SSO requests may not succeed because HAC database replication is delayed (815359)

SYMPTOMS

If a user changes his or her Windows password and then -- within 60 seconds of the password change -- initializes an SNA application that is configured to use Single Sign-On (SSO), the SNA application may not successfully log on to a host application.

The actual symptoms of the unsuccessful logon may vary depending on the SNA application that is being used:

An APPC application, such as COM Transaction Integrator (COMTI) for CICS and IMS, may receive the following APPC return codes after issuing an ALLOCATE to establish a conversation with the host when this problem occurs:
```
Primary Return Code = 0003 (AP_ALLOCATION_ERROR)
Secondary Return Code = 080F6051 (AP_SECURITY_NOT_VALID)
```

The following event message may be logged in the application event log to correspond with the APPC return codes shown here:

Event ID: 76
Source: SNA APPC Application
Description:  
APPC error received:

Sense data = 080F6051
TP_ID = TP_ID
Conv_ID = Conversation ID

If the SNA application is initialized more than 60 seconds after the password change, the logon to the host application completes successfully.

CAUSE

The Host Account Cache (HAC) database uses a Log Shipping process to replicate database changes between the master HAC database and the backup HAC databases. Due to a short timing window in the Log Shipping process, a backup HAC database may try to copy a transaction log before the master HAC database has created the transaction log.

RESOLUTION

Service pack information

To resolve this problem, obtain the latest service pack for Microsoft Host Integration Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

328152 How to obtain the latest service pack for Host Integration Server 2000

Hotfix information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

   Date         Time   Version      Size    File name
   ------------------------------------------------------
   17-Mar-2003  13:22  5.0.0.900   114,960  Hsdbrepl.dll
   17-Mar-2003  13:22  5.0.0.900   151,824  Snapwchg.dll
   17-Mar-2003  13:22  5.0.0.900   143,632  Snarpc.dll
   17-Mar-2003  13:22  5.0.0.900    49,424  Snasii.dll       
   17-Mar-2003  13:22  5.0.0.900    94,480  Hostproc.exe
   17-Mar-2003  13:22  5.0.0.900   139,536  Snapmp.exe
   17-Mar-2003  13:22  5.0.0.900   348,432  Snaudb.exe
   17-Mar-2003  13:22  5.0.0.900   172,304  Udbmig.exe
   17-Mar-2003  13:22  5.0.0.900    57,616  Udconfig.exe

Note Because of file dependencies, the most recent fix that contains the preceding files may also contain additional files.

MORE INFORMATION

The updated host security files should be applied to each system running a Host Account Cache database.

The following is the sequence of events that may lead to the problem described earlier:

User changes his or her Windows password.
User initializes an SNA application within 60 seconds of the password change.
The Host Integration Server 2000 server contacts a backup HAC database to request the user's host username and password.
The backup HAC database returns the user's old host password because it was unable to copy the transaction log containing the password change information from the master HAC database.
If the user retries the SNA application more than 60 seconds after the password change was made, the logon to the host application complete successfully.