We ve the below problem.

We are using RSA Tokens incombination with C2S BM 3.8. All is working fine
except in one case.

The client to site BM server handles all the authentication of the users
but when a user tries to login from a other partition the user is blocked
with a message FFFFF996. (Only with RSA sequence, when NDS is used there
is no problem) The Windows 2000 server with RSA doesn't even see the try
of the user to logon. At the other hand the Windows 2000 server with RSA
server can tree walk the complete tree so this is no problem.

So i decided to put NMAS tracing on (Bordermanager server) and the log
shows the following. (below)

The server does not hold the user object and it let a other server handles
the request. (not a local user) The secondserver contains a copy of the
userobject but it look likes that it cannot handles the RSA sequence.
So, when the same user tries to logon with the NDS sequence, the
bordermanager is still sending the info to the secondserver and all is
fine. My question is now, is it needed to install the RSA (NMA's software)
also on the secondserver to let it handle users outside the partition of
the bordermanager server with the RSA sequence? If so, what if the
secondserver will be skipped, maybe the bordermanager select the next time
a other server which holds also a copy of the userobject, what kind of
selectionmechanisme is used?

Note: secondserver is the CA in our situation.

10:32:53 4DFE2100 NMAS: 154: Create NMAS Session
10:32:53 4DFE2100 NMAS: 154: Put attribute with ID = 1 of length 92 bytes
10:32:53 4DFE2100 NMAS: 154: Put attribute with ID = 11 of length 28 bytes
10:32:53 4DFE2100 NMAS: 154: NCPCheckIfLocalUser: client supplied user DN
user.department.place.company
10:32:53 4DFE2100 NMAS: 154: NCPCheckIfLocalUser: checking actual user DN
CN=user.OU=department.OU=place.O=company
10:32:53 4DFE2100 NMAS: 154: NCPCheckIfLocalUser is NOT a local user.
10:32:53 4DFE2100 NMAS: 154:
Contacted .CN=secondserver.OU=_Resources.OU=city.O=company.T =TREE. (NMAS
2.6) for remote login
10:32:53 4DFE2100 NMAS: 154: Remote login will
use .CN=secondserver.OU=_Resources.OU=city.O=company.T =TREE. (NMAS 2.6)
10:32:53 4DFE2100 NMAS: 154: nmasClientWrite: Login continue
10:32:53 4DFE2100 NMAS: 154: nmasClientWrite: Login continue
10:32:53 4DFE2100 NMAS: 154: nmasClientRead: Login continue
10:32:53 4BA5F540 SyncI: Start inbound sync from server [0000807a]
<.anotherserver._Resources.place.company.TREE.> for partition [0000804e]
<.place.company.TREE.>.
10:32:53 4DFE2100 NMAS: 154: nmasClientRead: Login continue
10:32:53 4DFE2100 NMAS: 154: nmasClientWrite: Login continue
10:32:53 4DFE2100 NMAS: 154: nmasClientWrite: Login continue
10:32:53 4DFE2100 NMAS: 154: nmasClientRead: Login continue
10:32:53 4DFE2100 NMAS: 154: nmasClientRead: Login continue
10:32:53 4DFE2100 NMAS: 154: nmasClientWrite: Login continue
10:32:53 4DFE2100 NMAS: 154: nmasClientWrite: Login continue