jkillebrew Absent Member.
Absent Member.
1829 views

Passive login fails after unr & reg

I'm having an issue in which passive logins fail for only one user account, which is the account used to unregister, clear cache, reset guid, then reregister a system. This is a very consistent, easily recreated issue.

We have Win7 and XP systems. We create an image of the system, load it on other PCs, and unregister if not already, reset the GUID, register again as a new PC. Works great.

However the one account we use for this whole process has problems logging in one reboot after registering the system. At that point, the user gets a secondary login window after the novell client successfully authenticates the user and I guess CASA hands this off to ZCM. At this secondary login, the correct password does not work even if i type it in again directly into the zcm login window. After 3 failures at the secondary login, or just canceling, it lets you into though ZCM didnt log in. At this point, you could log out and try again, it would fail. You could reboot and log in again, it will fail. If you log in with any other account it works perfectly fine. There are at least a few threads on this forum describing the exact same symptom.

The fix in my case is to get to the desktop and log in from the zcm tray icon using this "bad" account. At this point you can see no user policies exist for the user. DLU and GOP are missing, which we apply to the user, so I assume this may be part of the cause. All workstation policies and user and workstation assigned bundles are delivered properly.

I have to run "zac ref bypasscache" while logged in with this bad account and this forces policies to refresh, and from then on the system is perfectly fine. Somehow unregistering and reregistering damages something on the account, which I assume are user policies, and the passive login process fails, brining up the secondary login. If I had to guess, it seems like it thinks this account has a cached policy and zcm wants to use it but there is no cached policy to use, so I have to force it to get a new copy of the policy from the server? Thats totally just a guess.

I checked CASA logs and found no errors. The ZCM debug log did show an error, though I cant interpret it myself. It attempts to connect to each of our 4 primary servers, each time failing with this.


[DEBUG] [06/30/2011 11:07:32.785] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENLogin took exception: Novell.Zenworks.Zmd.ZenException: RegisterUser - Unable to register with any service
at Novell.Zenworks.Registration.RegistrationManager.RegisterUser(IService() services, Boolean ignoreRandomRefresh, Boolean retry, String authTokenHost)
at Novell.Zenworks.Registration.RegistrationManager.RegisterUser(String host)
at Novell.Zenworks.Registration.RegistrationModule.RegisterUser(Session session, String host)
at Novell.Zenworks.Native.RemotingService.RemotingServiceImp.ZENLoginUser(String SessionID, String Realm, String Username, String Password, String Host, String AuthToken, Boolean bZIconLogin)] [] []

Then a definite failure:

[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENLoginUser returning] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [Returned from calling ZENLoginUser] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [Calling DeleteMiCasaCredential realm: HUSD] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [DeleteMiCasaCredential entered] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [Calling MiCasa.DeleteCredential] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [MiCasa.DeleteCredential using Luid value: 0:12880051] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [MiCasa.DeleteCredential returned] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [DeleteMiCasaCredential returning] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [Calling DeleteMiCasaCredential realm: HUSD.zcmSharedSecret] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [DeleteMiCasaCredential entered] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [Calling MiCasa.DeleteCredential] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [MiCasa.DeleteCredential using Luid value: 0:12880051] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [MiCasa.DeleteCredential took exception. The error code is: -802] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [DeleteMiCasaCredential returning] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [Calling ClearAuthTokenCache] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [ClearAuthTokenCache entered] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [Calling AuthToken.CleanUpAuthTokenCache] [] []
[DEBUG] [06/30/2011 11:07:32.816] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [AuthToken.CleanUpAuthTokenCache using Luid value: 0:12880051] [] []
[DEBUG] [06/30/2011 11:07:32.847] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [AuthToken.CleanUpAuthTokenCache returned] [] []
[DEBUG] [06/30/2011 11:07:32.847] [1724] [ZenworksWindowsService] [39] [] [CommonCasa] [] [ClearAuthTokenCache returning] [] []
[DEBUG] [06/30/2011 11:07:32.847] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [Calling ZENSetSessionAuthenticationState] [] []
[DEBUG] [06/30/2011 11:07:32.847] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENSetSessionAuthenticationState entered] [] []
[DEBUG] [06/30/2011 11:07:32.847] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENSetSessionAuthenticationState returning SUCCESS] [] []
[DEBUG] [06/30/2011 11:07:32.847] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENSetSessionAuthenticationState returned] [] []
[DEBUG] [06/30/2011 11:07:32.847] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENLogin returning FAILURE] [] []
[DEBUG] [06/30/2011 11:07:35.140] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENSwapSessionID entered] [] []
[DEBUG] [06/30/2011 11:07:35.140] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENSwapSessionID calling GetSession for old sessionID] [] []
[DEBUG] [06/30/2011 11:07:35.140] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [Old session authentication state is "FailedAuthentication"] [] []
[DEBUG] [06/30/2011 11:07:35.140] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENSwapSessionID calling SessionManager.SwapID with sessions: 12880051 13169416] [] []
[DEBUG] [06/30/2011 11:07:35.140] [1724] [ZenworksWindowsService] [39] [] [SessionManager] [] [SwapID called with old ID: 12880051 and new ID: 13169416] [] []
[DEBUG] [06/30/2011 11:07:35.140] [1724] [ZenworksWindowsService] [39] [] [RemotingService] [] [ZENSwapSessionID back from calling SessionManager.SwapID] []...


Searching the forums for days now, I think a lot of the issues people describe related to DLU, secondary logins, and user policies that only affect one user on a system are somehow related to the same issue. I'm crossing my fingers deploying the image as is, hoping that the problem will be resolved in SP1 or maybe the "bad" policies or whatever is wrong will eventually expire and the account will just start working again. Any ideas?
Labels (2)
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Passive login fails after unr & reg

jkillebrew,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

0 Likes
jkillebrew Absent Member.
Absent Member.

Re: Passive login fails after unr & reg

No ideas? I can be more specific on how to recreate the problem.

While logged in at the desktop, unregister using zac unr -s -f.

register again using zac reg https://servername, then give the username and password

log in using the tray icon, then check the properties from the tray icon.

User policies will be missing, so if you log off now, a secondary login appears when you try to log in again with the same account.

If you were to manually refresh from the tray icon once or twice, the policies will get delivered and things are normal however you must manually refresh. Logging in and out or clearing cache, rebooting all has no effect on getting the policies back.

This is an issue because if you log out and in with an account that has a restricted group policy then you want to go back to the first account, passive zen login will fail, you will have to log in from the tray icon, and will have restricted policies in effect until new policies are applied, which then cannot happen until after you log out and in again. Its a mess basically. If the restricted policy wont let you access the tray icon, then you're really stuck and must log in with some other unrestricted account. HELP!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.