ECO NUMBER: ASU51B ECO002 ----------- PATCH ID: ASU51B_ECO2_193 ----------- PRODUCT: Advanced Server for UNIX -------- UPDATED PRODUCT: Advanced Server for UNIX Version 5.1B ---------------- RELEASE DATE: February, 2004 -------------- The Advanced Server for UNIX (ASU) Version 5.1B ECO #002 kit provides enhancements and corrections for problems found in the ASU Version 5.1B software, including ECO1, and in earlier versions of the ASU software. This ECO kit also contains support to configure an ASU member server in a Windows 2003 domain. This release note document has the following sections: - ASU General Problem Descriptions and Solutions - ASU and TruCluster Server Version 5.x Problem Descriptions and Solutions - ASU and Windows 2000 and Windows 2003 Related Problem Descriptions and Solutions - ASU General Changes - ASU Installation Instructions ---------------------------------------------- ASU General Problem Descriptions and Solutions ---------------------------------------------- Problem Addressed: In a domain, you must first stop the primary domain controller (PDC) before promoting an ASU backup domain controller (BDC) to PDC. Previously, the promote command would promote an ASU BDC to PDC while the PDC was running. This problem has been corrected. The promote command now fails and displays the following message: "Cannot promote when the current PDC is running." Problem Addressed: Configuring the directory replication service for an ASU member server to log on as a user from the domain failed and the following message was displayed: "Cannot set the startup parameters for the directory replicator service. Error 1057 occurred: The account name is invalid or does not exist." This problem has been corrected. Problem Addressed: Using the net user command to change user information, for example the user's fullname, would also clear the user's dialin information. This problem has been corrected. Problem Addressed: The acladm -U command incorrectly deleted Access Control Entries (ACEs) for the Replicator account. This problem has been corrected. Problem Addressed: If the net perms command encountered an ACE for a deleted user or group, it displayed either the deleted user or group's relative ID (RID) in hex or displayed the following message: "Error 13 has occurred." This problem has been corrected. The net perms command does not display anything if it encounters an ACE for a deleted user or group. To delete ACEs for deleted users or groups, enter: # acladm -U Problem Addressed: The net perms command would set permissions even if it could not map users or groups for all the Access Control Entries (ACEs). This problem has been corrected. The (incomplete) permissions will no longer be set. Problem Addressed: Samba version 2.2.8a and below clients could not use the smbpasswd command to join a domain in which the ASU server was the PDC. This problem has been corrected. Problem Addressed: Deleting a file with a Euro sign or other unmappable UNICODE characters would immediately terminate the session to the client. The ASU server now returns the error STATUS_UNMAPPABLE_CHARACTER. Problem Addressed: If an ASU share with a name consisting of lowercase or mixed case letters was deleted, users connected to that share were not disconnected. This problem has been corrected. Users connected to a share are immediately disconnected if that share is deleted. Problem Addressed: The ASU server could not change UNIX passwords for NIS users if the SyncUnixPassword registry entry was enabled and Enhanced Security was installed on the system. This problem has been corrected. However, you cannot use the ASDUPASS utility to change UNIX passwords for NIS users on a system that has Enhanced Security installed. Problem Addressed: While changing a user password, the net password command would display a message that the command completed successfully even if the incorrect old password was entered. This problem has been corrected. The net password command now displays messages as follows: - If the incorrect old password is entered: "Error 86 has occurred. The specified network password is not correct." - If the correct old password is entered: "The command completed successfully." Problem Addressed: The ASU server would sometimes hang while attempting to establish a connection to a PDC, and the PDC crashed during the connection attempt. This problem has been corrected. The ASU server now times out if it does not get a response from the PDC after a default timeout period of 30 seconds. Problem Addressed: If you deinstall the ASU software and want to reuse the server configuration, you must save both the server and transport configuration information when deinstalling the ASU subsets. If you save only the server configuration information, the asusetup utility will recreate the SAM database, which will overwrite your existing server configuration information. Problem Addressed: You cannot create a briefcase in an ASU share if the value of the UseUnixGroups registry entry is 1 (enabled). The default value is 0 (disabled). Problem Addressed: You cannot create a folder, text file, briefcase, or bitmap file in an ASU share when using the Japanese ja_JP.UTF-8 codeset setting. The File Manager on the Windows XP system or Windows 2000 system displays the following message (in Japanese): "Can not create 'new folder'. There is data moreover." Problem Addressed: If the ASU SIA subset was installed and a user used telnet or rlogin to log into their ASU user account, their shell would contain ICONV_* environment variables that could interfere with CDE's functioning with Japanese UTF-8 locale. This problem has been corrected. Problem Addressed: If the disk was full and you started the ASU server by entering the net start server command, the lanman.ini file was truncated. This problem has been corrected. However, we strongly suggest to always have some free disk space before starting the ASU server. Problem Addressed: If the ASU server was configured to use the NetBEUI transport, the Tru64 UNIX system would sometimes panic with a Kernel Memory Fault in routine nbnq_unset_timer(). For example: # cd /var/adm/crash # dbx -k vmunix.10 vmzcore.10 > t ... 3 _XentMM(0x0, 0xffffffff800461cc, 0xfffffc00006f9b80, 0xfffffe0400d27280,0x0) ["../../../../src/kernel/arch/alpha/locore.s":2115, 0xfffffc0000534f14] 4 nbnq_unset_timer(nbcb = 0xfffffe0400d27280) ["nbtimer.c":269 0xffffffff800461cc] ... This problem has been corrected. ------------------------------------------------------------------------- ASU and TruCluster Server Version 5.x Problem Descriptions and Solutions ------------------------------------------------------------------------- Problem Addressed: Adding a Windows NT Version 4.0 BDC to an ASU PDC running on a TruCluster Server occasionally failed. Rebooting the ASU PDC corrected the problem; however, the Windows NT BDC continuously generated Event 5719 to its event log. The message for Event 5719 is: "Domain Controller is not available for this domain. The format of the computer name is invalid." This problem has been corrected. Problem Addressed: Logging into the ASU domain occasionally failed and the following message was displayed on the user's PC: "Unexpected error during logon" This problem occurred because the ASU server did not share the server sessions table among the nodes of a cluster. To correct this problem, follow these steps to configure the ASU Server to share the server sessions table in a memory mapped file, which is shared among all the nodes of a cluster: 1. Edit the lanman.ini file. In the [lmxserver] section, add the following entry: mapserversessions=yes (The default value is no.) Save the file. 2. Restart the ASU server. Problem Addressed: Occasionally the ASU server running on a TruCluster Server would crash if: - A user disconnected from the ASU server while applications were running. - A file was accessed while a share was being deleted. These problems have been corrected. Problem Addressed: While installing the ASU subsets in a cluster environment, the setld utility uses the member id of the cluster members to display any information that is specific to member nodes. For example: "Configuring "Transports" (ASUTRAN542) on member0 Configuring "Base Server" (ASUBASE542) on member0 ********************************************* When installation has completed, please run /usr/sbin/asusetup to configure your server. ********************************************* Configuring "Transports" (ASUTRAN542) on member1 Configuring "Base Server" (ASUBASE542) on member1 Configuring "Transports" (ASUTRAN542) on member2 Configuring "Base Server" (ASUBASE542) on member2" In the previous output, the setld utility treats member0 as the member on which the setld utility is running or on which the subsets are being installed. The actual member ids are member1, member2 and so on. Enter the /usr/sbin/clu_get_info command to display the member name and member id association. ------------------------------------------------------ ASU and Windows 2000 and Windows 2003 Related Problem Descriptions and Solutions ------------------------------------------------------ Problem Addressed: Entering the net user /add command fails to create the user account in the domain if a Windows 2003 server is the PDC. The following message is displayed: "Arguments to NET USER are invalid. Check the minimum password length and/or arguments supplied. More help is available by typing NET HELPMSG 3770." To avoid this problem, add the user account directly on the PDC. Problem Addressed: Users could not access their resources on an ASU member server if the Active Directory Migration Tool (ADMT) was used to migrate their accounts from a Windows NT domain to a Windows 2000 domain. This problem has been corrected. Problem Addressed: The following error message might display on a Windows 2003 client if a user logs in to that client and has a roaming profile on the ASU server: "Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator." This problem has been corrected; however, the correction only applies to new user accounts. If the user account exists and the error message is displayed, the user must login into the ASU domain and enter the following command to take ownership of their home directory. Replace with the name of the user account. $ net perms c:/usr/users/ /take Alternatively, the user can use the Windows NT Explorer to take ownership of their home directory through the Properties -> Security -> Ownership dialog box. Problem Addressed: While changing the password of a Windows 2003 domain user from an ASU member server, one of the following error messages could be displayed: "Error 1380 has occurred. Logon failure: the user has not been granted the requested logon type at this computer." "This password cannot be used now. More help is available by typing NET HELPMSG 2244." To correct this problem, change the password from the Windows client. Problem Addressed: Adding an ASU server as a member server to a Windows 2003 domain failed and the following error message was displayed: "The following error occurred while attempting to join domain . A remote procedure call (RPC) protocol error occurred." This problem has been corrected. ------------------- ASU General Changes ------------------- Change: The listcache command has a new '-i ' option where specifies the number of iterations to display the cache. There is a five second delay between displays. Change: The lmstat -S command has been enhanced to display: - The number of currently granted locks and the mode of the currently granted locks for each distributed lock manager (DLM) resource. - The COM-MASTERnnn lock information in a TruCluster Server environment. Change: The lmstat -s command has been enhanced to display the last challenge time, last authentication time, last authentication failure time, and the last machine account change time of server sessions. Change: The lsacl command has a new -t option that maps the security ID (SID) for the owner, group, and each access control entry (ACE) to a user or group name, and then displays the SID followed by the mapping in the format of (domain-name\name). This option is effective only if the ASU server is running. Change: The ASU server now logs untranslatable UNICODE user names and user names longer than 20 characters as unknown user name or password errors in the security event log. Change: A new command called browannc is available. The browancc command enables the administrator (logged in as root) to announce the host name and the extra listennames on the network. This is useful to add the ASU server hostname to the WINS database and to update the browse list on demand if the ASU server is missing from the list. Change: You can now use the Windows "User Manager for Domains" administrative tool to manage user accounts and local groups on an ASU member server. To do so, you must enter the ASU member server name as follows when selecting the domain to manage: \\ASUservername The User Manager for Domains (usrmgr.exe) administrative tool is also available in the ASTOOLS share on an ASU server. Change: Using the latest version of the sys_check utility, you can enter the following command to collect information about the ASU server. Replace with a file name. # sys_check asu > Change: A new parameter called logontimeout was added to the lanman.ini file in the [lmxserver] section. The logontimeout parameter prevents non-ASU domain controllers from consuming ASU licenses by specifying, in seconds, when a Windows domain controller will release an ASU license after connecting to the ASU server. For example, if you set logontimeout=15, then Windows domain controllers will release an ASU license 15 seconds after connecting to the ASU server. After a license is released, an attempt on a Windows domain controller to map a drive to a share on the ASU server will receive system error 1395. Retrying the command will succeed, but the Windows domain controller will again use an ASU license until it is disconnected. The default value of logontimeout is 0, which means that Windows domain controllers will not release an ASU license until they are disconnected. ----------------------------- ASU Installation Instructions ----------------------------- This ECO kit is a complete software kit that includes the features and functionality of previous ASU software releases, and provides corrections for the problems described in this document. If you are installing the ASU software for the first time, change to the directory where the ECO software was downloaded, enter the following command, and follow the instructions on the screen: # setld -l . If you have ASU, ASDU, or PATHWORKS for DIGITAL UNIX subsets installed, you must use the Tru64 UNIX setld command to deinstall those subsets before you install the subsets in this ECO kit. Follow these steps to use the setld command to deinstall ASU, ASDU, or PATHWORKS subsets and install the ECO software: 1. Display the installed ASU, ASDU, or PATHWORKS subsets. Enter one of the following commands depending on the software installed: # /usr/sbin/setld -i | grep ASU | grep installed # /usr/sbin/setld -i | grep ASDU | grep installed # /usr/sbin/setld -i | grep PATHWORKS | grep installed 2. Deinstall the ASU, ASDU, or PATHWORKS subsets. Enter the /usr/sbin/setld -d command followed by the name of each subset. For example, to deinstall the ASU Version 5.0 base, transport, and reference page subsets enter: # /usr/sbin/setld -d ASUBASE500 ASUTRAN500 ASUMANPAGE500 While subsets are being deinstalled, you are prompted to save configuration files and the user account and share databases. Save these files and databases if you want to reuse them with the ASU Version 5.1B ECO2 software. 3. Install the ASU Version 5.1B ECO2 software. Change to the directory where the ASU Version 5.1B ECO2 software was downloaded, enter the following command, and follow the instructions on the screen: # setld -l . See the ASU Installation and Administration guide for more information on installing the ASU software. =============================================================== Copyright 2004 Hewlett-Packard Company. All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Hewlett-Packard Company. Possession, use, duplication, or dissemination of the software and media is authorized only pursuant to a valid written license from Hewlett-Packard Company.