Solved

Intranetware holding connections

Posted on 1998-08-28
23
465 Views
Last Modified: 2012-05-04
Problem we are having is that Novell is holding on to a users connection. We use the feature to limit concurrent connections to one so this presents a problem for us. The user does not show up as being logged in on the file server console but in NWAdmin if you go to the user object and then the environment tab it does show a H/W address of the machine they are logged into. The only way I have been able to clear this then is to increase the number of concurrent logins and have the user log into the machine whos H/W address matches the one in NWAdmin for that user and have them shutdown properly. They can not even log back into the same machine once this occurs. I have added the most current patches ( support pack 5, ds.nlm 5.99, and the newest clib patch)
0
Comment
Question by:FHSCompGuy
  • 7
  • 4
  • 3
  • +7
23 Comments
 
LVL 12

Expert Comment

by:mark2150
ID: 1593184
Try doing a double logout. How are the users logging in? Are you using win95 and the NWClient or are you treating it as a DOS box and manually firing up the netware drivers.

Normally there is about a one minute lag between the LOGOUT and the system realizing that the station isn't going to talk any more.

When you look at the connection via RCONSOLE does it show the user name or NOT LOGGED IN on those ports? If the username is present then they're not really logging out and the system is behaving correctly. If a user just turns off their computer the LAN will take some time to recognize that they've died. Train them to exit gracefully and it should be OK.

It is normal for a connection to still retain the H/W MAC address while it is showing NOT LOGGED IN. This should not prevent additional logins.

If the users are connecting via MY COMPUTER or EXPLORER and are using the MAP drive button to connect and then using the UNMAP drive this is *NOT* the same as a LOGOUT. The users are still authenticated to the server that they mapped to. You may have to set up a "LOGOUT" icon for the users to actually drop the connection.

M

0
 

Author Comment

by:FHSCompGuy
ID: 1593185
ok I am using win95 &  client32 and they exit by doing a shutdown and this does work but if they don't do what they are supposed to they do get hung and it doesn't matter if they shut the machine off it still holds on to it. In RCONSOLE or on the CONSOLE itself it shows a lot of NOT LOGGED IN connections, but clearing these does not solve the problem. No matter how long I wait ( I have left it go for days )  the H/W addresses never clear from NWAdmin. The training thing would be easy if it wasn't 5 yr olds up to 18yr olds, I am in a k12 school. If I could find a way to forcibly clear this H/W address so I did not have to trace these H/W addresses to the culprit computer and have the user log in to clear the H/W address from their user object or cause this not too happen at all by somehow haveing the system to somehow check for these hung connections would be acceptable solutions to this problem.
0
 
LVL 4

Expert Comment

by:Zombite
ID: 1593186
Check your watchdog settings on the server.    

Try these settings if yours are no the same.
Set Number of Watchdog Packets = 60
Set Delay Between Watchdog Packets = 10 (time in minutes)
Set Delay Before First Watchdog Packets = 20 ((time in minutes)
NOTE: ALWAYS keep Delay Before First Watchdog Packets longer than Delay Between
     Watchdog Packets!


Depending on what the settings are ,decrease the Watchdog time-out parameters. The downside of this is that it may cause additional traffic on the network and increase the chance that an active workstation will get  logged off the network by watchdog.

0
 
LVL 4

Expert Comment

by:Zombite
ID: 1593187
Upon further reflection -
Also enusre that you do not have perm drive or printer captures on win95
Do these maps and or capures via the login script other wise win95 will pop
them back on again as soon as it is started - this may be causing your users to stay logged on even after a few days.


0
 
LVL 4

Expert Comment

by:saar2
ID: 1593188
It seems as a known bug in Netware which Novell provids a TID about.
This is TID #2913235.

If you find this answer better than Zombitte's please let me resubmit it as an answer.

Saar Carmi.

Symptom

     Sometimes a user object's Network Address property contains one or more network
     addresses (network:node:socket) when it should not. For example, even though a user is
     not logged in to the NDS tree, the user object still shows a value for the Network
     Address property. (A user's Network Address property can be viewed in NetAdmin or
     NWAdmin on the Environment page.)

     This can cause problems for users that have a limited number of concurrent
     connections. For example, when a user tries to login, LOGIN might return the following
     error:

     MESSAGE
     "LOGIN-4.12-830: You are trying to log in to too many stations simultaneously. The
     supervisor has limited the number of connections you may have."

     How can these "connections" be cleared out of DS when they don't appear in Monitor
     and NWAdmin does not have a "delete" option for the Network Address property?

     Cause

     The causes are two fold, both of which are being addressed.

     1) If the client workstation is not logged out properly, (just turned off, or rebooted), the
     network address property in the DS database does not get cleared out. When attempting
     to log back in, there is a good chance that the socket that is used will not be the same
     as what it was previously. Hence, when the entire address is checked, that being
     NETWORKADDRESS - NODE ADDRESS - SOCKET, it fails the comparison of being
     the same network address according to DS and therefore will not allow login.

     2) DS detects the above condition and leaves the network address property for the user.
     An address in this type of scenario currently has no method of timing out. Hence, the
     address sticks.

     Solution

     Prevention:
     This situation can be minimized by installing v5.06 (or later) of DS.NLM on every
     NetWare 4.10 server/ v5.95 (or later) of DS.NLM on every NetWare 4.11 and applying all
     of the latest NetWare OS patches on all servers. The ZEN version of the client (4.3 for
     NT, 2.5 for Client 32) will write the last socket used to the registry and use that socket
     the next time you try to login. Therefore, if the user tries to login again from the same
     workstation, they will have the same network address and will not have the problem with
     too many concurrent connections.

     Quick Fix:
     Two methods, same results:
     1) Load DSrepair -N1, go to Advanced Options, select "Repair Local DS database", and
     press F10. This clears for all users connections that are more than 1 day old.
     2) To clear out a user's Network Address property, use a utility called REMADDR.EXE.

     Syntax: REMADDR CN=USER1.NOVELL Refer to REMADR.TXT for more information.

     This clears one user at a time.
     NOTE: In order for DSrepair -N1 and REMADDR to work, you must run either DSrepair
     or REMADDR on the server that holds the Master replica of the partition where the user
     object is located.

     How to get REMADDR.EXE?
     Go to http://support.novell.com, select the File Finder, enter the filename "remadr.exe",
     (lowercase).
     Note that the filename has only one "d" and is lowercase. If you search for
     "remaddr.exe" or use uppercase, the file will not be found. REMADDR.EXE is the
     utility contained within "remadr.exe", the self-extracting download file.

     Note: Both dsrepair -n# and remaddr.exe will work in the 4.10 and 4.11 environments.
     Outstanding Issue:
     Even when the latest DS.NLM and the latest OS patches have been applied, there is still
     one way in which a value can become stuck in a user's Network Address property. If the
     server console command DISABLE LOGIN is used at a server and a user subsequently
     attempts to login, the user will be denied access, but the user's Network Address
     property will be updated with their network address. Novell is aware of this issue and is
     working on a solution.

     Note: The only method at this time to easily or quickly determine which server is holding
     the connection open is use ManageWise. ManageWise will not clear the connection, but
     it will show which server has the connection.

     Search: 830 exceeded maximum limit logins allowed simultaneous users attribute node
     socket NDS DS
0
 
LVL 5

Expert Comment

by:jstegall
ID: 1593189
Saar has the Novell answer to this question see PAQ
http://www.experts-exchange.com/topics/comp/networks/netware/Q.10026498
in which this question was answered with much discussion.
0
 

Author Comment

by:FHSCompGuy
ID: 1593190
Zombite I checked the watchdog settings and everything is ok, Saar I still trying to find time to give yours a shot but it sounds like what I am looking for, I will let you know if you should resubmit as an answer.
0
 
LVL 5

Expert Comment

by:jstegall
ID: 1593191
When you try Saar's solution change to the context of the user
with the problem and run it with just the common name.  You
will get an error message which seem to indicate it didn't find
the user but most of the time it works.  I had problems even
using complete names when I wasn't in the context of the problem
user.
0
 
LVL 4

Expert Comment

by:saar2
ID: 1593192
The DSRepair solution worked for me

Here is another TID from Novell:

------------------------------------------------------------------------
Symptom

Running REMADDR, gets "TEMP_REMAP_ERROR, 250, 0xFA". All 800 connections had been taken up suddenly, so they had to reboot the server. When the server came back up, they could not run REMADDR.
------------------------------------------------------------------------
Troubleshooting

Tried running REMADDR on any user or running it from any workstation, has same problem.
Tried downloading a new copy of REMADDR - same problem
------------------------------------------------------------------------
Solution

SOLUTION: Unbound, then rebound the IPX protocol from the NIC on this new Compaq Proliant server.


0
 
LVL 6

Expert Comment

by:joopv
ID: 1593193
I had a incident opened at novell techsup 2 weeks ago concerning this very item.  I open an incident every month or so to see if anything has improved about this issue.

Answer was:  NDS support team says it should be solved when running latest patches & latest ds.nlm, Client team says it should be solved somewhere end of september.  It seems to be a complex problem and difficult to reproduce, acc. Novell.

The latest client 2.5 does not solve the problem.

One of my customers now has a dedicated workstation running 24h doing remaddr whole day long.  

dsrepair can also be run unattended by using another option. Use dsrepair -n1 -RD
If you let that run every night or so, it could be a good workaround.

If you send me your email address, i will keep you posted as i have to follow this issue anyway for my customer.

joopv

pe1dna@amsat.org
0
 

Author Comment

by:FHSCompGuy
ID: 1593194
Saar you had the answer but unfortunately the first way did not work, I tried everything I could think of but kept getting this error message,

H:\PUBLIC>remaddr AHANSON
Connected to IPX address 00000026 000000000001 0451
Sending ResolveName Request
Connected to IPX address 00000027 000000000001 0451
Connected to IPX address b0b612a7 000000000001 0451
Sending ResolveName Request
Getting name service addresses from cache, 0
    00000027    1 *
    b0b612a7    1 *
    00000026    1 *
Connected to IPX address 00000027 000000000001 0451
Sending ResolveName Request
ResolveName Request returning error -601
Directory Remove Net Address error: no such entry
(DS server range, -601, 0xfda7)

any idea what the problem is here? The second method using dsrepair did work for me, so Saar if you want to resubmit as an answer I will give ya the points but would like to know why the first method did not work for me, if you have an idea.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:FHSCompGuy
ID: 1593195
I was in the users context when i tried the above.
0
 

Author Comment

by:FHSCompGuy
ID: 1593196
I was in the users context when i tried the above.
0
 
LVL 5

Expert Comment

by:jstegall
ID: 1593197
You get the error message but it did remove the NDS entry so the user could log on again.
I found that to be true when you are in the users context but not from any other.  I think it
is a Developement problem.
0
 

Expert Comment

by:kwseow
ID: 1593198
From my experience of using REMADDR,  not only you must to in the context of the user that you want to clear the N/W address,  you must also specify the full context without the leading period.

E.g REMADDR CN=user1.east.kkk.tree
0
 

Expert Comment

by:drodey
ID: 1593199
FYI, NLICLEAR.NLM clears all the NOT-LOGGED-IN connections, which sometimes result in improper logging out of workstations but still sees them as begin logged.
0
 
LVL 1

Expert Comment

by:dcollins071397
ID: 1593200
Just an idea.
An alternative to REMADDR, is to use N4ATTR.

N4Attr username "network address" - *

Username can be a common name (the util will walk the tree) or the full distinguished name.     It can be download from http://www.fastlane.net/~dcollins
0
 
LVL 3

Expert Comment

by:trath
ID: 1593201
I think that you re probably using Windows 98. I have noticed that when you use the "logout username" which is located on the start bar it will appear to log you out, however it does not realese the netware process completely. I have found no fix for this except to not allow its use and force  complete restart by using Windows policy editor...
0
 

Author Comment

by:FHSCompGuy
ID: 1593202
nope Saar2 has the answer and I will give him the points if he will resubmit his comment as an answer.
0
 
LVL 4

Accepted Solution

by:
saar2 earned 150 total points
ID: 1593203

The DSRepair solution worked for me

Here is another TID from Novell:

------------------------------------------------------------------------
Symptom

Running REMADDR, gets "TEMP_REMAP_ERROR, 250, 0xFA". All 800 connections had been taken up suddenly, so they had to reboot the server. When the server came back up, they could not run REMADDR.
------------------------------------------------------------------------
Troubleshooting

Tried running REMADDR on any user or running it from any workstation, has same problem.
Tried downloading a new copy of REMADDR - same problem
------------------------------------------------------------------------
Solution

SOLUTION: Unbound, then rebound the IPX protocol from the NIC on this new Compaq Proliant server.

0
 
LVL 6

Expert Comment

by:joopv
ID: 1593204
Is the 'stuck MAC address in NDS' issue still not really solved by Novell ?

Last time i asked they told me that it was a 'complex issue concerning NDS, client and operating system' and as i understood it it would be solved by the new client32.  But 2.5 came and it was still not solved.  Now we are at 3.02 and i don't know if it is still present ?

I would at least try to upgrade to ds.nlm 6.0, iwsp6, and client32 3.02.

0
 

Author Comment

by:FHSCompGuy
ID: 1593205
thanks Saar, you gave me a place to look and someone to blame. I have upgraded to the newest ds.nlm and the newest client and I am still having the problem. Hopefully Novell will get it together soon and solve this problem.
0
 
LVL 5

Expert Comment

by:jstegall
ID: 1593206
I am running Client32 version 3.0.2.0 and don't get this problem often now.  I have Netware 4.11 and mostly Win95/98 clients with about 8 DOS/Windows clients using VLMs, scheduled for upgrade this month.  I have DS version 6.0 and most of the support pack installed.  I have a 15 meg DOS partition so I had to copy needed files manually since the install would bomb and leave 0 byte files for a lot of the system files.  I get a new server next Tuesday with dual 4.3 Gb disk for mirrored sys vol and an 18 Gb
Data volume.  When needed the remaddr or the dsrepair works for me as stated in my comment.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
groupwise distribution list 1 508
How to connect 7 326
Novell DNS in conjunction with Microsott DNS 3 274
Netware 6.5 sp7 vs edir 8.8.8 4 835
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
A Short Story about the Best File Recovery Software – Acronis True Image 2017
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now