Casa errors with NMAS or Active Directory and intruder lockout

  • 7009424
  • 23-Sep-2011
  • 25-Feb-2013

Environment

Novell ZENworks 11 Configuration Management
Novell ZENworks 10 Configuration Management
NMAS
Novell Client for Windows 2000/XP/2003
Novell Client for Vista
Microsoft Active Directory

Situation

Intruder lockout triggered after ZCM agent refresh when NMAS is installed on the client.
 
ERROR:
 
User Authentication failed during a refresh.
User applications will not be available.
 
This may occur if the user's password is changed or if the user is deleted from the user source.
 
ERROR (from zmd-messages.log):
 
 [DEBUG] [06/04/2010 02:50:52.218] [1544] [ZenworksWindowsService] [36] [] [CommonCasa] [] [ObtainAuthToken took exception: -939589602 System.Exception: -939589602
   at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid)
   at Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken)] [] []
 [DEBUG] [06/04/2010 02:50:52.218] [1544] [ZenworksWindowsService] [36] [] [CommonCasa] [] [Stack Trace:     at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid)
   at Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken)] [] []
 
ERROR (from casaauthtoken.log):
 
[608-C3C] [02:52:15] CASA_AuthToken -ObtainAuthTokenFromServer- End, retStatus = C7FF001E

This can also happen when using Microsoft Active Directory as the user source:

User source user changes their password on an agent workstation using ctrl-alt-del.
Bad login attempts are logged for every time the agent completes a partial refresh.
A user lockout is triggered.

Error in ats.log from authentication server using an Active Directory user source:

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]Exception occured while adding connector specified at [XPath: /bci:realms/bci:realm[@id='<realm-id>']]

Resolution

Workarounds for Active Directory environment:

A. Logout and back into Windows

B. Logout and back into the ZENworks agent by right clicking the agent icon and selecting Logout/Login


For ZCM 10.3: This is fixed in version 10.3.4 - see KB 7008244 "ZENworks Configuration Management 10.3.4 - update information and list of fixes" which can be found at https://www.novell.com/support
 
For ZCM 11: This is fixed in version 11.2 - see KB 7010044 "ZENworks Configuration Management 11.2 - update information and list of fixes" which can be found at https://www.novell.com/support