eDirectory: Error "-684" DSERR_SECURE_NCP_VIOLATION

  • 7004697
  • 20-Oct-2009
  • 27-Apr-2012

Environment

Novell NetWare 6.5 Support Pack 6
Novell NetWare 6.5 Support Pack 7
Novell NetWare 6.5 Support Pack 8
Novell eDirectory 8.7.3 for NetWare 6.5
Novell eDirectory 8.8 for NetWare 6.5
 

Situation

Due to security reasons, the following parameter was set on the server side:
"Server Parameters | NCP | Enable UDP Checksums on NCP packets=2"

By default this parameter is set to: 1
 
After that, any attempts to login from a Novell Client on Windows (4.91 SP4/SP5), will return an error:
"-684: DSERR_SECURE_NCP_VIOLATION (FFFFFD54)"
 

Resolution

As of now, the only fix is to change the set parameter back to its default:
"Server Parameters | NCP | Enable UDP Checksums on NCP packets=1"
 
The Engineering has been already notified and the problem is under investigation.
 

Additional Information

When troubleshooting this problem we noticed the following points:
  • Both clients (Windows and Linux) behave differently on this issue:
    • On Windows
      • We see a -684 error and authentication will not proceed
    • On Linux
      • We don't see any error/problem during the authentication. However, when trying to read/access files and directories we don't have access to anything.
  • This problem only affects Netware servers once the setting in question ("Enable UDP Checksums on NCP packets=2") does not exist on OES/OES2 Linux.
  • If we change the "NCP over UDP" setting to "OFF" on the server side, both clients (Windows and Linux) will log in with no problems. However, this will disable the server-to-server UDP communication.