Re: [OpenAFS] Integrated login failed: Credentials cache I/O operation failed XXX (with 1.5.x on Windows 2003 Terminal Server)

[Michael Sievers]

I can confirm, that this error only occurs, when a user is loggin in via 
Terminal Server. A console loggin works fine.

That's why, we only get this error on the Terminal Server. We got a lot of 
WindowsXP Pro workstations, using the OpenAFS client without any problems.

I try to provide you the integrated logon debug trace information as soon as 
possible.

Is it sufficient, to send the original mail to [EMAIL PROTECTED] as a 
bug report ?

Michael Sievers

----- Original Message ----- 
From: "Jeffrey Altman" <[EMAIL PROTECTED]>
To: "Michael Sievers" <[EMAIL PROTECTED]>
Cc: <openafs-info@openafs.org>
Sent: Monday, January 22, 2007 3:44 PM
Subject: Re: [OpenAFS] Integrated login failed: Credentials cache I/O 
operation failed XXX (with 1.5.x on Windows 2003 Terminal Server)


Please confirm that the problem only occurs when the user is logging in
via Terminal Server.

Please provide integrated logon debug trace information extracted from
the Windows Application Event Log as described in the OpenAFS for
Windows Release Notes.

Please file a bug report with this information to [EMAIL PROTECTED]

Jeffrey Altman


Michael Sievers wrote:
Hi !

We got a problem running the OpenAFS client on a Windows 2003 Terminal
Server. We use the integrated logon feature to obtain a AFS token at
logon, because the users home directorys are stored in afs.
Additionally, we use Kerberos for Windows 2.6.5.

The problem is, that with OpenAFS client version 1.5.x, we are getting
an error during logon. The message is

Integrated login failed: Credentials cache I/O operation failed XXX

The result is, that the user does not get his home directory, but a
temporary local profile. When he has logged in, the OpenAFS client
works, so the user can access afs. (This is probably because the leash
gets the AFS token) Just the OpenAFS integrated logon fails. (We tested
both KfW 2.6.5 and 3.1, no difference)

If you disable the OpenAFS integrated logon feature, the error does not
occur, but the user does not get his home directory (that's clear,
because, the OpenAFS client does not have a token at this time, so he
cannot access the user directory in afs).

BUT if the user logs out and then logs in again, everything works fine,
no error but the users home directory, That's because the user gets a
token once he has logged in and this token has a specific lifetime. If
the same user logs in a second time, while the afs token is still valid,
the OpenAFS client can now access the users afs directory during login
and load the profile.

We got this error with OpenAFS 1.5.x and with OpenAFS 1.4.3. Prior
versions work, but only a specific time, lets say, a day, or a half and
than, the same problem occurs. But if you reboot the server, with
version < 1.4.3 installed, it works again for a while. Very strange ...

Another phenomenon is, that this error only occurs, if a user trys to
login remotly. On the console of the terminal server (if the user is
sitting in front of the server), everything works fine. No error at all.
But if the same user wants to login via terminal service, he gets the
error.

As I mentioned before, we evaluated KfW 2.6.5 till 3.1, no difference.
To eliminate the influence of Microsoft patches, we tested the
configuration on an unpattched vanilla Windows 2003 Server installation,
but still the error occurs.

If you need more informations, feel free to ask.

Michael Sievers



_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info