The following sections describe problems and solutions and restrictions
for this release.
2.1 General Problems and Restrictions
The following sections describe general ASU server problems and solutions
and restrictions.
2.1.1 Restoring Permissions of Default Shares
If a default share such as the
C$
share is deleted
and recreated, the ACL may not be correct.
You must enter the
acladm
-O
command to restore the default ACLs.
2.1.2 Browsing the ASU Server from a Windows XP Workstation
When browsing an ASU server using the Network Neighborhood interface on a Windows XP workstation, you must select the ASU server's primary name and not its extra listen name (if any). Selecting an ASU server's extra listen name will cause the following error message to be displayed on the Windows XP workstation:
\\node_name is not accessible, you might not have permission to use this network resource. Contact the administrator of the server to find out if you have access permissions. The network path was not found.
You specify extra listen names for an ASU server by using the
asusetup
utility or by setting the value of the
SYSTEM/CurrentControlSet/Services/AdvancedServer/Parameters/ExtraListenNames
registry entry.
2.1.3 Logging on to Windows XP Workstations from an ASU Domain Controller
Users cannot logon to Windows XP workstations from an ASU domain controller and the following error message is displayed on the Windows XP workstation:
Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance.
To fix this problem, make the following changes on the Windows XP workstations:
Edit the Local Group Policy to disable Autoenrollment:
From start menu, click
Run
and enter
gpedit.msc
.
Select
Local Computer Policy\Computer Configuration\Windows
Settings\Security Settings\Public Key Policies\Autoenrollment Settings
.
From the
Autoenrollement Settings
Properties
window select the
Do not enroll certificates automatically
button and select OK.
Exit the Local Group Policy Editor.
Set the registry entry
REQUIRESIGNORSEAL
to 0:
From the start menu, click
Run
and enter
regedt32
.
Select
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\REQUIRESIGNORSEAL
and choose
Modify
from the pull down menu.
From the
Edit DWORD Value
window, set the
value data field to 0 and select OK.
Reboot the Windows XP workstation.
Note
When Windows XP workstations join an ASU domain controller, a NetLogon system 5723 Error may be logged in ASU system event log. You can ignore this event. For more information see the Microsoft Article Q310461.
2.1.4 Identifing ASU Server Name on Windows XP Workstations
On Windows XP workstations, the Explorer and Microsoft Word File Save Window list ASU disk shares in one of the following ways:
$sharename on 'Advanced Server for Unix ($server)' on ($drive) users on 'Advanced Server for Unix (josb84)' on (Y:)
Because of the default size of the File Save window, the ASU server name might be truncated, making it difficult to identify disk shares that have the same name but are on different ASU servers.
To fix this problem, change the value of the
SrvComment
registry parameter to a shorter string.
Follow these steps to use the
regconfig
registry editor to change the value of the
SrvComment
registry parameter to ASU.
The backslash ( \ ) at the end a line
indicates continuation.
Enter the entire command, then press the Enter key.
# regconfig SYSTEM/CurrentControlSet/Services/\ Lanmanserver/Parameters SrvComment REG_SZ "ASU"
Restart the ASU server by entering the following commands:
# net stop server # net start server
2.1.5 Running the ASDU Password Utility
Running the ASDU Password utility on a system running Windows NT or
Windows 2000 Server or Professional requires that the
SyncUnixPassword
registry entry to be disabled, which it is by default.
2.1.6 Starting an ASU Server with Many Listen Names
If a system has more than twelve listen names, the
net start
server
command might return an error message that the ASU server
failed to start up.
In fact, the ASU server will eventually start, but the
net start server
command times out before all the listen names are
posted.
2.1.7 Synchronizing Passwords with NIS and Enhanced Security
The ASU server does not support password synchronization (SyncUnixPassword
enabled) when using network information service
(NIS) and enhanced security.
2.1.8 Ignoring Tru64 UNIX Group and File Permissions
By default, the ASU server first checks Windows NT permissions, then Tru64 UNIX
user and group permissions, before a domain user can access an ASU shared
resource.
You can configure the ASU server to not check Tru64 UNIX user
and group permissions by enabling the
IgnoreUnixPermissions
registry value entry.
However, if you enable the
UnixQuotas
registry value entry, the ASU server checks Tru64 UNIX user and group
permissions even if you enable the
IgnoreUnixPermissions
registry value entry.
2.1.9 Uppercase File and Directory Names
A file name or directory name created with all uppercase letters in
an ASU share is displayed in the Windows Explorer with only an initial uppercase
letter.
2.1.10 SIA Subset and User Passwords
By default, when you create a domain user account, the password for
the corresponding Tru64 UNIX user account, for example in the
/etc/passwd
file, is set to
Nologin
, which means
that the user cannot interactively log in to the Tru64 UNIX system until
an administrator sets their password.
However, if you install the SIA subset
and create a domain user account, the password for the account is still set
to
Nologin
, but the user can interactively log in to the Tru64 UNIX
system using their domain user name and password.
2.1.11 NFS Mounted Devices Require the rpc.lockd and rpc.statd Daemons
The ASU software might stall or data might be lost when you access an
NFS mounted device if the ASU
UseNfsLocks
registry value
entry is enabled (set to 1) and NFS locking is not enabled (the
rpc.lockd
and
rpc.statd
daemons are not started)
on the NFS server or on the Tru64 UNIX system on which the ASU software
is running.
By default, the
UseNfsLocks
registry value
entry is enabled.
2.1.12 Replicating Files and Directories
The
replicator
service does not replicate files and
directories if:
The directory name at the top level of the tree contains non-ASCII characters. Only ASCII characters can be used in the top level directory name. However, non-ASCII characters can be used in the names of subdirectories and files within the tree.
You specify more than one server on the import list.
You set the
integrity=tree
parameter in
the
repl.ini
file.
The names of files and directories to be replicated do not conform to the MS-DOS 8.3 naming convention.
You enter a lowercase device name in the replicator export
path.
The device name is always
C:
, and must be entered
in uppercase, for example:
ExportPath = "C:\usr\net\servers\lanman\shares\asu\repl\export"
You might need to restart the browser process because it runs out of virtual memory.
If
BROWSER
does not display when you
enter the
net start
command, you must restart the browser
process by entering the following command:
#
net start browser
2.1.14 Potential ASU Registry Corruption
If the Tru64 UNIX system suddenly stops, for example because of a power failure, then the ASU registry might become corrupt. The symptom will be that the ASU server cannot start.
To display information about the state of the ASU registry, enter:
#
regcheck
-C
To repair a corrupt ASU registry, enter:
#
regcheck
-R
2.1.15 Setting Protection on Core Files
The ASU server cannot set the protection on a core file if the
enhanced-core-name
attribute is set to 1 in the
proc
section in the
/etc/sysconfigtab
file.
See
sysconfig
(8)2.2 ASU and TruCluster Server Problems and Restrictions
The following sections describe ASU and TruCluster Server problems and
solutions and restrictions.
2.2.1 Locking Violations
If two clients open the same file on different members of a TruCluster, and the program depends on the implicit locking of writes, unexpected errors may be reported.
The ASU server, by default, performs writes after returning a status. If the write fails, the error is reported on the next I/O operation. In a Trucluster, locking across members is also deferred, which can lead to unexpected results.
If the program cannot be modified to use explicit locking, disable the
WriteBehind
registry entry.
Follow these steps to use the
regconfig
registry
editor to disable the
WriteBehind
registry entry.
The backslash
( \ ) at the end a line indicates continuation.
Enter the entire command,
then press the Enter key.
# regconfig SYSTEM/CurrentControlSet/Services/AdvancedServer/\ FileServiceParameters WriteBehind REG_DWORD 0
To restart the ASU server, enter:
# net stop server # net start server
2.2.2 TruCluster Server Version 5.x Error Message
The message
CAA request timeout!
is displayed when
you enter the following command to start an ASU server that is configured
as a single-instance TruCluster Server Version 5.x application:
#
caa_startup asu
-c
servername
Ignore the message; the ASU server starts correctly.
2.2.3 TruCluster Rolling Upgrade
To perform a rolling upgrade on a TruCluster Server member running the
ASU software and Tru64 UNIX Version 5.0A or Version 5.1 operating system
software, you must first upgrade the ASU software to Version 5.0 ECO2 or higher,
then proceed with the rolling upgrade of the Tru64 UNIX operating system
software.
2.2.4 Reconfiguring to None Mode
When reconfiguring an ASU server from single-mode or multi-node to none
mode, the
transports.ini
file still contains configuration
data for multiple members.
When the cluster reboots, each booting member finds
its corresponding information in the
transports.ini
file,
and the ASU server tries to start on all members, leaving the transports running
on multiple members.
To avoid this, use an editor and remove from the
transports.ini
file the entries for all but one member and its corresponding
controller information.
For example, the following output is from a
transports.ini
file after the ASU server was reconfigured to none
mode.
If you want the ASU server to run only on a member called server2, remove
all the lines that refer to member_01, controller_01, member_03, and controller_03.
Leave only the lines referring to member_02 and controller_02.
In this example,
delete lines that are indicated by an asterisk (*).
[ member ] * member_01=server1.compaq.com,server1 member_02=server2.compaq.com,server2 * member_03=server3.compaq.com,server3 [ tcpip ] * controller_01=tu0 controller_02=tu0 * controller_03=tu0 [ netbeui ] * controller_01=tu0 controller_02=tu0 * controller_03=tu0
2.2.5 Reinstalling ASU in a TruCluster Cluster
When you reinstall the ASU software in a TruCluster Server cluster, the ASU transports might not stop properly.
To fix this problem, you must stop the ASU server and transports on all cluster members before you remove the ASUBASE or ASUTRAN subsets.
Enter the following command on each cluster member to stop the ASU server and transports:
#
/usr/net/servers/lanman/scripts/asuase_stop
2.2.6 Reconfiguring the ASU Server
The following error message might be displayed when using the
asusetup
utility to reconfigure an ASU server PDC from multi-instance
mode to single-instance mode:
ERROR: An account for this machine cannot be created.
Rerun the
asusetup
utility if this message displays.
2.3 ASU Server and Windows 2000 Problems and Restrictions
The following sections describe ASU server and Windows 2000 problems
and solutions and restrictions.
2.3.1 ASU Replicated Database for Windows 2000
Before upgrading a Windows NT system to Windows 2000, if the SAM database
was replicated from an ASU server, you must first delete the Admin account
and Servers group from the SAM database.
2.3.2 Administering the ASU Server in a Windows 2000 Domain
You must administer the ASU Server in a Windows 2000 domain by using Windows 2000 interfaces, except for file replication (see Section 2.3.3).
When you use the Windows 2000 Management Console (MMC) to manage services on the ASU server the following informational message might be displayed, which you can ignore:
Configuration Manager: The machine selected for remote communication is not available at this time.
If the ASU server is configured as a BDC in a Windows 2000 domain, you
must perform all trust management on the Windows 2000 domain controller.
When
you enter a
net
command on the ASU BDC to manage a trust,
the command fails and an error message similar to the following is displayed:
#
net trust ntdomain password /allow /domain:w2kdomain
Access Denied
#
net trust ntdomain password /add
Error 87 Parameter is incorrect.
Due to major changes in the Windows 2000 File Replication Service, you
cannot configure ASU file replication by using the Windows 2000 Microsoft
Management Console (MMC) or the
srvmgr
interface in the
ASTOOLS
disk share on Windows 2000.
To configure ASU file replication, you can use the Windows NT
srvmgr
interface or the srvmgr interface in the ASU
ASTOOLS
disk share on Windows NT.
2.3.4 Windows 2000 Explorer Crashes When Managing ASU Printer Shares
The Windows 2000 Explorer crashes if you attempt to manage an ASU printer share that was not configured with a driver from Windows NT or Windows 2000.
To avoid this problem, create an ASU printer share from Windows NT or
Windows 2000 instead of using the ASU
net share
command.
2.3.5 ASU and Windows 2000 Single Sign On Version 2.0 Machine Account Name Conflict
If the Tru64 UNIX system will be running ASU Version 5.1A or higher and Windows 2000 Single Sign On (SSO) Version 2.0, the ASU server name cannot be the same as the host name. While the problem is also true for SSO Version 1.0, the solution for this problem is different with ASU Version 5.1A or higher and SSO Version 2.0.
The SSO software creates a machine account in the Active Directory that
matches the host name of the Tru64 UNIX system.
If the ASU server also
uses the host name as the ASU server name, which it does by default, it will
overwrite the account created by the SSO software and will cause SSO functionality
to fail.
To avoid this failure, run the
asusetup
command
and select an ASU server name that is different than the host name and will
not conflict with any other server name in the environment.
When the
asusetup
command prompts for extra listen names, enter the Tru64 UNIX
host name.
This allows users to map drives to shares using the host name as
a ASU server name with no machine account conflict.
2.3.6 ASU and Windows 2000 Single Sign On Version 1.0 Machine Account Name Conflict
If the Tru64 UNIX system will be running ASU Version 5.1A or higher and Windows 2000 Single Sign On (SSO) Version 1.0, the ASU server name cannot be the same as the host name.
The SSO software creates a machine account in the Active Directory that matches the host name of the Tru64 UNIX system. If the ASU server also uses the host name as the ASU server name, which it does by default, it will overwrite the account created by the SSO software and will cause SSO functionality to fail.
To avoid this problem, do not use the Tru64 UNIX system's host
name as the machine account name when you configure the SSO software.
2.4 Network Problems and Restrictions
The following sections describe network problems and solutions and restrictions.
2.4.1 NetBEUI Clients Lose Connections
A problem in the 802.2 service class implementation on most clients causes NetBEUI clients to lose their links to some fast SMP servers. The problem is complicated by the ability of some SMP servers to send out-of-order packets to the client.
If you receive an
Abort, Fail, Retry?
message, click
on
Retry
to reestablish the link.
If the problem persists,
abort the link and reconfigure the client and server to use TCP/IP.
2.4.2 Transport Startup Error
Reboot the system if the following message is displayed after upgrading the ASU software:
Open of knbtcp driver failed: Error in protocol
2.4.3 WINS Servers with Large Databases
In very large scale WINS environments, name registrations with the WINS
servers can sometimes take a long time.
This delay can cause the ASU server
to declare contact lost with the WINS server and write the following message
in the system log file (/var/adm/messages
):
knb: Contact lost with WINS server nn.nn.nn.nn
In this message, nn.nn.nn.nn is the TCP/IP address of the WINS sever.
While this problem does not prevent the ASU server from working, it might cause problems with clients attempting to connect to the ASU server if they use only WINS for name resolution. The ASU server attempts to register ASU server NetBIOS names with the WINS server (after a default retry period of 4 minutes) until either all ASU server names are registered or contact is lost (in which case this process is repeated).
If problems persist where contact is constantly lost, you can change
the WINS client parameters located in the
/etc/sysconfigtab
file as described in the following table, however Compaq does not recommend
changing the default values.
Parameter | Specifies | Default Value |
knbretrycontact |
The timeout (in ms) between retries to contact the WINS server. |
240000 (4 minutes) |
knbquerytimeout |
The timeout (in ms) allowed for name queries. This parameter affects all name queries using broadcast and WINS. |
500 (0.5 seconds) |
knbqueryretries |
The number of retries. |
3 |
knbwinsquerymult |
A multiplier applied to WINS queries for timeouts. |
4 With the default query timeout and default multiplier, a WINS query has a 2 second timeout (0.5 seconds x 4). |
knbignorewinsavailable |
Whether or not to ignore the availability of the WINS server when doing queries. |
True (1); allow name queries to be sent to the WINS server even if contact is lost. |
Follow these steps to change a WINS client parameter:
Stop the ASU server by entering the following command:
#
net stop server
Create a
stanza
format attributes file
for the parameter you want to change.
For example, to create a
stanza
format attributes file for the
knbretrycontact
parameter to increase the timeout between retries to contact the WINS server
to 300000 (5 minutes), enter:
# cat > knbretrycontact.stanza knbtcp: knbretrycontact = 300000 ^D
Merge the attributes in to the
/etc/sysconfigtab
file by entering the following command:
#
sysconfigdb
-a
-f
knbretrycontact.stanza
knbtcp
If the
knbretrycontact
parameter exists in the
sysconfigtab
file, use the
-u
flag to update the
parameter instead of the
-a
flag to add a parameter.
Restart the ASU server by entering the following command:
#
net start server
2.5 Command Problems and Restrictions
The following sections describe command problems and solutions and restrictions.
2.5.1 The dxaccounts Command
You cannot use the
dxaccounts
command to modify accounts
with a description longer than 48 characters.
The builtin ASU
Guest
account has a default description
longer than 48 characters.
The description is
Built-in account for
guest access to the computer/domain
.
Use the
net user
command or the User Manager for Domains GUI to modify the ASU
Guest
account.
2.5.2 The net perms Command
The
net perms
command displays the following message
if the ACL for a file or directory contains an ACE for a deleted user or group:
Error 13 has occurred. The data is invalid.
To fix this problem, enter the
acladm -U
command
to remove ACEs of deleted users or groups.
2.5.3 The passwd Command
On systems with the ASU SIA subset installed, the Tru64 UNIX
passwd
command does not work reliably and its history function does
not work.
Use the
net password
command or the Microsoft
User Manager to change ASU user account passwords on systems with the ASU
SIA subset installed.
2.5.4 The promote Command
Do not use the
promote
command to demote a PDC,
then enter the
asusetup
command to modify the configuration.
Doing so might leave the ASU server in an indeterminate state.
See
promote
(8)promote
command.
2.5.5 The net Commands Are Not Available After Upgrading
After you upgrade the ASU software, the shell path might be modified
causing the
/usr/bin
path to disappear.
As a result, the
net
commands are not available.
Use the
rehash
command to restore the path when using the C shell.
2.5.6 The asustat -n Command Reports Incorrect Number of Client Connections
The
asustat -n
command displays an incorrect number
of client connections when you enter the
net session
command
on a system with the ASDU-MCS-CLIENT product authorization key (PAK) installed.
Use the
asustat
-L
command to view
the correct number of client connections.
2.5.7 Do Not Use the adduser Command on a BDC
You cannot create a Tru64 UNIX user account with an associated
domain user account by using the
adduser
command on a system
running the Tru64 UNIX Version 5.0 or higher operating system software
and configured as an ASU BDC.
You can create the accounts with either the
/usr/bin/X11/dxaccounts
GUI or the
useradd
command
with the
-D
pc_synchronize=0
option.
For
example, to use the
useradd
command and default values
to create a Tru64 UNIX user account and a domain user account for a user
named peter, enter the following commands:
#
useradd
-D
pc_synchronize=0
#
useradd peter
See
useradd
(8)useradd
command.
2.5.8 The sjistoeuc and euctosjis Commands Incorrectly Convert Some Files
The
sjistoeuc
and
euctosjis
commands
incorrectly convert Japanese user-defined characters when converting from
MS-DOS to UNIX format.
If the text file you want to convert contains Japanese user-defined
characters, use the
ud
and
iconv
commands
to convert them.
For example, to convert a file from MS-DOS to UNIX format
and convert the encoding of the characters from SJIS to EUC, enter:
# ud -u sjis.txt | iconv -f SJIS
-t eucJP >
euc.txt
To convert a file from UNIX to MS-DOS format and convert the encoding of the characters from EUC to SJIS, enter:
# ud -d euc.txt | iconv -f eucJP
-t SJIS >
sjis.txt
2.5.9 Do Not Run the asusetup Command with the log Command
If you want to log output from the
asusetup
procedure,
use the
script
command rather than the
log
command with the
asusetup
command.
2.5.10 The net accounts /sync Command Incorrectly Calculates Domain Entries
The
net accounts /sync
command does not correctly
calculate the number of entries when a domain contains many Windows NT workstations.
Microsoft Corporation has issued a hot fix (Q182441) in the Windows NT Version
4.0 Service Pack 4 to correct this problem.
2.6 ASU Server and Windows 95 Problems and Restrictions
The following sections describe problems when administering the ASU
server from a Windows 95 system, and possible solutions and restrictions.
2.6.1 Setting Up Trust Relationships
You can use the Windows client-based administrative interfaces (Nexus tools) on a system running the Windows 3.x, Windows for Workgroups, or Windows 95 software to set up a trust relationship between an ASU server and a Windows NT server. However, you cannot use these interfaces to log in to a remote trusted domain or verify a trust relationship.
See the ASU
Installation and Administration Guide
for more information on the Windows
client-based administrative tools.
2.6.2 Error Browsing ASU Shares from Windows 95
When you browse ASU shares that have file or directory names that are spelled the same, but one name is uppercase and the other name is lowercase, the Windows 95 software displays the following error message:
Drive:\directory is not accessible This folder was moved or removed.
Rename files or directories if their names differ only in case.
2.6.3 Administering Permissions on Share Names that Contain German Umlauts
You cannot use the Windows Explorer on a system running the Windows 95 software to administer resource permissions on shares that contain German umlauts in their names. To administer permissions on these shares, you must use the Windows Network Neighborhood interface.
Microsoft Corporation acknowledges that the Windows 95 software does
not support Unicode and has no plans to provide a solution.
2.6.4 Renaming or Deleting Files and Directories in ASU Shares
If the ASU software is configured for either the English locale for US (en_US.ISO8859-1) or the English locale for Great Britain (en_GB.ISO8859-1), you cannot use the Windows Explorer on a system running the Windows 95 software to rename or delete files and directories in ASU shares that contain lowercase non-English language characters.
To resolve this, set the
lang
and
msdoscodepage
parameters in the
lmxserver
section of the
lanman.ini
file as described in the following table:
Locale | lang Parameter | msdoscodpage Parameter |
en_US.ISO8859.1 (English for U.S.) | de_DE.ISO8859-1 | cp437 |
en_GB.ISO8859.1 (English for Great Britain) | de_DE.ISO8859-1 | cp850 |
2.7 Printer Problems and Restrictions
The following sections describe printer problems and solutions and restrictions.
2.7.1 Adding Printer Shares
If the ASU registry is deleted but the device driver subdirectories
in the
PRINT$
disk share are not, the ASU server will not
allow a printer share to be added.
To fix this problem, delete all the files in
PRINT$
disk share, then delete and recreate the ASU printer shares.
2.7.2 Lexmark PostScript Driver
The Windows 2000 Lexmark PostScript driver for the Optra S 4250 does not install on an ASU server.
To fix this problem, install the driver locally.
2.7.3 Deleting ASU Printer Shares
Do not use the Tru64 UNIX
lprsetup
command or
edit the
/etc/printcap
file to delete an ASU printer
share.
To delete a printer share, use the
clsetup
command,
or enter:
#
net share
sharename
/delete
See the ASU
Installation and Administration Guide
for more information on the
net
commands.
See
clsetup
(8)clsetup
command.
2.7.4 Unsupported Windows 2000 Drivers
Some Windows 2000 printer drivers cannot be installed on the ASU server
because they use Windows 2000 server features that the ASU server does not
support.
2.7.5 Unsupported HP PCL Drivers
Some Hewlett-Packard (HP) Windows NT and Windows 2000 PCL drivers expect to receive device mode information that the ASU server does not provide.
Use the HP PostScript drivers instead of PCL drivers.
2.7.6 ASU Print Jobs Consuming 100% CPU Time
If information from the
vmstat
command shows that
printing is taking up 100% of the CPU time, delete the
/usr/net/servers/lanman/spool/lmspoolmap.*
files.
These files will be recreated when the ASU server needs
them.
2.7.7 Performance Problem When Printing from the Internet Explorer
Windows users who use Internet Explorer Version 4.0 might notice increased
network traffic after printing to a down-level printer on a system where the
ASU
DisableUpLevelPrinting
value entry is enabled.
By default,
this entry is disabled.
The increased network traffic is a periodic, repeating
request by Internet Explorer for information about the print job, which continues
until the user stops the Internet Explorer.
Microsoft Corporation has corrected this problem in Internet Explorer
Version 4.0 Service Pack 1.
2.7.8 Cannot Display ASU Printer Properties
If, for an ASU printer share, you install a printer driver from a Windows
NT client using Windows NT distribution media, then printer properties that
are displayed are Windows NT local properties and not ASU printer properties.
2.7.9 Printer Status Messages in E-mail
Windows 95 system users might receive an e-mail message when they print a job to a DIGITAL or Compaq print server because Windows 95 print drivers include instructions that tell the printer to send a status message.
You can configure the print server software to not send e-mail messages.