Anonymous_User Absent Member.
Absent Member.
2097 views

Really Weird login problem I think NMAS is causing

For the last week when my users login in the morning, random people have problems getting logged on. They either get a tree or server could not be found error, they login but the login script has errors mapping drives to certain servers, or it maps the drives and acts like they are logged in but when they go to access a server or mapped drive it tells them its not accessible. To fix it I usually reboot a few times and then they are fine. I have only had 1 person who consistantly had this problem.

First I thought it was SLP related but I have ruled that out. I have patched the main file server that everyone seems to have the most problems getting to. It now is running NW 6.5 SP6 with edir 8.7.3.9. I have run DSrepair and there are no errors. I've looked in remote manager and the logs and dont see any errors.

Yesterday I noticed that when they are having problems if I look in novell connections the authentication state says edirectory services for the server having problems but NMAS showed something like not authenticated. I removed NMAS client from the 1 user that was consistantly having problems and it has seemed to fix it.

I could go around and remove NMAS from every client I have but I dont understand what could have caused this. We have been running the same way forever with no problems. The only think we use nmas for is I set it up so that if users forget thier password they can use challenge response to change it.

I installed the security services patch to the server thinking that it might help since it updates nmas on the server but it didnt help.

Sorry for the post being so long.

If anyone has ever heard of anything similar or has any suggestions about how to fix this it would be much appreciated!! This think is driving me crazy.




Dennis St. James
Dstjames@lionel.com
Network Administrator
Lionel L.L.C.
Labels (2)
0 Likes
12 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

I don't think that NMAS itself is the problem, but rather NMAS forces your
client to access servers for login that it wouldn't try to access otherwise.

There are 2 important considerations for NMAS login:

1) an NMAS login will require contacting the security container. So you
have to make sure that you can easily access a server holding a replica of
the partition holding the security container.

2) If you have multiple servers in your tree, but not all servers have
NMAS installed, or at least not the correct version of NMAS, then the
client will try contacting different servers until it finds one suitable
for login. This can typically be a problem in a tree where you have
different NetWare versions running different versions of eDirectory and
NMAS.

Overall, to debug this type of issues, it is generally most helpfull if
you take a trace of the network traffic at the workstation and analyze it
to see where in the login process there might be communication problems
with some unexpected server.

--
Marcel Cox (using XanaNews 1.18.1.3)
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

Marcel Cox wrote:

> I don't think that NMAS itself is the problem, but rather NMAS forces
> your client to access servers for login that it wouldn't try to
> access otherwise.
>
> There are 2 important considerations for NMAS login:
>
> 1) an NMAS login will require contacting the security container. So
> you have to make sure that you can easily access a server holding a
> replica of the partition holding the security container.
>
> 2) If you have multiple servers in your tree, but not all servers
> have NMAS installed, or at least not the correct version of NMAS,
> then the client will try contacting different servers until it finds
> one suitable for login. This can typically be a problem in a tree
> where you have different NetWare versions running different versions
> of eDirectory and NMAS.
>
> Overall, to debug this type of issues, it is generally most helpfull
> if you take a trace of the network traffic at the workstation and
> analyze it to see where in the login process there might be
> communication problems with some unexpected server.


I had a similar issue at one site a while back. It drove me nuts.
What I found is that leaving the PC booted and sitting at the login
screen (when it was giving "tree or server could not be found"), for
exactly 5 minutes, and then try logging in after the PC had been
sitting there - it worked. Likewise, if I could log in but certain
mappings didn't work, once the PC had been started for a while,
re-logging in manually those mappings would magically work.

it turned out to be the Bad server name cache. Guess what the default
is - 5 minutes (300 seconds). I changed the workstations to set that
to zero, and disable the bad server name cache and the problem totally
disappeared.

I've no idea how the servers got into the bad cache to begin with, or
what the purpose really is, but don't particularly care - having it
enabled caused me so much grief and a whole weekend of stress, so i've
disabled it across all 3000 of our workstations.


Not sure if this is your issue or not but just thought i'd mention.

cheers
dave


--

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

Marcel,

I used ethereal to get a packet trace.

These are the errors I'm seeing:

C NDS Resolve Name -> Smoke/Chessie_data.plant.lionel
R (-601) no such entry

This one is Odd. Chessie is my main file server at the plant and smoke is my main file server at HQ. I dont know why it would try to resolve like this.

C Get Volume Number for: Chessie_data
R Disk map error
Obtain Info for: Chessie_data/users/admin/joesmith
R The resulting Volume does not exist

I have ruled out NMAS as being the problem. Still dont know for sure whats going on. It seems that people at my plant location have problems logging in to their main server but can get to the HQ and HQ can access the plant server but not its own server.

Really weird. If anyone can help it would be appreciated.


Dennis St. James
Dstjames@lionel.com
Network Administrator
Lionel L.L.C.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

On Sun, 03 Dec 2006 02:13:54 GMT, "Dave"
<dave@_nospam_.chisholm.vic.edu.au> wrote:

>I had a similar issue at one site a while back. It drove me nuts.
>What I found is that leaving the PC booted and sitting at the login
>screen (when it was giving "tree or server could not be found"), for
>exactly 5 minutes, and then try logging in after the PC had been
>sitting there - it worked. Likewise, if I could log in but certain
>mappings didn't work, once the PC had been started for a while,
>re-logging in manually those mappings would magically work.
>
>it turned out to be the Bad server name cache. Guess what the default
>is - 5 minutes (300 seconds). I changed the workstations to set that
>to zero, and disable the bad server name cache and the problem totally
>disappeared.
>
>I've no idea how the servers got into the bad cache to begin with, or
>what the purpose really is, but don't particularly care - having it
>enabled caused me so much grief and a whole weekend of stress, so i've
>disabled it across all 3000 of our workstations.



What can happen is that Windows brings up the various parts of the GINA
to handle the user login process before it brings up the drivers for the
network adapter. When that happens, the SLP agent starts, can't contact
any SLP Directory Agents (DAs), so it declares them to be non-responding
and won't use them. Then the user tries to log in, gets the "tree or
server not found" error, and complains. If you wait a little while, the
network adapter drivers start up, SLP eventually notices that the DAs it
couldn't talk to before are now available, and will then use them to
resolve the tree name to an actual IP address so that the user can log
in.

You can also see this if your network switches take a while to figure
out whether the newly established physical connection is a client or
another switch ("spanning tree" and/or Cisco's "portfast" stuff), during
which time the network claims to be working, but actually is not.



---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu

I'm tired of receiving rubbish in my mailbox, so the E-mail address is
munged to foil the junkmail bots. Humans will figure it out on their own.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

Dennis St. James wrote:

>This one is Odd. Chessie is my main file server at the plant and smoke is
>my main file server at HQ. I dont know why it would try to resolve like
>this.


What syntax are you using in your map commands?

--
Marcel Cox (using XanaNews 1.18.1.3)
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

map root J:=smoke\data:\shared

I have used this forever with no change and this weird login problem started last Monday.



Dennis St. James
Dstjames@lionel.com
Network Administrator
Lionel L.L.C.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing


We just updated our Netware servers this weekend to Netware 6.5 SP6 and
pretty much having the same problem! I have random users getting NMAS
error 1649 0xFFFFF98F - Invalid user.

Some are able to get in, others are not after trying all morning.

Does anyone happen to know how to get this fixed?? I'm beginning to
stress over here.


--
Rkakdc

Kimberly Combest
Hansens Bev
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

Dennis St. James wrote:

>map root J:=smoke\data:\shared


Strange. That's clearly the physical server name syntax and the client
shouldn't do an NDS name lookup for th evolume object in that case.
Is this the only mapping to smoke\data: ?

Also, why does your server look for chessie_data? Did you at some time
rename a server?
Maybe you should go into dsrepair and under the advanaced options, do a
volume and trustee repair.

--
Marcel Cox
http://support.novell.com/forums
0 Likes
Anonymous_User Absent Member.
Absent Member.

NMRe: Really Weird login problem I think NMAS is causing

I had the same issue with one user today. It seems to be connected with
the new NMAS methods on the server so it seems to be necessary to
update all NMAS client methods with the latest client modules from Sp6.
Also updating the Windows client to 4.91 SP3 (including a new NMAS
client) helps in this situation.

Be aware of the following: before these new NMAS methods (before SP6 on
the server and SP3 at the client) NMAS login using the NDS method was
case ignoring even if Universal password was set. Now even the NDS
method is case sensitive and that is tricky if you did not care before
for upper and lower case. And if you did not update your NMAS client
and methods the error messages for wrong passwords are absolutely
meaningless. So with Client 4.90 Sp2 and NW 6.5 Sp6 NMAS is really bad.

W. Prindl
--



Rkakdc wrote:

>
> We just updated our Netware servers this weekend to Netware 6.5 SP6
> and pretty much having the same problem! I have random users getting
> NMAS error 1649 0xFFFFF98F - Invalid user.
>
> Some are able to get in, others are not after trying all morning.
>
> Does anyone happen to know how to get this fixed?? I'm beginning to
> stress over here.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

Marcel,

Thanks again for the response. I did the DSrepair with no errors. Chessie_data is a server over at my plant that a drive gets mapped to. Smoke is my main file server here at the HQ and gets multiple drive mappings in the login script.

This is a really weird problem I have since ruled out nmas, bad name cache and slp causing the problem.

I have no idea. I think I am going to purchase a support incident from novell and see if they can help me.

Thanks



Dennis St. James
Dstjames@lionel.com
Network Administrator
Lionel L.L.C.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

Thanks for the tip. It works in Windows XP but where is the setting for Bad
server name cache in the Windows 98 client? Running client 3.4 on the 98SE
machines.

Nathan


"Dave" <dave@_nospam_.chisholm.vic.edu.au> wrote in message
news:Cpqch.6215$jS4.2417@prv-forum2.provo.novell.com...
> Marcel Cox wrote:
>
>> I don't think that NMAS itself is the problem, but rather NMAS forces
>> your client to access servers for login that it wouldn't try to
>> access otherwise.
>>
>> There are 2 important considerations for NMAS login:
>>
>> 1) an NMAS login will require contacting the security container. So
>> you have to make sure that you can easily access a server holding a
>> replica of the partition holding the security container.
>>
>> 2) If you have multiple servers in your tree, but not all servers
>> have NMAS installed, or at least not the correct version of NMAS,
>> then the client will try contacting different servers until it finds
>> one suitable for login. This can typically be a problem in a tree
>> where you have different NetWare versions running different versions
>> of eDirectory and NMAS.
>>
>> Overall, to debug this type of issues, it is generally most helpfull
>> if you take a trace of the network traffic at the workstation and
>> analyze it to see where in the login process there might be
>> communication problems with some unexpected server.

>
> I had a similar issue at one site a while back. It drove me nuts.
> What I found is that leaving the PC booted and sitting at the login
> screen (when it was giving "tree or server could not be found"), for
> exactly 5 minutes, and then try logging in after the PC had been
> sitting there - it worked. Likewise, if I could log in but certain
> mappings didn't work, once the PC had been started for a while,
> re-logging in manually those mappings would magically work.
>
> it turned out to be the Bad server name cache. Guess what the default
> is - 5 minutes (300 seconds). I changed the workstations to set that
> to zero, and disable the bad server name cache and the problem totally
> disappeared.
>
> I've no idea how the servers got into the bad cache to begin with, or
> what the purpose really is, but don't particularly care - having it
> enabled caused me so much grief and a whole weekend of stress, so i've
> disabled it across all 3000 of our workstations.
>
>
> Not sure if this is your issue or not but just thought i'd mention.
>
> cheers
> dave
>
>
> --
>



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Really Weird login problem I think NMAS is causing

Nathan Little wrote:

>but where is the setting for Bad server name cache in the Windows 98
>client?


It doesn't exsit. The bad server name caching is a specific Windows
2000/XP client feature. If you have problems with the Win9x client, that's
probably a different problem and I suggest you ask in the
novell.support.netware.client.win9x forum.

--
Marcel Cox
http://support.novell.com/forums
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.