IBM Support

OA64545: IBM HOST ON-DEMAND (HOD) UNABLE TO DETERMINE WINDOWS ID FOR LOGIN TO CONFIGURATION SERVER

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Customer needs to use the Windows domain to log their users on
to the HOD Configuration Server (HOMSRV) to receive their
personal configurations.

Customer configured the custom HTMLs to support this and
provided a list of the Windows domains it should check.

What Customer determined is that the isuserin.dll appears to be
using an old method (from Windows NT time) to check the primary
domain controller (PDC).

In a modern Active Directory (AD) world this function is not
performed the same way and the old interfaces do not function
unless the PDC Emulator has been enabled.

Currently, Customer is not permitted to enable this due to
security concerns.
Customer needs the isuserin.dll to work correctly in an AD
environment without requiring old interfaces.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* All Host On-Demand users                                     *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Windows Domain-based authentication in Host On-Demand fails  *
* to work if Domain user does not have admin privileges        *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
This issue occurs if the user does not have elevated privileges.
Host on-demand makes a native call to validate the Domain user
and if users lack sufficient privileges, the "User not
authorized" error is thrown.

    



Problem conclusion


    

  • Code changes have been made to address this issue.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    OA64545
    • 

  • Reported component name
    HOD MVS
    • 

  • Reported component ID
    5733A5900
    • 

  • Reported release
    E00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2023-03-16
    • 

  • Closed date
    2023-05-04
    • 

  • Last modified date
    2023-05-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • HOD

    



Fix information


    

  • Fixed component name
    HOD MVS
    • 

  • Fixed component ID
    5733A5900
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSS9FA","label":"IBM Host On-Demand"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"E00","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            04 May 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback