Question

SSO login Issue for Cross Domain --New

  • 4 October 2022
  • 5 replies
  • 178 views

Badge +3

Hi All, 

 

We are not able to access Commcell Console via SSO from other Domain.

 

We re getting Database error while trying to access Commcell console.

 

From EVMgrs Logs we are getting 0xc000019B error.

 

And from Client Machine  we are getting 0x1b Unknown error.

 

Microsoft is suggesting us to create SPN for Service Account , Is it Necessary to configure SPN for Cross Domain SSO.

 

Please suggest us how we can troubleshoot the issue.


5 replies

Userlevel 7
Badge +23

@MSAmlin - Backup Team , have you added both Domain’s the the Commserve?

From the link below:

  • If you use trusted domains, register both domains with the CommServe server so that users from the trusted domains can log on

https://documentation.commvault.com/2022e/expert/3791_adding_domain_controllers_for_single_sign_on.html

Thanks!

 

Badge

The error code in EvMgrS.log means there is a trust issue, ‘0xC000019B’ indicates STATUS_DOMAIN_TRUST_INCONSISTENT

 

token received by commserve(abc domain) will be sent to other domain (xyz) for validation 

 

if xyz do not trust abc domain then sso login fails

Badge +3

Hi Mike,

 

We had added the domain controller as per commvault Documentation . Commvault Vendor is verified the configuration as well  , no issue form that part.

 

Thanks..

Userlevel 7
Badge +23

@MSAmlin - Backup Team , can you confirm the trust as per @Prasad S Mirje ?

Badge +3

Hi All,

 

Microsoft reviewed the logs , We have a Test Env where we had test this Cross domain SSO and is working fine , so they reviewed both working and non working scenario logs and provided below findings.

 

In working scenario request is being sent to SPN and kerberos process is happening .

 

But for Non working scenario request is being sent tp service account and getting error “KDC_ERR_S_PRINCIPAL_UNKNOWN” .

 

Please let us know if need to configure any SPN .

 

Reply