• State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Subscribers 29 subscribers
  • Views 3460 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Solarwinds SWQL Studio - AD USERS NOT ABLE TO LOGIN

pramod.paul.jose
Hi all,

We have been active users of Solarwinds SWQL Studio. We normally use the AD accounts to login into it. The AD Auth stopped working recently for all users.
We are able to access Solarwinds GUI using the same AD account and it works fine. The Auth is working for local accounts in SWQL Studio which are created inside SW but not for the AD Accounts.
The authentication is also failing for python/powershell scripts using the OrionSDK with AD accounts (all of them used to work before).

There was no upgrades performed on Solarwinds, the only change I can think of is Windows OS patching.

I have also checked the Orion.Accounts and AccountSID is not NULL.
SW Product Version: 2020.2.6
Is there anything there I can do to troubleshoot the issue?
Parents
  • 0

    Point of clarity: Are you running with AD accounts of via SAML against Azure AD?

  • 0 in reply to KMSigma.SWI

    We dont use SAML nor Azure AD or both.

    We use on-premise Windows AD which the box sits on.

  • 0 in reply to pramod.paul.jose

    OK - just needed to make sure.  Are you getting any connection logs or errors?

  • 0 in reply to KMSigma.SWI

    Error in the GUI : Unable to connect to Information Service. Invalid Username or password

    C:\ProgramData\SolarWinds\InformationService\v3.0\Solarwinds.InformationService.log
    ====================================================================================
    2022-04-20 14:45:27,860 [295] INFO SolarWinds.Orion.Web.OrionMixedModeAuth - (null) (null) Successfully retrieved WindowsIdentity for user Domainxx\x123456a.
    2022-04-20 14:45:28,203 [295] INFO SolarWinds.Orion.Web.AuthorizationManager - (null) (null) WindowsAuthorizationManager.CheckCreateUser() failed: System.ArgumentException: The (&(|(objectClass=user)(objectClass=group))(|(objectSid=S-1-5-21-3499964120-3315823391-1593708255-811737)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-1002140)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-1246602)(objectSid=)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-1002139)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-801432)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-1093599))) search filter is invalid.
    at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
    at SolarWinds.Orion.Web.Authentication.Windows.DirectoryServices.GetDistinguishedNames(IEnumerable`1 sids)
    at SolarWinds.Orion.Web.AuthorizationManager.WindowsAuthorizationManager.GetDomainGroups(WindowsIdentity identity, IEnumerable`1 orionDomainGroupsSids)
    at SolarWinds.Orion.Web.AuthorizationManager.WindowsAuthorizationManager.CheckGroupMembership(WindowsIdentity identity)
    at SolarWinds.Orion.Web.AuthorizationManager.WindowsAuthorizationManager.GetUpdatedVirtualUserFromGroupMembership(WindowsIdentity identity, String errorMessage)
    at SolarWinds.Orion.Web.AuthorizationManager.WindowsAuthorizationManager.CheckCreateUser(WindowsIdentity identity)
    at SolarWinds.Orion.Web.AuthorizationManager.CheckCreateUser(IIdentity identity)
    2022-04-20 14:45:28,203 [295] WARN SolarWinds.Data.Providers.Orion.OrionAccountValidator - (null) (null) Invalid username or password for user 'Domainxx\x123456a' via Windows Authentication.

    ========================================================

    If I try the "Orion V3 AD" login method (no need to enter password), it gives GUI error as below

    Unable to connect to Information Service. The server has rejected the client credentials.

    I could not see anything in the log file for this.

Reply
  • 0 in reply to KMSigma.SWI

    Error in the GUI : Unable to connect to Information Service. Invalid Username or password

    C:\ProgramData\SolarWinds\InformationService\v3.0\Solarwinds.InformationService.log
    ====================================================================================
    2022-04-20 14:45:27,860 [295] INFO SolarWinds.Orion.Web.OrionMixedModeAuth - (null) (null) Successfully retrieved WindowsIdentity for user Domainxx\x123456a.
    2022-04-20 14:45:28,203 [295] INFO SolarWinds.Orion.Web.AuthorizationManager - (null) (null) WindowsAuthorizationManager.CheckCreateUser() failed: System.ArgumentException: The (&(|(objectClass=user)(objectClass=group))(|(objectSid=S-1-5-21-3499964120-3315823391-1593708255-811737)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-1002140)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-1246602)(objectSid=)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-1002139)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-801432)(objectSid=S-1-5-21-3499964120-3315823391-1593708255-1093599))) search filter is invalid.
    at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
    at SolarWinds.Orion.Web.Authentication.Windows.DirectoryServices.GetDistinguishedNames(IEnumerable`1 sids)
    at SolarWinds.Orion.Web.AuthorizationManager.WindowsAuthorizationManager.GetDomainGroups(WindowsIdentity identity, IEnumerable`1 orionDomainGroupsSids)
    at SolarWinds.Orion.Web.AuthorizationManager.WindowsAuthorizationManager.CheckGroupMembership(WindowsIdentity identity)
    at SolarWinds.Orion.Web.AuthorizationManager.WindowsAuthorizationManager.GetUpdatedVirtualUserFromGroupMembership(WindowsIdentity identity, String errorMessage)
    at SolarWinds.Orion.Web.AuthorizationManager.WindowsAuthorizationManager.CheckCreateUser(WindowsIdentity identity)
    at SolarWinds.Orion.Web.AuthorizationManager.CheckCreateUser(IIdentity identity)
    2022-04-20 14:45:28,203 [295] WARN SolarWinds.Data.Providers.Orion.OrionAccountValidator - (null) (null) Invalid username or password for user 'Domainxx\x123456a' via Windows Authentication.

    ========================================================

    If I try the "Orion V3 AD" login method (no need to enter password), it gives GUI error as below

    Unable to connect to Information Service. The server has rejected the client credentials.

    I could not see anything in the log file for this.

Children
No Data

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.