I can login fine with directlink, but access is limited. when i log out and then log back in, i get the error below:
Any help would be greatly appreciated!
We are seeing a similar error with the login page some times it takes 3 - 5 minutes to load and then just error's out. we are seeing a similar slow or unresponsiveness trying to look at My Orion Deployment.
Yep, we are having the same thing. after i login, it just spins for 3-5 minutes then times out.
i'm hesitant to call support because i'm sure wait times are high at the moment. i suppose i'll open a ticket via the customer portal.
Please let me know if you find a fix and i will do the same!
Also having login issues with AD (msapi) authentication. Local accounts still work.
Thanks for the reply. glad i'm not the only one.
I know its not an answer but at least its start for troubleshooting :
https://support.solarwinds.com/SuccessCenter/s/article/After-logging-on-to-the-Orion-Web-Console-Unexpected-Website-Error-Request-timed-out-is-displayed-for-ViewID-1-Summary-Page-in-NPM?language=en_US
Also try to run the permission checker and run a website repair and check the bellow :
https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Core-Windows-Authentication-with-Active-Directory-sw2411.htm
Even if you reach support i am sure these are the first things they will ask you to do so you can skype a few day by providing them the results.
@monitoringlife @kavana33 did you guys block all public traffic on your orion servers after the security event news broke? we did, so after i whitelisted the necessary IPs and FQDNs, it started working again.
@rmullal Do you have a reference link you used to whitelisted the Solarwinds required IP addresses and FQDNs
I feel the same, (sorry if this sounds bad) but I was excited to see a forum post and know I am not the only one.
Interesting note, authentication to SWQL Studio thick client works and I get prompt results.
After I upgraded to HF2, I logged in with Firefox, and I can open multiple tabs into our SolarWinds Orion instance, moving around freely. I cannot log in with any other browser, and nobody else can log in. We get the login screen, and when we put in our credentials it just spins and times out. I opened a ticket this morning, and I uploaded diagnostics, but I have not heard anything back yet.
Edit: I realize now that the account that works only works because I never logged out. I was logged in before the upgrade. I think if I log out I will never be able to get back in with a domain account.
@rmullal We are whitelisting licenseserver.solarwinds.com, but do you have a handy-dandy list of what needs to be whitelisted? We did block everything, and now we are dead in the water.
Thanks!
Can you share the case number with me? What username format are you using? have you tried variations of DOMAIN\Username user@fqdn?
@kavana33 @fakeusername sorry for the late response. so i'm not exactly sure why this worked, but it did. we whitelisted our public IP space, servicenow (for the incident integration), windows update endpoints, a few other API endpoints we use for various integrations and custom scripts. we didn't whitelist anything specific to SW at all. i think whitelisting our public IP space is what did it, but no idea why.
@tony.johnson It is Case # 00684099. I uploaded diagnostics, but I have not heard anything back at all. It shows as Not Started.
I did try variations on the domain name with no luck. The only thing working now is the local account, and since I was already logged into Orion with a domain account, that seems to still work.
Thanks, Tony.
Edit: I tried domain\username and username@fulldomaininfo
Interesting update. We enabled 'automatic logins' and that does allow authentication (assuming fresh session and you have to login via the popup ntmlv2 box vs SolarWinds WebUI).
I turned on LDAP in Advanced AD Settings and configured it with SSL checked. This moved us from MS-API to LDAP, which has solved our issue. Now our AD users can log in.
This will only work for single domain logins. If you have external (transitive trusts) it will not allow logins (only logins from the domain configured for LDAP).
@tony.johnsonwas there a resolution to this? We are still broken (case# 00684731).
Good point @monitoringlife. That is the case (single domain logins) for our implementation, so it will work fine for all our users.
By chance are you using HTTPS with a self-signed certificate?
we have the same issue - what are the necessary IPS - we had assumed solarwinds didnt need any specific external destination or ports allowed to work (only internal).
This worked for me. Used a local account to make the changes and to test the new ldap configurations.
I had spoken to support and gave them the diagnostics file. They could not see anything wrong and said there should not be anything needing external access for authentication. Going to try and figure out why it needed external access for. If I figure it out I will update this thread.
Had to re-join all my SolarWinds servers to the domain, but MS-API login is working again. Recommend giving that a shot and seeing if it helps.
