- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: System account failure
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 10:48 AM
тАО01-16-2009 10:48 AM
Re: System account failure
SYSMAN> SET ENVIRONMENT/CLUSTER
SYSMAN> DO DIRECTORY /FILE SYSUAF
Ensure the file I/Os all match on all three nodes.
Repeat this for RIGHTSLIST, the NET*PROXY files, and the security files, among other shared files.
Enable security auditing for login, logout, logfail and process services (with the latter particularly for DELPRC calls). See HELP SET AUDIT /ENABLE for details.
Please confirm that ALL of those shared files are in fact shared, and that all logical names are in the proper access mode and logical name table.
Place the line $ EXIT at the top of SYLOGIN.COM and at the top of SYS$MANAGER:LOGIN.COM for the purposes of testing. This really looks like something in the login sequence, based on what I assume is a full login trace that was attached earlier.
Remove the PRCLM setting from SYSTEM. (I'd strongly encourage not making changes to the default SYSTEM username, and I see various changes have been made. SYSTEM is a core HP username, and should see minimal changes from how HP sets it up. Create and use and tailor your own local usernames, as a rule.)
Also confirm the quotas on the originating host are sufficient for the connection, and that the originating and target systems have seen recent AUTOGEN passes with FEEDBACK enabled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 11:14 AM
тАО01-16-2009 11:14 AM
Solution"It does not matter if I set host, telnet or use console, batch jobs where user=system it still fails on that node.
the error in accounting is Final status text: %SYSTEM-F-EXITFORCED, forced exit of image or process by SYS$DELPRC"
The first thing I would look at is your system wide login command procedure. The default for this is sys$manager:sylogin.com, but can be overridden with an executive mode logical name that will be visible to a process with UIC [1,4]. Normally the logical name would be in the system logical name table.
sylogin is executed regardless of the presence of /nocommand. That's are very good reason to be especially careful when making changes to it. (and always have a privileged account logged in until you have verified that you can log in from another session, i.e. don't log out, and try to log back in from the same "terminal")
My guess is that there is some checks limit privileged access to "authorized" nodes in the SYLOGIN.COM (and that is only a guess). Perhaps it is checking for specific usernames, perhaps checking for privileges. (if that is indeed what is causing the symptoms). I just checked: $ stop/id=0 will kill the process and leaves the exit status as reported by ACCOUNTING
--------------
Queue entry: Final status code: 00002BD4
Queue name:
Job name:
Final status text: %SYSTEM-F-EXITFORCED, forced exit of image or process by SYS$DELPRC
--------------
so something in sylogin that issues stop/id=0 is a plausible explanation.
I assume the "Unauthorized access ..." message is coming from SYS$WELCOME, so it appears the process is getting logged in.
You could turn on image accounting for a short time, as you will then see what images are being executed, but that doesn't show anything done by DCL commands that are cliroutines instead of images, or anything done with lexical functions. The point being that there are many things that can be done that don't generated image accounting records.
No guarantee that the cause is in sylogin, but that is an easy thing to check and eliminate as a possible cause.
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 11:26 AM
тАО01-16-2009 11:26 AM
Re: System account failure
Good point!
At several client sites over the years, I have implemented login restrictions based on Identifiers (e.g., LOGIN_
On such a cluster, adding a new node also requires adding the identifier, and making sure that the flow is correct (e.g., granting the identifier to users, or adding the node name to some list or logical name).
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 11:28 AM
тАО01-16-2009 11:28 AM
Re: System account failure
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 11:44 AM
тАО01-16-2009 11:44 AM
Re: System account failure
there was a sylogin on the root of the (3rd node a residual of days goneby)
It had a if user=(system) THEN STOP/ID=0
who knows why!!
My bad - I missed that. Thanks
- « Previous
-
- 1
- 2
- Next »