Topic
  • 10 replies
  • Latest Post - ‏2012-11-13T14:19:00Z by SystemAdmin
michael_degroat91
michael_degroat91
5 Posts

Pinned topic LDAP/AD Console User Problems

‏2012-01-12T19:28:39Z |
I'm having a problem adding and LDAP/AD user to my console. I'm able to query and add the user to the BES Console, but when I try to log in with that user I'm getting an unknown/username password error. I'm able to query LDAP and such correctly, add the user, etc., but just running into this snag. I know it's not a password issue (I'm logged into AD with the same user). Does any one have any troubleshooting suggestions?
Updated on 2012-11-13T14:19:00Z at 2012-11-13T14:19:00Z by SystemAdmin
  • cstoneba
    cstoneba
    196 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-01-12T21:26:59Z  
    do you have an existing local bigfix user account that has the same name as the ldap account you are trying to login as?
  • michael_degroat91
    michael_degroat91
    5 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-01-12T23:05:38Z  
    • cstoneba
    • ‏2012-01-12T21:26:59Z
    do you have an existing local bigfix user account that has the same name as the ldap account you are trying to login as?
    Yes but the local login is userxyz and the LDAP/AD login registers as userxyz@domainname
  • SystemAdmin
    SystemAdmin
    2038 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-01-17T21:25:38Z  
    • cstoneba
    • ‏2012-01-12T21:26:59Z
    do you have an existing local bigfix user account that has the same name as the ldap account you are trying to login as?
    I am experiencing the same deal (I created my TEM accounts with the same name as thier respective AD accounts, now trying to have them log in using AD password and it fails). The AD account doesnt work, and I assume it is because it is the same logon name as the existing TEM account (pvk file account). How does one handle this?
  • SystemAdmin
    SystemAdmin
    2038 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-01-17T23:42:42Z  
    I am experiencing the same deal (I created my TEM accounts with the same name as thier respective AD accounts, now trying to have them log in using AD password and it fails). The AD account doesnt work, and I assume it is because it is the same logon name as the existing TEM account (pvk file account). How does one handle this?
    Have you tried logging in with the full email address of the AD account? So instead of bob, try bob@mydomain.com.
  • SystemAdmin
    SystemAdmin
    2038 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-01-18T13:38:55Z  
    Have you tried logging in with the full email address of the AD account? So instead of bob, try bob@mydomain.com.
    Yes, we did try this as well.

    Before 8.2 and LDAP, I would create my users in TEM with the same logon name as thier LDAP accounts. I fear that this is where the confusion is within TEM and how it handles the two accounts with the same logon name. However I am unable to find any information yet on how to handle this, or other customer experiences.

    I have a PMR open, but hope someone on here has ideas I can try while waiting for the PMR process.
  • SystemAdmin
    SystemAdmin
    2038 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-04-19T15:10:32Z  
    When I created accounts I did a very similiar thing where I create the accounts to be the same name as the users Active Directory account. I now have 70+ Local users that I am going to migrate to LDAP users and my initial test using the right click "convert to LDAP Operator" have been relatively successful. The one big issue that I am seeing is that it appears BigFix queries to AD look for the EXACT way the account appear in Active Directory. So if a users account in Active Directory is setup as Dave.Thomas and the user attempts to login as dave.thomas it will fail with a message about "Communication Link Failure". If they try again with the exact name in AD they are able to log in

    Is there something that I am missing that will allow logins without doing a case sensitive check for the username?
  • SystemAdmin
    SystemAdmin
    2038 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-11-05T17:14:10Z  
    When I created accounts I did a very similiar thing where I create the accounts to be the same name as the users Active Directory account. I now have 70+ Local users that I am going to migrate to LDAP users and my initial test using the right click "convert to LDAP Operator" have been relatively successful. The one big issue that I am seeing is that it appears BigFix queries to AD look for the EXACT way the account appear in Active Directory. So if a users account in Active Directory is setup as Dave.Thomas and the user attempts to login as dave.thomas it will fail with a message about "Communication Link Failure". If they try again with the exact name in AD they are able to log in

    Is there something that I am missing that will allow logins without doing a case sensitive check for the username?
    Tom,

    Did you ever get any answers on this? Today I had a few LDAP users that have been using TEM for months tell me that as of today that were getting the ever you were seeing. I told them to try typing their usernames as they appear in AD and that worked. What I can't understand is these users have been logging in for close to a year with all lowercase usernames, then as of today that changed. Now some users including myself can still login using lowercase credentials.

    Let me know if you've heard anything about this please.

    -Andrew
  • SystemAdmin
    SystemAdmin
    2038 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-11-06T19:25:50Z  
    When I created accounts I did a very similiar thing where I create the accounts to be the same name as the users Active Directory account. I now have 70+ Local users that I am going to migrate to LDAP users and my initial test using the right click "convert to LDAP Operator" have been relatively successful. The one big issue that I am seeing is that it appears BigFix queries to AD look for the EXACT way the account appear in Active Directory. So if a users account in Active Directory is setup as Dave.Thomas and the user attempts to login as dave.thomas it will fail with a message about "Communication Link Failure". If they try again with the exact name in AD they are able to log in

    Is there something that I am missing that will allow logins without doing a case sensitive check for the username?
    So my problem seems to be getting worse.

    At first it was just a few LDAP users that were experiencing this issue, now more users seem to be getting this error AND as of this morning a local user has this problem too.

    Here are the details and some background information of specifically what I am seeing:

    On Monday October 29, 2012 I upgraded our TEM infrastructure from 8.2.1093.0 to 8.2.1312.0. The first LDAP user experienced the "Communication Link Failure" error Friday November 2, 2012. The second LDAP user I am aware of experienced this issue Monday November 5, 2012. As of this morning, Tuesday November 3, 2012, more LDAP users are starting to experience the issue along with one Local user.
    I am one of the users affected as of this morning. Here is what I have noticed with the logins:
    I was able to login this morning with my userid in all lowercase: a-jm15
    A few hours later I started noticing console errors so I logged out and attempted to log back in. When logging back in I experienced the error above.
    I then tried my userid with all uppercase: A-JM15
    This worked. So I decided to log back out and try another combination.
    I then tried all the following which were all successful: A-jm15, a-Jm15, a-jM15, A-jM15, a-JM15
    So it seems any case combination ID except for the one experiencing the problem originally is working. Why would my lowercase ID start giving me the "Communication Link Failure" error? I also tried all the random case combinations with the local user and they all work except for the ID that originally received the error.
  • MikeOttum
    MikeOttum
    6 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-11-10T01:35:44Z  
    So my problem seems to be getting worse.

    At first it was just a few LDAP users that were experiencing this issue, now more users seem to be getting this error AND as of this morning a local user has this problem too.

    Here are the details and some background information of specifically what I am seeing:

    On Monday October 29, 2012 I upgraded our TEM infrastructure from 8.2.1093.0 to 8.2.1312.0. The first LDAP user experienced the "Communication Link Failure" error Friday November 2, 2012. The second LDAP user I am aware of experienced this issue Monday November 5, 2012. As of this morning, Tuesday November 3, 2012, more LDAP users are starting to experience the issue along with one Local user.
    I am one of the users affected as of this morning. Here is what I have noticed with the logins:
    I was able to login this morning with my userid in all lowercase: a-jm15
    A few hours later I started noticing console errors so I logged out and attempted to log back in. When logging back in I experienced the error above.
    I then tried my userid with all uppercase: A-JM15
    This worked. So I decided to log back out and try another combination.
    I then tried all the following which were all successful: A-jm15, a-Jm15, a-jM15, A-jM15, a-JM15
    So it seems any case combination ID except for the one experiencing the problem originally is working. Why would my lowercase ID start giving me the "Communication Link Failure" error? I also tried all the random case combinations with the local user and they all work except for the ID that originally received the error.
    Hi Andrew_TEM, "Communication Link Failure" is an error that SQL Server generates. Therefore it seems likely that the issue is an intermittent network problem between your root server and SQL Server. Are those components on the same machine? If not, I would suggest that you look into whether there are any network configuration problems that might cause this.
  • SystemAdmin
    SystemAdmin
    2038 Posts

    Re: LDAP/AD Console User Problems

    ‏2012-11-13T14:19:00Z  
    • MikeOttum
    • ‏2012-11-10T01:35:44Z
    Hi Andrew_TEM, "Communication Link Failure" is an error that SQL Server generates. Therefore it seems likely that the issue is an intermittent network problem between your root server and SQL Server. Are those components on the same machine? If not, I would suggest that you look into whether there are any network configuration problems that might cause this.
    They are on different machines. Not really sure where to start looking. These servers sit right next to each other on the network, meaning same subnet and vlan.