Task clients unable to communcate with Notification Server (SMP). Ports 50121 and 50124 not binding.

Article:TECH166793  |  Created: 2011-08-09  |  Updated: 2012-04-05  |  Article URL http://www.symantec.com/docs/TECH166793
Article Type
Technical Solution


Environment

Issue



Client machines are unable to communicate with Notification Sever (SMP).  They are able to communicate to site servers.  The atrshost.exe on the Notification Server also fails to bind on 50121 and 50124 but 50120, 50122, and 50123 bind correctly.


Error



NS logs:

"No connection could be made because the target machine actively refused it 127.0.0.1:50121"
"Credential check for "altadmin" failed: System.Net.WebException: The remote server returned an error: (401) Unauthorized."

Windows System Logs:

 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          8/8/2011 12:12:50 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      MSTSRMS057483.mst.net
Description:
An account failed to log on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
Account For Which Logon Failed:
                Security ID:                         NULL SID
                Account Name:                 <NSACCTNAME>
                Account Domain:                            
 
Failure Information:
                Failure Reason:                 An Error occured during Logon.
                Status:                                  0xc000006d
                Sub Status:                         0x0
 
Process Information:
                Caller Process ID:             0x0
                Caller Process Name:     -
 
Network Information:
                Workstation Name:        <NSHOSTNAME>
                Source Network Address:            <NSHOSTIPADDR>
                Source Port:                       17992
 
Detailed Authentication Information:
                Logon Process:                 
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       -
                Key Length:                        0

Environment



SMP 7.x

Notification Server aliasing (usually includes the NSPrefferedHost option)


Cause



The atrshost services attempts to authentication to the local machine mulitple times using the server alias.  Microsoft by design put in security measure to prevent programs from doing this to prevent reflection attacks.


Solution



1: Open up the registry editor by typing regedit under Run.
2: Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
3: Right-click MSV1_0 and click New and choose to make it a Multi-String Value.
4: Enter BackConnectionHostNames as name for the entry, and double-click it to modify it.
5: Type the hostnames you need to use (usually the value specified NSPrefferedhost).
6: Restart IISAdmin Service (“Start” -> “Administrative Tools” -> “Services”)

Solution 2 (Not recommended, but may be easier to test with):
1: Open up the registry editor by typing regedit under Run.
2: Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3: Right-click Lsa and click New and choose to make it a DWORD Value.
4: Enter DisableLoopbackCheck as name for the entry, and double-click it to modify it.
5: Set the value to 1 and click OK



Article URL http://www.symantec.com/docs/TECH166793


Terms of use for this information are found in Legal Notices