none
HIS 2004/2009 NAT Registry setting RRS feed

  • Question

  • We are trying to using HIS 2004/2009 clients in a NAT'd environment (HIS Sponsor server address is Nat'd) .  In previous versions of the client (HIS 2000 and SNA4) there was a registry value HKLM/Software/Microsoft/SNABase/Parameters/SNATCP/Firewall) that would need to be set to enable proper connectivity to the HIS Server.  Is that same value still applicable for HIS 2004/2009?  We are able to get our sponsor connection on port 1478, but when the application tries to use a resource on port 1477, we are not getting any connection into the server.
    Wednesday, February 29, 2012 10:24 PM

Answers

  • After further testing with our client user, we have determined that the Firewall= registry parameter that was manually setup during the install to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SnaBase\Parameters\SnaTcp with an Administrator level on Windows 7 was not being propagated to the HKEY_CURRENT_USER\Software\Microsoft\SnaBase\Parameters\SnaTcp automatically when a user with lower security priviledges attempted to use the HIS client. Running through the Configuration Wizard with the lower user rights seemed to propagate the key to HKEY_CURRENT_USER.

    • Marked as answer by AHull Tuesday, March 13, 2012 7:16 PM
    Tuesday, March 13, 2012 7:16 PM

All replies

  • The Firewall registry parameter still applies to all current versions of Host Integration Server. It should work in the same manner on the HIS 2004 and HIS 2009 clients. We have customers do ing this currently and have had for many years.

    How did you configure the Firewall entry?

    Is the application trying to get a resource (LU) from the same HIS Server that it connected to for its Sponsor connection?

    Thanks...


    Stephen Jackson - MSFT

    Thursday, March 1, 2012 2:16 PM
  • We follow these guidelines:

    Under the key HKEY_LOCAL_MACHINE\Software\Microsoft\SnaBase\Parameters\SnaTcp

    Add the string value Firewall = <IP Address of SNA Server> and all of our NAT'd IP addresses are in the

    38.0.0.1 network address range.

    Thursday, March 1, 2012 2:37 PM
  • In addition we are requesting our resource from the same server that we are connected to for the sponsor connection.  It is a single server in an SNA Subdomain.
    Thursday, March 1, 2012 2:46 PM
  • It should be working in the same wqay that it did previously. I'm sure you checked, but is port 1477 opened up to allow the client traffic to get through to the SNA Server service on the HIS Server?

    Are they any event messages in the Application Event log on the HIS Client after the problem occurs?

    Do you get any visiable error messages?

    For issues like this, we usually get HIS traces using the SNA Trace Utility (snatrace.exe) on the HIS Client system.

    With SnaBase stopped on the client, we'd do the following:

    1. Run snatraces.exe
    2. Highlight SNA Application in the List of Trace Items.
    3. Click Properties.
    4. Click the Set All button on the Internal trace tab and on the Message Trace tab.
    5. Click OK.
    6. Highlight SnaBase in the List of Trace Items
    7. Click Properties.
    8. Click the Set All button on the Internal trace tab and on the Message Trace tab.
    9. Click OK.
    10. Minimize the SNA Trace Utility window.
    11. Reproduce the problem.
    12. Restore the SNA Trace Utility window and click the Clear All Traces button to stop the traces.
    13. The trace files are located in the traces folder under the HIS install location.

    In the internal traces (napint1.atf, napint2.atf, cliint1.atf, and cliint2.atf) I would be looking to see if the Firewall entry was read correctly as well as the connection attempts to the IP addresses to see what IP address was being used and if the connection attempt failed or succeeded.

    For example, a connection attempt will look like the following:

    (Note: I replaced the actual IP address with 1.2.3.4)

    Destination Address = 1.2.3.4:1478
    Found Preassigned existing IP Address and it's valid
    Found Existing Destination address using it
    Local address: 0.0.0.0:54760
    Trying address 1.2.3.4
    Trying to connect to: 1.2.3.4:1478
    connect() OK, handle = 4892

    Thanks...


    Stephen Jackson - MSFT

    Thursday, March 1, 2012 8:41 PM
  • Here is a sample of what the network connection trace entries lok like when using firewall entries:

    THis is from the SNA Application internal trace (cliint1.atf) when connecting to the SNA Server service port (1477) to get an application session:

    The real IP address is replaced with 1.2.3.4.

    Trying address 1.2.3.4
    Firewall 1.2.3.4 IP address is
    Trying to connect to: 1.2.3.4:1477
    connect() OK, handle = 1152

    Earlier in this trace, you will see something similar to the following if there is a Firewall entry found:

    FireWall name: 1.2.3.4
    Found 1 firewall addresses

    I hope this helps a little.

    Thanks...


    Stephen Jackson - MSFT

    Thursday, March 1, 2012 9:33 PM
  • After further testing with our client user, we have determined that the Firewall= registry parameter that was manually setup during the install to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SnaBase\Parameters\SnaTcp with an Administrator level on Windows 7 was not being propagated to the HKEY_CURRENT_USER\Software\Microsoft\SnaBase\Parameters\SnaTcp automatically when a user with lower security priviledges attempted to use the HIS client. Running through the Configuration Wizard with the lower user rights seemed to propagate the key to HKEY_CURRENT_USER.

    • Marked as answer by AHull Tuesday, March 13, 2012 7:16 PM
    Tuesday, March 13, 2012 7:16 PM
  • The HIS 2004 Client always reads it configuration settings from HKEY_CURRENT_USER\Software\Microsoft\SnaBase\Parameters when SnaBase is configured to run as an application. When SnaBase starts, it checks to see if it needs to copy the SnaBase parameter values from HKEY_LOCAL_MACHINE to HKEY_CURRENT_USER based on the following:

    • If there is no SnaBase key under HKEY_CURRENT_USER
    • If the entries under HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER are different sizes
    • If the FinalXID values under Sna Server\Setup are different in the 2 locations.

    Of course if you use different user IDs, then you can run into issues as well. Entries under HKEY_CURRENT_USER are per user so changing a setting for one account will not impact the setting for another user account. 

    If SnaBase runs as a Windows service, then it reads the values from the HKLM\System\CCS\Services\SnaBase.

    Starting with the HIS 2006 Client, the configuration settings are read from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SnaBase\Parameters when SnaBase is running as an application unless the the “Allow per user settings” option is enabled in the Advanced Properties of Common Settings.

    Thanks...



    Stephen Jackson - MSFT

    Monday, March 19, 2012 9:52 PM