-
Title
In event viewer "Caller Computer Name:" is blank from a QAS host -
Description
Active Directory events originating from QAS clients have a blank "Caller Computer Name:"
-
Cause
QAS does not add the machine's NETBIOS name to the kerberos tickets it sends to AD by default.
Product defect: 237427 has been entered for netios setting not working on 4.2.0, 4.2.1 and 4.2.3 versions.
-
Resolution
RESOLUTION:
1 - On the client machine run the following command to add the netbios name to the kerberos ticket at login:
/opt/quest/bin/vastool configure vas libvas add-netbios-addr true
This setting is added to the /etc/opt/quest/vas/vas.conf file.
Here is some information from the vas.conf man page about the setting:
add-netbios-addr =Default value: false
By default, QAS does not add the machine's NETBIOS name to the kerberos tickets it sends to AD. This means in event logs, like Event 644 - account locked out, Windows does not display the Caller Machine Name. This setting adds that. To enable this feature, change the value of this setting to 'true'.
NOTE: The NETBIOS name length limit is 15 characters. If the machine's sAMAccountName is longer than 15 characters, it is truncated to that limit.WARNING: Enabling this option allows Windows Domain Controllers to enforce the userWorkstations attribute ( 'Log On To' button under a user's Properties->Account tab ) regardless of the vas.conf use-log-on-to setting. If a user's userWorkstations value is set, it must have the machine's NETBIOS name in that field for the DC to allow password-based login.
Example:[libvas]add-netbios-addr = falseSTATUS: Pending fix in a future release. -
Change Request
237427