Environment
Novell ZENworks 11 Configuration Management
Novell ZENworks 10 Configuration Management
NMAS
Novell Client for Windows 2000/XP/2003
Novell Client for Vista
Microsoft Active Directory
Microsoft Active Directory
Situation
Intruder lockout triggered after ZCM agent refresh when NMAS is installed on the client.
ERROR:
User Authentication failed during a refresh.
User applications will not be available.
This may occur if the user's password is changed or if the user is deleted from the user source.
ERROR (from zmd-messages.log):
[DEBUG] [06/04/2010 02:50:52.218] [1544] [ZenworksWindowsService] [36] [] [CommonCasa] [] [ObtainAuthToken took exception: -939589602 System.Exception: -939589602
at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid)
at Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken)] [] []
[DEBUG] [06/04/2010 02:50:52.218] [1544] [ZenworksWindowsService] [36] [] [CommonCasa] [] [Stack Trace: at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid)
at Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken)] [] []
at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid)
at Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken)] [] []
[DEBUG] [06/04/2010 02:50:52.218] [1544] [ZenworksWindowsService] [36] [] [CommonCasa] [] [Stack Trace: at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid)
at Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken)] [] []
ERROR (from casaauthtoken.log):
[608-C3C] [02:52:15] CASA_AuthToken -ObtainAuthTokenFromServer- End, retStatus = C7FF001E
This can also happen when using Microsoft Active Directory as the user source:
User source user changes their password on an agent workstation using ctrl-alt-del.
Bad login attempts are logged for every time the agent completes a partial refresh.
A user lockout is triggered.
Error in ats.log from authentication server using an Active Directory user source:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]Exception occured while adding connector specified at [XPath: /bci:realms/bci:realm[@id='<realm-id>']]
This can also happen when using Microsoft Active Directory as the user source:
User source user changes their password on an agent workstation using ctrl-alt-del.
Bad login attempts are logged for every time the agent completes a partial refresh.
A user lockout is triggered.
Error in ats.log from authentication server using an Active Directory user source:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]Exception occured while adding connector specified at [XPath: /bci:realms/bci:realm[@id='<realm-id>']]
Resolution
Workarounds for Active Directory environment:
A. Logout and back into Windows
B. Logout and back into the ZENworks agent by right clicking the agent icon and selecting Logout/Login
For ZCM 10.3: This is fixed in version 10.3.4 - see KB 7008244 "ZENworks Configuration Management 10.3.4 - update information and list of fixes" which can be found at https://www.novell.com/support
A. Logout and back into Windows
B. Logout and back into the ZENworks agent by right clicking the agent icon and selecting Logout/Login
For ZCM 10.3: This is fixed in version 10.3.4 - see KB 7008244 "ZENworks Configuration Management 10.3.4 - update information and list of fixes" which can be found at https://www.novell.com/support
For ZCM 11: This is fixed in version 11.2 - see KB 7010044 "ZENworks Configuration Management 11.2 - update information and list of fixes" which can be found at https://www.novell.com/support