DOCUMENT:Q159351 31-MAY-2002 [sna] TITLE :SecureSponsor Disables SNA 3.0 Win 3.x Password Change Feature PRODUCT :Microsoft SNA Server PROD/VER::3.0,3.0 SP1,3.0 SP2,3.0 SP3,3.0 SP4,4.0,4.0 SP1,4.0 SP2,4.0 SP3,4.0 SP4 OPER/SYS: KEYWORDS:kbinterop kbnetwork kbusage ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft SNA Server, versions 3.0, 3.0 SP1, 3.0 SP2, 3.0 SP3, 3.0 SP4, 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4 - Microsoft Host Integration Server 2000 ------------------------------------------------------------------------------- SUMMARY ======= If SNA Server 3.0 Windows 3.x client software is being used, and encryption has been configured for the sponsor connection (enabled using the SnaBase SecureSponsor registry parameter), the user will be unable to logon to Windows NT if their Windows NT userid has expired. Note that encryption can still be enabled for application data. If no sponsor encryption is configured, and client application data encryption has been configured (via SNA Server Manager, for the user or group), then the SNA Server 3.0 Windows 3.x client will support Windows NT password changes, as supported under SNA Server 2.11 Service Pack 1. MORE INFORMATION ================ The SNA Server 3.0 client and server software support the ability to encrypt client-server data that flows over the network, if the administrator has configured encryption for the user or group within the SNA Server Manager program. This encryption only affects SNA application data, unless the SecureSponsor registry parameter is set to YES or ON (upper case) on the SNA Server in the following registry key: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/SnaBase/Parameters SecureSponsor: REG_SZ: YES (or "ON") This causes the server's SnaBase service to implement encryption of all "sponsor connection" data. The "sponsor connection" is a special service connection where the following messages flow: - the SNA Server sends "service table" messages to the client, listing the SNA Servers running in the SNA subdomain. - the SNA Server sends "dynamic load requests" to start invokable APPC or CPIC transaction programs which may be configured to run on the client machine. - the SNA client sends "RPC" requests to the server, to determine which servers support the resources being requested by the client application (such as 3270, LUA and APPC LU names). - the SNA client sends logging information to the SNA Server to record in the Windows NT application event log. If sponsor connection encryption is enabled, the SNA Server Windows 3.x client software no longer supports the ability to update the Windows NT user password, if the password expires. Additional query words: prodsna ====================================================================== Keywords : kbinterop kbnetwork kbusage Technology : kbAudDeveloper kbSNAServSearch kbHostIntegServ2000 kbSNAServ300 kbSNAServ400 kbSNAServ300SP3 kbSNAServ300SP1 kbSNAServ400SP1 kbSNAServ400SP2 kbSNAServ400SP3 kbSNAServ400SP4 kbSNAServ300SP2 kbSNAServ300SP4 Version : :3.0,3.0 SP1,3.0 SP2,3.0 SP3,3.0 SP4,4.0,4.0 SP1,4.0 SP2,4.0 SP3,4.0 SP4 ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.