Re: CreateService( ... , user@domain, password) : 0x54b error

From: Jacques Lebastard (jacques.lebastard_at_evidian.com)
Date: 05/12/04 

Date: Wed, 12 May 2004 04:26:03 -0700

     
     ----- Joe Richards [MVP] wrote: -----
     
     Rhett do you know if use of UPN in this function is officially supported? The
     documentation on MSDN doesn't seem to indicate so. If it is supported, the doc
     should be updated, if it isn't supported, the doc should probably be updated.
     
         thanks, joe
     
     --
     Joe Richards Microsoft MVP Windows Server Directory Services
     www.joeware.net
     
     
     
     Rhett Gong [MSFT] wrote:
> Hi Jacques,
> Glad to hear that it works again. :)
>> I agree with the suggestion from Joe. You can use Netmon to see what is
> failing if it happens next time. I also send this to my colleagues to see
> if they ever met the same problem. If there is any updates, I will post it
> here and send notify to you.
>

We did more tests and they confirm that the problem is indeed related to the use of the UPN
with Service management functions: whenever the Service installation for UPN, it succeeds
for Netbios name.

Afterwards, the same name verification is performed when the installed service starts:
if the service is configured to be automatically started upon reboot, the service cannot start
on the domain controler itself if the UPN is set in the logon tab. Event viewer shows that the user name does not exist or the
password is invalid. When the service starts on a machine which is a member of the same domain
(and if the ADS is up and running), then no problem.

Now, if we use the Netbios name, the service is successfully started upon reboot on the
domain controler.

I reckon some Service handling function first tries to verify the validity of the logon name;
if that name is a UPN is requires an explicit answer from a domain controler. If none is available
or if none answers in the expected time frame, then that function fails and the service cannot be
installed or started.

Joe, I confirm the CreateService() documentation states to "use an account name in the form DomainName\UserName"
(or a local account name). I'll therefore conform to this. Besides, whatever name format is used
does not make any difference when running the service: it can still acquire Kerberos SSP credentials
when the Netbios name is used.

Thanks to both of you for your support.

> Good luck!

Who told you one needs luck when using Microsoft products ? Probably someone who
does not like surprises...

    ;-)

> Rhett Gong [MSFT]
> Microsoft Online Partner Support
>> This posting is provided "AS IS" with no warranties, and confers no rights.
> Please reply to newsgroups only. Thanks.
>

Loading