RE: QNTC file system requires digital signing.

Continuing on with this thread.
This seems to be a windows security/user-profile issue, but I am not
certain.

There is a user profile on the IBM I that we use as the authorized user to
place files on Windows network file servers using the /QNTC (SMB Client)
File system.
(Primarily, PDFs, CSVs and XLSs). We have a couple of utility programs that
swap user profiles to the QNTC user and then copy files to the network.
Over the weekend we upgraded from V7R2 to V7R3 and applied the latest cume.
On Monday the QNTC user was unable to get access to the /QNTC file system
and the user became 'Locked Out' on the windows network.
We unlocked the user account on the windows network (the windows user
profile is a domain user as opposed to a local user on the server).
We are still getting an issue where the user's credentials are not being
accepted on the windows domain.
Note: My user profile has no problem using /QNTC and in the interim we are
using my prolife for the QNTC utilities.

I worked with IBM support and he/we traced the connection. The domain name
and user and password are being sent to Windows correctly. We compared the
trace from the QNTC profile session and my session and found that the
characteristics of both sessions are the same, the only difference being the
credentials.

Side note: We seem to also have had an issue with our QNTC user profile on
the IBM I not being restored correctly. So I restored the user profile and
the users' authorities and still am unable to connect. We took the drastic
step of deleting the user profile from the IBM I and creating the profile
anew using my profile as the basis. And we changed the password for the
profile on Windows and the IBM I to be sure that the passwords were the
same. Note: the password is in all uppercase with a number at the end.

So the immediate question is: Has anyone encountered this issue before or
anything similar? Is there something on the windows domain that would
somehow make the user profile unable to connect?

My next step is to follow these instructions.
http://www-01.ibm.com/support/docview.wss?uid=nas8N1018146

All relevant PTFs (based on the above link), are on the system.


Paul Therrien
Andeco Software, LLC
paultherrien@xxxxxxxxxxxxxxxxxx
225-229-2491


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul
Therrien
Sent: Monday, January 9, 2017 11:30 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Cc: Rob Berendt <rob@xxxxxxxxx>
Subject: Re: QNTC file system requires digital signing.

it appears that the user profile we are using for /qntc was not restored
properly.

My profile has no issues.

Paul Therrien Andeco Software, LLC

paultherrien@xxxxxxxxxxxxxxxxxx

225-229-2491

On 2017-01-09 11:18, Rob Berendt wrote:

Make sure you're also very current with PTF's I was getting CPDB053
with a different reason code until I applied a particular PTF.

Also check your Domain name in NetServer properties (yes I know there
is a difference between NetServer and QNTC but they share some
configuration
settings)
http://www-01.ibm.com/support/docview.wss?uid=nas8N1011043
Do not use
CFGTCP, 12 and assume that domain name matches your NetServer properties.
I know that some think that GUI is the tool of the devil but you might
want to check http://youribmi:2001 and go into NetServer properties
there to check your domain name.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail to: 2505 Dekko Drive Garrett, IN 46738 Ship to: Dock 108 6928N
400E Kendallville, IN 46755 http://www.dekko.com

From: Paul Therrien <paultherrien@xxxxxxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 01/09/2017 10:28 AM
Subject: QNTC file system requires digital signing.
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>

We just upgraded to IBM i V7R3 and suddenly we are getting an issue
when trying to connect to /QNTC locations:

QNTC file system requires digital signing.

Message ID . . . . . . : CPDB053
Date sent . . . . . . : 01/09/17 Time sent . . . . . . : 10:22:06

Message . . . . : Error exchanging security information for user
DOCULEX400
on network server DOCULEX13NY.

Cause . . . . . : The IBM i NetClient (QNTC) file system has
encountered an error when authenticating user DOCULEX400 with a
network server DOCULEX13NY.
Recovery . . . : Ensure the following:
- The user is set up on network server DOCULEX13NY.
- The IBM i user password matches the network server user password.
- Network server DOCULEX13NY is enabled for digitally signed
communications.
Technical description . . . . . . . . : An error has been detected
while the QNTC file system was exchanging security information with a
network server.
The error class was 0, and the error code was 3401.

Possible error class and error code values include:
Class 0 - QNTC file system specific security error.
1 - QNTC file system requires digital signing.

What did I neglect to do?

Paul
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD