Windows XP SP 2 and OpenAFS Incompatibility

August 14, 2004

If you currently support clients who have an afs client on an XP system, please read the message below from openafs.org. In our limited tests today, we found no problems with either the IBM or the OpenAFS client except when Integrated Logon was enabled. To verify the status of Integrated Logon, open the AFS Client Configuration control panel and look at the General tab. There is a checkbox there to enable or disable obtaining an AFS token when logging in to Windows. If the box is checked, Integrated Logon is enabled. In other testing, we did not run into any problems with the OpenAFS 1.3.70 client on systems that were previously running afs client software from OpenAFS with XP service pack 1 or XP service pack 2.

Details below are quoted from Jeffrey Altman at http://openafs.org:.

"There is a serious incompatibility between Microsoft Windows XP SP2 and all previous versions of AFS for Windows whether released by IBM/Transarc or OpenAFS.org. The afslogon.dll which provides the Integrated Logon functionality violates newly imposed security restrictions. These restrictions cause network operations performed during DLL process attachment to block forever. This will prevent proper loading and unloading of user profile information. Depending on the version of AFS, the boot cycle of Windows XP SP2 may fail to complete.

All users are strongly encouraged to upgrade to the 1.3.70 release prior to the installation of Windows XP SP2. If OpenAFS for Windows cannot be installed, all references to afslogon.dll should be removed from the system. If present the following registry key should be deleted

HKLM\Software\Microsoft\Windows_NT\CurrentVersion\WinLogon\Notify\AfsLogon

In addition, the string "TransarcAFSDaemon" must be removed from the "Provider Order" value in the following keys:

HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order HKLM\SYSTEM\CurrentControlSet \Control\NetworkProvider\HwOrder

Doing so will avoid the incompatibility and will disable the integrated logon functionality.

Jeffrey Altman"