Problem Note 20072: SAS® Enterprise Guide® might delete metadata Login objects, causing other SAS applications to fail
 |  |  |  |  |
SAS Enterprise Guide might delete metadata login objects, causing other SAS applications to fail. Several known scenarios can result in a deleted Login object, but the following three cases are the most common:
- You experience one or more failed attempts to log on to a SAS®
Workspace Server from SAS Enterprise Guide 4.1 or from SAS®
Add-in for Microsoft Office 2.1, especially when you use the
"unrestricted user" account to log on.
IMPORTANT NOTE: You should NEVER use an Unrestricted User (the "unrestricted user" account; for example, the sasadm ID with an "*" prefix in the adminUsers.txt) to log on to any client application except SAS® Management Console. The "unrestricted user" account is intended to be used ONLY as a metadata administrative account for SAS Management Console. Users wilth "unrestricted user" status can access all metadata on the server (except for passwords, which an unrestricted user can overwrite but cannot read). When the "unrestricted user" account is inappropriately used from a client application other than SAS Management Console, there is no way to predict which log-on credentials will be used in an attempt to start the workspace server, and that particular Login object will be deleted.
- You experience one or more failed attempts to connect to the SAS Workspace Server within SAS Enterprise Guide when more than one Login object is defined in the authentication domain that is associated with your application servers.
- You experience one or more failed attempts to connect the SAS Workspace Server within SAS Enterprise Guide when the SAS® Metadata Server and the application server use separate authentication providers.
In some cases, when a Login object deletion is attempted, the SAS Metadata Server log might contain a information similar to the following:
20070427:15.49.10.27: 00000174: New client connection (9)
accepted from server port 8561 for user sasdemo@d18455. Encryption
level is Credentials using encryption algorithm SASPROPRIETARY.
Peer IP address and port are 10.11.13.195:3155.
20070427:15.49.15.85: 00000196: 9:SASDEMO@D18455:
DeleteMetadata return code=807fe9a3....
20070427:15.49.15.85: 00000196: 9:SASDEMO@D18455: The UserID
SASDEMO@D18455 represents the current connection and cannot be
deleted.
|
You can avoid this problem in one of two ways.
- Ensure that each user stores valid credentials in the metadata. To accomplish this task, users can use the SAS® Personal Login Manager.
- Ensure that users do NOT use the SAS Administrator account to log on to a SAS Enterprise Guide or a SAS Add-In for Microsoft Office client application.
When the SAS Metadata Server and the application server are on the same authentication domains, you can set the application server to use the SAS Metadata Server log-on credentials. That is, the application server will use the same user ID and password that you used to connect to the SAS Metadata Server.
Some symptoms of this problem are documented in these SAS Notes:
020034
018419
012938
Select the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Enterprise Guide | Microsoft Windows 2000 Professional | 4.1 | 4.2 | 9.1 TS1M3 SP1 | 9.2 TS1M0 |
| Microsoft Windows NT Workstation | 4.1 | 4.2 | 9.1 TS1M3 SP1 | |||
| Microsoft Windows XP Professional | 4.1 | 4.2 | 9.1 TS1M3 SP1 | 9.2 TS1M0 | ||
A fix for this issue for Enterprise Guide 4.1 is available at:
http://www.sas.com/techsup/download/hotfix/ent_guide41.html#020072| Type: | Problem Note |
| Priority: | alert |
| Topic: | System Administration ==> Security |
| Date Modified: | 2008-02-04 10:50:36 |
| Date Created: | 2007-04-27 16:05:24 |