[THIN] odd issue with Secure gateway STA's

  • From: "Jim Hathaway" <JimH@xxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Mon, 28 Oct 2002 08:56:18 -0800

This is an odd one. Got a client site with a standard installation of
Nfuse with secure gateway. Nfuse and CSG servers are in the DMZ with
valid certs from trusted authorities, and we're load balancing the STA's
which sit in the LAN on Win2k IIS servers. 
The one snag here is the STA servers are domain controllers. I can't
really change that at this point. 
Here's my problem. Everything works fine for a few weeks, and then these
errors start cropping up in the event logs on the STA's. 
Event id - 10004 - from Dcom
DCOM got error "Logon failure: the user has not been granted the
requested logon type at this computer. " and was unable to logon
.\IWAM_DCname in order to run the server:
Event id - 36 - from w3svc
The server failed to load application '/LM/W3SVC/1/ROOT'.  The error was
'The server process could not be started because the configured identity
is incorrect.  Check the username and password.
These errors start showing up when a user attempts to connect to the
Nfuse site, gets their applist and clicks on a link . . . which fails
citing . . "Non of the configured STA's are available". 
Tracking this down, I've found that the Iwam and Iuser accounts are
somehow out of synch on the servers (they autochange their passwords).
The admin script synchiwam.vbs resynchs them . . and the STA's work
again for a few weeks. 
So, I have a fix, but not a permanent solution.  Anyone one else run
into anything like this . . and have any suggestions?

This weeks Sponsor NetX Inc Thin Client
NetX Develops XP and NT Embedded 
Thin Client Solutions, Easy to Configure, 
Extremely Secure, and Remotely Managed.
Check out our recently updated website at
Visit Jim Kenzig of thethin.net at the
Emergent Online Booth #26 at Citrix Iforum 2002!
Register now at:
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.


Other related posts: