MultiNet FAQs

Where on the HP web site can I get the HP KRB$RTL.EXE shareable image?

You can find the HP software at:

http://h71000.www7.hp.com/openvms/products/kerberos/

How do I determine what version of MultiNet I'm running?

To determine what version of MultiNet you are running, type this command:

$ MULTINET SHOW/VERSION

Are there any newgroups or other ways to talk to other MultiNet users?

Process Software has created a public mailing list, info-multinet@process.com as a forum for discussion among users of MultiNet. To subscribe, send electronic mail to info-multinet-request@process.com, with the word SUBSCRIBE as the only word in the body of the message. After subscribing to the mailing list you will then receive a copy of all messages sent to the list. If you want to send a message to the list address it to info-multinet@process.com. Any messages sent to the list are also available in the USENET newsgroup vmsnet.networks.tcp-ip.multinet and any postings to the vmsnet.networks.tcp-ip.multinet newsgroup are sent to the mailing list.

How can I find out what patches are available for MultiNet?

All released patches for MultiNet are available at http://www.multinet.process.com/eco.html. Leave the fields blank and click submit to see all patches for all versions. For a list of patches for the most current version of MultiNet, click here.

How can I verify that my new service is installed?

The entry in the HOSTS.LOCAL file does not define a service for the MultiNet server process to listen for but just associates a port number to a service name. This allows programs to use the getportbyname( ) call to get the port number for a given service name. To configure the MultiNet server process to listen on a certain port and run a specific program when a request comes in, you have to add the service in MU CONFIG/SERVER. For example to add a service called WATER listening on port 8675 you would do the following:

$ MULTINET CONFIGURE/SERVER
MultiNet Server Configuration Utility V4.4(42)
[Reading in configuration from MULTINET:SERVICES.MASTER_SERVER]
SERVER-CONFIG>ADD WATER
[Adding new configuration entry for service "WATER"]
Protocol: [TCP]
TCP Port number: 8675
Program to run: SYS$MANAGER:LOGIN.COM
[Added service WATER to configuration]
[Selected service is now WATER]
SERVER-CONFIG>RESTART
Configuration modified, do you want to save it first ? [YES]
[Writing configuration to MULTINET_COMMON_ROOT:[MULTINET]SERVICES.MASTER_SERVER]
%RUN-S-PROC_ID, identification of created process is 0000011D
SERVER-CONFIG>SHOW WATER/FULL
Service "WATER":
        TCP socket (AF_INET,SOCK_STREAM), Port 8675
        Socket Options = SO_KEEPALIVE
        INIT() = TCP_Init
        LISTEN() = TCP_Listen
        CONNECTED() = TCP_Connected
        SERVICE() = Run_Program
        Program = "SYS$MANAGER:LOGIN.COM"

    

Note that if the service is a UCX compatible service you need to do a SET FLAGS UCX_SERVER

Do I need to add the loopback network when I define the trusted local networks?

Yes, if you define the trusted local networks using the SET LOCAL-NETWORKS command. You must explicitly add the loopback network 127.0.0 0/255.0.0.0. It is not included in your TLN.

Note! In v4.1 and earlier of MultiNet, on page 3-6 of the Secure/IP guide, it incorrectly states to add only three octets. In v4.2 and later of MultiNet, the Secure/IP information was combined into the other guides and the same statement was included in the Administrative Guide. The correct statement 127.0.0.0/255.0.0.0 is in the v4.4 of the Administrative Guide.

Can I change MultiNet's IP address without rebooting the system?

Yes, the IP address of an interface can be changed without rebooting, although any existing connections on that interface will be lost.
First make the appropriate changes in NET-CONFIG, then do the following:

$ MULTINET SET/INTERFACE/ DOWN SE0  (or whatever interface you are changing)

$ MULTINET SET/INTERFACE SE0/ADDRESS=new_ip_address/PROTOCOL=IP

/VMS_DEVICE=vms_network_device/LINK_LEVEL=ETHERNET/IP_SUBNET=subnet_mask

To find the exact command for your system:

$ SEARCH/WIN MULTINET: START_MULTINET.COM SE0.

How do I use MultiNet on another node in the cluster that it was not previously installed on?

How do I add the /NODECNET qualifier to initialization of SE interfaces?

When configuring multiple interfaces, add the /NODECNET qualifier to interfaces that are NOT running DECnet.

The /DECNET (or /NODECNET) only comes into play when MultiNet is started *before* DECnet. If DECnet is started first, the interface gets the new "hardware" address assigned by DECnet (AA-blah). MultiNet then comes along and uses that address for the interface. With the /NODECNET qualifier on the interface, it will use the PROM address if DECnet was not started on that interface.

However, if MultiNet starts first, by default, it uses /DECNET, which means it calculates the same "AA-blah" address that DECnet will use. If you specify /NODECNET, it uses the PROM address.

If the PROM address is used, DECnet can not run on that interface once MultiNet has been started. Customers using /NODECNET but starting DECnet first are going to have no problem.

How to enable your applications that are designed to execute over DECNET to execute over TCP/IP instead.

If your OpenVMS systems are all running MultiNet the simplest solution is to configure and use MultiNet's TCP/IP Services for DECnet Applications. This will enable your applications that are designed to execute over DECNET to execute over TCP/IP instead. TCP/IP Services for DECnet applications will allow your applications to run seamlessly over TCP without DECnet protocols or software and without the additional overhead of running both stacks on your systems or both protocols on your network routers.

Can I configure DHCP to ignore requests sent by the Microsoft NT RAS server?

Yes, you can configure DHCP to ignore these requests.

Place the deny/allow ras-servers option statement in the configuration file at the global level, or place it in a shared-network or subnet statement.  The statement applies to the scope (global or subnet, etc.) of the file in which it is placed.  The default is "allow ras-servers."

How often is the DDNS zone information check-pointed to the zone file, and is this configurable?

DDNS zone information is check-pointed to the zone file hourly, which is every time the zone goes into maintenance. It is not configurable. The changes get written to a log file temporarily, and then re-applied if something happens to the server (when it comes up, it looks for the log file, and applies the changes if they are there). The updates are re-applied after loading the zone on startup, providing that the nameserver believes the zone file hasn't been changed since the last time it committed the changes to the file.

When the nameserver is shut down correctly [e.g. mu netc domain stop], the dynamic updates are committed to the file during the shutdown procedures; The logfile is only there for uncontrolled shutdowns [e.g. process/system crashes, killing the nameserver process, etc....]

I would like to change the amount of time it takes for DNS name lookups to fail. Can this be done?

Yes. This is controlled in any version of MultiNet by the NAMESERVER-RETRANSMISSION setting in MULTINET CONFIGURE. This controls the time between requests and the number of name server requests made before the system stops sending requests to a nonresponding server. The first argument is the time in seconds; the optional second argument is the number of tries to make.

You can change the value of NAMESERVER-RETRANSMISSION without rebooting by also defining or redefining the system-wide logical name MULTINET_NAMESERVER_RETRANS and restarting the MULTINET_ SERVER (@MULTINET:START_SERVER) and SMTP_SYMBIONT (@MULTINET_ START_SMTP) processes.

Can zone transfers be allowed from certain hosts only?

Access to the server can be restricted based on the IP address of the requesting system. This is done by using an address_match_list The following can be address match lists:

Remember that address match lists follow the standard named.conf syntax and require a semi-colon (;) after each element. For example:

allow-update { !192.168.0.1; 192.168.0.0/16; };

When an IP address or prefix is compared to an address match list, the list is examined and the first match (regardless of its negated state) is used. The interpretation of a match depends on the conditions defined in the following table.

Since the address match list uses a first-match algorithm, care must be taken when using negation. In general, if an element is a subset of another element, the subset should be present in the list before the broader element.

For example, 10.0.0/24; !10.0.0.1 will never negate to the 10.0.0.1 address because a 10.0.0.1 address will match with the 10.0.0/24 element and not traverse any farther. So the 10.0.0.1 address will be accepted in the match list.

Using !10.0.0.1; 10.0.0/24 will elicit the desired effect. The 10.0.0.1 will be matched against the first, negated, element. All other 10.0.0.* addresses will pass by the 10.0.0.1 element and be matched against the 10.0.0/24 subnet element.

After upgrading to MultiNet v4.2 the Nameserver no longer performs zone transfers from the primary server. The following OPCOM messages are produced. What do the status codes mean and how can I correct them?

%%%%%%%%%%%  OPCOM  23-AUG-1999 11:18:03.08  %%%%%%%%%%%

Message from user SYSTEM on XXXX

named: can't exec NAMED_XFER: status = 1c



%%%%%%%%%%%  OPCOM  23-AUG-1999 11:18:03.14  %%%%%%%%%%%

Message from user SYSTEM on XXXX

named: can't exec NAMED_XFER: status = 1c


    

The error status in both messages is "1c." To find out what this means, enter the following:

	$ EXIT %X1c

        %SYSTEM-F-EXQUOTA, process quota exceeded

It is most likey the subprocess quota that have been exceeded, which you can increase by entering the following commands -

	$ MULTINET CONFIGURE/SERVER
	SERVER-CONFIG>sel domain
	[The Selected SERVER entry is now DOMAINNAME]
	SERVER-CONFIG>set pql-prclm 20
	[PQL PRCLM of DOMAINNAME set to 20]

After you increase the quota, restart the MultiNet_server process and the namedserver process. Enter the following commands:

	$ @MULTINET:START_SERVER
	$ MU NETC DOMAIN RESTART

Can I restrict what hosts can do a zone transfer from my DNS server?

Yes. You can use the allow-transfer option in the NAMED.CONF either in the global options or the options for a specific zone to restrict zone transfers to just those IP addresses specified. In the following example the allow-transfer option in the global options restricts access to just systems in the 192.168.1.0 subnet while the allow-transfer in the zone statement for the company.com zone restricts transfers for that zone to just the 192.168.2.1 IP address.

/*
* NAMED.CONF - bind configuration file
*/

options {
      allow-transfer { 192.168.1.0/24; };
};

zone "company.com" in {
     type master;
     allow-transfer { 192.168.2.1; };
     file "company.hosts";
};

/*
* END NAMED.CONF - bind configuration file
*/

    

What is the difference between DNS Load Balancing and Cluster Aliasing?

DNS Load Balancing is a MultiNet feature that allows you to direct a request for a given service to the least busy node. It is primarily used for TCP based services (e.g., Telnet, FTP). DNS Load Balancing is configured through DNS and with the CLUSTER-SERVICE-NAMES parameter as discussed in the Host Tables and DNS chapter of the Administrator's Guide. When a client wants to connect (TELNET, for example) to your cluster, they issue the command against the CLUSTER-SERVICE-NAMES hostname (e.g., TELNET CLUSTER. PROCESS.COM). Before the client can connect, it must resolve CLUSTER.PROCESS.COM into an IP address. When the client asks the MultiNet nameserver for this resolution, the results (i.e., the IP addresses for your cluster nodes) are ordered from least busy to most busy.

Cluster Aliasing is a functionality of MultiNet that allows failover in the event a cluster member becomes unavailable. It is primarily intended for use with UDP based services (e.g., NFS). To use this feature, choose one or more IP addresses that are NOT IN USE on your network and assign them to the MULTINET_IP_CLUSTER_

ALIASES logical as described in the Establishing IP Connectivity section of the Administrator's Guide. This parameter must be assigned the same value on all cluster members that will participate. The cluster members will negotiate amongst themselves to determine who initially binds to the cluster alias(es). If the node that has bound to the address fails, another node in the cluster will assume the responsibility of handling the connectionless (UDP) services for the cluster alias address.

Why are underscores not allowed in DNS host names?

The BIND RFC states that underscores in host names are illegal. MultiNet did not enforce this rule until v4.0B. If you upgrade from v4.0A or prior and have a zone file that contains underscores or try to do a zone transfer from a zone with underscores you will get OPCOM errors and these zones will not be loaded correctly. It is recommended that all underscores be removed from host names. There is, however, a workaround. Underscores ARE allowed on CNAME records so you can change the original A record from an underscore to a hyphen, then create a CNAME record with the underscore in it and point it to the A record.

For example, if you have the following A record:

MARS_ALPHA.PROCESS.COM IN A 198.114.213.9

You could make the following entries instead:

MARS-ALPHA.PROCESS.COM IN A 198.114.213.9

MARS_ALPHA. PROCESS.COM IN CNAME MARS-ALPHA. PROCESS.COM

Why do I get these messages from OPCOM when I start the MultiNet nameserver?

The primary DNS server for our zone runs on a Windows NT machine. For redundancy purposes, I would like to make one or more of my MultiNet nodes act as secondary DNS servers. I read Chapter 14 of the Administrator's Guide and feel that I've configured MultiNet properly to act as a secondary, but when I start the MultiNet nameserver, I get messages from OPCOM like:

Multinet Server: ns: print_output: short answer (35, 68), zone test. process.com
    

Multinet Server: ns: zoneref: Masters for secondary zone "test.process. com" unreachable
    

You need to tell Windows NT that there are secondary nameservers on the network which are not running Windows NT. The easiest way to do this is to

What does the named: default: warning: check_hints: error mean?

I get the following warning on the console:

named: default: warning: check_hints:
A records for J.ROOT-SERVERS.NET class
1 do not match hint records

What does this mean and what can I do to correct it?

This message indicates that your current root hint file is out of date and should be updated. You can download the new version of the root hints file from ftp://ftp.rs.internic.net/domain/named.root

You will want to replace your current root hint file with the named.root referenced above. By default the root hint file is :

MultiNet - MULTINET:DOMAIN-NAME-SERVICE.CACHE
TCPware - TCPWARE_NAMED_ROOT:NAMED.CA

On recent versions of VMS and FTP access from your MultiNet or TCPware system you can use the following commands to copy the new version of the hint file and restart the named server

For MultiNet:

$ copy/ftp/log ftp.internic.net::"/domain/named.root" - multinet:domain-name-service.cache
$ multinet netcontrol domain restart

For TCPware:

$ copy/ftp/log ftp.internic.net::"/domain/named.root" - tcpware_named_root:named.ca
$ @tcpware:restart dns

When a Unix client uses FTP to put files to my MultiNet/TCPware system the file names get changed, some have $’s added to them, why?

The "$" is need to differentiate “filename” from “Filename”. You can disable Unix mode by defining the logical MULTINET_FTP_UNIX_STYLE_CASE_INSENSITIVE to be “true.” You can do this in a user’s login command procedure to disable it for that one user or you can define the logical /SYSTEM to change the behavior for all users. You can also define the logical MULTINET_FTP_UNIX_STYLE_CASE_INSENSITIVE to accept Unix directory and file specifications but ignore the case of a file. [NOTE: replace MULTINET in the logical names with TCPWARE on TCPware systems.]

Why does FTPing savesets from VMS to NT/Windows cause the record length to change?

When FTPing files from VMS to a PC, the record length changes to 512; MultiNet savesets should be 2048, TCPware savesets should be 32256. In VMS v6.1 (or v6.2) and above you can use the SET FILE/ATTRIBUTE to change the record length, but in VMS v5.x that command does not exist. What can be done on VMS v5.x system to change the file attributes?

Use the following sequence of commands to change the record length of the saveset:

$ ANALY/RMS/FDL saveset.a

Edit the .FDL file and change the record length to 2048 for MultiNet or 32256 for TCPware.

$ EXCHANGE/NET/FDL=saveset.FDL oldsaveset.a newsaveset.a

The newsaveset.a should be in the correct format with the correct record length.

This should work in all versions of VMS.

Can I configure different FTP access for different users?

Yes, by defining a system level logical name MULTINET_ FTP__CONTROL you can disable the following FTP rights for a user:

$ DEFINE/SYSTEM/EXEC MULTINET_FTP_JONES_CONTROL "NOLIST,NOREAD"

Why do I get "Invalid Block Side" errors after installing a website patch?

First check the saveset file to verify the format:  $BACKUP/LIST kitname.A/SAVE   where 'kitname' is the file with the .A extension that you extracted.  Chances are that many, if not most, of the files will give this error.  All the patch kits provided for MultiNet and TCPware are VMS backup savesets and are stored on our server on a ZIP format.  This allows one to obtain the patch from our FTP servers to any platform (VMS, NT UNIX, etc) to later be transferred to the VMS system.

Although the zip files are the same zip format as the PC, unzipping them using PC based "un-zipper" program will separate the files fine, but since only VMS knows the attributes of a backup saveset, the PC will apply the wrong format to the saveset file.

There are two ways that you can fix this:
1. The recommended way is to FTP the VMS unzip utility from our website at   ftp://ftp.multinet.process.com/patches/.  Depending in your architecture, you will need UNZIP.EXE (for VAX) or UNZIP_ALPHA.EXE (for Alpha), Before you download the files, make sure your FTP client is set to BINARY or IMAGE.  Put the unzip file in the SYS$COMMON:[SYSEXE] directory. The execute the command:  $MCR UNZIP patchkit.ZIP on VAX; $MCR UNZIP_ALPHA patchkit.ZIP on Alpha

2. An another way is to change the VMS attributes of the with the following VMS command:

SET FILE/ATTRIBUTES=(LRL=32256,RAT=NONE,RFM=FIX) kitname.A

Then check the file validity by:
$BACKUP/LIST kitname.A/SAVE   

Can I install MultiNet in a cluster with different versions of OpenVMS?

MultiNet must be installed once for each version of OpenVMS. Each of the installs must be done into a new MultiNet root.

Why is the configuration file missing a block?

The configuration file that is being referred to is the SNMP_AGENT.CONFIGURATION file and the error indicates that the format of the file is invalid. The file should be edited and corrected. If you are not using SNMP you can disable it. SNMP is enabled by default as of v4.0. If SNMP is not being used on the system, it can be disabled by issuing the following:

$ MULTINET CONFIGURE/SERVER
SERVER-CONFIG> SELECT SNMP
[The Selected SERVER entry is now SNMP]
SERVER-CONFIG> DISABLE SNMP
SERVER-CONFIG> EXIT
$ @MULTINET:START_SERVER RESTART

If a system has two interfaces on it, can I assign an address to both cards so if one card fails the address can still be reached?

Yes, by using MultiNet's paired network interface support and pseudo devices. This is a new feature starting with MultiNet v4.3.

If the system is to be accessed via the IP address 192.41.228.71:

Here is an example configuration that demonstrates the above:

$ MULTINET CONFIG
MultiNet Network Configuration Utility V4.3(103)
[Reading in MAXIMUM configuration from MULTINET:MULTINET.EXE]
[Reading in configuration from MULTINET:NETWORK_DEVICES.CONFIGURATION]
NET-CONFIG>show
Interface      Adapter      CSR         Flags/
                           Address      Vector
---------      -------     -------      ------
 se0 	(Shared VMS Ethernet/FDDI)
                -NONE-      -NONE-      -NONE-
[TCP/IP: 192.168.1.1,IP-SubNet: 255.255.255.0]
[VMS Device: EWA0, Link Level: Ethernet]

 se1	(Shared VMS Ethernet/FDDI)
                -NONE-      -NONE-      -NONE-
[TCP/IP: 192.168.1.2,IP-SubNet: 255.255.255.0]
[VMS Device: EWB0, Link Level: Ethernet]

 pd0 	(Secondary Ethernet Address)
                -NONE-      -NONE-      -NONE-
[TCP/IP:192.41.228.71,IP-SubNet:255.255.255.0]
[Hardware-Device: se0]

$ TYPE MULTINET:LOCAL_INITIALIZATION.COM
$ MULTINET SET/INTERFACE/COMMON_LINK=(SE1) SE0

    

With this configuration if either SE0 or SE1 is brought down with the command MU SET/INTERFACE/DOWN or if a fatal error is detected on either interface, the pseudo device and any routing table entries using that device will failover to the other. Also, when sending a packet if one of the interfaces is busy, the packet will be sent out via the other interface, resulting in better throughput.

What is the NFS server connection limit?

There is no limit for NFS or UDP in general, though memory, open channel limits, or other system resources could effect the number of connections the NFS server can service.

What does this mean? Server acting 'catatonic' - can't start NFS_SERVERIO processes

If the NFS server can not service creates or writes it could be because it can not start an NFS_SERVERIO process. If a "$ show system" shows the NFS_SERVER process but no NFS_SERVERIO_X process(es) this is a good indication that the PRCLM (process limit) of the NFS_SERVER is 0. This can be verified by running quota.com (included below) on the NFS_SERVER process and looking for PRCLM. It should be 5 or better.

The following commands show how to set the PRCLM of the NFS_SERVER process:

VEGA> mu config/serv
MultiNet Server Configuration Utility V4.0(40)
[Reading in configuration from MULTINET:SERVICES.MASTER_SERVER]
SERVER-CONFIG>select nfs
[The Selected SERVER entry is now NFS]
SERVER-CONFIG>set pql-prclm 5
[PQL PRCLM of NFS set to 5]
SERVER-CONFIG>exit
[Writing configuration to MULTINET_COMMON_ROOT:[MULTINET]SERVICES.MASTER_SERVER]

A reboot is required after doing this if the server is running in kernel mode. If the server is running in user mode, you can stop the process and restart the master server.

[quota.com] 
$! quota.com
$!   Usage: @QUOTA pid-of-process-to-check
$!
$ if p1 .eqs. ""
$ then
$   Inquire PID
$ else
$   PID = P1
$ Endif
$ astcnt = f$getjpi(pid, "astcnt")
$ astlm = f$getjpi(pid, "astlm")
$ bytcnt = f$getjpi(pid, "bytcnt")
$ bytlm = f$getjpi(pid, "bytlm")
$ pgflquota = f$getjpi(pid, "pgflquota")
$ pagfilcnt = f$getjpi(pid, "pagfilcnt")
$ filcnt = f$getjpi(pid, "filcnt")
$ fillm = f$getjpi(pid, "fillm")
$ enqcnt = f$getjpi(pid, "enqcnt")
$ enqlm = f$getjpi(pid, "enqlm")
$ biocnt = f$getjpi(pid, "biocnt")
$ biolm = f$getjpi(pid, "biolm")
$ diocnt = f$getjpi(pid, "diocnt")
$ diolm = f$getjpi(pid, "diolm")
$ tqcnt = f$getjpi(pid, "tqcnt")
$ tqlm = f$getjpi(pid, "tqlm")
$ prclm = f$getjpi(pid, "prclm")
$ write sys$output "ASTLM: ''ASTLM', remaining: ''ASTCNT'"
$ write sys$output "BYTLM: ''BYTLM', remaining: ''BYTCNT'"
$ write sys$output "PGFLQUOTA: ''PGFLQUOTA', remaining: ''PAGFILCNT'"
$ write sys$output "FILLM: ''fillm', remaining: ''FILCNT'"
$ write sys$output "ENQLM: ''enqlm', remaining: ''enqcnt'"
$ write sys$output "BIOLM: ''biolm', remaining: ''biocnt'"
$ write sys$output "DIOLM: ''diolm', remaining: ''diocnt'"
$ write sys$output "TQLM: ''tqlm', remaining: ''tqcnt'"
$ write sys$output "PRCLM: ''prclm'"

I need to change some logical names at DST changes in support of various applications we run. How can I do this automatically?

MultiNet 5.0's version of NTP supports calling a DCL command procedure as part of the NTPD startup processing and at every DST change. This called procedure can contain whatever commands you need to define or change logicals, run programs, send messages, create or alter files, etc. For more information, see Chapter 14 of the MultiNet V5.0 Installation & Administrator's Guide.

Does MultiNet change the system time for daylight savings time?

If you have configured a Timzone Rule and have NTP (for versions prior to v4.1) or XNTP (for version 4.2 and later) enabled, MultiNet changes the time automatically when the switch to or from Daylight Savings Time (DST) occurs. For further information, refer to the "System Clock and Timezone Configuration" section of the MultiNet Administrator's Guide.

Why can I not find the kernel symbol "$magic"?

When MultiNet started it installed an executable (say, file handle 1295,2,0). Now when MultiNet goes looking to the physical file, it has noticed that the file is not exactly the same as the one that was installed originally. It could have been renamed to a higher version, or the same version of MultiNet was installed over itself. A reboot is required to correct the problem.

Can MultiNet change the system time for daylight savings time?

Yes, as long as the MultiNet Server is not functioning as a "local master". In such a mode, the server is acting (or emulating) a high stratum clock, and only serves Universal Time (UT, or Greenwich Mean Time,GMT). It has no concept of Daylight savings and cannot step it's own clock. This mode is usually used by a server that has special clock hardware and the network has clients that connect to this server because they have no access to the internet master clocks. MultiNet clients (peers) that use this clock for reference, will be able to switch from DST to Standard Time and visa-versa just as if they were getting time synchronization from Internet high stratum network clocks.

Is there any way to make the NTY session show up as REMOTE instead of LOCAL?

Yes, a kernel variable needs to be set by the following command:

$ MULTINET SET/KERNEL NETWORK_PTY_IS_REMOTE 1

This command has to be executed each time MultiNet is started. If it exists, MultiNet executes the file MULTINET:LOCAL_INITIALIZATION.COM after starting. You can add the SET/KERNEL command to the file if it already exists, or create the file and add the SET/KERNEL command if the file does not already exist.

How do I disable OPCOM Messages from NAMED?

Since I upgraded to Multinet v4.2, I get the following OPCOM messages from NAMED. What are they and can I disable them?

   %%%%%%%%%%%  OPCOM  28-JAN-2000 10:05:01.64  %%%%%%%%%%%
   Message from user SYSTEM on PSC1
   named: NSTATS 949053901 949053895
   
   %%%%%%%%%%%  OPCOM  28-JAN-2000 10:05:01.65  %%%%%%%%%%%
   Message from user SYSTEM on PSC1
   named: XSTATS 949053901 949053895 RR=1 RNXD=0 RFwdR=0 RDupR=0 RFail=0
   RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=1 SAns=0 SFwdQ=0
   SDupQ=0 SErr=0 RQ=0 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=0 SFwdR=0 SFail=0 SFErr=0
   SNaAns=0 SNXD=0

   %%%%%%%%%%%  OPCOM  29-JAN-2000 10:41:20.02  %%%%%%%%%%%
   Message from user SYSTEM on PSC1
   named: Lame server on 'node1.process.com'  
(in 'process.com'?):[10.1.0.2].53 'C.ROOT-
   SERVERS.NET'

These are informational messages from the new BIND v8 namserver and none represents a serious problem. The NSTATS and XSTATS messages (the first two shown) are the statistics for the currently running nameserver. The last message means that the nameserver has found a 'lame server.' A lame server is a server that supposedly has authority for a particular zone, but is not configured as such.

Using the new configuration options, these and other informational messages can be surpressed easily or even sent to a file rather than to OPCOM. The new nameserver in MultiNet has a truly advanced logging configuration that provides more control than in the previous version.

Add the following logging statement to your NAMED.CONF file to keep all informational messages from going to OPCOM.

   logging {
     channel no_info_opcom {
         syslog daemon;
         severity notice; 
         print-severity yes;
         print-category yes;
       };
     category default { no_info_opcom; default_debug; };
   };

Why is the message not transferred to the client when a POP3 user has a large attachment to an email?

To be successfully sent, attachments to email messages cannot be larger than the page file quota set in the user's account. If this has been a problem, just increase the user's PGFLQUOTA appropriately.

Why is the LPD server giving me this message? Record too large for user's buffer

This problem is most likely due to sending a binary file as text. If the file is sent, or received, as binary (file type "v"), the server will read and store the data as fixed length binary records.

When printing to MultiNet's LPD server "record is too large for user's buffer" messages are generated.

There are several ways to correct this problem.
1.) Have the client specify the -v option in the lpr command.
2.) Modify USER_LPD_SERVER.C to assume the -v option for specific queues.
3.) Define the logical multinet_lpd_*_V_passall (in the multinet printer table) like this:

$ define/system/exec/tabl=multinet_printer_table multinet_lpd_*_V_passall "YES"

$ define/system/exec/tabl=multinet_printer_table multinet_lpd_*_V_filetype "FIXED512"

Why are the LPD queues not working?

When I send a job to print the job is not accepted and the following error message appears:

%%%%%%%%%%%  OPCOM  24-JUN-1999 15:14:50.13  %%%%%%%%%%%

Message from user SYSTEM on HOSTA

MultiNet Printer Symbiont: Entry 83, queue SUPPORT1

Couldn't open temporary file [192.169.1.1/printer]:

       %RMS-E-DNR, device not ready, not mounted, or unavailable,

       ABORTING PRINT JOB.

What is causing this and how can I correct it?

The cause of the error is that the MultiNet spool directory is set to an invalid or unavailable directory. You can correct this by using the MultiNet configuration utility as follows:

$ MU CONFIG

MultiNet Network Configuration Utility V4.0(103)

[Reading in MAXIMUM configuration from MULTINET:MULTINET.EXE]

[Reading in configuration from MULTINET:NETWORK_DEVICES.CONFIGURATION]

NET-CONFIG>
NET-CONFIG> SET SPOOL-DIRECTORY valid-directory
NET-CONFIG> EXIT

[Writing configuration to MULTINET:NETWORK_DEVICES.CONFIGURATION]
[Writing Startup file MULTINET:START_MULTINET.COM]
[Changes take effect after the next MultiNet reload]
    

You can define the logical MultiNet_Spool to have the change take effect immediately; for example:

$ DEFINE/SYSTEM/EXEC MULTINET_SPOOL valid-directory
    

Is there a way to stop OPCOM messages when a print symbiont does not connect to the printer?

Yes, issue this command:
$ DEFINE/SYSTEM/EXEC MULTINET_PRINTER_NO_OPCOM "true"

This works for both stream and lpd symbionts. Add this command to MULTINET:LOCAL_ROUTES.COM so it executes every time MultiNet starts.

Why can I not make an Rshell connection when my .rhost and my host.equiv files seem correct?

There are a number of  things that effect a valid connection for the R-services:

Why does the process hang when I try to MOUNT RMTalloc device?

Be sure that SYLOGIN.COM and LOGIN.COM have the following two lines:

VERIFY = 'F$VERIFY'
and
IF F$MODE() .eqs. "OTHER" THEN EXIT.

If problems still occur, verify in UAF that the account they are logging into on the remote server is not executing some other command procedure at startup. Check LGICMD in UAF. If they are, add the 2 lines to that file also.

Can I use the SMTP_SERVER_REJECT file to reject mail based on the subject?

Yes, by using the ":rfc822:" reject rules. For exmaple: the following lines would reject all messages that have "ILOVEYOU" in the subject space:

! Reject anything with an RFC822 Subject header of ILOVEYOU

! cyberpromo.com or nowhere.com

!

:Subject: ILOVEYOU 

How do I suppress the mail headers in MultiNet's SMTP

To suppress the headers that show up in email received through SMTP, do the following:

$ MU CONF/MAIL
MAIL-CONFIG> SET HEADER-CONTROL NONE
MAIL-CONFIG> *Exit*

$ @MULTINET:START_SERVER RESTART
$ @MULTINET:START_SMTP
$ @MULTINET:START_SMTP_LOCAL (if applicable)

How is MultiNet configured to send mail when it is behind a firewall?

If your system is behind a firewall and you have an SMTP relay server available, you can configure MultiNet to send all SMTP messages to the relay host for delivery. In MULTINET CONFIG/MAIL you must set the FORWARDER to the name of the SMTP relay server and you must set the FORWARD-REMOTE-MAIL to TRUE.

Are either MultiNet or TCPware affected by CERT® Advisory CA-2002-03 in many implementations of the SNMP Protocol, dated February 12, 2002?

These SNMP vulnerabilities do NOT pose security risks for MultiNet and TCPware. MultiNet V4.4A is not vulnerable to these SNMP issues at all. MultiNet 4.3A and TCPware have minor problems with access violations (resulting in the SNMP process dying), but pose no security risk. Patches for MultiNet 4.3A and TCPware V5.5-3 are available from the MultiNet ECO Database and the TCPware ECO database Use the following kit names:

MultiNet V4.3A: SNMP-020_A043
TCPware V5.5-3: SNMPD_V553P011

How can I stop getting OPCOM messages from the MultiNet server like: AGENT_ERROR_ROUTINE: CODE=1?

These errors are the result of SNMP not being properly configured. Often, SNMP is enabled but not configured to work within the network. Your options are to configure SNMP (covered in Chapter 23 of the Administrator's Guide) or to disable SNMP altogether with the following sequence:

SERVER-CONFIG>SEL SNMP
[The Selected SERVER entry is now SNMP]
SERVER-CONFIG>DISABLE SNMP
SERVER-CONFIG>EXIT
    

I have enabled SSH in my MultiNet configuration. When trying to create the host master key via the $ MULTINET SSH KEYGEN command, why do I receive the following error message?

GETHOSTNAME: FUNCTION NOT IMPLEMENTED
      

$ MU CONF
NET-CONFIG>SHOW
    

If the drivers are loaded, you will see this line:

Load UCX $QIO driver: TRUE

If you do not see this line, then you need to load the drivers:

$ MU CONF
NET-CONFIG>SET LOAD-UCX-DRIVER TRUE
    

Then REBOOT the system to make the drivers available.

Information Needed to analyze a crash

Process Software will need the following information in order to do a speedy crash analysis;

All information on the crash MUST include:

This information should be sent to Process Software’s Technical Support Department to expedite the crash analysis. In most cases a valid system dump from the crash will also have to be provided.

Do I need to use the HP software if I want to run another KDC with MultiNet v5.0?

Yes and no. If you want to use MultiNet's telnet client and you want to use Kerberos V5 authentication, you'll need the HP software to request a V5 ticket from any Kerberos V5 KDC. Other than that, our software works with any Kerberos V5 KDC (so long as the KRB$RTL.EXE shareable image is installed).

What do I need from HP to run MultiNet Kerberos v5.0 Telnet Server and Client?

To simply run our Kerberos v5.0 Telnet server & client, you will need the KRB$RTL.EXE shareable image that is supplied in the HP distribution. MultiNet images link against this and all Kerberos V5 functionality is done through calls to this library. The HP distribution also includes the KDC and Kerberos client functionality (requesting a ticket, etc.)

Why do TELNET and FTP take 1 to 2 minutes to connect?

If it takes 1 to 2 minutes to finally make a connection when using TELNET or FTP, there is probably a failing reverse DNS lookup. In other words, the server is doing a reverse lookup on the client's IP address and cannot resolve it.

You need to add the address of the client to the reverse DNS files for resolution. If you use DNS but do not have Internet connectivity, add a FORWARDERS line to the end of your DOMAIN-NAME-SERVICE.CONFIGURATION file, then SLAVE on the next line. This causes DNS to look through your DNS files and cache, but not attempt to contact the root servers on the Internet.

If you are using host-tables, add the address of the client to the HOSTS.LOCAL file. Also, if you are using host tables and not using DNS, be sure DNS is disabled from SERVER-CONFIG.

For FTP: define/system MULTINET_FTP_FAST_TIMEOUT will minimize the amount of time spent on a reverse lookup.

It seems that after five or so incoming FTP (or TELNET) connections have been established, other people can connect, but their sessions 'hang.' Is this a MultiNet problem?

You've probably hit the default 'max-servers' limit. From within SERVER-CONFIG, you can set the maximum number of servers available to service incoming connections. Once that limit (5 by default) has been reached, new connections are accepted, but appear to 'hang' until a previously established session ends, freeing up a server. You can boost (or lower) this limit in SERVER-CONFIG by selecting the service you want to modify (e.g., SELECT FTP) and changing the value (e.g., SET MAX-SERVERS 15). Restart the master server for the change to take effect.

How can I restrict certain services (e.g., TELNET, FTP) to certain cluster nodes?

Use the following sequence:

$ MULTINET CONFIGURE/SERVER
SERVER-CONFIG> SELECT service
SERVER-CONFIG> SET ENABLED-NODES

You can now add new VAXcluster nodes for service. An empty line terminates.
Add VAXcluster node: hostname
Add VAXcluster node:
SERVER-CONFIG> SHOW/FULL
SERVER-CONFIG> EXIT
    

service is the name of the service to modify
hostname is the name of the host who runs that service

You can also prevent selected services (BOOTP, TFTP, NFS, for instance) from starting on certain nodes in your VMS cluster with the SET DISABLED-NODES command.

Why can I not read directories even though they are in the translations file?

Using TFTP TFTP.FILENAME-TRANSLATIONS does not work. The correct translation is in the file but the directories are not being translated.

Make sure the directories in the file are listed from deepest or most specific to least deep or less specific.

For example -

     [MULTINET.AXP_COMMON.MULTINET]
     [MULTINET.AXP_COMMON]
     [MULTINET]

What do I do if MultiNet fails to start on an Integrity system?

Check the granularity hints memory.

$ SHOW MEM/G

MultiNet V5.1 requires the following amounts of VMS executive memory on Integrity platforms:

Execlet code region 87 pages

Execlet data region 375 pages

To insure that there is sufficient for MultiNet to load put the following lines in SYS$SYSTEM:MODPARAMS.DAT and do an autogen:

MIN_GH_EXEC_CODE = 4183

MIN_GH_EXEC_DATA = 1399

For MultiNet V5.2, the requirements are:

Execlet code region 83 pages

Execlet data region 472 pages

Is there a way to tell what process owns a connection?

You can use the MU SHOW/CONN=PID or MU SHOW/CONN=PROC commands to list the connections and the PID or name or the process that owns them.

How can I configure MultiNet's (or TCPWare’s) SSH server to ignore requests from addresses which are not in some sort of "approved" list? I can add hosts to the SSH configuration file but it seems that the SSH server doesn't check the client address until *after* it's accepted the client connection. I want it to completely *ignore* such clients.

You can use packet filtering to block those. The following set of rules would only allow connections from the 192.42.95.0/24 subnet and the host 198.115.48.1 -

permit tcp 192.42.95.0 255.255.255.0 0 0 eq 22

permit tcp 198.115.48.1 255.255.255.255 eq 22 drop tcp 0 0 0 0 eq 22

Is there a way to identify whether a user's current interactive session is connected via SSH protocol v1 rather than v2 so that a message can be displayed?

The existence of the MULTINET_SSH_<PID>_DEVICE logical (where <PID> is the PID of the process) in the LNM$SSH_LOGICALS table indicates the connection is via ssh1 rather than ssh2.

Can you change the port the SSH server listens on?

Yes use the following sequence of commands

$ MULT CONFIG/SERVER

SERVER-CONFIG> SELECT SSH

SERVER-CONFIG> set param

It will now ask about deleting each parameter, just hit <CR> as long as the parameter doesn't mention "port". When it asks for new parameters type:

port <new_port_number>

then a blank line to terminate the dialog. Exit and save the configuration and then restart SSH with -

$ mu netcontrol ssh restart

If you are using SSH for OpenVMS, you can change it by executing the SSH_CONFIGURE.COM again and entering the new port number when prompted.

I'm using NTP and would need to know what to do to account for the new timezone rules coming up in 2007.

There will be a patch that will address this by February 1, 2007.

Home > Support > MultiNet > FAQs