HPE Community
Operating System - OpenVMS
1825591 Members
2002 Online
109682 Solutions
New Discussion

-SYSTEM-F-INVLOGIN, login information invalid at remote node

 
SOLVED
Go to solution
Rajeev Hejib
Advisor

‎01-15-2006 11:34 PM

‎01-15-2006 11:34 PM

-SYSTEM-F-INVLOGIN, login information invalid at remote node

I keep getting following error

IT4108> dir bgta02::
%DIRECT-E-OPENIN, error opening BGTA02::*.*;* as input
-RMS-E-FND, ACP file or directory lookup failed
-SYSTEM-F-INVLOGIN, login information invalid at remote node

I can set host to BGTA02.
When I do $show proc (on BGTA02 after set host) I get

BGTA02> show proc

16-JAN-2006 12:28:45.64 User: SYSTEM Process ID: 000AD1CD
Node: BGTA02 Process name: "SYSTEM"

Terminal: RTA1: (IP$10.54.09.56::SYSTEM)
User Identifier: [SYSTEM]
Base priority: 4
Default file spec: SYS$SYSROOT:[SYSMGR]
Number of Kthreads: 1

Devices allocated: BGTA02$RTA1:

I have proxy set for system and IT4108 is on local host list (see below).

Not sure why its not working. Any help will be really appreciated.

BGTA02> uaf show/proxy ip$10.54.09.56::system

Default proxies are flagged with (D)

IT4108::SYSTEM
SYSTEM (D)
BGTA02> ucx show host it4108

BIND database

Server: 10.38.3.20 jgcdns1

Host address Host name

10.54.9.56 IT4108.TRADING.CENTRICA.COM
0 Kudos
Reply
20 REPLIES 20
Robert Gezelter
Honored Contributor

‎01-16-2006 12:05 AM

‎01-16-2006 12:05 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Rajeev,

What are the settings for the SYSTEM account? Pay particular attention to the NETWORK allowed login hours. Use AUTHORIZE to display this information (post the output from AUTHORIZE, if you are permitted to do so).

- Bob Gezelter, http://www.rlgsc.com
0 Kudos
Reply
Jan van den Ende
Honored Contributor

‎01-16-2006 12:06 AM

‎01-16-2006 12:06 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Rajeev,

you defined your proxy in DECnet format, and your network info in IP format.

If this is correct, then you need to specify your proxy info in IP format as well.
That is NOT done with AUTHORIZE, but with TCPIP commands.

And for the exact syntax of that, please tell us which IP stack you are using.

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Reply
Rajeev Hejib
Advisor

‎01-16-2006 12:22 AM

‎01-16-2006 12:22 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Thanks Bob and JPE.
Bob,
I have checked the privileges and it has "no access restriction".
JPE,
Before, on UAF we could add proxy by specifying "IP$....::SYSTEM" but now everytime I try adding one it translates the IP$ proxy to the host name.

We have TCP/IP V5.3 on target and V5.4 on intiating node.

I have addedd UCX CD proxy for system on the target node. It still gives me same error.
0 Kudos
Reply
Daniel Fernandez Illan
Trusted Contributor

‎01-16-2006 12:55 AM

‎01-16-2006 12:55 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Rajeev

For use DECnet you need define proxies using DECnet format:
UAF>add/proxy IT4108::SYSTEM SYSTEM/D

(Possibly you will need delete previous proxy).

In this case command SHO/PROXY will display

LOCAL:.IT4108 ...

Remark the node prefix LOCAL: (It is standard for DECnet phase V proxy definition).

Command $dir bgta02:: is using DECnet, not TCP protocol.

Saludos.
Daniel.
0 Kudos
Reply
Rajeev Hejib
Advisor

‎01-16-2006 01:09 AM

‎01-16-2006 01:09 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Hi Daniel,

I have now set the proxy as LOCAL:.IT4108::SYSTEM SYSTEM/DEF

BGTA02> uaf show/proxy local:.it4108*::system

Default proxies are flagged with (D)

LOCAL:.IT4108*::SYSTEM
SYSTEM (D)
I still get the same error. OPCOM messages that pop on BGTA02 at that time are

BGTA02>
%%%%%%%%%%% OPCOM 16-JAN-2006 14:04:32.47 %%%%%%%%%%%
Message from user AUDIT$SERVER on BGTA02
Security alarm (SECURITY) and security audit (SECURITY) on BGTA02, system id: 40007
Auditable event: Network breakin detection
Event time: 16-JAN-2006 14:04:32.47
PID: 00000414
Process name: NET$ACP
Username: DNA$SessCtrl
Remote node id: 0 (0.0)
Remote node fullname: IP$10.54.09.56
Remote username: SYSTEM
Status: %LOGIN-F-NOTVALID, user authorization failure

BGTA02>
%%%%%%%%%%% OPCOM 16-JAN-2006 14:04:32.49 %%%%%%%%%%%
Message from user SYSTEM on BGTA02
Event: Access Control Violation from: Node LOCAL:.BGTA02 Session Control,
at: 2006-01-16-14:04:32.490+00:00Iinf
NSAP Address=/0A360938,
Source=UIC = [0,0]SYSTEM,
Destination=number = 17,
Destination User="",
Destination Account="",
Node Name=
eventUid 0486A948-8699-11DA-86D1-AA000400479C
entityUid A52A93DF-6C2A-11DA-8305-AA000400479C
streamUid AE686EBC-6C2A-11DA-844F-AA000400479C


BGTA02>

I had removed intrusion records before.
Also had done mc ncl flush...
0 Kudos
Reply
Jan van den Ende
Honored Contributor

‎01-16-2006 01:27 AM

‎01-16-2006 01:27 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Rajeev,


Remote node fullname: IP$10.54.09.56


So you are using DECnet over IP !!!

Specify your proxy as:

UAF>add/prox IP$10.54.09.56::system */def

Somehow it seems the nodename-in-IP format does not get translated into IT4108, although the the way it is OK.

Success.

Proost.

Have one on me.

jpe

Don't rust yours pelled jacker to fine doll missed aches.
Reply
Rajeev Hejib
Advisor

‎01-16-2006 01:41 AM

‎01-16-2006 01:41 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Thanks.

I have tried doing that before. But it translates IP$.... to host name

UAF> show/proxy ip$10.54.9.56::system

Default proxies are flagged with (D)

IT4108::SYSTEM
SYSTEM (D)
UAF>

0 Kudos
Reply
John Abbott_2
Esteemed Contributor

‎01-16-2006 02:03 AM

‎01-16-2006 02:03 AM

Solution

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Very odd.. can't quite see what you're doing wrong. We have a similar set-up here (Decnet over FDDI, DECNET over IP over SM and over 100MB FD links) The only difference that I can see is that your AUDIT alarm for remote system is reporting back the ip$10.54.09.56 I would have expected to see IT4108. Eg. I would have expected your audit alarm post to read...
.
.
.
"Remote node fullname: IT4108".
.
.
.

Not sure if anyone else can shed some light here...

We have proxy setup using the DECnet node name, no IP values, just like Daniel suggests.

What is the output from the command
$mc ncl sho sess con nam search path
on both systems ?
Don't do what Donny Dont does
Reply
Rajeev Hejib
Advisor

‎01-16-2006 02:08 AM

‎01-16-2006 02:08 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

On IT4108

IT4108> mc ncl sho sess con nam search path

Node 0 Session Control
at 2006-01-16-15:05:59.795+00:00Iinf

Characteristics

Naming Search Path =
{
[
Directory Service = Local ,
Template = "*"
] ,
[
Directory Service = Local ,
Template = "local:*"
] ,
[
Directory Service = Local ,
Template = "LOCAL:.*"
] ,
[
Directory Service = Domain ,
Template = "*"
] ,
[
Directory Service = Domain ,
Template = "*.UK.CENTRICAPLC.COM"
]
}

IT4108>

On BGTA02

BGTA02> mc ncl sho sess con nam search path

Node 0 Session Control
at 2006-01-16-15:06:16.864+00:00Iinf

Characteristics

Naming Search Path =
{
[
Directory Service = Domain ,
Template = "*"
] ,
[
Directory Service = Domain ,
Template = "*.uk.centricaplc.com"
] ,
[
Directory Service = Domain ,
Template = "*.trading.centrica.com"
] ,
[
Directory Service = Local ,
Template = "*"
] ,
[
Directory Service = Local ,
Template = "local:*"
] ,
[
Directory Service = Local ,
Template = "local:.*"
]
}

BGTA02>
0 Kudos
Reply
John Abbott_2
Esteemed Contributor

‎01-16-2006 02:20 AM

‎01-16-2006 02:20 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

I think the output reveals your problem, on one node name you're looking local: then domain: the other node it's domain: then local:

I'd suggest setting both systems to the same as the first output (IT4108).

You'll find the script files in sys$startup called NET$SEARCHPATH_STARTUP.NCL

Hope this helps
Kind Regards
John.
Don't do what Donny Dont does
Reply
Daniel Fernandez Illan
Trusted Contributor

‎01-16-2006 02:34 AM

‎01-16-2006 02:34 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Rajeev

Are you defined IP$10.54.09.56 or IT4108 node on DECnet local database ( using decnet_register)?.
I think that this node is not defined on DECnet
because the message of ACL violation on BGTA02 node does not indicate the name of remote node (IT4108).

Saludos.
Daniel.
0 Kudos
Reply
Rajeev Hejib
Advisor

‎01-16-2006 02:47 AM

‎01-16-2006 02:47 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

I have change .ncl on BGTA02 to be same sa IT4108
BGTA02> mc ncl sho sess con nam search path

Node 0 Session Control
at 2006-01-16-15:43:32.605+00:00Iinf

Characteristics

Naming Search Path =
{
[
Directory Service = Local ,
Template = "*"
] ,
[
Directory Service = Local ,
Template = "local:*"
] ,
[
Directory Service = Local ,
Template = "LOCAL:.*"
] ,
[
Directory Service = Domain ,
Template = "*"
] ,
[
Directory Service = Domain ,
Template = "*.UK.CENTRICAPLC.COM"
]
}

BGTA02>

IT4108> mc ncl sho sess con nam search path

Node 0 Session Control
at 2006-01-16-15:41:59.509+00:00Iinf

Characteristics

Naming Search Path =
{
[
Directory Service = Local ,
Template = "*"
] ,
[
Directory Service = Local ,
Template = "local:*"
] ,
[
Directory Service = Local ,
Template = "LOCAL:.*"
] ,
[
Directory Service = Domain ,
Template = "*"
] ,
[
Directory Service = Domain ,
Template = "*.UK.CENTRICAPLC.COM"
]
}

IT4108>

IT4108 is registered on DECNET using mc decnet_register as IT4108.

One thing I noticed after I changed NET$SEARCHPATH_STARTUP.NCL (I ran it mc ncl @NET$SEARCHPATH_STARTUP.NCL, then flushed the cache)

BGTA02> uaf show/proxy it4108::*
%SECSRV-E-NOSUCHPROXY, no proxy record matches your specification

BGTA02> uaf show/proxy ip$10.54.9.56::system

Default proxies are flagged with (D)

IT4108::SYSTEM
SYSTEM (D)
BGTA02> uaf remove/proxy ip$10.54.9.56::system
%UAF-E-NAFREMERR, error removing proxy from IT4108::SYSTEM to *
-SECSRV-E-NOSUCHPROXY, no proxy record matches your specification

BGTA02> uaf remove/proxy it4108::system
%UAF-E-NAFREMERR, error removing proxy from LOCAL:.IT4108::SYSTEM to *
-SECSRV-E-NOSUCHPROXY, no proxy record matches your specification
BGTA02>

0 Kudos
Reply
John Abbott_2
Esteemed Contributor

‎01-16-2006 07:05 AM

‎01-16-2006 07:05 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

OK, you're nearly there, the change to the .NCL script was good but you missed out the "Directory Service = Domain ,
Template = "*.trading.centrica.com"
] ,
".. bit. As this is where your IT4108 name exists in DNS. So, If you add this back in on both the .ncl scripts (look at your orig post for placement), execute & flush.. fingers crossed you're been looking good :-)

Best
John.
Don't do what Donny Dont does
Reply
Rajeev Hejib
Advisor

‎01-17-2006 12:48 AM

‎01-17-2006 12:48 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Thanks verymuch John.

I have made the changes. They are as below:

IT4108> mc ncl sho sess con nam search path

Node 0 Session Control
at 2006-01-17-13:41:58.280+00:00Iinf

Characteristics

Naming Search Path =
{
[
Directory Service = Local ,
Template = "*"
] ,
[
Directory Service = Local ,
Template = "local:*"
] ,
[
Directory Service = Local ,
Template = "LOCAL:.*"
] ,
[
Directory Service = Domain ,
Template = "*"
] ,
[
Directory Service = Domain ,
Template = "*.UK.CENTRICAPLC.COM"
] ,
[
Directory Service = Domain ,
Template = "*.TRADING.CENTRICA.COM"
]
}

IT4108>

BGTA02> mc ncl sho sess con nam search path

Node 0 Session Control
at 2006-01-17-13:44:30.057+00:00Iinf

Characteristics

Naming Search Path =
{
[
Directory Service = Local ,
Template = "*"
] ,
[
Directory Service = Local ,
Template = "local:*"
] ,
[
Directory Service = Local ,
Template = "LOCAL:.*"
] ,
[
Directory Service = Domain ,
Template = "*"
] ,
[
Directory Service = Domain ,
Template = "*.UK.CENTRICAPLC.COM"
] ,
[
Directory Service = Domain ,
Template = "*.TRADING.CENTRICA.COM"
]
}

BGTA02>

The weired thing now is

When I do
IT4108> dir bgta02::
%DIRECT-E-OPENIN, error opening BGTA02::*.*;* as input
-RMS-E-FND, ACP file or directory lookup failed
-SYSTEM-F-INVLOGIN, login information invalid at remote node
IT4108>

But when I do

IT4108> dir 10.8.4.23::

It works.

Here is how "name service" is set up on UCX
On it4108

IT4108> ucx show name

BIND Resolver Parameters

Local domain: uk.centricaplc.com

System

State: Started, Enabled

Transport: UDP
Domain: UK.CENTRICAPLC.COM
Retry: 4
Timeout: 4
Servers: MPCDNS1, JGCDNS1
Path: No values defined

Process

State: Enabled

Transport:
Domain:
Retry:
Timeout:
Servers:
Path:
IT4108>

BGTA02> ucx show name

BIND Resolver Parameters

Local domain: trading.centrica.com

System

State: Started, Enabled

Transport: UDP
Domain: uk.centricaplc.com
Retry: 4
Timeout: 4
Servers: JGCDNS1, MPCDNS1
Path: No values defined

Process

State: Enabled

Transport:
Domain:
Retry:
Timeout:
Servers:
Path:
BGTA02>

If you notice the local domain on IT4108 is uk.centricaplc.com and on BGTA02 its trading.centrica.com. Is that making the difference
0 Kudos
Reply
Rajeev Hejib
Advisor

‎01-17-2006 12:52 AM

‎01-17-2006 12:52 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Sorry about the earlier reply. The search paths are actually as below. Rest still stays as in earlier note.
IT4108> mc ncl sho sess con nam search path

Node 0 Session Control
at 2006-01-17-13:49:48.189+00:00Iinf

Characteristics

Naming Search Path =
{
[
Directory Service = Local ,
Template = "*"
] ,
[
Directory Service = Local ,
Template = "local:*"
] ,
[
Directory Service = Local ,
Template = "LOCAL:.*"
] ,
[
Directory Service = Domain ,
Template = "*"
] ,
[
Directory Service = Domain ,
Template = "*.UK.CENTRICAPLC.COM"
] ,
[
Directory Service = Domain ,
Template = "*.TRADING.CENTRICA.COM"
]
}

IT4108>


BGTA02> mc ncl sho sess con nam search path

Node 0 Session Control
at 2006-01-17-13:52:00.469+00:00Iinf

Characteristics

Naming Search Path =
{
[
Directory Service = Local ,
Template = "*"
] ,
[
Directory Service = Local ,
Template = "local:*"
] ,
[
Directory Service = Local ,
Template = "LOCAL:.*"
] ,
[
Directory Service = Domain ,
Template = "*"
] ,
[
Directory Service = Domain ,
Template = "*.UK.CENTRICAPLC.COM"
] ,
[
Directory Service = Domain ,
Template = "*.TRADING.CENTRICA.COM"
]
}

BGTA02>
0 Kudos
Reply
John Abbott_2
Esteemed Contributor

‎01-17-2006 02:06 AM

‎01-17-2006 02:06 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Right then, so IT4108 is in domain uk.centricaplc.com BGTA02 is in domain trading.centrica.com. So we've promoted the LOCAL search path up the list on one node (add some consistency between the systems), so they're both the same.

what does a tcpip/ucx sho host it4108 & BGTA02 on both systems give ?

Also, what in the local: osi db (mcr decnet_register, option 1, for the two nodes)
Don't do what Donny Dont does
Reply
Rajeev Hejib
Advisor

‎01-17-2006 02:19 AM

‎01-17-2006 02:19 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

On IT4108
IT4108> ucx show host it4108

LOCAL database

Host address Host name

10.54.9.56 IT4108
IT4108> ucx show host bgta02

LOCAL database

Host address Host name

10.8.4.23 BGTA02, bgta02

The with mc decnet_register

Directory Service: Local name file

Node name: LOCAL:.it4108
Phase IV synonym: IT4108

Address tower protocol and selector values:
Session: DNA_SessionControlV2 (SC2)
00 13
Transport: DNA_NSP (NSP)
(no selector value)
Routing: DNA_OSInetwork (CLNS)
49::00-30:AA-00-04-00-0C-C0:20 (48.12)

Session: DNA_SessionControlV3 (SC3)
00 13
Transport: DNA_OSItransportV1 (TP4)
DE C0
Routing: DNA_OSInetwork (CLNS)
49::00-30:AA-00-04-00-0C-C0:21 (48.12)


Number of nodes reported on: 1


* Press Return to continue

Directory Service: Local name file

Node name: LOCAL:.bgta02
Phase IV synonym: BGTA02

Address tower protocol and selector values:
Session: DNA_SessionControlV2 (SC2)
00 13
Transport: DNA_NSP (NSP)
(no selector value)
Routing: DNA_OSInetwork (CLNS)
49::00-27:AA-00-04-00-47-9C:20 (39.71)


Number of nodes reported on: 1


* Press Return to continue



On BGTA02


BGTA02> ucx show host it4108

LOCAL database

Host address Host name

10.54.9.56 IT4108, it4108
BGTA02> ucx show host bgta02

LOCAL database

Host address Host name

10.8.4.23 bgta02, BGTA02, BGTA02,pgswh1
BGTA02>

and mc decnet_register

Directory Service: Local name file

Node name: LOCAL:.BGTA02
Phase IV synonym: BGTA02

Address tower protocol and selector values:
Session: DNA_SessionControlV2 (SC2)
00 13
Transport: DNA_NSP (NSP)
(no selector value)
Routing: DNA_OSInetwork (CLNS)
49::00-27:AA-00-04-00-47-9C:20 (39.71)


Number of nodes reported on: 1

Directory Service: Local name file

Node name: LOCAL:.it4108
Phase IV synonym: IT4108

Address tower protocol and selector values:
Session: DNA_SessionControlV2 (SC2)
00 13
Transport: DNA_NSP (NSP)
(no selector value)
Routing: DNA_OSInetwork (CLNS)
49::00-30:AA-00-04-00-0C-C0:20 (48.12)


Number of nodes reported on: 1

0 Kudos
Reply
John Abbott_2
Esteemed Contributor

‎01-17-2006 08:52 PM

‎01-17-2006 08:52 PM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Morning, sorry I couldn't post earlier...

Are you intending to just running DECnetOSI over IP ?

Something worth checking... for the node names in DNS and in decnet_register, check you're using a zero and not an 'O' by mistake. Also, on BGTA02 in DNS you have BGTA02 listed three times ? Could there be some sort of hidden binary character in the dns entry here as two entries appear the same ?

On IT4108 decnet_register you have NSP(phase IV) and TP4(phase V) towers set-up, but on BGTA02 you only have only NSP. Although I doubt if this is causing the problem, you might see some delay on connection if TP4 is selected on IT4108 1st (I think it depends on order). Best to either using only NSP or TP4 or just set them both up. I actually thought you needed TP4 towers set-up to run DECnet over IP.

I would have thought you only need to set-up a UAF proxy record specifying the node name, not the IPC$ ip addr::system. ?

Hope this helps
Kind Regards,
John.

Don't do what Donny Dont does
Reply
John Abbott_2
Esteemed Contributor

‎01-18-2006 01:40 AM

‎01-18-2006 01:40 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Thinking about this a bit more, without the TP4(phase v & over ip) entry on BGTA02, I think you're going to get a security alarm of IP$10.54.09.56 (as pre your post) rather than IT4108. Use mcr decnet_register on BGTA02, , option 2 and modify the tower to include a TP4 transport entry.

PS. Don't be shy, you can aware points ay anytime !
Don't do what Donny Dont does
Reply
Rajeev Hejib
Advisor

‎01-18-2006 02:37 AM

‎01-18-2006 02:37 AM

Re: -SYSTEM-F-INVLOGIN, login information invalid at remote node

Sorry John. I have been missing on giving points. Extremely sorry. You have been great help. I will try your latest suggestion tonight. Bit tied up with prod issue. Every next reply will definitely carry points for you.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.