Changing domain for authentication
Moderator: SourceGear
Changing domain for authentication
We have 2 domains on our network. Vault ( Vault Standard Client Version: 9.1.0.584 ) uses the older domain for authentication. We are in the process of eliminating the older domain, so I would like to start using the newer domain for authentication. I added the newer domain to the list of possible domains in the admin console and rebooted the Vault server host. The newer domain is now in the list of available domains in the user setup. However, when I select this domain (for my username) and save it, when I login to the client on my desktop, I get a 'username and password not found' error. I get this error whether I enter the password for the newer or older domain (they are different). When I change the user settings back to use the older domain for authentication, I can log in fine with the older domain password. Am I missing something?
epsobolik
epsobolik
Re: Changing domain for authentication
When Vault was installed, did you use the Machine\ASPNET account for the IIS Process model and Windows authentication for the SQL Server setup? If so, the following KB article should help you:
viewtopic.php?f=13&t=3146
You may need to reinstall the Vault Server.
This KB article will likely assist you as well:
viewtopic.php?f=13&t=22635
If this information doesn't help, please send us your Vault Server log along with some screenshots of the configuration for one of the users you have setup. The Vault Server log is in %windir%\temp\sgvault\sgvault.log on the server machine.
Thanks,
Tonya
viewtopic.php?f=13&t=3146
You may need to reinstall the Vault Server.
This KB article will likely assist you as well:
viewtopic.php?f=13&t=22635
If this information doesn't help, please send us your Vault Server log along with some screenshots of the configuration for one of the users you have setup. The Vault Server log is in %windir%\temp\sgvault\sgvault.log on the server machine.
Thanks,
Tonya
Re: Changing domain for authentication
Here are the requested documents:
- Attachments
-
- WrightsoftUserSetupNewDomain.png (72.24 KiB) Viewed 14345 times
-
- sgvaultlog.txt
- (2.64 KiB) Downloaded 486 times
Re: Changing domain for authentication
Hello again,
What version of Vault do you have installed? Is "mii" the new domain name?
The Vault Server log does not show any errors. Can you please attempt to log into the new domain to recreate the error?
Then resend the Vault Server log by emailing support@sourcegear.com.
Thanks,
Tonya
What version of Vault do you have installed? Is "mii" the new domain name?
The Vault Server log does not show any errors. Can you please attempt to log into the new domain to recreate the error?
Then resend the Vault Server log by emailing support@sourcegear.com.
Thanks,
Tonya
Re: Changing domain for authentication
From the original post, the version of Vault is 9.1.0.584
Not sure what you mean by 'log in to the new domain'. Yes, mii is the name of the new domain. Do you mean log in to Vault using mii as the AD used for authentication? I did that and have attached the resulting sgvault.log (renamed to sgvaultlog (2).txt)
Not sure what you mean by 'log in to the new domain'. Yes, mii is the name of the new domain. Do you mean log in to Vault using mii as the AD used for authentication? I did that and have attached the resulting sgvault.log (renamed to sgvaultlog (2).txt)
- Attachments
-
- sgvaultlog (2).txt
- (3.09 KiB) Downloaded 451 times
Re: Changing domain for authentication
I now see the following error in your log:
Active Directory authorization for user epsobolik@mii failed: The server is not operational.
epsobolik--10.10.131.254(10.10.131.254)--SSL Disabled Login failed: FailInvalidPassword
Make sure the information that you have listed is the fully qualified domain name and not just the machine name when specifying the domain name in the user dialog. Then restart the Vault Server by resetting IIS.
Let me know if this helps.
Tonya
Active Directory authorization for user epsobolik@mii failed: The server is not operational.
epsobolik--10.10.131.254(10.10.131.254)--SSL Disabled Login failed: FailInvalidPassword
Make sure the information that you have listed is the fully qualified domain name and not just the machine name when specifying the domain name in the user dialog. Then restart the Vault Server by resetting IIS.
Let me know if this helps.
Tonya
Re: Changing domain for authentication
So, mii.com? The old one didn't have the '.com'. I will try that.
Re: Changing domain for authentication
I tried changing the domain name in the Vault setup to mii.com. Still no luck. Here is the entry in sgvault.log:
Active Directory authorization for user epsobolik@mii.com failed: The server is not operational.
epsobolik@mii.com is a valid username in the mii domain.
Active Directory authorization for user epsobolik@mii.com failed: The server is not operational.
epsobolik@mii.com is a valid username in the mii domain.
Re: Changing domain for authentication
The Vault Log did not attach.
Can you please confirm that you changed the domain name in both places as indicated in the KB article I provided you with:
If the domain name changes, then the AD authentication needs to be changed. In the Vault admin web page, click on Advanced Settings and enter the new domain name. Then go to Users and edit each user to use the new domain name.
Thanks,
Tonya
Can you please confirm that you changed the domain name in both places as indicated in the KB article I provided you with:
If the domain name changes, then the AD authentication needs to be changed. In the Vault admin web page, click on Advanced Settings and enter the new domain name. Then go to Users and edit each user to use the new domain name.
Thanks,
Tonya
Re: Changing domain for authentication
Yes, the new domain was added both places. As a matter of fact, you can't change it for users if you don't add it in Advanced Settings. It's a drop down list in the user setup.
I included an excerpt from the Vault log. I have attached it now.
I included an excerpt from the Vault log. I have attached it now.
- Attachments
-
- sgvaultlog (3).txt
- (12.99 KiB) Downloaded 447 times
Re: Changing domain for authentication
Since I have been unable to resolve your issue, I asked for assistance from one of our developers. The error in the log "The server is not operational." is the main issue.
Here are a couple of things you may want to try:
https://support.microsoft.com/en-us/hel ... n-error-wh
https://support.microsoft.com/en-us/hel ... e-when-you
Please let us know if this doesn't help.
Thanks,
Tonya
Here are a couple of things you may want to try:
https://support.microsoft.com/en-us/hel ... n-error-wh
https://support.microsoft.com/en-us/hel ... e-when-you
Please let us know if this doesn't help.
Thanks,
Tonya