8 — Troubleshooting PC-DCE


[Previous] [Next] [Contents] [Index]


This chapter describes solutions to runtime problems that may occur with PC-DCE. For troubleshooting information on installation, configuration, or development problems, refer to the appropriate guides.

Table 8-1: Troubleshooting PC-DCE Runtime Problems.

Symptom Cause Solutions
Client cannot contact a particular application server. The server is clearly running, and clients running on server machine can contact the server and otherwise work correctly.

The local CDS cache is stale.

Wait until the cache is automatically refreshed. The default refresh interval is about 8 hours.

Manually update the cache by stopping DCE, deleting the client cache files, and restarting DCE (as described in Section 6.2.4 on page 98).

If the application is under development, you can update the cache programatically by using rpc_ns_mgmt_set_exp_age().

Windows pauses for a long time just before displaying the Windows login dialog. If you press CTRL-ALT-DEL on Windows 98, the Task Manager shows that dce32init is not responding. If you press CTRL-ALT-DEL on Windows 2000 or Windows NT, startup simply continues.

DCE cell services not available to client

Make sure the cell is up and running.

If the cell has been re-configured, re-configure the client.

If client startup continues to be a problem, it may be because the network is not responding quickly enough. Try reconfiguring the client as follows: in the Options tab in the PC-DCE Configuration Panel, disable Enable automatic login to DCE and disable Start daemons during system boot

Cannot create security or CDS replica on multi-homed machine.

IP messages not forwarded.

Enable IP forwarding on the replica machine so that IP requests can go from one network card to the next.

When configuring an existing client into a new cell, the configuration program finds and attempts to contact an old security server.

An old PE_SITE file on the client system is pointing to the old security server.

Remove the old pe_site file. The default location is pcdce32\opt\dcelocal\etc\security.

Use the dcecp command rpcentry show /.:/subsys/dce/sec/master to make sure that this entry is pointing to the current master security server.

Configure the client.

Clock skew too great

DCE requires that the client time stay within a five minute window of the time on the security server. Any combination of incorrect time, date, or time zone will produce this error.

Verify that the time and date are accurate. Next, check the time zone setting for the OS (as well as the TZ environment variable should you have one) and confirm that they are correctly honoring or ignoring Daylight SavingsTime.

Decrypt integrity check failed

Cell has been reconfigured.

Reconfigure the client into the cell. This will be required for all clients.

A ticket has expired.

The DCE security service uses two kinds of tickets: the service ticket and the ticket granting ticket. The service ticket contains a session key which is a temporary secret key used for client-server communication. The ticket granting ticket is used to obtain a service ticket.

The tickets have an expiration time, usually two hours. If a ticket has expired but has not yet been refreshed, and a client tries to contact the Security Server, you could see the error. The condition may last only for a matter of milliseconds.

Because tickets the client presents to servers will expire and refresh at given intervals, it is possible to see this message occasionally during normal operation. Seeing the message on the server machine does not necessarily indicate there is a problem with the Security Server's ticket, rather it may indicate that a client with an expired ticket has tried to make contact with the Security Server.

Password on the account that this application server is using has been changed.

Recreate the application server's key table.

First, remove the keytab file (for example, c:\tmp\grade_server_tab)

Then recreate the keytab file (for example):

dcecp> keytab create/.:/hosts/myhost.mycompany.com/config/keytab/grade_server_1 -storage"/tmp/grade_server_tab" -data {grade_server_1 plain 1 -dce-}

Error with socket (dce/cds)

CDS Advertiser is stopped.

If DCE is started, restart the CDS Advertiser. Otherwise, start DCE.

Malformed representation of principal (dce / krb)

(during login or client configuration)

User typed an illegal character as part of principal name.

Try re-entering the name.

RPC_SUPPORTED_ PROTSEQS= ncadg_ip_udp environment variable is set for the server while the client only supports TCP

Remove the RPC_SUPPORTED_PROTSEQS environment variable on the server.

Protocol sequence not supported

The underlying network is either unavailable or not working properly.

Confirm that the network is working properly by trying to ping something. If ping fails, investigate the network further.

The local system is not offering the required protocol sequence.

Make sure that the environment variable RPC_SUPPORTED_PROTSEQS is not set.

Registry Server Not Available: Not Registered in Endpoint Map

The local CDS cache is stale.

Wait until the cache is automatically refreshed. The default refresh interval is about 8 hours.

Manually update the cache by stopping DCE, deleting the client cache files, and restarting DCE.

If the application is under development, you can update the cache programatically by using rpc_ns_mgmt_set_exp_age().

Rpc_s_credentials_too_large

The security credentials are too large to fit into an RPC message.

The user belongs to too many groups or is using ERAs. Both increase the size of the security creadentials. Check the group membership for this user. If it is large, try reducing the number of groups. Also check to see if the user has associated ERAs that may be contributing to the size of the credentials.

Rpcss kicker failure (in event log)

Windows NT 4.0 defect.

Install Windows NT 4.0 Service Pack 3.

Runtime Error!

An uhandled exception was raised by the PC-DCE runtime.

Refer to Developer's Notes.

Terminal Server

Wrong version of DCE Installed over Microsoft Terminal Server

Install the Terminal Server version of DCE. (See PC-DCE Installation and Release Notes section3.4 Installing the Client Runtime Kit )

Unknown Interface

The endpoint mapper does not have a DCE server interface registered which matches the interface the DCE client is requesting. Specifically, the following conditions must be satisfied:

Major client and server versions match, and the minor version of the client is less than or equal to the minor version of the server.

Restart the server to force it to re-register its bindings with the endpoint mapper.

Verify that the server is registering the correct interface. Use the dcecp command endpoint show.

Who are you failed

Specific registry entry not cleaned up during PC-DCE re-configuration

Remove the registry entry.

Security transaction between client and server failed.

Make sure that both the client and server runtime have the DES option available to them.

Make sure a server calling rpc_server_register_auth_info() has the correct (same) key for both its keytab and matching registry entry.

Make sure the system times for the client, security server, and application server are within the allowed five minute range.


[Previous] [Next] [Contents] [Index]


To make comments or ask for help, contact support@entegrity.com.

Portions of this document were derived from materials provided by Compaq Computer Corporation. Copyright © 1998-2003 Compaq Computer Corporation.

Copyright © 2003 Entegrity Solutions Corporation & its subsidiaries.

All rights reserved.