Select the product you need help with
Distributed Link Services that are started by using the LocalSystem account do not connect to Host Integration Server 2004-based serversArticle ID: 888762 - View products that this article applies to. SYMPTOMSDistributed Link Services (DLS) link services that are
started by using the LocalSystem account on Microsoft Host Integration Server
2000-based servers do not connect to Host Integration Server 2004-based
servers. If host connections are configured to use a DLS link service such as SnaRem1 in Host Integration Server 2000, a status message that is similar to the following may appear in SNA Manager when the problem occurs: [Pending](Failed @
Time) Event ID: 23 Source: SNA Server Description: Connection Failure Connection = ConnectionName Link Service = DLSLinkServiceName Outage Code = OutageCode Event ID: 705 Source: SNA Base Service Description: Logon Failed. EXPLANATION Access denied on client-server or Distributed Link Service connection request. Connection from RemoteServerName denied because LSA logons are not supported. --- Error Code : 4097 CAUSEHost Integration Server 2000 uses the Local System Account
(LSA) logon method for validation when a DLS link service is started by using
the LocalSystem account. LSA logons are not supported in Host Integration
Server 2004. Therefore, DLS link services that are started by using the
LocalSystem account on Host Integration Server 2000 and on earlier versions of
SNA Server cannot connect to Host Integration Server 2004. RESOLUTIONTo resolve this behavior, you must configure DLS link
services to start by using user credentials that can access resources on the
Host Integration Server 2004-based server. STATUS This
behavior is by design. MORE INFORMATIONSupport for the LSA logon method was removed in Host
Integration Server 2004 to help make the product more secure. If you have
applications or services such as DLS link services that use the LocalSystem
account, we recommend that you modify these applications or services to use
valid user credentials to access remote resources. If anonymous logon support is enabled, any service or application that passes null credentials can access the Host Integration Server 2004-based server without having to provide valid user credentials. Null credentials are a null user account name, password, and domain. The application or service could possibly perform disruptive or destructive actions. For more information about the LocalSystem account and the extensive permissions that it has on the local computer, visit the following Microsoft Developer Network (MSDN) Web site: http://msdn2.microsoft.com/en-us/library/ms684190.aspx\ We do not recommend that you use the LocalSystem account unless a
service actually must have all the permissions that are provided by this
account. Additionally, services that run under the LocalSystem account will use
null credentials when they access remote resources.
(http://msdn2.microsoft.com/en-us/library/ms684190.aspx)
For additional information about a related Host Integration Server 2004 issue that occurs when you use SNA applications that run as Windows services by using the LocalSystem account, click the following article number to view the article in the Microsoft Knowledge Base: 888478
(http://support.microsoft.com/kb/888478/
)
SNA applications that run as Windows services do not connect to a Host Integration Server 2004-based server and log an event 705 message
Properties |
Back to the top
