3 Replies Latest reply: Mar 8, 2012 2:30 PM by tdanner RSS

FaultException received when valid AD creds entered without domain...

mattmoore

Reproduction steps:

  • Enter AD creds that are valid for domain but not added to list of AD accounts in Orion.
  • Authenticate with SWIS over net.TCP protocol.
  • Receive FaultException with message 'The creator of this fault did not specify a Reason.'

This stops us from testing Orion AD creds.

 
  • Re: FaultException received when valid AD creds entered without domain...
    tdanner

    Which net.tcp endpoint are you using?

    For the AD account in question, is it a member of an AD group that has been set up in Orion?

    Do you get the same result for AD accounts that have been authorized as individual accounts in Orion?

    • Re: FaultException received when valid AD creds entered without domain...
      mattmoore

      This happens when I try the NetTcpBinding_InformationService1 on net.tcp://{0}:17777/SolarWinds/InformationService/Orion/ad endpoint with valid AD credentials that haven't been authorized in Orion (via a group or individually).

      e.g.

      Account 'Foo\Bar' is valid in AD and has been authorized on Orion: all works well.  In my case 'Foo\Bar' was added to Orion individually.  I currently do not have any AD groups authorized on Orion.

      Account 'Foo\Derp' is valid in AD but has not been authorized on Orion:  FaultException mentioned above.

      • Re: FaultException received when valid AD creds entered without domain...
        tdanner

        Sorry it has taken me so long to get back to you on this.

        I wrote a small program to test this behavior. What I found matches what you found.

        When I specify an incorrect password, I get a SecurityNegotiationException with the message "The server has rejected the client credentials.".

        When I specify a valid username and password for an account that has not been granted access in Orion, I get a FaultException with the message "The creator of this fault did not specify a Reason."

        You could catch the FaultException and use that for validating AD credentials. It's a little messy, but I think it should work fine.