Win2k & netware client security error
James Fraser
I have just recently done a clean install on Win2K Pro. Our servers are
Netware 4.11 and Zenworks 2. I've downloaded Novell Client 4.8 and installed
it without any of the additional stuff. At the workstastion login prompt I
enter my novell user name .jamie.staff.kuc and password and everything
appears to work fine.
The problem is when I go to map a drive or browse a Netware server I get
a Novell login prompt for my account again. After entering my username and
password I get a "Netware Security Message" it says " Internal error
0x000089F0 occurred. Try again. If the error occurs again, restart your
workstation...." and does not log me in to the Novell server.
If I check "Whoami" on the tree it says "NDS Container: Kuc User
name:CN=JAMIE.OU=STAFF.O=KUC" but if I check whoami on a server (I can see
the servers in network nieghbourhood) I get a "This server is not attached"
message. If I try to attach or login to the server I get the same Security
Message error.
I have tried going back to Client 4.5.1 from the Win2K CD. I get a
similar error "Netware Security Message You have encountered an unexpected
login failure! status: 0x89F0" I have also tried the MS Netware Client from
the 2K CD. I don't get the error message, but am still unable to log into
any servers. I have checked my Novell account and everything is set properly
(I'm not locked out or anything), in fact I am able to login to my old Win
NT 4 machine just fine. We are running Samba, and I thought there might be a
possibility that the 'plaintextpassword' registry entry might be messing up
Novell (even though it didn't in NT4) but after removing the entry I am
still having the same problem.
I have only ever seen one other person with this problem, the message
was posted to this group by "danman" on 06/28/2000, but there is no
thread... I don't know his/our problem was ever fixed. I would appreaciate
any input I can get in reagards to this problem.
Thanks.
Jamie
James Fraser
Kwantlen University College
Ph: 604-599-2306 ICQ 271485
Todd Fatheree
aware of a support option. Novell maintains a news server at
forums.novell.com. The best newsgroup to post this message to would be
novell.netwareclient.winnt. One question: does this problem exist before
and after applying SP1?
Todd Fatheree
"James Fraser" <ja...@kwantlen.bc.ca> wrote in message
news:OzpbH8f...@cppssbbsa02.microsoft.com...
James Fraser
before SP1 and it still exists after.
Jamie
"Todd Fatheree" <fath...@NOmediaoneSPAM.net> wrote in message
news:#x$dE#kOAHA.281@cppssbbsa05...
Mike Crabtree
James Fraser wrote:
> I
> enter my novell user name .jamie.staff.kuc and password and everything
> appears to work fine.
>
Do you have any login scripts? Do they run?
> If I check "Whoami" on the tree it says "NDS Container: Kuc User
> name:CN=JAMIE.OU=STAFF.O=KUC"
>
It should list -
NDS Tree name: (you didn't say)
Logged in as: CN=JAMIE
Default Context: staff.kuc
What is the tree name? If it is also "KUC" - same as your O object - that may
be the cause of the problem.
> I have only ever seen one other person with this problem, the message
> was posted to this group by "danman" on 06/28/2000, but there is no
> thread...
>
There is a thread to that - but no resolution - not was the error the same or
the problem - he couldn't log on in the first place.
What level of Support Pack is installed on the NW4.11 servers?
Did you install the Novell Client with IPX only? (i.e. no support for IP)
Mike Crabtree MVP
Microsoft® Services for NetWare 5.0 Part Number: 519-00143
James Fraser
"Mike Crabtree" <sp...@imjc.com> wrote in message
news:VA.0000076...@imjc.com...
> James Fraser wrote:
>
> > I
> > enter my novell user name .jamie.staff.kuc and password and everything
> > appears to work fine.
> >
>
> Do you have any login scripts? Do they run?
>
Yes they do run when I log in. The login script is associated with the KUC
container.
> > If I check "Whoami" on the tree it says "NDS Container: Kuc User
> > name:CN=JAMIE.OU=STAFF.O=KUC"
> >
>
> It should list -
>
> NDS Tree name: (you didn't say)
> Logged in as: CN=JAMIE
> Default Context: staff.kuc
>
> What is the tree name? If it is also "KUC" - same as your O object - that
may
> be the cause of the problem.
Yes. The name of our Tree is also KUC, the same as out O object. Would this
only be a problem with Win2K ? Our NT 4, Win98 and Win95 stations do not
seem to have this problem.
When I'm using Network neighbourhood to browse to a Novell server and
Right-Click the server and choose 'Authenticate' or 'Login to Server' I get
a Novell Client dialouge box for username and password, and the in the
middle of the dialouge box is 'NDS'. However if I left click the Novell
server (as if to see what's on the server) the Novell dialouge box displayed
has the 'Bindery' tab shown, instead of NDS.
Actually as I'm playing around with the network neighbourhood Novell
servers I've noticed that I am successfully logged into 2 of our 7 servers
and do not get the Bindary login prompt. All 7 of our Novell servers should
be setup the same with Netware 4.11, Support Pack 8a and Zen for Desktops
ver 2.
> > I have only ever seen one other person with this problem, the message
> > was posted to this group by "danman" on 06/28/2000, but there is no
> > thread...
> >
>
> There is a thread to that - but no resolution - not was the error the same
or
> the problem - he couldn't log on in the first place.
>
> What level of Support Pack is installed on the NW4.11 servers?
We are running 8a.
> Did you install the Novell Client with IPX only? (i.e. no support for IP)
I chose IPX only, our Novell Severs are not running the Netware IP stack.
> Mike Crabtree MVP
>
> Microsoft® Services for NetWare 5.0 Part Number: 519-00143
Thanks for the intrest.
Jamie
Mike Crabtree
of the two servers you have access to would be the one you logged in to - and
the other would have a bindery emulation context set to include your user
object. The other five presumably do not have a bindery context set to include
your user object.
Does that match your set up?
Mike Crabtree MVP
MicrosoftŽ Services for NetWare 5.0 Part Number: 519-00143
James Fraser
Thanks Mike, I think you're right. There is somthing not quite right
about the bindery emulation context set on a couple of our servers. I am
going to have a look at it today with one of the other sysadmins and see if
we can figure out what's wrong. It's odd that this problem didn't show up
until I installed Win2k.... but it is a good thing that I did, or we might
never have know about the bindery context problem.
Thanks for your help.
Jamie.
"Mike Crabtree" <sp...@imjc.com> wrote in message
news:VA.0000076...@imjc.com...
> It sounds to me like you are doing a bindery login to start with. If so -
one
> of the two servers you have access to would be the one you logged in to -
and
> the other would have a bindery emulation context set to include your user
> object. The other five presumably do not have a bindery context set to
include
> your user object.
>
> Does that match your set up?
>
> Mike Crabtree MVP
>
> Microsoft® Services for NetWare 5.0 Part Number: 519-00143
>
>
Mike Crabtree
Have you got to the bottom of this yet?
James Fraser
No we're still looking into it. It seems the problem is two fold. The
problem that I'm having with Win2K, as you pointed out, is that there seems
to be a problem when a user is trying to login to some servers using the
bindary context. We still can't quite figure out why. I've downloaded DS
Analyzer from NetPro and plan on installing it on our production servers
early next week. Hopefully this will give us some insight as to why we have
this problem.
The other problem we are trying to figure out is, why is my station not
authenticating using NDS instead of the bindery context? It would seem that
there are 2 other stations that this is happening on in our remote campuses,
but the are both DOS stations and are using old DOS NIC drivers.
Thanks for your interest, and I apprecate any insight you can offer even
though this isn't a MS problem.
Jamie.
"Mike Crabtree" <sp...@imjc.com> wrote in message
news:VA.0000076...@imjc.com...
Mike Crabtree
It is possible to install the Novell client in a bindery only mode - or to set
it to connect using bindery authentication by default. have you checked this
on your client?
The setting is really buried in the location profile properties, and then the
properties of the service instance for the location profile you are using...
For bindery emulation to work to allow a bindery user to access all five
servers - each server would need to have the bindery emulation context(s) set
to include the OU with the user in, and to have no other OU's with users with
the same name in the contexts, and have a read/write (or master) replica
containing the OU's in the emulation contexts.
Mike Crabtree MVP
MicrosoftŽ Services for NetWare 5.0 Part Number: 519-00143
James Fraser
problem. The set NCPpacketlevelsignature = 3 has been set on 5 of our 7
servers. Not conicedently the same 5 servers that I've been unable to log in
to. Bah! My client was set to level 1, which in theory should have worked,
but when I set it to 2 all was fixed. I can log in and see all our servers.
Thanks for all your help Mike.
"Mike Crabtree" <sp...@imjc.com> wrote in message
news:VA.0000077...@imjc.com...
> Microsoft® Services for NetWare 5.0 Part Number: 519-00143
>
>
Mike Crabtree
Thanks for the feedback.
Glad you've finally found it. It would never have occurred to me that that
would cause the problems you were having.
Personally, I've never felt that one of NetWare and Novell's strong points was
meaningful error messages!