DOCUMENT:Q135316 13-JUN-2001 [sna] TITLE :Support for Sending User ID on Attach when AP_SAME Specified PRODUCT :Microsoft SNA Server PROD/VER:WINDOWS:2.11,3.0 OPER/SYS: KEYWORDS:kbnetwork ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft SNA Server, versions 2.11, 3.0 ------------------------------------------------------------------------------- SUMMARY ======= In response to customer requests, Microsoft created an update for SNA Server that allows APPC applications to automatically send the logged on user ID in the LU6.2 attach message, when setting the security parameter to AP_SAME. Prior to this enhancement to SNA Server, setting the AP_SAME option would only transmit the USER_ID field when the program had been previously invoked with conversation security by another APPC program. MORE INFORMATION ================ This enhancement to the APPC API allows an invoking transaction program to use the current logged-on Windows NT user ID as the user ID for APPC Conversation Level security. To enable this feature: 1. The invoking TP must set the security parameter in the [MC_]ALLOCATE verb control block to AP_SAME. 2. The following registry setting, or WIN.INI [WNAP] setting for Windows 3.x must be enabled: If SNA Server 2.11 SP2 or SNA Server 3.0 (any service pack) is being used: Windows NT or Windows 95: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/SnaBase /Parameters/Client/ AP_SAMENosUser: REG_SZ: YES Windows 3.x: AP_SAMENosUser = YES If SNA Server 2.11 SP1 is being used, the following registry key is used instead (in the same registry key above): UnverifiedAP_SAME: REG_DWORD: 0x1 or, for Windows 3.x, UnverifiedAP_SAME = YES When this enhancement is used, the [MC_]Allocate causes an Attach request to be transmitted containing the logged-on user ID and the Already Verified indicator. No password is transmitted in this case. If the invoking transaction program was itself invoked with an APPC user ID, that user ID, not the Windows NT one, is used. NOTE: For a CPIC application to take advantage of this new feature, the "UnverifiedAP_SAME" setting in WIN.INI or Windows NT registry must be configured as documented above. The CPIC application must specify the CM_SECURITY_SAME option in the Set_Conversation_Security_Type (cmscst) call. RESOLUTION ========== Microsoft has updated the Windows NT client file WAPPC32.DLL, and the Windows 3.x client files, WINAPPC.DLL and WNAP.EXE, to correct this problem. Make sure that "UnverifiedAP_SAME" (or UnverifiedAP_SAME) is set as mentioned above. STATUS ====== This feature is included in the latest U.S. Service Pack for SNA Server for Windows NT, version 2.11. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces): S E R V P A C K REFERENCES ========== For additional information, please see the following article(s) in the Microsoft Knowledge Base: Q163015 Use of "Already Verified" APPC Security from Invoking TPs Additional query words: prodsna ====================================================================== Keywords : kbnetwork Technology : kbAudDeveloper kbSNAServSearch kbSNAServ300 kbSNAServ211 Version : WINDOWS:2.11,3.0 ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.