DOCUMENT:Q166027 06-AUG-2002 [sna] TITLE :Extra Security Dialog Displayed with Windows 3.x Client PRODUCT :Microsoft SNA Server PROD/VER:WINDOWS:3.0 OPER/SYS: KEYWORDS:kbnetwork ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft SNA Server, version 3.0 ------------------------------------------------------------------------------- SYMPTOMS ======== When you configure the SNA Server 3.0 client for Windows 3.x to use named pipes as the transport, the Enter Domain Credentials dialog box appears after the client is started. NOTE: This will only occur on a Windows for Workgroups (WFW) 3.x system if Password Caching is disabled. Windows 3.x does not support password caching. This also occurs when the SNA Server client for Windows 3.x is installed on a Windows 95/98 system because password caching is not supported. CAUSE ===== Changes were made to the SNA Server 3.0 Windows 3.x client to support the data encryption feature that was added in SNA Server 3.0. The Windows 3.x client was using the NTLM logon process for validation by the SNA Server; this caused the extra security Enter Domain Credentials dialog box to appear. RESOLUTION ========== There are two resolutions to the problem that will prevent the Enter Domain Credentials dialog box from being displayed: - Enable password caching if the Windows 3.x SNA Server client is installed on a Windows for Workgroups 3.x system. -or- - Do not enable Client/Server Encryption for Users/Groups in SNA Server Manager upgrade to SNA Server client for Windows 3.x version 3.0 SP1 or later. STATUS ====== Microsoft has confirmed this to be a problem in SNA Server version 3.0. This problem was corrected in the latest Microsoft SNA Server 3.0 U.S. Service Pack. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces): S E R V P A C K MORE INFORMATION ================ The SNA Server client for Windows 3.x versions 3.0 SP1 and later have been updated to include a parameter that is used to specify the logon method used for the SNA application (non-sponsor) connection to SNA Server. The following parameter can be added to the [WNAP] section of the Win.ini file: LastLogonMethod= Where is either LSA or NTLM. The default value is LSA if the parameter is not defined in the Win.ini. Prior to adding the LastLogonMethod parameter, the Enter Domain Credentials dialog box was displayed even if Client/Server Encryption was not being used when the client was configured to use Microsoft Networking (Named Pipes) to communicate with SNA Server. This is because the NTLM logon method was always being used. The following apply if using the SNA Server client for Windows 3.x versions 3.0 SP1 or later: - If Client/Server Encryption is being used, LastLogonMethod=NTLM has to be specified in the Win.ini. - If the SNA Server client for Windows 3.x is configured in the following manner, the Enter Domain Credentials dialog box will continue to be displayed the first time an SNA application is started after WFW (or Windows 95/98) is started: - Microsoft Networking (that is, Named Pipes) is used for the SNA Server client protocol. - Client/Server Encryption is enabled for the user. - LastLogonMethod=NTLM in the Win.ini. - Password caching on WFW disabled or on Windows 95/98 if the SNA client is installed on Windows 95/98. The Enter Domain Credentials dialog box will be displayed when using this configuration even if the user has logged onto the Windows NT Domain that contains the SNA Server because the User Credentials are not available to the SNA Server client for logon validation because password caching is not enabled. As long as the user does not exit WFW or restart Windows 95/98, the Enter Domain Credentials dialog box will not appear after the initial information is entered even if the SNA application is stopped and restarted. Additional query words: snaencrypt ====================================================================== Keywords : kbnetwork Technology : kbAudDeveloper kbSNAServSearch kbSNAServ300 Version : WINDOWS:3.0 Issue type : kbbug Solution Type : kbfix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.