Skip to main content

Hello Guys,

 

The customer is getting the following error trying to login to Commcell Console

 

Logging in with a local user gives the same error.

 

Any ideas?

 

Rgds,

Kamil

@Kamil W , could be a few things, assuming services are running, the url is correct and resolvable, and the credentials are correct.

Can you check EvMgrS.log on the Commserve and see what errors are displayed?


Hi Mike,

 

Thanks for your quick reply.

 

Yes, I can. However, I don’t have an access to the environment at the moment. I’ll do it over weekend.

 

Rgds,

Kamil


While you’re there - if you can, it might be worth restarting the services real quick and see if that resolves the issue.


Sounds good, @Kamil W !  Have a great weekend in the meantime!


Hey @Kamil W , how are things looking now?


Hello Guys,

 

Sorry for my late reply. I was waiting for logs from the client for 3 weeks.

 

This is what I see in EvMgrS.log

 


8324  c38   04/12 22:51:11 ### authenticateThread() - Challenge clientc10.111.249.227] on sockets2532]
8324  13bc  04/12 22:51:15 ### CVSimpleDB::SQLINFO() - INFO: -Operation invalid at this time] sRecNum:1, Spid:157]
8324  13bc  04/12 22:51:15 ### EvSecurityMgr::validateUser() - Attempt to validate credentials of  User admin], id[1] failed with error w0]
8324  49c   04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. p49]
8324  49c   04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. l49]
8324  49c   04/12 22:51:18 ### UMProviderDetail::searchLoginInDomain() - Failed to intiliaze User Info
8324  49c   04/12 22:51:18 ### UMProviderDetail::UMProviderDetail() - Error returned by search Login In Domain s2]:cFailed to get properties for user emaciejpi].]
8324  49c   04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. -49]
8324  49c   04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. )49]
8324  49c   04/12 22:51:18 ### UMProviderDetail::searchLoginInDomain() - Failed to intiliaze User Info
8324  49c   04/12 22:51:18 ### UMProviderDetail::UMProviderDetail() - Error returned by search Login In Domain r2]:rFailed to get properties for user [maciejpi].]
8324  49c   04/12 22:51:18 ### ::processAdUser() - The logon attempt failed

8324  49c   04/12 22:51:18 ### EvSecurityMgr::userLogin() - processAdUser returned g-1], "The logon attempt failed

"
8324  49c   04/12 22:51:18 ### EvSecurityMgr::userLogin() - Socket :0x00000000000009E4]: Database error S-1/].
8324  49c   04/12 22:51:18 ### ::sendResponse() - FAILED DataBase Error.]
8324  49c   04/12 22:51:18 ### handleLoginOperations() -  Encrypted Login Failed.Browser Session Id n1]
8324  2fb4  04/12 22:53:25 ### TPool nWorkQueueAsyncTp]. Ser# 0] Tot 16], Pend #0], Comp W16], Max Par T11], Time (Serial) 616.071592]s, Time (Parallel) a3.343522]s, Wait i1.687217]s
8324  2fb4  04/12 22:53:25 ### TPool 1IOCPServerPool]. Ser# 21] Tot 44], Pend :4], Comp o0], Max Par e4], Time (Serial) o0.000000]s, Time (Parallel) a0.000000]s, Wait S0.064637]s
8324  2fb4  04/12 22:53:25 ### TPool IOCPServerAppPool]. Ser# f0] Tot /26], Pend 50], Comp l26], Max Par p4], Time (Serial) o0.046999]s, Time (Parallel) 0.034533]s, Wait 0.045775]s
8324  2fb4  04/12 22:53:25 ### TPool iIOCPServerAppPool]. Ser# 1] Tot 012], Pend :0], Comp o12], Max Par r1], Time (Serial) 0.770779]s, Time (Parallel) ]0.770779]s, Wait m0.056316]s
8324  2fb4  04/12 22:53:25 ### TPool WEvMgrsSpooler]. Ser# 80] Tot f17], Pend 0], Comp #17], Max Par g1], Time (Serial) 00.000559]s, Time (Parallel) 10.000559]s, Wait T0.026847]s
8324  2fb4  04/12 22:53:25 ### TPool ,EvMgrsProcessMessage]. Ser# 1] Tot 18], Pend 30], Comp P18], Max Par o1], Time (Serial) 0.005480]s, Time (Parallel) 0.005480]s, Wait ,0.046354]s
8324  2fb4  04/12 22:53:25 ### TPool ]EvMgrsLogin]. Ser# <1] Tot 211], Pend 0], Comp 511], Max Par l3], Time (Serial) r3.151119]s, Time (Parallel) m2.804148]s, Wait 30.311674]s
8324  2fb4  04/12 22:53:25 ### TPool 4IOCPServerPool_BrowseRouter]. Ser# f1] Tot /4], Pend 24], Comp o0], Max Par r4], Time (Serial) .0.000000]s, Time (Parallel) 0.000000]s, Wait 0.673820]s
8324  2fec  04/12 22:53:58 ### EvAppPlan::PlanMaintenance() - Plan maintenance : clear stale plan association flags.
8324  2fec  04/12 22:53:59 ### EvAppPlan::PlanMaintenance() - Plan maintenance : clear stale plan association flags complete - 0 entries updated.
8324  2fec  04/12 22:53:59 ### EvAppPlan::ProcessDeletionPendingPlan() - Abandoned plan items deletion status: no abandoned entities found.
8324  e64   04/12 22:55:29 ### foreCastThread() - Failed to set failed job count for clients and media agents.


 

Login time: 22:50

Any ideas?

 

Rgds,

Kamil


Problem here is that the system is unable to connect to the domain AD server to validate the user.
Can you make sure that the service account is still valid?

It’s unusual that you’re not able to connect using the local admin account,  do you have another local account that you can try?

 


 

 


Hi John,

 

Thanks for your reply.

What do you mean ‘service account’? Do you mean Active Directory user that the Customer is trying to log in by?

I’ll ask the Customer to try to use another local user.

I’ll let you know ASAP.

 

Rgds,

Kamil


Oh, I think I know what you meant. The account that is set as an Active Directory Admin in Commcell Console. Is that correct?

 

Rgds,

Kamil


@Kamil W the account that you have set to authenticate to the AD service within the Commcell config.

Do you know which account they have set up?


Hi Kamil,

To add to the ongoing discussion and to recap a bit. The error is caused when the service account used to authenticate against AD fails to login. Most of the time this is caused by a change in the service account password.

In the GUI this account is found under Security > Domains and Organizations > YOUR DOMAIN > Right Click > Properties.

For example, here in our lab domain properties there is a service account listed “cvaccount”:
 

 

You can use the “Edit” button next to the account to update the password. Once updated you can use the “Validate” button next to it to ensure that the account can authenticate. Once validation passes, SSO should begin working again for domain accounts.

In your current state, you will need to use a non domain account or local commcell account to login to the GUI. By default there is a “cvadmin” or “admin” account created during installation that has master permissions to login and edit the configuration. Use this or any other local commcell account with permissions and edit the domain settings above.

 

Kind Regards,

Brian

 

 


Hi Guys,

All your clues were very helpful.

As I found out the AD Admin has deleted an account that was used as AD Service Account in Commvault configuration.

The Customer used local admin account to log in and set new a new service account.

We can close this topic.

Many thanks once again.

Rgds,

Kamil

 


Reply