| Author |
Message |
John Chambers
Guest
|
 Posted:
Wed Oct 06, 2004 7:58 pm Post subject:
HIS 2004 and DLS connections |
|
|
I upgraded my test/development HIS server to HIS 2004 and now a remote HIS
server (that is not in my domain and which there is no trust relationship
established) can not connect to a Distributed Link Service that is on the
HIS 2004 server. This has worked fine with previous releases, including the
HIS 2004 Beta releases. Under LinkUtil, on the DLC 802.2 Link Service
Configuration tab, there is now a check box for "Allow anonymous logon",
checking that box does not seem to help. Specifically, the event log is
posting an Event ID 705, Connection from XXXXX denied because LSA logons are
not supported. -- Error Code:4097. Is this some sort of configuration issue
or do I need to open a support call.
Thanks,
John Chambers |
|
| Back to top |
|
 |
Neil Pike
Guest
|
| Posted:
Thu Oct 07, 2004 12:41 pm Post subject:
Re: HIS 2004 and DLS connections |
|
|
John,
Just a guess! Check the below reg key and set to 0 if set to 1.
HKLM\System\CurrentControlSet\Control\LSA\RestrictAnonymous = reg_dword : 0
Neil Pike. Protech Computing Ltd
(Please post ALL replies to the newsgroup only unless indicated otherwise) |
|
| Back to top |
|
|
Imelda Irby [MSFT]
Guest
|
| Posted:
Thu Oct 07, 2004 8:06 pm Post subject:
Re: HIS 2004 and DLS connections |
|
|
That suggestion might work, but we do not recommend it, since the reason
that it works that way is to tighten security.
Thank you,
Imelda Irby, MCSE
Microsoft® HIS 2000/SNA Server Support Team
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only. This posting is provided "AS IS" with no
warranties, and confers no rights. |
|
| Back to top |
|
|
Neil Pike
Guest
|
| Posted:
Thu Oct 07, 2004 11:18 pm Post subject:
Re: HIS 2004 and DLS connections |
|
|
Imelda - I agree, but as the obvious option John tried didn't seem to
work.....
| Quote: | That suggestion might work, but we do not recommend it, since the reason
that it works that way is to tighten security.
Thank you,
Imelda Irby, MCSE
Microsoft® HIS 2000/SNA Server Support Team
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only. This posting is provided "AS IS" with no
warranties, and confers no rights.
|
Neil Pike. Protech Computing Ltd
(Please post ALL replies to the newsgroup only unless indicated otherwise) |
|
| Back to top |
|
|
Imelda Irby [MSFT]
Guest
|
| Posted:
Thu Oct 07, 2004 11:57 pm Post subject:
RE: HIS 2004 and DLS connections |
|
|
Then, probably a support call will be needed to persue this issue, since
we need to analyze traces.
Thank you,
Imelda Irby, MCSE
Microsoft® HIS 2000/SNA Server Support Team
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only. This posting is provided "AS IS" with no
warranties, and confers no rights. |
|
| Back to top |
|
|
John Chambers
Guest
|
| Posted:
Fri Oct 08, 2004 12:20 am Post subject:
Re: HIS 2004 and DLS connections |
|
|
Imelda,
I don't quite understand your reply. Should not the "Allow anonymous login"
check box provide backward functionality? I understand the need for
increased security, but I also need to know how to provide the same
functionality with the new security "features". I know how to go into the
SNA Manager and define user access for LU2, LU6.2, etc, but I don't know how
to assign user access for DLS. Having the SNA Services on the "Host" and
"Remote" HIS servers use the same Domain User isn't an option for us.
Thanks again,
John Chambers
"Imelda Irby [MSFT]" <imirby@online.microsoft.com> wrote in message
news:1oNLw8HrEHA.1340@cpmsftngxa06.phx.gbl...
That suggestion might work, but we do not recommend it, since the reason
that it works that way is to tighten security.
Thank you,
Imelda Irby, MCSE
Microsoft® HIS 2000/SNA Server Support Team
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only. This posting is provided "AS IS" with no
warranties, and confers no rights. |
|
| Back to top |
|
|
John Chambers
Guest
|
| Posted:
Fri Oct 08, 2004 12:56 am Post subject:
Re: HIS 2004 and DLS connections |
|
|
I'll do that.
Thanks,
John Chambers
"Imelda Irby [MSFT]" <imirby@online.microsoft.com> wrote in message
news:c6Ru69JrEHA.3212@cpmsftngxa06.phx.gbl...
Then, probably a support call will be needed to persue this issue, since
we need to analyze traces.
Thank you,
Imelda Irby, MCSE
Microsoft® HIS 2000/SNA Server Support Team
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only. This posting is provided "AS IS" with no
warranties, and confers no rights. |
|
| Back to top |
|
|
Stephen Jackson [MSFT]
Guest
|
| Posted:
Thu Oct 21, 2004 8:25 pm Post subject:
Re: HIS 2004 and DLS connections |
|
|
John,
If you remote SNA/HIS 2000 servers have the SnaRemX link services running
under the LocalSystem account, they will not be able to connect to the
distributed link service on the HIS 2004 Server. The reason for this is that
SNA/HIS 2000 Servers use LSA logons when the SnaRemX link services are
running under the LocalSystem account. Support for LSA logons was removed
from HIS 2004 to tighten security.
Any SnaRemX link services that will be used to connect to HIS 2004 Servers
must run under a service account that can be validated by the HIS 2004
system.
A KB article on this topic will be written soon.
--
Stephen Jackson
Microsoft® SNA/HIS Support
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only. This posting is provided "AS IS"
with no warranties, and confers no rights.
"John Chambers" <JohnC@test01.com> wrote in message
news:eCN0CfKrEHA.3712@TK2MSFTNGP15.phx.gbl...
| Quote: | I'll do that.
Thanks,
John Chambers
"Imelda Irby [MSFT]" <imirby@online.microsoft.com> wrote in message
news:c6Ru69JrEHA.3212@cpmsftngxa06.phx.gbl...
Then, probably a support call will be needed to persue this issue, since
we need to analyze traces.
Thank you,
Imelda Irby, MCSE
Microsoft® HIS 2000/SNA Server Support Team
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only. This posting is provided "AS IS" with no
warranties, and confers no rights.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in