DOCUMENT:Q317062 08-MAY-2002 [sna] TITLE :Unable to Add Users to SNA HAC DB in Multi-Domain Environment PRODUCT :Microsoft SNA Server PROD/VER:: OPER/SYS: KEYWORDS:kbhis2000 kbhis2000bug ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Host Integration Server 2000 ------------------------------------------------------------------------------- SYMPTOMS ======== If you use Host Account Manager to add a user account to an SNA Host Account Cache database from a Windows NT or a Windows 2000 domain other than the domain where the SNA Host Account Cache (HAC) database is located, you may receive the following error message: There is no record of the selected user in the Host Account Cache. Please select a different account. If you use the Host Integration Server 2000 command-line configuration utility (Snacfg.exe) to add a user account to an SNA Host Account Cache database from a Windows NT or a Windows 2000 domain other than the domain where the SNA Host Account Cache (HAC) database is located, you may receive the following error message: Cannot add \. Error: Referenced WinNT user not found CAUSE ===== Before the SNA Host Account Cache service (Snaudb.exe) adds a user account to the HAC database, Snaudb.exe calls a Win32 API to obtain detailed information about the user account. If the user account does not exist in the domain in which the SNA Host Account Cache service is running, then the Win32 API call fails and you receive an error message. RESOLUTION ========== A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems experiencing this specific problem. This fix may receive additional testing at a later time, to further ensure product quality. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next that contains this fix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, please go to the following address on the World Wide Web: http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS NOTE: In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question. The English version of this fix should have the following file attributes or later: File name Date Time ------------------------------------ Snaudb.exe 03/12/2002 08:08am NOTE: Because of file dependencies, the most recent fix that contains the above files may also contain additional files. STATUS ====== Microsoft has confirmed this to be a problem in Microsoft Host Integration Server 2000. MORE INFORMATION ================ Many customers implement multiple domain models in their Windows NT or Windows 2000 environments. Please refer to the following Knowledge Base article for more details about how to configure host security in a multiple domain environment: Q194695 How to Configure Host Security for a Multi-Domain Environment The following is an example of a multiple domain model that implements the Security Integration feature included with Host Integration Server (HIS) 2000. The sample multiple domain model consists of a Windows 2000 Forest that includes a parent domain named "Parent" and a child domain named "Child". The Child domain contains one or more servers running HIS 2000. The Primary Domain Controller (PDC) Emulator for the Child domain is running the following Security Integration features: - SNA Host Account Cache service - SNA WinNT Account Synchronization service NOTE: Each of these services is operating in a primary role. The SNA WinNT Account Synchronization service also is installed on the remaining the domain controllers (DCs) in the Child domain, but these DCs are configured in a backup role. The SNA WinNT Account Synchronization service also is installed on all of the DCs in the Parent domain. The SNA WinNT Account Synchronization service on the PDC Emulator in the Parent domain is configured manually to operate in a backup role because there should be only one primary SNA WinNT Account Synchronization service in a host security environment. In this configuration, you can add user accounts to the HAC database in the Child domain. The problem described previously occurs when you try to use Host Account Manager or Snacfg.exe to add user accounts from the Parent domain to the HAC database. Additional query words: ====================================================================== Keywords : kbhis2000 kbhis2000bug Technology : kbAudDeveloper kbHostIntegServ2000 Version : : Issue type : kbbug Solution Type : kbfix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.