Advanced Active Directory Settings for NPM

Hello

I have a NPM 2020.2.5. setup. The server hosting it is not joined to the domain. I am trying to use Advanced Active Directory Settings to setup authentication for web console users. 

I enter the details as below, after putting the directory server address in I am able to click on the Discover DN button the the DN is auto populated.

When I try to test these settings using the credentials box it always fails, seems like it is timing out. I have taken a pcap from the host and can see there is communication between the NPM host and the AD server. Some response comes back from the AD server and then NPM does nothing further.

I have tried with all methods of authentication and both with and without SSL.

From the same host I have used LDAP connectivity tester and using the same credentials I can connect to and authenticate with the AD.

Anyone ever managed to successfully set this up? I want to avoid joining the NPM host to the domain.

Thanks in advance for any help.

  • Take a look at a log file called c:\programdata\solarwinds\logs\orion\orionweb.log it should show your attempt to log in to the web console.

  • Hi there, 

    If your goal is simply to have users connect to the web console with their domain accounts, have you tried just creating the domain user in the 'User Accounts' page - for most of our customers this is enough to have everything working without problems:

    https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-creating-new-accounts-sw1310.htm#Creating

    It will even tell you that the machine is not joined to the domain but that it is fine as long as the domain is contactable: 

    Kind regards,

    Marlie Fancourt | SolarWinds Pre-Sales Manager

    Prosperon Networks | SolarWinds Partner since 2006

    If this helps answer your question please mark my answer as confirmed to help other users, thank you!

  • Hello, Thanks for your reply, I tried this and tried to specify the AD account however it fails with the below error. I have ensured hq.test.ldap.com is resolvable by DNS. I gave the whole FQDN of the AD server as that is the only way I could think of it would know how to find the server. The domain suffix of the NPM host is different to the AD domain.

  • can see below

    even though it says not able to contact, if you run a packet capture you can see the bind request / response, which looks good and then NPM just hangs until timeout

    C:\ProgramData\SolarWinds\Logs\Orion>type OrionWeb.log | c:\tools\grep -i ldap
    2021-11-16 12:08:01,471 [232] (232) ERROR SolarWinds.Orion.Web.LdapAuthentication - (null)  Could not connect Ldap server!
       at System.DirectoryServices.Protocols.Wldap32.ldap_result(ConnectionHandle ldapHandle, Int32 messageId, Int32 all, LDAP_TIMEVAL timeout, IntPtr& Mesage)
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
       at SolarWinds.Orion.Web.LdapAuthentication.GetUserDN()
       at SolarWinds.Orion.Web.LdapAuthentication.TryConnectInner(String server, String userName, String password, Boolean isThrowException)
    2021-11-16 12:08:01,627 [200] (232) WARN  ASP.global_asax - (null)  Long request time: [url:https://solarwinds.testserver.com/Orion/Services/AccountManagement.asmx/TestLDAPServerConnection][time:127117]
    2021-11-16 12:10:32,677 [161] (236) ERROR SolarWinds.Orion.Web.LdapAuthentication - (null)  Could not connect Ldap server!
       at System.DirectoryServices.Protocols.Wldap32.ldap_result(ConnectionHandle ldapHandle, Int32 messageId, Int32 all, LDAP_TIMEVAL timeout, IntPtr& Mesage)
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
       at SolarWinds.Orion.Web.LdapAuthentication.GetUserDN()
       at SolarWinds.Orion.Web.LdapAuthentication.TryConnectInner(String server, String userName, String password, Boolean isThrowException)
       

  • Hi, 

    Strange question but if you type everything in the User Name field in capital letters does it work?

    Kind regards,

    Marlie Fancourt | SolarWinds Pre-Sales Manager

    Prosperon Networks | SolarWinds Partner since 2006

    If this helps answer your question please mark my answer as confirmed to help other users, thank you!

  • using internet explorer, i was able to to authenticate to AD successfully

    however trying to search for a user on the AD returns nothing and the cog wheel keeps spinning

    see the attached in the log file

    2021-11-17 00:18:03,509 [109] (660) WARN  ASP.global_asax - (null)  Long request time: [url:https://solarwinds.testserver.com/Orion/NetPerfMon/ContainerDetails.aspx?netobject=C%3a5&ViewID=84][time:5436]
    2021-11-17 00:19:09,918 [341] (661) WARN  ASP.global_asax - (null)  Long request time: [url:https://solarwinds.testserver.com/Orion/Services/AccountManagement.asmx/GetWorkflowManagerAccounts?sort=account&dir=ASC][time:110730]
    2021-11-17 00:19:52,551 [268] (662) ERROR SolarWinds.Orion.Web.AccountSearchHelper - (null)  Error occurred performing search in AccountSearchHelper. Exception:
    System.Threading.ThreadAbortException: Thread was being aborted.
       at System.DirectoryServices.Protocols.Wldap32.ldap_result(ConnectionHandle ldapHandle, Int32 messageId, Int32 all, LDAP_TIMEVAL timeout, IntPtr& Mesage)
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
       at SolarWinds.Orion.Web.LdapAuthentication.SearchAccounts(String search, Boolean isGroupUser)
       at SolarWinds.Orion.Web.AccountSearchHelper.SearchUsingAuthenticatedLDAP(String user, String password, String domain, String patternToSearch, String sortDirection, Boolean isGroupSearch)
       at SolarWinds.Orion.Web.AccountSearchHelper.SearchFor(String searchString, String domainLogin, String domainPassword, String accountType, String sortDirection)
    2021-11-17 00:19:52,567 [268] (662) ERROR AccountManagement - (null)  Could not find account details on the specified domain.  Details:
    System.Threading.ThreadAbortException: Thread was being aborted.
       at System.DirectoryServices.Protocols.Wldap32.ldap_result(ConnectionHandle ldapHandle, Int32 messageId, Int32 all, LDAP_TIMEVAL timeout, IntPtr& Mesage)
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
       at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
       at SolarWinds.Orion.Web.LdapAuthentication.SearchAccounts(String search, Boolean isGroupUser)
       at SolarWinds.Orion.Web.AccountSearchHelper.SearchUsingAuthenticatedLDAP(String user, String password, String domain, String patternToSearch, String sortDirection, Boolean isGroupSearch)
       at SolarWinds.Orion.Web.AccountSearchHelper.SearchFor(String searchString, String domainLogin, String domainPassword, String accountType, String sortDirection)
       at AccountManagement.GetWindowsAccounts(String searchstring, String username, String password, String accounttype)
    2021-11-17 00:19:52,567 [268] (662) ERROR ASP.global_asax - (null)  Application_Error(17787357078341f488ad9110f8252085)
    System.Web.HttpException (0x80004005): Request timed out.
    2021-11-17 00:19:52,723 [268] (662) WARN  ASP.global_asax - (null)  Long request time: [url:https://solarwinds.testserver.com/Orion/Services/AccountManagement.asmx/GetWindowsAccounts?sort=account&dir=ASC][time:153534]
    2021-11-17 00:20:16,781 [358] (663) WARN  SolarWinds.Orion.Web.ViewManager - (null)  Condition '115' for view 'CloudInstanceSubViewHandler' cannot be loaded
    2021-11-17 00:20:16,968 [105] (663) WARN  SolarWinds.Orion.Web.ViewManager - (null)  Condition '115' for view 'CloudInstanceSubViewHandler' cannot be loaded
    2021-11-17 00:20:17,078 [425] (663) WARN  SolarWinds.Orion.Web.ViewManager - (null)  Condition '115' for view 'CloudInstanceSubViewHandler' cannot be loaded
    2021-11-17 00:20:17,218 [341] (663) WARN  Orion_ResourceContainer - (null)  Resource Top XX Applications present on view but can't be added due to resource host disabled
    2021-11-17 00:20:17,218 [341] (663) WARN  Orion_ResourceContainer - (null)  Resource Top XX Conversations present on view but can't be added due to resource host disabled
    2021-11-17 00:20:17,218 [341] (663) WARN  Orion_ResourceContainer - (null)  Resource Top XX Endpoints present on view but can't be added due to resource host disabled
    2021-11-17 00:20:17,953 [315] (663) WARN  SolarWinds.Orion.Web.ViewManager - (null)  Condition '115' for view 'CloudInstanceSubViewHandler' cannot be loaded
    

  • I tried this and I get the same as above, the searching spinning wheel just continues and nothing happens and seems to time out in the log file.

  • I do have a LDAP/AD environment and my NPM host has not joined the domain so I have set the authentication method to LDAP as suggested in the article, however it still does not work as per above screenshot and logs.