Solved

Logon required twice when connecting to Win NT

Posted on 1998-10-19
22
336 Views
Last Modified: 2013-12-23
Hi!
I'm using 5 OS/2 Warp 4 machines (with latest TCP/IP fixes, with or without FP 7) and 1 Windows NT 4.0 Server (FP 3) in an Ethernet network. I installed the File and Print services and Netbios over TCP/IP as network protocol on the OS/2 machines. The Windows NT Server is the domain controler of my little domain. When I issue the command "logon user /p:secret /d:domain" for the first time the logon is always unsuccessful. The second time - without changing anything - the logon is successful. Any suggestions?

Thanks in advance!

Chris
0
Comment
Question by:vumpet
  • 12
  • 9
22 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 1558388
logon USERID /p:PASSWORD /v:D /D:DOMAIN is the foolproof logon (!).
Anyway - what makes this logon unsuccessful ?
What error messages come up ?
Does it fire up the logon BOX, does the domain name appear in the domain section of the logon box ?
Is the REQUESTER service started  ?
TYPE LANTRAN.LOG - does this display any error messages ?
Does NET ERROR say anything out of the ordinary ?
Do you have a unique NetBIOS / host name and IP address ?
I've Warp 4 workstations working fine on my NT 4 domain, they've got NBT, but no file and print services installed...

0
 
LVL 1

Author Comment

by:vumpet
ID: 1558389
Hi Tim!

The error message that comes up is "Logon unsuccessful", then the logon box opens. The domain name appears in this logon box. I'm starting the requester service using the startup.cmd. There are no error messages in the lantran.log file. I have unique IP addresses for all adapters (there are 2 adapters in every machine) an a unique host name, that I'm using as NetBios name as well.

I will try the NET ERROR command and the foolproof logon command you gave me too.

Thanks!

Chirs
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 1558390
If you have 2 adapters - do you want both to have NetBIOS bound to them, or are you using them as gateways ?
There is a possibility that you are trying to log on via NetBIOS to the first adapter, which doesn't have it bound, then logging onto the second, which does have it bound and hence works...
Check in IBMLAN.INI that the netx statements at the top match the adapter numbers setup in the PROTOCOL.INI section [NETBIOS], and the right ones are included in wrknets= in IBMLAN.INI.
If you get stuck, email me IBMLAN.INI, PROTOCOL.INI and LANTRAN.LOG (tim_holman@hotmail.com) and I'll check and correct them for you.

Tim
0
 
LVL 1

Author Comment

by:vumpet
ID: 1558391
I tried it again and here is the result:

First I started the requester:

[D:\]net start req
The REQUESTER service is starting.......
The REQUESTER service was started successfully.
(C) Copyright IBM Corporation 1988, 1996.  All rights reserved.
(C) Copyright others 1980, 1996.  All rights reserved.

Then I tried my first logon:

[D:\]logon omikron /p:omikron /v:d /d:atrmcdom
(C) Copyright IBM Corporation 1988, 1996.  All rights reserved.
(C) Copyright others 1980, 1996.  All rights reserved.

A message pops up saying that the logon was unsuccessful. After quitting this box using the ok button the logon box pops up. I used the cancel button to leave the logon box. Then I tried the net error command.

[D:\]net error
There are no entries in the list.

Then I tried the logon again:

[D:\]logon omikron /p:omikron /v:d /d:atrmcdom
The command completed successfully.

And it worked the second time! It always works the second time! I'm totally confused.
0
 
LVL 1

Author Comment

by:vumpet
ID: 1558392
Tim,

NetBios over TCP is bound to both adapters. I will have a look at the files you mentioned, but I've already checked them ten or more times with a colleague of mine. But maybe we missed the important thing. Thanks for your offer to e-mail those files to you.

Chris
0
 
LVL 1

Author Comment

by:vumpet
ID: 1558393
Tim,

NetBios over TCP is bound to both adapters. I will have a look at the files you mentioned, but I've already checked them ten or more times with a colleague of mine. But maybe we missed the important thing. Thanks for your offer to e-mail those files to you.

Chris
0
 
LVL 5

Expert Comment

by:tfabian
ID: 1558394
I've seen this in earlier versions of Warp also.. the only thing we ever found useful was that we needed to ensure that our domain name was less than eight characters long.. if it wasn't, the Warp system wouldn't find the domain...


good luck


0
 
LVL 1

Author Comment

by:vumpet
ID: 1558395
Unfortunately I'm not able to change the domain name because the machines are working in a productive environment since 1 week. The customer, who uses these machines for a very important software, that is used for exchange of accounts of Europe wide banks, wouldn't be very pleased, if I would change the domain name and test for a day or so. This would result in a financial loss for the company I'm working for. But I will try and test the shorter domain name in a test envorionment. But this might take a while. Sorry!

Chris
0
 
LVL 1

Author Comment

by:vumpet
ID: 1558396
Tim,

how many lines starting net mus I have in my IBMLAN.INI when I want to use TCP/IP and NetBios over TCP on both adapters? Only one? Or two?

Kind regards,
Chris
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 1558397
Chris,
  net1=NETBEUI$....
  net2=TCPBEUI$...
 
these must correspond to the DriverNames in PROTOCOL.INI, which they probably do anyway, but this should give you a better understanding of what's going where.
   
  What's happening here is you're binding twice to NetBEUI with each adapter and hence it's trying to log you on via both.
 
  Are you using 2 adapters in order to maximise performance, or are these gateways ?
 
  Those files I mentioned would really help if at all possible - even if LANTRAN.LOG is error free !

Tim

PS - It would be worth rejecting the above answer and putting this back on the main Q so that other experts can offer advice.
0
 
LVL 1

Author Comment

by:vumpet
ID: 1558398
Tim,

Do i have to specify the line for netbeui$ even if i'm only using TCP/IP and Netbios over TCP/IP? I've only specified TCP/IP and Netbios over TCP/IP in MPTS setup.

I will send you the files you mentioned as soon as possible.

IBM recommended to install Fix Pack 8 and Fix WR08423 for MPTS. Unfortunately I'm only able to install Fix Pack 6 because the application that is running on these machines is only guarateed to run on Fix Pack 6. I've installed Fix Pack 6 and Fix WR08423 for MPTS without any change.

Kind regards,
Chris

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:vumpet
ID: 1558399
Tim,

please give me your e-mail address again because i can't find it here.

Thanks!

Chris
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 1558400
Vumpet,
  Send them to tim_holman@hotmail.com as plain text.
  I don't think you need the netbeui$ line if you've only got tcpbeui installed.
  I'll look at the files and get back to you...

Tim
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 1558401
Chris,
  Thanks for the files... what have I let myself in for ?!
  In IBMLAN.INI, if you take out PEER from wrkservices, what happens ?
  You don't have to reboot, just run NET STOP REQ and NET START REQ to kick in the changes.
  NetBIOS AND LanVDD are being loaded - are you sure this is the right LANTRAN.LOG file - I need the one in IBMCOM - there's sometimes one in root by mistake..?
  Also try altering wrkheuristics parameters 21 and 40 and see what happens...
  I could be that PEER service is logging on and the requester is thinking that that means it's already logged onto the domain for an instant...
  Do you need the PEER service ?

Tim
0
 
LVL 1

Author Comment

by:vumpet
ID: 1558402
Tim,
I'm very sorry, that I'm causing so much trouble, but it was you who tried to answer my question. :-) I must admit that I'm very grateful that you are helping me. I've tried so much and asked so many people but no one had an idea about my problem. Even IBM seems to be at a loss. I wonder if they could solve my problem. They never asked for IBMLAN.INI and such simple things. All they wanted was a formatted IP trace.

The LANTRAN.LOG is the one from the directory IBMCOM. There isn't any other LANTRAN.LOG on the drive.

WRKHEURISTICS parameter 40 allows a user to logon multiple times in the same domain. I need this because the user OMIKRON is logged on on all OS/2 Workstations. To my mind I disable this when setting parameter 40 from 1 to 0.

In my opinion parameter 21 (LAN Server encryption of passwords) couldn't be a cause of my problem, but I will give it a try.

Is "wrkservices = MESSENGER,PEER" the line you want me to change? I surely will give it a try because I don't need the PEER services.

Again, thanks a lot, Tim! You are of great help!

Chris

P.S.: To honor your efforts I will increase the points when you solved my problem. And I'm sure you will be the one who solves it. When you ever come to Vienna give me a little note. I would be very pleased to help you with your stay here.
0
 
LVL 1

Author Comment

by:vumpet
ID: 1558403
Tim,

I tried the removal of PEER from "wrkservices = MESSENGER,PEER" and both WRKHEURISTICS parameters. No effect :-(

Chris
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 1558404
Chris,
  Back to the drawing board....
  Have you tried altering NODETYPE in PROTOCOL.INI, or even removing it (stick a semi-colon in front)?
 
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 1558405
Chris,
  Back to the drawing board....
  Have you tried altering NODETYPE in PROTOCOL.INI, or even removing it (stick a semi-colon in front)?
  Does this problem happen with just one adapter installed in MPTS ?
  Have you tried binding the NetBIOS protocol as well ?
  When you NET START REQUESTER, and leave it for about 5 minutes, and THEN logon, does it still fail ?
  Do you have 2 IP addresses per machine ?
  If this is the case, do all the host files on all the machines (inc PDC) have entries for 2 IP addresses per hostname ?
  I'm running out of ideas !

Tim
 
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 1558406
Chris,
  Could also be MESSENGER service slowing things down ??
  Try removing that too.

Tim
0
 
LVL 1

Author Comment

by:vumpet
ID: 1558407
Adjusted points to 150
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 150 total points
ID: 1558408
Chris,
  I was wondering what was in the RFCNAMES.LST in the first place that caused this error ?

Tim
0
 
LVL 1

Author Comment

by:vumpet
ID: 1558409
Tim,
there wasn't any RFCNAMES.LST. I've added one taht contains the NetBIOS name of the PDC and its IP address and now everything is working fine!

Thanks again for your help!

Chris
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I was recently sitting at a desk at work with one of my colleagues and needed some information on my home computer. He watched as I turned on my home computer, established a remote session into it, got the information I needed and then shut it down …
What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now