SNACFG Fails to Create Host Security Domain If HS Groups Exist (309414)


The information in this article applies to:

  • Microsoft SNA Server 4.0 SP3
  • Microsoft SNA Server 4.0 SP4
  • Microsoft Host Integration Server 2000
This article was previously published under Q309414

SYMPTOMS

SNACFG.exe, the SNA Command Line Configuration Utility, will return the following error when it attempts to create a host security domain (HSD) if the Windows NT/Windows 2000 domain local groups that it attempts to create already exist:
Processing command to add HSDOMAIN <HS Domain Name>

Unable to process request. Possible network error

Command failed

RESOLUTION

To resolve this problem, obtain the latest service pack for Host Integration Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

328152 How to Obtain the Latest Host Integration Server 2000 Service Pack

WORKAROUND

If you manually delete the domain local groups that SNACFG.exe is attempting to create, this will allow the HSD to be successfully added.

On Host Integration Server 2000, you also have the option of using the Host Security Domain Configuration Wizard available within SNA Manager to create the HSD. If the domain local groups already exist, the Wizard will return the following message:
The NT Local Group <HSD Name> already exists. Do you want to add a new Host Security Domain for it?
The Wizard will create the HSD if you click the Yes button in this message dialog box.

The HSD Configuration Wizard in SNA Server 4.0 does not provide an option to allow the creation of the HSD if the domain local groups already exist.

STATUS

SNA Server 4.0

Microsoft has confirmed that this is a problem in Microsoft SNA Server 4.0 Service Pack (SP) 3 and SP4, and Host Integration Server 2000.

Host Integration Server 2000

Microsoft has confirmed that this is a problem in Microsoft Host Integration Server 2000. This problem was first corrected in Host Integration Server 2000 Service Pack 1.

MORE INFORMATION

When a host security domain is created, a Windows NT/Windows 2000 local domain group must be created with the same name. A second group is also created which appends "_proxy" to the HSD name for its group name. For example, when you create an HSD called HSDTEST, the following Windows NT/2000 local domain groups will be created:
  • HSDTEST
  • HSDTEST_Proxy
The ability to create host security domains by using SNACFG.exe was added to SNA Server 4.0 in SP3. The following Microsoft Knowledge Base article explains the functionality that was added:

236847 SNACFG Should Allow Configuration of Host Security Domains

Modification Type:MinorLast Reviewed:4/13/2005
Keywords:kbBug kbfix kbHostIntegServ2000preSP1fix kbHostIntegServ2000SP1fix KB309414
©2004 Microsoft Corporation. All rights reserved.