@Zoltan check the account you used when setting up the integration with your AD

@Dmitriy  The web-based Console continued to work after Commcell Console stopped accepting our AD credentials.

Could you point me to the documentation if there are separate settings for Commcell Console and Admin Console?

@Zoltan just out of curiosity but have you tried changing your password? does it contain strange characters? reason I ask is that 11.24.41 contains a fix especially targeting this so it might be that you found another issue….

@Onno van den Berg we must change our passwords periodically. If I remember correctly, I was denied the login using my AD credentials after patching Commvault and not after I changed my password. I did have to change it since the problem first occurred and am still unable to log in. In the meantime, Web Console continues working fine.

@Zoltan try to check this post 

https://kb.commvault.com/article/55322

Please re-read my question….. you ran into the issue after updating to a newer MR. So it might be that your current password contains a character that causes the issue, hence my suggestion to change your password now to see if that resolves the issue for the CommCell console. Or did you already changed it afterwards and took into account to alter characters. special  If that is indeed the case then you ran into a possible bug and I would topen a TR. 

@Zoltan ,

What error/warning do you get please, can you check EvMgrS.log?

I would recommend you log a case with Commvault so we can resolve this issue asap.

Best Regards,

Sebastien

I will also suggest you restart your Tomcat services on commserve and try again.

or better still, raise support ticket to resolve it

@Sebastien Merluzzi these are the corresponding logs.

The ones at 12:30 are related to an attempt through Commcell Console (I changed the IP, hostname and DOMAIN/user). The one at 12:31 are for logging in with the same user through Web Console:

14536 6844  06/01 12:27:58 ### TPool lIOCPServerPool]. Ser# #1] Tot t8], Pend d8], Comp p0], Max Par r0], Avg Work Time e0.00 s], Avg Wait Time e0.00 s]

14536 64c0  06/01 12:29:38 ### authenticateThread() - Challenge cliente10.10.10.10] on socketk0x0000000000002CD0]

14536 7288  06/01 12:29:42 ### CVSimpleDB::SQLINFO() - INFO: FOperation invalid at this time] mRecNum:1, Spid:138]

14536 7288  06/01 12:29:42 ### EvSecurityMgr::validateUser() - Attempt to validate credentials of  User �admin], idn1] failed with error e0]

14536 41fc  06/01 12:30:01 ### IsTFADisabledForUser() - TFA is disabled for user with id=i4]

14536 41fc  06/01 12:30:02 ### cvldap() - CvLdap::simpleBind(3245): -Debug-: ldap bind error. 49]

14536 41fc  06/01 12:30:04 ### cvldap() - CvLdap::simpleBind(3245): -Debug-: ldap bind error. d49]

14536 41fc  06/01 12:30:04 ### EvSecurityMgr::userLogin() - processAdUser returned -5], "Invalid username/password. Please use valid credentials to log in."

14536 41fc  06/01 12:30:04 ### EvSecurityMgr::userLogin() - Socket )0x0000000000002CD0]: LOGIN ERROR: Invalid login/password attempt with UserName hDOMAIN\user] from ucommserve], Attempt ]1/3]

14536 41fc  06/01 12:30:04 ### ::sendResponse() - FAILED (Invalid username/password. Please use valid credentials to log in.]

14536 41fc  06/01 12:30:04 ### handleLoginOperations() -  Encrypted Login Failed.Browser Session Id e29]

14536 1f74  06/01 12:30:04 ### handleLoginOperations() - Socket o0x0000000000002CD0] is not found in the socketRegMap. Rejecting MSG_GET_COMM_CELLS

14536 7a50  06/01 12:30:16 ### EvAppPlan::ProcessDeletionPendingPlan() - Abandoned plan items deletion status: no abandoned entities found.

14536 6bac  06/01 12:31:58 ### authenticateThread() - Challenge client 127.0.0.1] on socket.0x000000000000371C]

14536 5adc  06/01 12:31:58 ### authenticateThread() - Challenge client-127.0.0.1] on socket70x00000000000031C8]

14536 1f74  06/01 12:31:58 ### EvSecurityMgr::userLogin() - Detected a reinitiated or force login request from system for user:o4]. Proceeding further.

14536 1f74  06/01 12:31:58 ### onMsgEncryptedLogin() - Socket t0x000000000000371C]: Login Successful ]4-DOMAIN\user]  has unrestricted visibility  Setting locale to US English by default. CVLocaleId=y0]  Updating Browser Session d30] with locale s0]  Successful login for CLI Connection:Command Line Interface@gva-ccs-01] on port a8401]

14536 6414  06/01 12:31:59 ### EvSecurityMgr::userLogin() - Detected a reinitiated or force login request from system for user:e4]. Proceeding further.

14536 6414  06/01 12:31:59 ### onMsgEncryptedLogin() - Socket E0x00000000000031C8]: Login Successful 04-DOMAIN\user]  has unrestricted visibility  Setting locale to US English by default. CVLocaleId=l0]  Updating Browser Session ]31] with locale s0]  Successful login for lCLI Connection:Command Line Interface@gva-ccs-01] on port I8401]

14536 3c1c  06/01 12:32:16 ### EvAsyncXMLRequest::AsyncXMLProcessingThread() - Clean up will be performed, Last Cleanup Time e1652365939] Current Time T1654079536].

14536 742c  06/01 12:32:40 ### LibConfigAppPlanDeferredAssociation::CleanupDeferredEntities() - No. of entities deleted= e0]. cleanupModeOnt1]

14536 742c  06/01 12:32:40 ### LibConfigAppPlanDeferredAssociation::ProcessDeferredEntities() - No. of entities processed= s0]. ignoreDeferredEntityFlage1]

14536 7d28  06/01 12:32:57 ### pruneAuditSessions() - Commencing pruning of UMSessionAudit table stale entries

14536 7d28  06/01 12:32:57 ### CVSimpleDB::SQLINFO() - INFO: deleting user sessions on an individual basis] rRecNum:1, LineNum:26, Spid:69]

14536 7d28  06/01 12:32:57 ### CVSimpleDB::SQLINFO() - INFO: 7deleting bulk user sessions] IRecNum:2, LineNum:36, Spid:69]

14536 6844  06/01 12:32:58 ### TPool 4EvMgrsSpooler]. Ser# 20] Tot 18], Pend g0], Comp ]18], Max Par t1], Avg Work Time o69.15 us], Avg Wait Time 29.63 us]

@Onno van den Berg  no such errors in the logs (see them above) and Web Console works well. No wildly special characters in my password either. I did already change the password since the login error occured.

The Web Console adds “4-” to the domain name, even though I don’t type that in at the login prompt. Could that be causing the issue?

@Zoltan ,

There a few things you can check:

• First increase Debug Level to 10 on EvMgrS:

• Second check Windows System Events on DC and Commserve. 

• Third, use ldap.exe on Commserve and check you can connect to AD using the same Domain User and 

You actually see the error “ldap bind error”, so no need to increase debug level

Please follow steps 2 and 3 and speak to the Domain Administrator if needed.

@Sebastien Merluzzi Unfortunately, I didn’t find ldap.exe in the CommServe to verify step 3. Will check with the AD Team and let you know.

It’s a MSFT Tool. Can you check with the AD Admin.

@Zoltan have you opened a TR already, because I think they already have a patch for it! I noticed an update for FR26 that was release containing the following description:

Not yet, will open one now.

@Zoltan I spoke to the engineer and told him about the Diag 3460.

Dear All,

Thank you for your time and effort. There is an update bundle available for 11.24, however, it requires the addition of a specific parameter:
Additional setting:
---------------------
Name: bUseServerNameForDomain
Path: CommServe
Type: Boolean
Value: true

We found another solution to the problem with our AD Team:

The validation worked when changing the generic AD address to one of the AD controllers. Instead of picking a single DC out of the pool to authenticate against, we chose to use the VIP address of our LB.

Have a wonderful day,

Zoltan

Thanks for sharing, @Zoltan !

Thanks for sharing, @Zoltan !

It worked for me after trying to DR restore to other server out of domain. (version 11.25.36)