Hi. Network setup first

4 servers, 1x nw6sp5, 2x nw65sp6, 1x oes linux sp2

added sp6 to my nw65 servers servers (and BM38sp5) last week and have been having no end of issues with various things. the most recent to rear it's ugly head is when users try and login on to an xp machine client 4.91 they often get nmas -1644 errors. Following tid3815371 i was able to start an nmas trace happening, and below is a sample of what i get on one my nw65 machines

57: Create NMAS Session
57: Pregathered information NMAS_AID = 2 ignored
57: Pregathered information NMAS_AID = 1 value CN=MCNAMGA.OU=Staff.O=NAGLE
57: CheckIfLocalUser: client supplied user DN CN=MCNAMGA.OU=Staff.O=NAGLE
ERROR: -16049 GetXKey: dal_readAttributeValues (key)
ERROR: -1460 createXKey: dal_getPartitionKey
ERROR: -1460 DALCreateLoginSession:GetXKey
57: ERROR: -1697 CheckIfLocalUser: DALCreateLoginSession
57: CheckIfLocalUser: checking actual user DN CN=MCNAMGA.OU=Staff.O=NAGLE
57: Contacted .CN=IT2.OU=SVR_IT2.O=NAGLE.T=NAGLE. (NMAS 2.9) for remote login
57: Remote login will use .CN=IT2.OU=SVR_IT2.O=NAGLE.T=NAGLE. (NMAS 2.9)
57: Destroy NMAS Session

or i get

58: Create NMAS Session
58: Pregathered information NMAS_AID = 2 ignored
58: Pregathered information NMAS_AID = 1 value CN=MCNAMGA.OU=Staff.O=NAGLE
58: CheckIfLocalUser: client supplied user DN CN=MCNAMGA.OU=Staff.O=NAGLE
ERROR: -16049 GetXKey: dal_readAttributeValues (key)
ERROR: -1460 createXKey: dal_getPartitionKey
ERROR: -1460 DALCreateLoginSession:GetXKey
58: ERROR: -1697 CheckIfLocalUser: DALCreateLoginSession
58: CheckIfLocalUser: checking actual user DN CN=MCNAMGA.OU=Staff.O=NAGLE
openRemoteSession: entry address is a local address
58: No NMAS 2.0 Server Found
58: Destroy NMAS Session


on the other i get noting. all they trace screen is showing is

processLoginSeqMethods: no login methods




my nw6 machine, which is my tree's CA, has the following

59: Destroy NMAS Session for reuse
59: Create NMAS Session
0: Put attribute with ID = 2 of length 12 bytes
0: Put attribute with ID = 1 of length 56 bytes
59: RemoteCheckIfLocalUser checking CN=DUKAKKA.OU=Staff.O=NAGLE.
59: RemoteCheckIfLocalUser is a local user.
59: Server thread started
59: >>ServerGet: message size=8 queue size 0
59: Client Session Destroy Request
59: Local Session Cleared (Not Destroyed)
59: ERROR: -1644 NMAS Manager
59: <<ServerPut: session cleared
59: >>ServerGet: session cleared
59: Server thread exited

or

55: Destroy NMAS Session for reuse
55: Create NMAS Session
0: Put attribute with ID = 2 of length 12 bytes
0: Put attribute with ID = 1 of length 56 bytes
0: Put attribute with ID = 11 of length 8 bytes
55: RemoteCheckIfLocalUser checking CN=RETTIVI.OU=Staff.O=NAGLE.
55: RemoteCheckIfLocalUser is a local user.
55: Server thread started
55: >>ServerGet: message size=8 queue size 0
55: >>ClientPut: message size=8 queue Size 0
55: >>ServerGet: message size=626 queue size 0
55: >>ClientPut: message size=626 queue Size 0
55: OEM
55: OEM Verb 3
55: HandleTransKey
55: HandleTransKey DataLen = 602
55: HandleTransKeys Wrapping Key OID first word = 0x86600B06
55: HandleTransKeys Domestic Grade (3DES) Wrapping Key
55: keyTag in while = 1
55: keyTag in while = 2
55: keyTag in while = 3
55: HandleTransKeys end of while err = 0
55: Transaction keys unwrapped:HandleTransKeys
55: 3 Transaction keys unwrapped
55: Return code from HandleTransKeys = 0
55: <<ServerPut: message size=8 queue size 0
55: <<ServerPut: message size=12 queue size 8
55: >>ServerGet: message size=8 queue size 0
55: <<ClientGet: message size=8 queue Size 0
55: <<ClientGet: message size=12 queue Size 12
55: >>ClientPut: message size=8 queue Size 0
55: >>ClientPut: message size=7 queue Size 8
55: >>ServerGet: message size=7 queue size 0
55: CanDo
55: <<ClientGet: message size=8 queue Size 0
55: Sequence Selected == "NDS"
55: Login Method 0x00000007
55: MAF_GetAttribute LSM 0x00000007 AID: 2
55: MAF_GetAttribute LSM 0x00000007 AID: 1
55: MAF_Begin LSM 0x00000007
55: <<ServerPut: message size=8 queue size 0
55: <<ServerPut: message size=5 queue size 8
55: MAF_AllowPasswordSet LSM 0x00000007
55: MAF_GetPassword LSM 0x00000007
55: <<ClientGet: message size=5 queue Size 5
55: MAF_Write LSM 0x00000007
55: <<ServerPut: message size=8 queue size 0
55: <<ServerPut: message size=40 queue size 8
55: MAF_GetNDSPasswordHash LSM 0x00000007
55: MAF_XWrite LSM 0x00000007
55: <<ServerPut: message size=56 queue size 48
55: MAF_XRead LSM 0x00000007
55: >>ServerGet: message size=8 queue size 0
55: <<ClientGet: message size=8 queue Size 0
55: <<ClientGet: message size=40 queue Size 96
55: <<ClientGet: message size=8 queue Size 56
55: <<ClientGet: message size=48 queue Size 48
55: >>ClientPut: message size=8 queue Size 0
55: >>ServerGet: message size=72 queue size 0
55: >>ClientPut: message size=72 queue Size 0
55: MAF_GetNDSPasswordHash LSM 0x00000007
55: MAF_XWrite LSM 0x00000007
55: <<ServerPut: message size=56 queue size 0
55: MAF_Read LSM 0x00000007
55: >>ServerGet: message size=8 queue size 0
55: <<ClientGet: message size=8 queue Size 0
55: <<ClientGet: message size=48 queue Size 48
55: >>ClientPut: message size=8 queue Size 0
55: >>ServerGet: message size=12 queue size 0
55: >>ClientPut: message size=12 queue Size 0
55: MAF_End LSM 0x00000007
55: LSM 0x00000007 successful
55: >>ServerGet: message size=8 queue size 0
55: >>ClientPut: message size=8 queue Size 0
55: WhatNext
55: Successful login
55: <<ServerPut: message size=8 queue size 0
55: <<ServerPut: message size=4 queue size 8
55: <<ClientGet: message size=8 queue Size 0
55: <<ClientGet: message size=4 queue Size 4
55: >>ServerGet: message size=8 queue size 0
55: NDS Credential request
55: Returning NDS Credential size 596
55: Encrypted NDS Credential size 600
55: Client Session Destroy Request
55: Local Session Cleared (Not Destroyed)
55: Server thread exited

which i think translates to a successful login.

i've done a dstrace -all +nmas, and a lot of referances on all servers to this apperes. I am not sure what, if any, of this is relevant.

AREQ: [2006/11/23 15:49:35] Calling DSAResolveName conn:377 for client .[Public].
AREQ: [2006/11/23 15:49:35] DSAResolveName failed, no referrals (-634).

as well as

AREQ: [2006/11/21 13:58:13] Calling DSAResolveName conn:295 for client .[Public].
AREQ: [2006/11/21 13:58:13] DSAResolveName failed, no such entry (-601).

i also have references to this

TVEC: [2006/11/23 15:49:25] +++ new tvA --> 2006/11/23 15:48:56, 1, 2
--> 2006/11/23 15:48:56, 4, 2
--> 2006/11/23 15:48:56, 2, 3
--> 2006/04/25 10:19:43, 3, 1
--> 2006/11/23 15:48:51, 5, 2

which i think is a sync operation. I am thinking that the old date references one is a server we retired earlier in the year. this serer was a nw5 box, and was our CA. I know something in our network is trying to do name lookups on this old server, i just havent been able to nail down what yet.

my windows 98 machines running client 3.32 are not affected.

I've run through tid10070382 and checked the rights on the w0 object, and they are correct as oer the tid.

right now i'm stuffed. i'll attempt just about anything reasonable at present to get this fixed. Last thing i need is to be sorting out this kind of login issue. Also, i'm happy to be called an idiot if i have managerd to overlook some "plain as day" sp install instruction.

regards


Shaun Turner