https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010581#M83985 Wim,<BR /><BR />It is not a login failure because the login worked (correct username/password and no other violations). The problem is that the server image (e.g., FAL) is likely not starting before the network timeout.<BR /><BR />As I noted earlier, check the login for the account AND consider raising the DECnet timeout. The first time I encountered this syndrome was over twenty years ago, at a university during finals week. The machine was simply very busy AND one of the systems managers had greatly enhanced the standard login profile WITHOUT conditionalizing things as to whether they were needed in network or interactive startups. In that case, I recall fixing BOTH:<BR /> - conditionalizing many things in the login sequence<BR /> - changing the timeout (my recollection is the name NETSERVER$TIMEOUT; check the correct DECnet Management Manual)<BR /><BR />- Bob Gezelter, <A href="http://www.rlgsc.com" target="_blank">http://www.rlgsc.com</A> Thu, 31 May 2007 11:43:36 GMT Robert Gezelter 2007-05-31T11:43:36Z https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010578#M83982 I would like an audit alarm when a decnet or other login fails due to a timeout.<BR /><BR />E.g. on a very very loaded system with name node (load simulated by a dcl loop at prio 8)<BR /><BR />$ dir node::<BR />Gives after 55 seconds<BR />ACP file or directory lookup failed<BR />network partner exited<BR /><BR />Accounting says :<BR />file not accessed on channel and elapsed time 54 sec at prio 4.<BR /><BR />Nothing in audit and I have network login failure enabled.<BR /><BR />With the same load, rsh goes well. After about 1m15sec the output comes. Accounting shows ellapsed time all lower then 55 sec. <BR /><BR />Wim Thu, 31 May 2007 06:21:27 GMT https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010578#M83982 Wim Van den Wyngaert 2007-05-31T06:21:27Z https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010579#M83983 Wim,<BR /><BR />This is a classic problem. There is a fundamental difference between rsh and a FAL listener connect. (The CPU load is only an issue if you are in a uniprocessor system).<BR /><BR />rsh does not know who you are at first, so it is running at a higher priority. DECnet FAL connections start a process using the supplied (or proxied or default) access control. Thus, the process is running at a far lower priority (the experiment is to try the same test on an account that has a priority of 8 or 9; it will most likely work).<BR /><BR />There is also a DECnet server timeout (it is documented in the manual, but I have to leave for a meeting so I do not have the time at this instant to give the precise citation).<BR /><BR />My recommendation on situations of this type (since the days of the VAX-11/780):<BR />- reduce the size of login scripts in the case of network server processes (the command definitions and many other things are simply not needed)<BR />- increase the DECnet server timeout value to a large number<BR /><BR />I hope that the above is helpful.<BR /><BR />- Bob Gezelter, <A href="http://www.rlgsc.com" target="_blank">http://www.rlgsc.com</A> Thu, 31 May 2007 06:38:57 GMT https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010579#M83983 Robert Gezelter 2007-05-31T06:38:57Z https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010580#M83984 As expected, it works when I put prio on 9.<BR />But can't do that in real life.<BR /><BR />And why is this not considered a login failure ?<BR /><BR />Wim Thu, 31 May 2007 06:42:35 GMT https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010580#M83984 Wim Van den Wyngaert 2007-05-31T06:42:35Z https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010581#M83985 Wim,<BR /><BR />It is not a login failure because the login worked (correct username/password and no other violations). The problem is that the server image (e.g., FAL) is likely not starting before the network timeout.<BR /><BR />As I noted earlier, check the login for the account AND consider raising the DECnet timeout. The first time I encountered this syndrome was over twenty years ago, at a university during finals week. The machine was simply very busy AND one of the systems managers had greatly enhanced the standard login profile WITHOUT conditionalizing things as to whether they were needed in network or interactive startups. In that case, I recall fixing BOTH:<BR /> - conditionalizing many things in the login sequence<BR /> - changing the timeout (my recollection is the name NETSERVER$TIMEOUT; check the correct DECnet Management Manual)<BR /><BR />- Bob Gezelter, <A href="http://www.rlgsc.com" target="_blank">http://www.rlgsc.com</A> Thu, 31 May 2007 11:43:36 GMT https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010581#M83985 Robert Gezelter 2007-05-31T11:43:36Z https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010582#M83986 I'm trying to remember this part of the code. there is no login failure, so no<BR />audit posted. we posted audits on bad username password for example. I'd say<BR />the process is authenticated, the link brought up then fires the server. the<BR />server times out and we tear the connection<BR />down. Thu, 31 May 2007 12:28:35 GMT https://community.hpe.com/t5/operating-system-openvms/audit-alarm-for-timeout-during-login/m-p/4010582#M83986 Dean McGorrill 2007-05-31T12:28:35Z