- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Advanced Server 7.3-2 and MS Vista - authenticatio...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 03:25 AM
тАО05-21-2009 03:25 AM
I've got an AlphaServer running VMS 7.3-2 and Advanced Server 7.3-2 from which we've been serving fileshares to our W2K network for some time.
However, we're undergoing a refresh of desktop PCs at the moment, with MS Vista Enterprise SP1 as the OS.
Yesterday, I had an enquiry from a user who was being asked to authenticate when trying to map to one of his shares. I logged onto a separate machine and had no trouble mapping shares with an ordinary user account, but when I tried it on the user's machine I was presented with a username/password box.
Entering username and password was not successful, and the share could not be mapped.
I've raised the matter with the Vista rollout team but they seem to think that the problem lies with Advanced Server.
Seeing as how connections are successful from some Vista PCs and not from others, I'd be more inclined to the belief that it's a problem with the Vista image.
I was just wondering if anyone had seen this behaviour before and found a solution?
As always, any suggestions or advice would be welcome.
Thanks,
Bob
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 04:31 AM
тАО05-21-2009 04:31 AM
Re: Advanced Server 7.3-2 and MS Vista - authentication issues
Specifically, look for "Network Security: LAN Manager authentication level" and which is usually "Send NTLMv2 response only" over to "Send LM & NTLM - use NTLMv2 session security if negotiated", or look for the underlying registry key HKEY_LOCAL_MACHINE \System \CurrentControlSet \Control \Lsa \LMCompatibilityLevel from 0x3 (NTLMv2 only) to 0x1 (NTLMv2 if negotiated). This change made via the secpol.msc tool that's available in the upper-end three? variants of Vista, or via the registry editor that's available in all seven? Vista versions.
AFAIK, Advanced Server is considered "mature" by HP, or whatever the current euphemism is. The migration path for this package and for the PATHWORKS Server package is the Samba/CIFS package.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 06:23 AM
тАО05-21-2009 06:23 AM
Re: Advanced Server 7.3-2 and MS Vista - authentication issues
It would be useful if you can provide network trace by executing:
$ @sys$starup:tcpip$define_commands
$ tcpdump -s 1518 -w vista.trace
You can use ctrl-c to stop the tcpdump command after you reproduce the problem.
Can you verify that the following policies are disabled on Vista client?
1. Microsoft network client: Digitally sign communications (always) 2. Domain member: Digitally encrypt or sign secure channel data (always) 3. Domain member: Require strong (Windows 2000 or later) session key
And another policy that you need to verify is:
"Network security: LAN Manager authentication level"
You can click start and type secpol.msc in the "start search" bar to open the Local Security policy window on Vista client. Then select "Local policies" -> "Security Options" to view the policies.
Are you running Advanced Server V7.3B and what is the role of Advanced Server?
Regards,
Shilpa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 08:38 AM
тАО05-21-2009 08:38 AM
Re: Advanced Server 7.3-2 and MS Vista - authentication issues
Network Security: LAN Manager authentication level: Send NTLM response only; Refuse LM
1. Microsoft network client: Digitally sign communications (always)- disabled
2. Domain member: Digitally encrypt or sign secure channel data (always)- disabled
3. Domain member: Require strong (Windows 2000 or later) session key - disabled
The Registry value for LMCompatibilityLevel on the client we tested is set to 4 by default.
The role of the server running Advanced Server is a member of the domain.
The version is 7.3-2 according to a PRODUCT SHOW command; this may actually be 7.3A, although I'm open to correction.
Finally, a copy of the TCPDUMP Shilpa suggested is attached, however I must admit to being uncertain as to how to interpret it.
Bob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 09:20 AM
тАО05-21-2009 09:20 AM
Re: Advanced Server 7.3-2 and MS Vista - authentication issues
I could not read the tcpdump file provided by you using wireshark. Could you please make the trace again by using:
$ @sys$starup:tcpip$define_commands
$ tcpdump -s 1518 -w vista.trace
You can use ctrl-c to stop the tcpdump command after you reproduce the problem and then attach the vista.trace file. As the vista.trace file will be in VAR format, it would be nice if you can copy it to your Windows system through an Advanced Server share and then attach it.
Also, can you verify if the following policy is disabled as well:
Microsoft network client: Digitally sign communications (always)
Regards,
Shilpa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-21-2009 11:00 AM
тАО05-21-2009 11:00 AM
Re: Advanced Server 7.3-2 and MS Vista - authentication issues
One more thing that you need to verify whenever a client cannot connect to Advanced Server is to check if the ports 137, 138, 139 are blocked on the client side. If Windows firewall is enabled on the client side, verify if the "File and Print sharing" box is checked in the exceptions window of Windows firewall.
Regards,
Shilpa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-22-2009 08:53 AM
тАО05-22-2009 08:53 AM
Re: Advanced Server 7.3-2 and MS Vista - authentication issues
I ran that TCPDUMP command but kept getting a syntax error, even though I cut and pasted your instruction onto my command line.
The output I posted was based on the command
$TCPDUMP host
with no switches. I could attach the output here but it's quite long...
I have ascertained that Windows Firewall is disabled by default on the Vista PC build, so I presume that the question of blocked ports, etc., doesn't come into it?
Also, we've observed that the problem appears to be intermittent, in that a connection will be successful at one attempt on a given PC but may fail on a subsequent attempt on the same system, etc.
I've compiled our research and the suggestions by yourself and Hoff and I'll be forwarding them to the Vista project team to work on. I'll also have a Group Policy specialist available next Monday to check out that side of things.
I'll let you know if we come up with anything...
Bob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-22-2009 09:25 AM
тАО05-22-2009 09:25 AM
Re: Advanced Server 7.3-2 and MS Vista - authentication issues
The tcpdump command was intended to be:
$ tcpdump -s 1518 -w vista.trace host
Capture up to 1518 bytes of each packet to/from the specified host and write it in binary mode to the file named vista.trace.
Regards,
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-22-2009 09:28 AM
тАО05-22-2009 09:28 AM
Re: Advanced Server 7.3-2 and MS Vista - authentication issues
Apologies. I missed the "host" qualifier. The correct command is:
$ tcpdump -s 1518 -w vista.trace host
Basically, I would be interested in the vista.trace file which will have the capture packets. As the problem is intermittent, the only way we can understand as to what is going on is by analysing the network traces.
You say that you are running Advanced Server V7.3-2 (CPQ AXPVMS ADVANCEDSERVER V7.3-2) which is same as Advanced Server V7.3 ECO2. This version is no longer supported and it was never qualified for vista. As you run VMS version V7.3-2, you can upgrade your system to Advanced Server V7.3B and the latest patch set PS015. AS V7.3B is qualified for Vista.
You can find the latest patch set PS015 as well as the AS V7.3B kit from the following location:
Location:
FTP SYSTEM: hprc.external.hp.com
USERNAME: pathwork
PASSWORD: support
Sub directory name: asv
OR
ftp://pathwork:support@hprc.external.hp.com/asv/
Regards,
Shilpa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-05-2009 07:22 AM
тАО06-05-2009 07:22 AM
Re: Advanced Server 7.3-2 and MS Vista - authentication issues
Sorry about the late reply...
We've arranged an upgrade of Advanced Server to 7.3B for tomorrow (the only time we can reboot) so I should have more information on progress after that.
I downloaded the upgrade kit from the patch database (couldn't connect to hprc for some reason), but I couldn't see any reference to PS15 - are you referring to the cumulative patch kit for OVMS?
If that's the case I've got it already - if not, I'll have to try again to get it from the hp download site...
Cheers,
Bob