2 Replies Latest reply on Sep 30, 2011 11:58 AM by netlogix

    Logon failure the user has not been granted the requested logon type at

    jraney1987

      Running into some issues getting AD to work with SolarWinds Orion NPM 10.1.3.

      I've created multiple windows groups in the Account Management and I am running into the error: logon failure the user has not been granted the requested logon type at

       It works for the majority of the groups but not all of them. Same thing is happening with Single Windows Accounts. Any user part of the router team has no issues logging in but the DNS team has issues. I've read the replies from other thwack threads but it hasn't resolved the issues.

      SolarWinds is on one domain and the Server that hosts AD is on another domain.

      I've checked the following:

      - made sure the users are in the appropriate groups in AD

      - validated that the groups have a SID by them in the Accounts field in the database

      - the users who are having issues do not have bad passwords or expired accounts as they log in with these accounts daily.

      - I have admin rights to the AD tree

      I'm not exactly sure where to check since some groups work fine and others don't.

      Awaiting for our Support contract to renew before I can open a support ticket.

      Thanks.

        • Re: Logon failure the user has not been granted the requested logon type at
          sean.martinez

          Due to the way how we authenticate AD users in Orion we require the 'Allow Logon Localy' permission for the accounts that are used in Orion.

           

          The partial workaround for this is to enable automatic login using Windows Authentication (it can be set in Web Console Setting). However this works only in situation when IIS does the authentication - the Orion login page is skipped then. Once you get to the Orion login page (either you logout or by timeout) you need to restart the browser so IIS can authenticate the account again."

           

          So there should be two workarounds:

           

          1) Add the accounts to "Allow log on locally" policy on Orion server. You can configure this policy in mmc - Local Computer Policy snap-in - Windows Settings\Security Settings\Local Policies\User Rights Assigment\Allow log on locally

           

          2) Enable automatic login in Orion - this will only work if the authentication is done on IIS, and not in Orion. So it will only work in IE (but there is some browser setting that can allow it also for Firefox) and user needs to be logged under the same account to windows.