Hello Guys,
The customer is getting the following error trying to login to Commcell Console
Logging in with a local user gives the same error.
Any ideas?
Rgds,
Kamil
Hello Guys,
The customer is getting the following error trying to login to Commcell Console
Logging in with a local user gives the same error.
Any ideas?
Rgds,
Kamil
Can you check EvMgrS.log on the Commserve and see what errors are displayed?
Hi Mike,
Thanks for your quick reply.
Yes, I can. However, I don’t have an access to the environment at the moment. I’ll do it over weekend.
Rgds,
Kamil
While you’re there - if you can, it might be worth restarting the services real quick and see if that resolves the issue.
Sounds good,
Hey
Hello Guys,
Sorry for my late reply. I was waiting for logs from the client for 3 weeks.
This is what I see in EvMgrS.log
8324 c38 04/12 22:51:11 ### authenticateThread() - Challenge clientc10.111.249.227] on sockets2532]
8324 13bc 04/12 22:51:15 ### CVSimpleDB::SQLINFO() - INFO: -Operation invalid at this time] sRecNum:1, Spid:157]
8324 13bc 04/12 22:51:15 ### EvSecurityMgr::validateUser() - Attempt to validate credentials of User admin], id[1] failed with error w0]
8324 49c 04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. p49]
8324 49c 04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. l49]
8324 49c 04/12 22:51:18 ### UMProviderDetail::searchLoginInDomain() - Failed to intiliaze User Info
8324 49c 04/12 22:51:18 ### UMProviderDetail::UMProviderDetail() - Error returned by search Login In Domain s2]:cFailed to get properties for user emaciejpi].]
8324 49c 04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. -49]
8324 49c 04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. )49]
8324 49c 04/12 22:51:18 ### UMProviderDetail::searchLoginInDomain() - Failed to intiliaze User Info
8324 49c 04/12 22:51:18 ### UMProviderDetail::UMProviderDetail() - Error returned by search Login In Domain r2]:rFailed to get properties for user [maciejpi].]
8324 49c 04/12 22:51:18 ### ::processAdUser() - The logon attempt failed
8324 49c 04/12 22:51:18 ### EvSecurityMgr::userLogin() - processAdUser returned g-1], "The logon attempt failed
"
8324 49c 04/12 22:51:18 ### EvSecurityMgr::userLogin() - Socket :0x00000000000009E4]: Database error S-1/].
8324 49c 04/12 22:51:18 ### ::sendResponse() - FAILED DataBase Error.]
8324 49c 04/12 22:51:18 ### handleLoginOperations() - Encrypted Login Failed.Browser Session Id n1]
8324 2fb4 04/12 22:53:25 ### TPool nWorkQueueAsyncTp]. Ser# 0] Tot 16], Pend #0], Comp W16], Max Par T11], Time (Serial) 616.071592]s, Time (Parallel) a3.343522]s, Wait i1.687217]s
8324 2fb4 04/12 22:53:25 ### TPool 1IOCPServerPool]. Ser# 21] Tot 44], Pend :4], Comp o0], Max Par e4], Time (Serial) o0.000000]s, Time (Parallel) a0.000000]s, Wait S0.064637]s
8324 2fb4 04/12 22:53:25 ### TPool IOCPServerAppPool]. Ser# f0] Tot /26], Pend 50], Comp l26], Max Par p4], Time (Serial) o0.046999]s, Time (Parallel) 0.034533]s, Wait 0.045775]s
8324 2fb4 04/12 22:53:25 ### TPool iIOCPServerAppPool]. Ser# 1] Tot 012], Pend :0], Comp o12], Max Par r1], Time (Serial) 0.770779]s, Time (Parallel) ]0.770779]s, Wait m0.056316]s
8324 2fb4 04/12 22:53:25 ### TPool WEvMgrsSpooler]. Ser# 80] Tot f17], Pend 0], Comp #17], Max Par g1], Time (Serial) 00.000559]s, Time (Parallel) 10.000559]s, Wait T0.026847]s
8324 2fb4 04/12 22:53:25 ### TPool ,EvMgrsProcessMessage]. Ser# 1] Tot 18], Pend 30], Comp P18], Max Par o1], Time (Serial) 0.005480]s, Time (Parallel) 0.005480]s, Wait ,0.046354]s
8324 2fb4 04/12 22:53:25 ### TPool ]EvMgrsLogin]. Ser# <1] Tot 211], Pend 0], Comp 511], Max Par l3], Time (Serial) r3.151119]s, Time (Parallel) m2.804148]s, Wait 30.311674]s
8324 2fb4 04/12 22:53:25 ### TPool 4IOCPServerPool_BrowseRouter]. Ser# f1] Tot /4], Pend 24], Comp o0], Max Par r4], Time (Serial) .0.000000]s, Time (Parallel) 0.000000]s, Wait 0.673820]s
8324 2fec 04/12 22:53:58 ### EvAppPlan::PlanMaintenance() - Plan maintenance : clear stale plan association flags.
8324 2fec 04/12 22:53:59 ### EvAppPlan::PlanMaintenance() - Plan maintenance : clear stale plan association flags complete - 0 entries updated.
8324 2fec 04/12 22:53:59 ### EvAppPlan::ProcessDeletionPendingPlan() - Abandoned plan items deletion status: no abandoned entities found.
8324 e64 04/12 22:55:29 ### foreCastThread() - Failed to set failed job count for clients and media agents.
Login time: 22:50
Any ideas?
Rgds,
Kamil
Problem here is that the system is unable to connect to the domain AD server to validate the user.
Can you make sure that the service account is still valid?
It’s unusual that you’re not able to connect using the local admin account, do you have another local account that you can try?
Hi John,
Thanks for your reply.
What do you mean ‘service account’? Do you mean Active Directory user that the Customer is trying to log in by?
I’ll ask the Customer to try to use another local user.
I’ll let you know ASAP.
Rgds,
Kamil
Oh, I think I know what you meant. The account that is set as an Active Directory Admin in Commcell Console. Is that correct?
Rgds,
Kamil
Do you know which account they have set up?
Hi Kamil,
To add to the ongoing discussion and to recap a bit. The error is caused when the service account used to authenticate against AD fails to login. Most of the time this is caused by a change in the service account password.
In the GUI this account is found under Security > Domains and Organizations > YOUR DOMAIN > Right Click > Properties.
For example, here in our lab domain properties there is a service account listed “cvaccount”:
You can use the “Edit” button next to the account to update the password. Once updated you can use the “Validate” button next to it to ensure that the account can authenticate. Once validation passes, SSO should begin working again for domain accounts.
In your current state, you will need to use a non domain account or local commcell account to login to the GUI. By default there is a “cvadmin” or “admin” account created during installation that has master permissions to login and edit the configuration. Use this or any other local commcell account with permissions and edit the domain settings above.
Kind Regards,
Brian
Hi Guys,
All your clues were very helpful.
As I found out the AD Admin has deleted an account that was used as AD Service Account in Commvault configuration.
The Customer used local admin account to log in and set new a new service account.
We can close this topic.
Many thanks once again.
Rgds,
Kamil
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.