by entering the following commands:

# net stop server 
# net start server

2.1.5    Running the ASDU Password Utility

Running the ASDU Password utility on a system running Windows NT or Windows 2000 Server or Professional requires that the SyncUnixPassword registry entry to be disabled, which it is by default.

2.1.6    Starting an ASU Server with Many Listen Names

If a system has more than twelve listen names, the net start server command might return an error message that the ASU server failed to start up. In fact, the ASU server will eventually start, but the net start server command times out before all the listen names are posted.

2.1.7    Synchronizing Passwords with NIS and Enhanced Security

The ASU server does not support password synchronization (SyncUnixPassword enabled) when using network information service (NIS) and enhanced security.

2.1.8    Ignoring Tru64 UNIX Group and File Permissions

By default, the ASU server first checks Windows NT permissions, then Tru64 UNIX user and group permissions, before a domain user can access an ASU shared resource. You can configure the ASU server to not check Tru64 UNIX user and group permissions by enabling the IgnoreUnixPermissions registry value entry. However, if you enable the UnixQuotas registry value entry, the ASU server checks Tru64 UNIX user and group permissions even if you enable the IgnoreUnixPermissions registry value entry.

2.1.9    Uppercase File and Directory Names

A file name or directory name created with all uppercase letters in an ASU share is displayed in the Windows Explorer with only an initial uppercase letter.

2.1.10    SIA Subset and User Passwords

By default, when you create a domain user account, the password for the corresponding Tru64 UNIX user account, for example in the /etc/passwd file, is set to Nologin, which means that the user cannot interactively log in to the Tru64 UNIX system until an administrator sets their password. However, if you install the SIA subset and create a domain user account, the password for the account is still set to Nologin, but the user can interactively log in to the Tru64 UNIX system using their domain user name and password.

2.1.11    NFS Mounted Devices Require the rpc.lockd and rpc.statd Daemons

The ASU software might stall or data might be lost when you access an NFS mounted device if the ASU UseNfsLocks registry value entry is enabled (set to 1) and NFS locking is not enabled (the rpc.lockd and rpc.statd daemons are not started) on the NFS server or on the Tru64 UNIX system on which the ASU software is running. By default, the UseNfsLocks registry value entry is enabled.

2.1.12    Replicating Files and Directories

The replicator service does not replicate files and directories if:

2.1.13    Restarting the Browser

You might need to restart the browser process because it runs out of virtual memory.

If BROWSER does not display when you enter the net start command, you must restart the browser process by entering the following command:

# net start browser

2.1.14    Potential ASU Registry Corruption

If the Tru64 UNIX system suddenly stops, for example because of a power failure, then the ASU registry might become corrupt. The symptom will be that the ASU server cannot start.

To display information about the state of the ASU registry, enter:

# regcheck -C

To repair a corrupt ASU registry, enter:

# regcheck -R

2.1.15    Setting Protection on Core Files

The ASU server cannot set the protection on a core file if the enhanced-core-name attribute is set to 1 in the proc section in the /etc/sysconfigtab file. See sysconfig(8) for more information on changing attribute values.

2.2    ASU and TruCluster Server Problems and Restrictions

The following sections describe ASU and TruCluster Server problems and solutions and restrictions.

2.2.1    Locking Violations

If two clients open the same file on different members of a TruCluster, and the program depends on the implicit locking of writes, unexpected errors may be reported.

The ASU server, by default, performs writes after returning a status. If the write fails, the error is reported on the next I/O operation. In a Trucluster, locking across members is also deferred, which can lead to unexpected results.

If the program cannot be modified to use explicit locking, disable the WriteBehind registry entry.

Follow these steps to use the regconfig registry editor to disable the WriteBehind registry entry. The backslash ( \ ) at the end a line indicates continuation. Enter the entire command, then press the Enter key.

# regconfig SYSTEM/CurrentControlSet/Services/AdvancedServer/\ 
FileServiceParameters WriteBehind REG_DWORD 0

To restart the ASU server, enter:

# net stop server 
# net start server

2.2.2    TruCluster Server Version 5.x Error Message

The message CAA request timeout! is displayed when you enter the following command to start an ASU server that is configured as a single-instance TruCluster Server Version 5.x application:

# caa_startup asu -c servername

Ignore the message; the ASU server starts correctly.

2.2.3    TruCluster Rolling Upgrade

To perform a rolling upgrade on a TruCluster Server member running the ASU software and Tru64 UNIX Version 5.0A or Version 5.1 operating system software, you must first upgrade the ASU software to Version 5.0 ECO2 or higher, then proceed with the rolling upgrade of the Tru64 UNIX operating system software.

2.2.4    Reconfiguring to None Mode

When reconfiguring an ASU server from single-mode or multi-node to none mode, the transports.ini file still contains configuration data for multiple members. When the cluster reboots, each booting member finds its corresponding information in the transports.ini file, and the ASU server tries to start on all members, leaving the transports running on multiple members.

To avoid this, use an editor and remove from the transports.ini file the entries for all but one member and its corresponding controller information. For example, the following output is from a transports.ini file after the ASU server was reconfigured to none mode. If you want the ASU server to run only on a member called server2, remove all the lines that refer to member_01, controller_01, member_03, and controller_03. Leave only the lines referring to member_02 and controller_02. In this example, delete lines that are indicated by an asterisk (*).

[ member ]
* member_01=server1.compaq.com,server1
member_02=server2.compaq.com,server2
* member_03=server3.compaq.com,server3
[ tcpip ]
* controller_01=tu0
controller_02=tu0
* controller_03=tu0
[ netbeui ]
* controller_01=tu0
controller_02=tu0
* controller_03=tu0
 
 

2.2.5    Reinstalling ASU in a TruCluster Cluster

When you reinstall the ASU software in a TruCluster Server cluster, the ASU transports might not stop properly.

To fix this problem, you must stop the ASU server and transports on all cluster members before you remove the ASUBASE or ASUTRAN subsets.

Enter the following command on each cluster member to stop the ASU server and transports:

# /usr/net/servers/lanman/scripts/asuase_stop

2.2.6    Reconfiguring the ASU Server

The following error message might be displayed when using the asusetup utility to reconfigure an ASU server PDC from multi-instance mode to single-instance mode:

ERROR: An account for this machine cannot be created.

Rerun the asusetup utility if this message displays.

2.3    ASU Server and Windows 2000 Problems and Restrictions

The following sections describe ASU server and Windows 2000 problems and solutions and restrictions.

2.3.1    ASU Replicated Database for Windows 2000

Before upgrading a Windows NT system to Windows 2000, if the SAM database was replicated from an ASU server, you must first delete the Admin account and Servers group from the SAM database.

2.3.2    Administering the ASU Server in a Windows 2000 Domain

You must administer the ASU Server in a Windows 2000 domain by using Windows 2000 interfaces, except for file replication (see Section 2.3.3).

When you use the Windows 2000 Management Console (MMC) to manage services on the ASU server the following informational message might be displayed, which you can ignore:

Configuration Manager:  The machine selected for remote 	
communication is not available at this time.

If the ASU server is configured as a BDC in a Windows 2000 domain, you must perform all trust management on the Windows 2000 domain controller. When you enter a net command on the ASU BDC to manage a trust, the command fails and an error message similar to the following is displayed:

# net trust ntdomain password /allow /domain:w2kdomain

Access Denied

# net trust ntdomain password /add

Error 87
Parameter is incorrect.

2.3.3    ASU File Replication

Due to major changes in the Windows 2000 File Replication Service, you cannot configure ASU file replication by using the Windows 2000 Microsoft Management Console (MMC) or the srvmgr interface in the ASTOOLS disk share on Windows 2000.

To configure ASU file replication, you can use the Windows NT srvmgr interface or the srvmgr interface in the ASU ASTOOLS disk share on Windows NT.

2.3.4    Windows 2000 Explorer Crashes When Managing ASU Printer Shares

The Windows 2000 Explorer crashes if you attempt to manage an ASU printer share that was not configured with a driver from Windows NT or Windows 2000.

To avoid this problem, create an ASU printer share from Windows NT or Windows 2000 instead of using the ASU net share command.

2.3.5    ASU and Windows 2000 Single Sign On Version 2.0 Machine Account Name Conflict

If the Tru64 UNIX system will be running ASU Version 5.1A or higher and Windows 2000 Single Sign On (SSO) Version 2.0, the ASU server name cannot be the same as the host name. While the problem is also true for SSO Version 1.0, the solution for this problem is different with ASU Version 5.1A or higher and SSO Version 2.0.

The SSO software creates a machine account in the Active Directory that matches the host name of the Tru64 UNIX system. If the ASU server also uses the host name as the ASU server name, which it does by default, it will overwrite the account created by the SSO software and will cause SSO functionality to fail. To avoid this failure, run the asusetup command and select an ASU server name that is different than the host name and will not conflict with any other server name in the environment. When the asusetup command prompts for extra listen names, enter the Tru64 UNIX host name. This allows users to map drives to shares using the host name as a ASU server name with no machine account conflict.

2.3.6    ASU and Windows 2000 Single Sign On Version 1.0 Machine Account Name Conflict

If the Tru64 UNIX system will be running ASU Version 5.1A or higher and Windows 2000 Single Sign On (SSO) Version 1.0, the ASU server name cannot be the same as the host name.

The SSO software creates a machine account in the Active Directory that matches the host name of the Tru64 UNIX system. If the ASU server also uses the host name as the ASU server name, which it does by default, it will overwrite the account created by the SSO software and will cause SSO functionality to fail.

To avoid this problem, do not use the Tru64 UNIX system's host name as the machine account name when you configure the SSO software.

2.4    Network Problems and Restrictions

The following sections describe network problems and solutions and restrictions.

2.4.1    NetBEUI Clients Lose Connections

A problem in the 802.2 service class implementation on most clients causes NetBEUI clients to lose their links to some fast SMP servers. The problem is complicated by the ability of some SMP servers to send out-of-order packets to the client.

If you receive an Abort, Fail, Retry? message, click on Retry to reestablish the link. If the problem persists, abort the link and reconfigure the client and server to use TCP/IP.

2.4.2    Transport Startup Error

Reboot the system if the following message is displayed after upgrading the ASU software:

Open of knbtcp driver failed: Error in protocol

2.4.3    WINS Servers with Large Databases

In very large scale WINS environments, name registrations with the WINS servers can sometimes take a long time. This delay can cause the ASU server to declare contact lost with the WINS server and write the following message in the system log file (/var/adm/messages):

knb: Contact lost with WINS server nn.nn.nn.nn

In this message, nn.nn.nn.nn is the TCP/IP address of the WINS sever.

While this problem does not prevent the ASU server from working, it might cause problems with clients attempting to connect to the ASU server if they use only WINS for name resolution. The ASU server attempts to register ASU server NetBIOS names with the WINS server (after a default retry period of 4 minutes) until either all ASU server names are registered or contact is lost (in which case this process is repeated).

If problems persist where contact is constantly lost, you can change the WINS client parameters located in the /etc/sysconfigtab file as described in the following table, however Compaq does not recommend changing the default values.

Parameter Specifies Default Value
knbretrycontact

The timeout (in ms) between retries to contact the WINS server.

240000 (4 minutes)

knbquerytimeout

The timeout (in ms) allowed for name queries. This parameter affects all name queries using broadcast and WINS.

500 (0.5 seconds)

knbqueryretries

The number of retries.

3

knbwinsquerymult

A multiplier applied to WINS queries for timeouts.

4

With the default query timeout and default multiplier, a WINS query has a 2 second timeout (0.5 seconds x 4).

knbignorewinsavailable

Whether or not to ignore the availability of the WINS server when doing queries.

True (1); allow name queries to be sent to the WINS server even if contact is lost.

Follow these steps to change a WINS client parameter:

  1. Stop the ASU server by entering the following command:

    # net stop server

  2. Create a stanza format attributes file for the parameter you want to change. For example, to create a stanza format attributes file for the knbretrycontact parameter to increase the timeout between retries to contact the WINS server to 300000 (5 minutes), enter:

    # cat > knbretrycontact.stanza
    knbtcp:
    knbretrycontact = 300000
    ^D
    

  3. Merge the attributes in to the /etc/sysconfigtab file by entering the following command:

    # sysconfigdb -a -f knbretrycontact.stanza knbtcp

    If the knbretrycontact parameter exists in the sysconfigtab file, use the -u flag to update the parameter instead of the -a flag to add a parameter.

  4. Restart the ASU server by entering the following command:

    # net start server

2.5    Command Problems and Restrictions

The following sections describe command problems and solutions and restrictions.

2.5.1    The dxaccounts Command

You cannot use the dxaccounts command to modify accounts with a description longer than 48 characters.

The builtin ASU Guest account has a default description longer than 48 characters. The description is Built-in account for guest access to the computer/domain. Use the net user command or the User Manager for Domains GUI to modify the ASU Guest account.

2.5.2    The net perms Command

The net perms command displays the following message if the ACL for a file or directory contains an ACE for a deleted user or group:

Error 13 has occurred. 
The data is invalid.

To fix this problem, enter the acladm -U command to remove ACEs of deleted users or groups.

2.5.3    The passwd Command

On systems with the ASU SIA subset installed, the Tru64 UNIX passwd command does not work reliably and its history function does not work. Use the net password command or the Microsoft User Manager to change ASU user account passwords on systems with the ASU SIA subset installed.

2.5.4    The promote Command

Do not use the promote command to demote a PDC, then enter the asusetup command to modify the configuration. Doing so might leave the ASU server in an indeterminate state.

See promote(8) for more information on using the promote command.

2.5.5    The net Commands Are Not Available After Upgrading

After you upgrade the ASU software, the shell path might be modified causing the /usr/bin path to disappear. As a result, the net commands are not available. Use the rehash command to restore the path when using the C shell.

2.5.6    The asustat -n Command Reports Incorrect Number of Client Connections

The asustat -n command displays an incorrect number of client connections when you enter the net session command on a system with the ASDU-MCS-CLIENT product authorization key (PAK) installed.

Use the asustat -L command to view the correct number of client connections.

2.5.7    Do Not Use the adduser Command on a BDC

You cannot create a Tru64 UNIX user account with an associated domain user account by using the adduser command on a system running the Tru64 UNIX Version 5.0 or higher operating system software and configured as an ASU BDC. You can create the accounts with either the /usr/bin/X11/dxaccounts GUI or the useradd command with the -D pc_synchronize=0 option. For example, to use the useradd command and default values to create a Tru64 UNIX user account and a domain user account for a user named peter, enter the following commands:

# useradd -D pc_synchronize=0

# useradd peter

See useradd(8) for more information on the useradd command.

2.5.8    The sjistoeuc and euctosjis Commands Incorrectly Convert Some Files

The sjistoeuc and euctosjis commands incorrectly convert Japanese user-defined characters when converting from MS-DOS to UNIX format.

If the text file you want to convert contains Japanese user-defined characters, use the ud and iconv commands to convert them. For example, to convert a file from MS-DOS to UNIX format and convert the encoding of the characters from SJIS to EUC, enter:

# ud -u sjis.txt | iconv -f SJIS -t eucJP > euc.txt

To convert a file from UNIX to MS-DOS format and convert the encoding of the characters from EUC to SJIS, enter:

# ud -d euc.txt | iconv -f eucJP -t SJIS > sjis.txt

2.5.9    Do Not Run the asusetup Command with the log Command

If you want to log output from the asusetup procedure, use the script command rather than the log command with the asusetup command.

2.5.10    The net accounts /sync Command Incorrectly Calculates Domain Entries

The net accounts /sync command does not correctly calculate the number of entries when a domain contains many Windows NT workstations. Microsoft Corporation has issued a hot fix (Q182441) in the Windows NT Version 4.0 Service Pack 4 to correct this problem.

2.6    ASU Server and Windows 95 Problems and Restrictions

The following sections describe problems when administering the ASU server from a Windows 95 system, and possible solutions and restrictions.

2.6.1    Setting Up Trust Relationships

You can use the Windows client-based administrative interfaces (Nexus tools) on a system running the Windows 3.x, Windows for Workgroups, or Windows 95 software to set up a trust relationship between an ASU server and a Windows NT server. However, you cannot use these interfaces to log in to a remote trusted domain or verify a trust relationship.

See the ASU Installation and Administration Guide for more information on the Windows client-based administrative tools.

2.6.2    Error Browsing ASU Shares from Windows 95

When you browse ASU shares that have file or directory names that are spelled the same, but one name is uppercase and the other name is lowercase, the Windows 95 software displays the following error message:

Drive:\directory is not accessible
This folder was moved or removed.
 

Rename files or directories if their names differ only in case.

2.6.3    Administering Permissions on Share Names that Contain German Umlauts

You cannot use the Windows Explorer on a system running the Windows 95 software to administer resource permissions on shares that contain German umlauts in their names. To administer permissions on these shares, you must use the Windows Network Neighborhood interface.

Microsoft Corporation acknowledges that the Windows 95 software does not support Unicode and has no plans to provide a solution.

2.6.4    Renaming or Deleting Files and Directories in ASU Shares

If the ASU software is configured for either the English locale for US (en_US.ISO8859-1) or the English locale for Great Britain (en_GB.ISO8859-1), you cannot use the Windows Explorer on a system running the Windows 95 software to rename or delete files and directories in ASU shares that contain lowercase non-English language characters.

To resolve this, set the lang and msdoscodepage parameters in the lmxserver section of the lanman.ini file as described in the following table:

Locale lang Parameter msdoscodpage Parameter
en_US.ISO8859.1 (English for U.S.) de_DE.ISO8859-1 cp437
en_GB.ISO8859.1 (English for Great Britain) de_DE.ISO8859-1 cp850

2.7    Printer Problems and Restrictions

The following sections describe printer problems and solutions and restrictions.

2.7.1    Adding Printer Shares

If the ASU registry is deleted but the device driver subdirectories in the PRINT$ disk share are not, the ASU server will not allow a printer share to be added.

To fix this problem, delete all the files in PRINT$ disk share, then delete and recreate the ASU printer shares.

2.7.2    Lexmark PostScript Driver

The Windows 2000 Lexmark PostScript driver for the Optra S 4250 does not install on an ASU server.

To fix this problem, install the driver locally.

2.7.3    Deleting ASU Printer Shares

Do not use the Tru64 UNIX lprsetup command or edit the /etc/printcap file to delete an ASU printer share. To delete a printer share, use the clsetup command, or enter:

# net share sharename /delete

See the ASU Installation and Administration Guide for more information on the net commands. See clsetup(8) for more information on the clsetup command.

2.7.4    Unsupported Windows 2000 Drivers

Some Windows 2000 printer drivers cannot be installed on the ASU server because they use Windows 2000 server features that the ASU server does not support.

2.7.5    Unsupported HP PCL Drivers

Some Hewlett-Packard (HP) Windows NT and Windows 2000 PCL drivers expect to receive device mode information that the ASU server does not provide.

Use the HP PostScript drivers instead of PCL drivers.

2.7.6    ASU Print Jobs Consuming 100% CPU Time

If information from the vmstat command shows that printing is taking up 100% of the CPU time, delete the /usr/net/servers/lanman/spool/lmspoolmap.* files. These files will be recreated when the ASU server needs them.

2.7.7    Performance Problem When Printing from the Internet Explorer

Windows users who use Internet Explorer Version 4.0 might notice increased network traffic after printing to a down-level printer on a system where the ASU DisableUpLevelPrinting value entry is enabled. By default, this entry is disabled. The increased network traffic is a periodic, repeating request by Internet Explorer for information about the print job, which continues until the user stops the Internet Explorer.

Microsoft Corporation has corrected this problem in Internet Explorer Version 4.0 Service Pack 1.

2.7.8    Cannot Display ASU Printer Properties

If, for an ASU printer share, you install a printer driver from a Windows NT client using Windows NT distribution media, then printer properties that are displayed are Windows NT local properties and not ASU printer properties.

2.7.9    Printer Status Messages in E-mail

Windows 95 system users might receive an e-mail message when they print a job to a DIGITAL or Compaq print server because Windows 95 print drivers include instructions that tell the printer to send a status message.

You can configure the print server software to not send e-mail messages.