3 Replies Latest reply on Mar 8, 2012 2:30 PM by tdanner

    FaultException received when valid AD creds entered without domain...

    mattmoore

      Reproduction steps:

      • Enter AD creds that are valid for domain but not added to list of AD accounts in Orion.
      • Authenticate with SWIS over net.TCP protocol.
      • Receive FaultException with message 'The creator of this fault did not specify a Reason.'

      This stops us from testing Orion AD creds.

        • Re: FaultException received when valid AD creds entered without domain...
          tdanner

          Which net.tcp endpoint are you using?

          For the AD account in question, is it a member of an AD group that has been set up in Orion?

          Do you get the same result for AD accounts that have been authorized as individual accounts in Orion?

            • Re: FaultException received when valid AD creds entered without domain...
              mattmoore

              This happens when I try the NetTcpBinding_InformationService1 on net.tcp://{0}:17777/SolarWinds/InformationService/Orion/ad endpoint with valid AD credentials that haven't been authorized in Orion (via a group or individually).

              e.g.

              Account 'Foo\Bar' is valid in AD and has been authorized on Orion: all works well.  In my case 'Foo\Bar' was added to Orion individually.  I currently do not have any AD groups authorized on Orion.

              Account 'Foo\Derp' is valid in AD but has not been authorized on Orion:  FaultException mentioned above.

                • Re: FaultException received when valid AD creds entered without domain...
                  tdanner

                  Sorry it has taken me so long to get back to you on this.

                  I wrote a small program to test this behavior. What I found matches what you found.

                  When I specify an incorrect password, I get a SecurityNegotiationException with the message "The server has rejected the client credentials.".

                  When I specify a valid username and password for an account that has not been granted access in Orion, I get a FaultException with the message "The creator of this fault did not specify a Reason."

                  You could catch the FaultException and use that for validating AD credentials. It's a little messy, but I think it should work fine.