-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To me this would be an IIS MetaBase issue. What service pack level are the DC's at? Also, this really doesn't present a major security hole, but I would offload the STA to a workstation if at all possible. It just needs IIS. CHRIS LYNCH - MCSE, CCNA, CCA NETWORK ENGINEER - INFORMATION TECHNOLOGY NRT Incorporated, 27271 Las Ramblas, Mission Viejo, CA 92691 Chris.lynch@xxxxxxxxxx Tel 949.367.3406 - -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Ron Oglesby Sent: Monday, October 28, 2002 9:13 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: odd issue with Secure gateway STA's Ok so its not setup to Load balance (the check box under the sta config) just setup to failover.... HMM... I mean a "patch" type solution to it could be to schedule that script to run. But its just that a patch. Ron Oglesby Senior Technical Architect =20 RapidApp Office 312.372.7188 Mobile 312.961.2380 email roglesby@xxxxxxxxxxxx =20 - -----Original Message----- From: Jim Hathaway [mailto:JimH@xxxxxxxxxxxxxxx]=20 Sent: Monday, October 28, 2002 11:07 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: odd issue with Secure gateway STA's Failover is not a problem, and is setup fine through the admin page. It seems that both servers fail with the same errors at roughly the same time. Possibly since they were both installed at or around the same time.=3D20 J - -----Original Message----- From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx]=3D20 Sent: Monday October 28, 2002 8:57 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: odd issue with Secure gateway STA's Are you load balancing the STAs or doing a failover? You could just setup a failover to use STA1 then STA2 if the first is not avail. Could do this right in the NFuse admin page. Ron Oglesby Senior Technical Architect =3D3D20 RapidApp Office 312.372.7188 Mobile 312.961.2380 email roglesby@xxxxxxxxxxxx =3D3D20 - -----Original Message----- From: Jim Hathaway [mailto:JimH@xxxxxxxxxxxxxxx]=3D3D20 Sent: Monday, October 28, 2002 10:56 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] odd issue with Secure gateway STA's This is an odd one. Got a client site with a standard installation of Nfuse with secure gateway. Nfuse and CSG servers are in the DMZ with valid certs from trusted authorities, and we're load balancing the STA's which sit in the LAN on Win2k IIS servers.=3D3D20 =3D3D20 The one snag here is the STA servers are domain controllers. I can't really change that at this point.=3D3D20 =3D3D20 Here's my problem. Everything works fine for a few weeks, and then these errors start cropping up in the event logs on the STA's.=3D3D20 =3D3D20 Event id - 10004 - from Dcom =3D3D20 DCOM got error "Logon failure: the user has not been granted the requested logon type at this computer. " and was unable to logon .\IWAM_DCname in order to run the server: {3D14228D-FBE1-11D0-995D-00C04FD919C1} =3D3D20 Event id - 36 - from w3svc =3D3D20 The server failed to load application '/LM/W3SVC/1/ROOT'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password. =3D3D20 These errors start showing up when a user attempts to connect to the Nfuse site, gets their applist and clicks on a link . . . which fails citing . . "Non of the configured STA's are available".=3D3D20 =3D3D20 Tracking this down, I've found that the Iwam and Iuser accounts are somehow out of synch on the servers (they autochange their passwords). The admin script synchiwam.vbs resynchs them . . and the STA's work again for a few weeks.=3D3D20 =3D3D20 So, I have a fix, but not a permanent solution. Anyone one else run into anything like this . . and have any suggestions? =3D3D20 Thanks,=3D3D20 =3D3D20 J ********************************************** This weeks Sponsor NetX Inc Thin Client NetX Develops XP and NT Embedded=3D3D20 Thin Client Solutions, Easy to Configure,=3D3D20 Extremely Secure, and Remotely Managed. Check out our recently updated website at http://www.netxinc.com *********************************************** Visit Jim Kenzig of thethin.net at the Emergent Online Booth #26 at Citrix Iforum 2002! Register now at: http://www.citrixiforum.com/registerNow.html ***********************************************=3D3D20 For Archives, to Unsubscribe, Subscribe or=3D3D20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ********************************************** This weeks Sponsor NetX Inc Thin Client NetX Develops XP and NT Embedded=3D20 Thin Client Solutions, Easy to Configure,=3D20 Extremely Secure, and Remotely Managed. Check out our recently updated website at http://www.netxinc.com *********************************************** Visit Jim Kenzig of thethin.net at the Emergent Online Booth #26 at Citrix Iforum 2002! Register now at: http://www.citrixiforum.com/registerNow.html ***********************************************=3D20 For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ********************************************** This weeks Sponsor NetX Inc Thin Client NetX Develops XP and NT Embedded=20 Thin Client Solutions, Easy to Configure,=20 Extremely Secure, and Remotely Managed. Check out our recently updated website at http://www.netxinc.com *********************************************** Visit Jim Kenzig of thethin.net at the Emergent Online Booth #26 at Citrix Iforum 2002! Register now at: http://www.citrixiforum.com/registerNow.html ***********************************************=20 For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm ********************************************** This weeks Sponsor NetX Inc Thin Client NetX Develops XP and NT Embedded Thin Client Solutions, Easy to Configure, Extremely Secure, and Remotely Managed. Check out our recently updated website at http://www.netxinc.com *********************************************** Visit Jim Kenzig of thethin.net at the Emergent Online Booth #26 at Citrix Iforum 2002! Register now at: http://www.citrixiforum.com/registerNow.html *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPb3n8vl56xfvzmMfEQLtjgCgpq6O23SPRvBhFgJyYjjPZUEvgkUAn0Zp Re/0pivDs5+sDy7yHgpxCkoV =iVh1 -----END PGP SIGNATURE----- ********************************************** This weeks Sponsor NetX Inc Thin Client NetX Develops XP and NT Embedded Thin Client Solutions, Easy to Configure, Extremely Secure, and Remotely Managed. Check out our recently updated website at http://www.netxinc.com *********************************************** Visit Jim Kenzig of thethin.net at the Emergent Online Booth #26 at Citrix Iforum 2002! Register now at: http://www.citrixiforum.com/registerNow.html *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm