Solved

Unable to login web console with active directory users

  • 25 April 2022
  • 8 replies
  • 2055 views

Userlevel 3
Badge +7

Hi,

Our customer was using Commvault without a web server and command center. We tried to add web server and command center packages to already installed commserve but it failed. We opened a case but they couldn’t resolve the issue. Our customer created new virtual machine for web server. I installed web server and command center packages on this new virtual machine but I can’t login with active directory users to them. We have a configured domain controller with SSO. We can login java console with both local and domain users but we can login web console only local users.

Commvault version is 11.24.43

icon

Best answer by Mike Struening RETIRED 27 June 2022, 22:26

View original

If you have a question or comment, please create a topic

8 replies

Userlevel 7
Badge +16

Sounds like there is an underlying ODBC database connection issue from the webserver to the commserve.
Can you check webserver.log and webconsole.log on the newly installed webserver for connectivity errors?

Userlevel 3
Badge +7

Hi @Jos Meijer ,

Thank you for your answer. I saw these lines in webserver.log;

5260  99    04/22 14:46:01 ### ### csSecurity::GetFromUsersPropDB - Query failed for id=24

5260  45    04/22 14:46:05 45  ### HandleGalaxyAndDomainLogins - errorCode: [1116, errorString [Username/Password are incorrect]]
5260  45    04/22 14:46:05 45  ### FillLoginResponseWithError - errorCode: [1116], [errorString: [Username/Password are incorrect]

5260  45    04/22 14:46:10 ### ### csSecurity::GetFromUsersPropDB - Query failed for id=24

5260  f9c   04/22 14:46:38 ### QSDKInitializeWithLoginFlag() - Registry nEnablePreInstallQCMD is not present and trying to talk to different CS. So setting enable pre install mode: [1]

5260  2bd8  04/22 14:46:39 ### getCommServerHostName() - Invalid platform type.
5260  2bd8  04/22 14:46:39 ### QSDKInitializeWithLoginFlag() - Registry nEnablePreInstallQCMD is not present and trying to talk to different CS. So setting enable pre install mode: [1]
5260  2bd8  04/22 14:46:39 ### Response from QSDK Server failed with Error code [0x9] Error string [QSDK Server failed to find a connection to the Commserver, Relogin required]
5260  2bd8  04/22 14:46:39 ### Retrying Connection to QSDK Server
5260  2bd8  04/22 14:46:39 ### readAndDescrambleData()() - File Handle is NULL:Error[QERROR_API_OPENSESSFILEFAILED]

   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)'] Response status code set to HttpStatusCode.InternalServerError (500)
5260  45    04/22 14:48:15 45  test Invoke - DELETE /CVWebService.svc/subscription/23 : HTTP code 'InternalServerError'

5260  61    04/22 14:48:29 ### ### csSecurity::GetFromUsersPropDB - Query failed for id=22

5260  98    04/22 14:48:32 ### ### ADAuthenticator:BindForAd - Exception occurred. Message [The user name or password is incorrect.
], inner Exception [], source [System.DirectoryServices] stacktrace [   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

5260  98    04/22 14:48:32 ### ### ADAuthenticator:BindForAd - User backupadm of domain anadolu has bad password attempt.

5260  98    04/22 14:48:32 98  ### HandleGalaxyAndDomainLogins - ErrorCode: [1127], ErrorString : [Unknown Error] in domain [anadolu]
5260  98    04/22 14:48:32 98  ### FillLoginResponseWithError - errorCode: [1127], [errorString: [Unknown Error]

5260  159   04/22 14:57:18 159 ### Invoke - GET /CVWebService.svc/api/patchInformation : HTTP code 'InternalServerError'

Userlevel 7
Badge +16

It does show attempts to validate the user, but this section bothers me:

 

5260  2bd8  04/22 14:46:39 ### getCommServerHostName() - Invalid platform type.
5260  2bd8  04/22 14:46:39 ### QSDKInitializeWithLoginFlag() - Registry nEnablePreInstallQCMD is not present and trying to talk to different CS. So setting enable pre install mode: [1]
5260  2bd8  04/22 14:46:39 ### Response from QSDK Server failed with Error code [0x9] Error string [QSDK Server failed to find a connection to the Commserver, Relogin required]
5260  2bd8  04/22 14:46:39 ### Retrying Connection to QSDK Server
5260  2bd8  04/22 14:46:39 ### readAndDescrambleData()() - File Handle is NULL:Error[QERROR_API_OPENSESSFILEFAILED]

 

A few check questions:

  • Do you have a standby server with active commserve services where the webserver might be trying to connect to?
  • What happens if you log in with a local user? Can you log in and if so do you see the correct commserve information?
  • Have you opened the necessary SQL / ODBC ports in the firewall?
  • Have you adjusted the SQL config to connect via a Commvault tunnel to the Commserve?
Userlevel 3
Badge +7
  • Do you have a standby server with active commserve services where the webserver might be trying to connect to?

No, its standalone. But when i clicked web console and command center icons from java console after install the web server, it tried to go different hostname which we don’t know. I added below additional settings to CommServe for correct that;

https://documentation.commvault.com/11.24/expert/4344_changing_web_console_url_for_commserve.html

  • What happens if you log in with a local user? Can you log in and if so do you see the correct commserve information?

Yes i can log in with a local user and i see correct CommServe information.

  • Have you opened the necessary SQL / ODBC ports in the firewall?

I will check that.

  • Have you adjusted the SQL config to connect via a Commvault tunnel to the Commserve?

I will check that.

Userlevel 3
Badge +7

I opened a case: 220426-460

Userlevel 7
Badge +23

Thanks, @ibrahimemrekaya !  Will follow this one closely.

Userlevel 7
Badge +23

Looks like the case was Archived.

 

Were you able to resolve this on your end?

Finding Details:

- Validation for the Domain is Successful through the GUI
- SSO login and AD login was not working for Webconsole however it was working for GUI
- We tested the Connection and Binding with LDP.exe tool on the Webconsole server - Connection and Bind both Worked
- We also tried changing the Domain name to IP address and Domain Controller Hostname - still same issue
- Checked the Latest KBs installed on the Webserver
- they had the updates from February and March
- Suggested to uninstall patches which were installed in Feb and March and then reboot the Webserver - Still Same issue

Solution:

Development Team would like to review event viewer logs from AD machine,

Userlevel 7
Badge +23

Sharing Final Case Solution,.  If you revisit this issue, please update the thread!

Finding Details:
- Validation for the Domain is Successful through the GUI
- SSO login and AD login was not working for Webconsole however it was working for GUI
- We tested the Connection and Binding with LDP.exe tool on the Webconsole server  - Connection and Bind both Worked
- We also tried changing the Domain name to IP address and Domain Controller Hostname - still same issue
- Checked the Latest KBs installed on the Webserver
- they had the updates from February and March
- Suggested to uninstall patches which were installed in Feb and March and then reboot the Webserver - Still Same issue

Solution:

- Dev Team Advised to install Diag 5104 on the Webserver and the Commserver
- Along with the Additional setting on Webserver
Name- AdAuthenticateType
Category - WebServer
Type - Integer
Value - 3

- Still the same issue
- Customer has decommissioned the Webserver as of now
- they will plan to install a new Webserver is future and requested to close this case