- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Problem with Advanced Server 6.1
Operating System - OpenVMS
1753465
Members
4715
Online
108794
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2006 02:24 AM
тАО07-27-2006 02:24 AM
Problem with Advanced Server 6.1
Hi,
I've had a somewhat sudden problem crop up on an otherwise stable system, and I was wondering whether anyone might have some advice?
I'm running Advanced Server 6.1 on a two-node AlphaCluster with OVMS 6.2-1H3. We have licensing for 50 users.
This morning a user in another site complained of not being able to connect to a share from the Windows 2000 network. When I attempted to connect, I could see both nodes and the cluster alias in Network Neighbourhood, but none would respond. I can ping them by name and by address from Windows and all three respond, but drive mapping will not.
The services BROWSER, EVENTLOG, NETLOGON and SERVER all start when Pathworks is started, although NETLOGON takes a little time.
Thinking perhaps there might have been a corruption in my SAM database, I attempted to rebuild it with a procedure we used to use in Pathworks 6.0, however this encountered a 'serious error' and quit. I replaced the original SAM and restarted the software, but without success.
Looking for the cause of the problem, I ran Admin/Analyze for the previous 36 hours and saw some messages indicating that the software had been restarted, however I can't see anything wrong anywhere.
It's been a while since I had to do any maintenance on Advanced Server, so I'm a little rusty, but if anyone can point me at a solution, I'd appreciate it.
Thanks,
Bob
I've had a somewhat sudden problem crop up on an otherwise stable system, and I was wondering whether anyone might have some advice?
I'm running Advanced Server 6.1 on a two-node AlphaCluster with OVMS 6.2-1H3. We have licensing for 50 users.
This morning a user in another site complained of not being able to connect to a share from the Windows 2000 network. When I attempted to connect, I could see both nodes and the cluster alias in Network Neighbourhood, but none would respond. I can ping them by name and by address from Windows and all three respond, but drive mapping will not.
The services BROWSER, EVENTLOG, NETLOGON and SERVER all start when Pathworks is started, although NETLOGON takes a little time.
Thinking perhaps there might have been a corruption in my SAM database, I attempted to rebuild it with a procedure we used to use in Pathworks 6.0, however this encountered a 'serious error' and quit. I replaced the original SAM and restarted the software, but without success.
Looking for the cause of the problem, I ran Admin/Analyze for the previous 36 hours and saw some messages indicating that the software had been restarted, however I can't see anything wrong anywhere.
It's been a while since I had to do any maintenance on Advanced Server, so I'm a little rusty, but if anyone can point me at a solution, I'd appreciate it.
Thanks,
Bob
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2006 11:38 PM
тАО07-30-2006 11:38 PM
Re: Problem with Advanced Server 6.1
Okay, so it turned out not to be a SAM corruption after all...
What happened was that Pathworks stopped responding after the PDC in our Windows domain changed to another server.
With the installation configured to reference Server A as the PDC, Server B was never going to be accepted, etc., and so on...
The solution, as prescribed by Pathworks Support in Utrecht, Holland, would normally have been to reconfigure Advanced Server with the name of the new PDC.
However, since the new Domain Controller was now a W2K3 server, certain adjustments had to be made to the Domain Controller Security Policy, per Microsoft Article 889030, followed by a reboot of the PDC.
In case anyone finds it useful, here are the relevant settings:
********************
Policy settings from Microsoft article number 889030:
Make sure that the following settings on the Windows 2003 Domain Controlers are configured as shown.
Utility: Domain Controller Security Policy
Security Settings\Local Policies\Security Options
RestrictAnonymous and RestrictAnonymousSam:
Network access: Allow anonymous SID/Name translation ENABLED
Network access: Do not allow anonymous enumeration of SAM accounts DISABLED
Network access: Do not allow anonymous enumeration of SAM accounts and shares DISABLED
Network access: Let Everyone permissions apply to anonymous users ENABLED
Network access: Named pipes can be accessed anonymously ENABLED
Network access: Restrict anonymous access to Named Pipes and shares DISABLED
LM Compatibility:
Network security: LAN Manager authentication level "LM & NTLM responses" or "Send LM & NTLM - use NTLMV2 session security if negotiated"
SMB Signing, SMB Encrypting, or both:
Microsoft network client: Digitally sign communications (always) DISABLED
Microsoft network client: Digitally sign communications (if server agrees) ENABLED
Microsoft network server: Digitally sign communications (always) DISABLED
Microsoft network server: Digitally sign communications (if client agrees) ENABLED
Domain member: Digitally encrypt or sign secure channel data (always) DISABLED
Domain member: Digitally encrypt secure channel data (when it is possible) ENABLED
Domain member: Digitally sign secure channel data (when it is possible) ENABLED
Domain member: Require strong (Windows 2000 or later) session key DISABLED
You need to add everyone to the local group "pre-Windows 2000 Compatible Access" So on the PDC
To do this, you need to execute, on the PDC emulator, in a DOS box the command:
net localgroup "pre-windows 2000 compatible access" everyone /add
After the settings are configured correctly, you must restart your computer. The security settings are not enforced until the computer is restarted.
*********************
After these settings were put into effect, PWCONFIG worked and the Advanced Server environment could be properly reconfigured.
If only everything in life was as straightforward...
Bob
What happened was that Pathworks stopped responding after the PDC in our Windows domain changed to another server.
With the installation configured to reference Server A as the PDC, Server B was never going to be accepted, etc., and so on...
The solution, as prescribed by Pathworks Support in Utrecht, Holland, would normally have been to reconfigure Advanced Server with the name of the new PDC.
However, since the new Domain Controller was now a W2K3 server, certain adjustments had to be made to the Domain Controller Security Policy, per Microsoft Article 889030, followed by a reboot of the PDC.
In case anyone finds it useful, here are the relevant settings:
********************
Policy settings from Microsoft article number 889030:
Make sure that the following settings on the Windows 2003 Domain Controlers are configured as shown.
Utility: Domain Controller Security Policy
Security Settings\Local Policies\Security Options
RestrictAnonymous and RestrictAnonymousSam:
Network access: Allow anonymous SID/Name translation ENABLED
Network access: Do not allow anonymous enumeration of SAM accounts DISABLED
Network access: Do not allow anonymous enumeration of SAM accounts and shares DISABLED
Network access: Let Everyone permissions apply to anonymous users ENABLED
Network access: Named pipes can be accessed anonymously ENABLED
Network access: Restrict anonymous access to Named Pipes and shares DISABLED
LM Compatibility:
Network security: LAN Manager authentication level "LM & NTLM responses" or "Send LM & NTLM - use NTLMV2 session security if negotiated"
SMB Signing, SMB Encrypting, or both:
Microsoft network client: Digitally sign communications (always) DISABLED
Microsoft network client: Digitally sign communications (if server agrees) ENABLED
Microsoft network server: Digitally sign communications (always) DISABLED
Microsoft network server: Digitally sign communications (if client agrees) ENABLED
Domain member: Digitally encrypt or sign secure channel data (always) DISABLED
Domain member: Digitally encrypt secure channel data (when it is possible) ENABLED
Domain member: Digitally sign secure channel data (when it is possible) ENABLED
Domain member: Require strong (Windows 2000 or later) session key DISABLED
You need to add everyone to the local group "pre-Windows 2000 Compatible Access" So on the PDC
To do this, you need to execute, on the PDC emulator, in a DOS box the command:
net localgroup "pre-windows 2000 compatible access" everyone /add
After the settings are configured correctly, you must restart your computer. The security settings are not enforced until the computer is restarted.
*********************
After these settings were put into effect, PWCONFIG worked and the Advanced Server environment could be properly reconfigured.
If only everything in life was as straightforward...
Bob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-30-2006 11:39 PM
тАО07-30-2006 11:39 PM
Re: Problem with Advanced Server 6.1
Actually, in the comments above :-)
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP