10 Replies Latest reply on Oct 8, 2013 11:38 AM by oleg.zastavnyi

    Can't log into Alert Central with any user other than Admin

    matt.maugeri

      After building Alert Central we tested it out with a few local users.  Set up alerts and groups with escalations.  All seemed to work as expected.

      Then I integrated with AD groups.  I added our SolarWinds Admin group of 13 users.

      Now those users show their passwords authenticate thru active directory

      I can no longer log into alert central with any users except the admin user.

      We have added as an external website in our Orion Console and when you click on Alert Central it brings up the logon screen but none of the users can log in even after verifying the email that alert central sent out.

      I have disabled a bunch of the users thinking there was a license issue but that didn't work.

      I have rebooted the appliance a few times as well.

      Any suggestions?

        • Re: Can't log into Alert Central with any user other than Admin
          oleg.zastavnyi

          What are you getting on screen when you trying to login by user that was obtained from AD.

          Could you attach a screen ?

            • Re: Can't log into Alert Central with any user other than Admin
              matt.maugeri

              There is nothing to really show.  I get the logon screen and put in domain\username and my domain pw and click logon and nothing happens.  The button looks to change color when I hover over it.  Once I change it to "admin" it logs in.  Also if I create a local user it now does the same thing (will not log in)  Before I populated accounts with AD I had 3 admin (local) created that worked fine,  Once I added to Orion, via external sites, i used AD accounts from our solarwinds admin security group.  They all populated and emailed the users to verify their accounts.  I have rebooted the device a couple of times too.  I can't see any logs on the device either.

               

              Thanks.

                • Re: Can't log into Alert Central with any user other than Admin
                  oleg.zastavnyi

                  I've just tried and it looks ok. So, could you make sure
                  that all user from AD don't have checked item "user must change password
                  at next login" on AD settings (see attachment). Also make sure that
                  correct user pwd (not domain pwd) and local user doesn't need to enter
                  domain\username in login field (just need enter username). 

                   

                  Untitled.png

                  Please let me know in any question.

                  Thanks, Oleg.

                    • Re: Can't log into Alert Central with any user other than Admin
                      matt.maugeri

                      I verified that we are not being prompted to change our PW's.  These are accounts that have been in AD for years and are not new.

                      I am concerned mainly with the domain users right now so that is what I'll test.

                      I attempt to log in with domain\user.name and my domain pw and can't get in.  I thought it was syncing account pw with AD.

                      when I try to edit my domain account, UN and PW are grayed out.  See attachment.

                      I even tried my username with case sensitive letters domain\Matt.Maugeri

                      It would seem that LDAP look up was being blocked but the accounts populated when I used the wizard to add them.

                       

                      I even tried my local account too (matt.maugeri) and reset the pw with no luck.  The only account I can log in with is the admin account.

                      I just created a new alertcentraltest account and that logged in without issues.

                       

                      I can log into Orion with my domain creds.

                       

                      Are there logs I can review to see if there are failures?

                      alertcentrallogin.png

                        • Re: Can't log into Alert Central with any user other than Admin
                          oleg.zastavnyi

                          yes, you can.

                          1) go to appliance "SolarWinds Mgmt" tab.

                          2) click "Bundle Logs".

                          3) download *.tar.gz file which was generated.

                          4) open opt\apache-tomcat\logs\

                           

                          Could you attach this log (*.tar.gz) to more deeply investigate?.

                            • Re: Can't log into Alert Central with any user other than Admin
                              matt.maugeri

                              I am unable to get the logs from the admin console.  I have to SSH into the appliance and transfer them

                              what can i look for in the logs?  There are several logs.  Localhost_access, localhost, catalina.out, catalina

                              Also after I reboot the appliance the DNS servers go back to what they were and not what I changed them to be.  I am having our VMware guy look at that.

                              To me it seems like there is a disconnect in the account verification step when syncing thru AD.

                              On the users > Edit this user there is a button next to "This account is authenticated by Active Directory"  Called "sync with Active Directory"

                              I ran that and synced the accounts successfully but still no log on

                                • Re: Can't log into Alert Central with any user other than Admin
                                  oleg.zastavnyi

                                  To obtain logs without admin console, you can connect over SSH(SCP) to the appliance. All logs located in /opt/oncall/logs, please attach all of them.

                                  Thanks, Oleg.

                                    • Re: Can't log into Alert Central with any user other than Admin
                                      matt.maugeri

                                      So here is an update.  We found the time zone was off on the appliance.  Now all of our users except me can log in.  I get the same result.  I think I have deleted and recreated my account and it somehow has impacted my user account.  I use my domain\username to log into numerous things all day long so the account is not locked out.

                                       

                                      I'll see about gathering those logs do you have a direct email I don't want to post them to a message board.

                                          • Re: Can't log into Alert Central with any user other than Admin
                                            oleg.zastavnyi

                                            Glad you found it.  So I could recreate the appliance, then recreate the users, recreate the email groups and such or just have you clean the DB and restore it.  I think restoring it would be quicker.  I haven’t made any changes since you received my last DB dump.  If you want to remove the user(s) matt.maugeri (local and domain) and send it back I can then restore it.  Just tell me where I should place the files and any other details.

                                             

                                            Thank you

                                             

                                            Matt

                                             

                                            From: Oleg Zastavnyi
                                            Sent: Monday, September 16, 2013 3:56 AM
                                            To: Maugeri, Matt
                                            Subject: AC Issue

                                             

                                            Hi, Matt.

                                             

                                            I’ve figure out why you can’t login to AC, by some user.

                                            The problem is on AC, this defect should be fixed we will create

                                            a defect in out tracking system.

                                            Unfortunately, there no any workaround for this user from your side.

                                            The only one way is to send me again your new DB dump and I manually delete this use from DB,

                                            or you can start using new appliance from scratch.

                                             

                                            Thanks,

                                            1. Oleg.

                                             

                                             

                                            Both are attached in the zip.

                                             

                                            Thank you,

                                             

                                            Matt

                                             

                                            From: Oleg Zastavnyi
                                            Sent: Wednesday, September 11, 2013 10:32 AM
                                            To: Maugeri, Matt
                                            Subject: RE: Logs

                                             

                                            Yes it is data1\backup. ok

                                             

                                            Sent: Wednesday, September 11, 2013 5:23 PM
                                            To: Oleg Zastavnyi
                                            Subject: RE: Logs

                                             

                                            Looks to be in data1\backup.  I am grabbing the existing one and will run a new one with my newly created local account

                                             

                                            From: Oleg Zastavnyi
                                            Sent: Wednesday, September 11, 2013 10:15 AM
                                            To: Maugeri, Matt
                                            Subject: RE: Logs

                                             

                                            Yes, and send me this backup file.

                                            See screen.

                                             

                                             

                                            Sent: Wednesday, September 11, 2013 4:59 PM
                                            To: Oleg Zastavnyi
                                            Subject: RE: Logs

                                             

                                            I created the user matt.maugeri (local) validated the email when it came.  Set the pw to pwd11111.  I see you only wanted it 11111 but from a distance it looked like pwd11111. Either way I can’t log in with the local account either.  I think either my name matt.maugeri or the email address matt.maugeri@mail.com is linked to an account still in the system just not showing up.  Our mail server will not relay to a non mindSHIFT.com account so I can’t use my personal account.

                                            To get the dump am I going into the appliance thru the web ipaddress:5480 or ipaddress for alert central console?  Here is what I see in the :5480 logon. 

                                             

                                             

                                            From: Oleg Zastavnyi
                                            Sent: Wednesday, September 11, 2013 9:45 AM
                                            To: Maugeri, Matt
                                            Subject: RE: Logs

                                             

                                            Ok, Could you make next steps?:

                                            1. 1.       Create  matt.maugeri  local user(not AD) and after that try to login (make sure that pwd is correct, please set pwd 11111). In this case that you described you should’t login into AC.
                                            2. 2.       Go to appliance setting and create DB dump.
                                            3. 3.       Send me dump and I in my local machine will try reproducing login into AC by user matt.maugeri  and pwd 11111.
                                            4. Oleg.

                                             

                                             

                                            Sent: Wednesday, September 11, 2013 4:09 PM
                                            To: Oleg Zastavnyi
                                            Subject: RE: Logs

                                             

                                            AD account looks fine.  I have even removed myself from the Solarwindsadmin group and readded.  Is there anywhere within the Alert Central where user accounts could be left behind after deleting them?  I had removed my mscrm\matt.maugeri account once then added a local user matt.maugeri (couldn’t log in with that either) and finally added my mscrm\matt.maugeri back.

                                             

                                             

                                            Matt

                                             

                                             

                                            From: Oleg Zastavnyi
                                            Sent: Wednesday, September 11, 2013 6:00 AM
                                            To: Maugeri, Matt
                                            Subject: RE: Logs

                                             

                                            Hi, Matt.

                                             

                                            I rely can’t understand why you can’t login and some of you coworkers can login successfully

                                            by using user from AD. As for me it looks like that something with user policy in AD but I am not sure.

                                            Did you try create new user in AD, remove old from AC  and try again?

                                             


                                            Sent: Tuesday, September 10, 2013 6:54 PM
                                            To: Oleg Zastavnyi
                                            Subject: RE: Logs

                                             

                                            I already tried that. Didn’t work.  My coworkers use the mscrm\username and they can log right in.

                                            After sync I did “Update”

                                             

                                            From: Oleg Zastavnyi
                                            Sent: Tuesday, September 10, 2013 11:52 AM
                                            To: Maugeri, Matt
                                            Subject: RE: Logs

                                             

                                             

                                            If it help you please let me know. 

                                             

                                            Sent: Tuesday, September 10, 2013 6:24 PM
                                            To: Oleg Zastavnyi
                                            Subject: RE: Logs

                                             

                                            We did change the domain controller from msXXXX to 192.168.xxx.xxx.  This new server is in the same space as the Alert Central appliance.

                                             

                                            So, several questions:

                                            1)      As I understand some users can connect and some of them can’t, is it correct?  Yes I have had 3 testers verify they can connect.

                                            2)      When you try synch. with AD on user setting page it works ok. correct ?  yes, no errors after I input the server ip UN and PW.  I just synced again and still can’t log in.

                                             

                                             

                                             

                                             

                                            From: Oleg Zastavnyi
                                            Sent: Tuesday, September 10, 2013 11:17 AM
                                            To: Maugeri, Matt
                                            Subject: Logs

                                             

                                            Hi, Matt.

                                             

                                            I’ve just looked into logs and seems to me that some time you can’t connect to the LDAP server.

                                             

                                            18:02:58.688 [http-bio-8080-exec-39] ERROR c.s.oncall.logic.ldap.LdapLogic - Could not connect: msXX.mXX.crmXXl:XX

                                             

                                            So, several questions:

                                            1)      As I understand some users can connect and some of them can’t, is it correct?

                                            2)      When you try synch. with AD on user setting page it works ok. correct ?

                                             

                                             

                                            Thanks, Oleg.