Authentication errors when Auth server OS time is wrong

  • 7007450
  • 03-Jan-2011
  • 30-Apr-2012


Novell ZENworks 10 Configuration Management Authentication


If a primary server or satellites have time that is out of synch with other primaries or satellites, authentication may fail.
From ats.trace on the primary:
2010-12-28 12:03:09,814 INFO [ClientAddr=] GetAuthPolicy Rpc, Host=localhost, Svc=com.novell.zenworks.REALM, Status=SUCCESS

Note in the above: GetAuthPolicy  suceeds but no attempt is made for Authenticate or GetAuthToken
From casaauthtoken.log on the agent:
[680-F10] [11:40:19] CASA_AuthToken -ObtainAuthTokenInt- Copying the token into the callers buffer
That shows that the token is received from the satellite, but when presented to the primary:
[680-F10] [11:40:22] CASA_PwdMech -GetUserCredentials- Failed to obtain credentials for pw authentication, code = -802
[680-F10] [11:40:22] CASA_PwdMech -GetUserCredentials- End, retStatus = C7FD0001
-939720703 in zmd-messages.log


Ensure that satellite times and primary times are correct. 

Additional Information

When casa authentication suceeds, a session token is obtained.  The token has a lifetime setting of about 45 minutes.  When the primary needs to confirm the token, if the lifetime is "expired" due to time mismatch, the primary will reject the token causing login failure.  The primary must validate the token in order for user configuration settings to be requested.