Active Directory Authentication

mculbreth · Post by **mculbreth** » Wed Mar 30, 2005 1:19 pm

Hello,

I have a new installation of both Vault and Dragnet on a server in our domain. I have configured each product to use Windows Authentication.

My issue is that Dragnet works fine, but Vault does not. Same server, same user running each application, same domain, everything.

Here is an excerpt from my Vault log:

Identity = intellinet\SrvDevToolsUser
----3/30/2005 2:11:15 PM admin--atl01s31.intellinet.local(10.1.1.31)--SSL Disabled Login
Active Directory authorization for user mattc failed.
The server is not operational
----3/30/2005 2:11:44 PM mattc--atl01s31.intellinet.local(10.1.1.31)--SSL Disabled Login failed: FailInvalidPassword
Active Directory authorization for user mattc failed.
The server is not operational

Post by **jeremy_sg** » Wed Mar 30, 2005 2:30 pm

I've never seen this particular error before, so I can only give vague hints.

Does any of these Microsoft KB articles apply to you?

http://support.microsoft.com/?kbid=837328

http://support.microsoft.com/kb/325465

http://support.microsoft.com/default.aspx?kbid=323542

mculbreth · Post by **mculbreth** » Fri Apr 01, 2005 9:00 am

Thanks, but none of these worked.

I'm now getting the "FailInvalidPassword" error in the log for any domain user I try.

----4/1/2005 9:52:49 AM SrvDevToolsUser--inet-mattc.intellinet.local(10.1.2.179)--SSL Disabled Login failed: FailInvalidPassword

I know I am typing in the right password, and I've tried a few domain accounts and I'm getting the same issue.

The strange thing is that Dragnet works perfectly.

Post by **jeremy_sg** » Fri Apr 01, 2005 9:10 am

It looks like there's no AD attempt in Vault for your last post (the error would log that the AD authentication failed like before). Are you sure that this user is configured for AD authentication and that you have a domain configured in the admin tool?

mculbreth · Post by **mculbreth** » Fri Apr 01, 2005 10:14 am

Actually I read the log again and I still have that server error, so it's not able to authenticate for some reason.

I can't think of anything else it can be.

Is there anything I can do with the log to get more tracing going?

Post by **jeremy_sg** » Fri Apr 01, 2005 12:34 pm

Unfortunately, we log all of the information that Active Directory gives us. Are you sure that your domain is spelled right in the Vault admin tool?

mculbreth · Post by **mculbreth** » Fri Apr 01, 2005 5:09 pm

Unfortunately it is indeed spelled correctly. It's finding the correct comain controller from what I can tell. This is very odd.

mculbreth · Post by **mculbreth** » Sat Apr 02, 2005 1:36 pm

Success!

I changed the domain name from just "COMPANY" to "COMPANY.LOCAL" and it works.

shoecake · Post by **shoecake** » Wed Jun 22, 2005 7:17 am

I have just had the same issue when upgrading from 3.0.2 to 3.0.7. This really should have been made clear in the upgrade notes.
Just to clarify, the ActiveDirectoryDomain property in the vault.config file needs changing. This needs to be the fully qualified domain name, not the pre windows 2000 domain name.

So if you look at an active directory account, it is the bit after the @ sign.