Problem
One of my Solarwinds group accounts became unable to log in. Members of this group had been logging in with no problems. Suddenly they could no longer log in, and got this error in the browser instead:
Login failure.
User name and/or password incorrect.
Troubleshooting
This error appeared in when the user tried to log in (where xxxxxxxx is the user's cn in Active Directory/LDAP:
WARN SolarWinds.Orion.Web.OrionMixedModeAuth - (null) Failed to retrieve WindowsIdentity for user ads\xxxxxxxx: System.Security.Authentication.AuthenticationException Cannot logon 'xxxxxxxx@ads' via NetworkCleartext/Default.
I created a group for a different Active Directory group that included this user. When I did that, the user was able to log in. This confirmed that the group was the problem, not the user.
I looked at the Accounts table in the SolarwindsOrion database. This table includes the column "AccountSID". Using an LDAP browser, I determined that the value of Accounts.AccountSID for a group or user should match the value of objectSID for that group or user in Active Directory. For the group that could not log in, the value of AccountSID did not match.
Solution
I updated the value of AccountSID to match the value of objectSID for this group. After I corrected the value of AccountSID for this group, this user and other group members could log in. The SQL query is given below.
Parameters
Old Accounts.AccountSID for this group: S-1-5-21-9999999999-9999999999-9999999999-999999
Correct Active Directory objectSID for this group: S-1-5-21-8888888888-8888888888-888888888-888888
Query
USE SolarwindsOrion
GO
UPDATE Accounts
SET AccountSID='S-1-5-21-8888888888-8888888888-888888888-888888'
WHERE AccountSID='S-1-5-21-9999999999-9999999999-9999999999-999999'
