Environment
Novell ZENworks 10 Configuration Management Authentication
Situation
If a primary server or satellites have time that is out of synch with other primaries or satellites, authentication may fail.
From ats.trace on the primary:
2010-12-28 12:03:09,814 INFO [ClientAddr=192.168.0.35] GetAuthPolicy Rpc, Host=localhost, Svc=com.novell.zenworks.REALM, Status=SUCCESS
Note in the above: GetAuthPolicy suceeds but no attempt is made for Authenticate or GetAuthToken
From casaauthtoken.log on the agent:
[680-F10] [11:40:19] CASA_AuthToken -ObtainAuthTokenInt- Copying the token into the callers buffer
That shows that the token is received from the satellite, but when presented to the primary:
[680-F10] [11:40:22] CASA_PwdMech -GetUserCredentials- Failed to obtain credentials for pw authentication, code = -802
[680-F10] [11:40:22] CASA_PwdMech -GetUserCredentials- End, retStatus = C7FD0001
-939720703 in zmd-messages.log
Resolution
Ensure that satellite times and primary times are correct.
Additional Information
When casa authentication suceeds, a session token is obtained. The token has a lifetime setting of about 45 minutes. When the primary needs to confirm the token, if the lifetime is "expired" due to time mismatch, the primary will reject the token causing login failure. The primary must validate the token in order for user configuration settings to be requested.