Solved

DataBase Error when logging into Console


Userlevel 1
Badge +5

Hello Guys,

 

The customer is getting the following error trying to login to Commcell Console

 

Logging in with a local user gives the same error.

 

Any ideas?

 

Rgds,

Kamil

icon

Best answer by Kamil W 15 April 2021, 14:08

Hi Guys,

All your clues were very helpful.

As I found out the AD Admin has deleted an account that was used as AD Service Account in Commvault configuration.

The Customer used local admin account to log in and set new a new service account.

We can close this topic.

Many thanks once again.

Rgds,

Kamil

 

View original

12 replies

Userlevel 6
Badge +14

@Kamil W , could be a few things, assuming services are running, the url is correct and resolvable, and the credentials are correct.

Can you check EvMgrS.log on the Commserve and see what errors are displayed?

Userlevel 1
Badge +5

Hi Mike,

 

Thanks for your quick reply.

 

Yes, I can. However, I don’t have an access to the environment at the moment. I’ll do it over weekend.

 

Rgds,

Kamil

Userlevel 6
Badge +13

While you’re there - if you can, it might be worth restarting the services real quick and see if that resolves the issue.

Userlevel 6
Badge +14

Sounds good, @Kamil W !  Have a great weekend in the meantime!

Userlevel 6
Badge +14

Hey @Kamil W , how are things looking now?

Userlevel 1
Badge +5

Hello Guys,

 

Sorry for my late reply. I was waiting for logs from the client for 3 weeks.

 

This is what I see in EvMgrS.log

 


8324  c38   04/12 22:51:11 ### authenticateThread() - Challenge client[10.111.249.227] on socket[2532]
8324  13bc  04/12 22:51:15 ### CVSimpleDB::SQLINFO() - INFO: [Operation invalid at this time] [RecNum:1, Spid:157]
8324  13bc  04/12 22:51:15 ### EvSecurityMgr::validateUser() - Attempt to validate credentials of  User [admin], id[1] failed with error [0]
8324  49c   04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. [49]
8324  49c   04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. [49]
8324  49c   04/12 22:51:18 ### UMProviderDetail::searchLoginInDomain() - Failed to intiliaze User Info
8324  49c   04/12 22:51:18 ### UMProviderDetail::UMProviderDetail() - Error returned by search Login In Domain [2]:[Failed to get properties for user [maciejpi].]
8324  49c   04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. [49]
8324  49c   04/12 22:51:18 ### cvldap() - CvLdap::simpleBind(3233): -Debug-: ldap bind error. [49]
8324  49c   04/12 22:51:18 ### UMProviderDetail::searchLoginInDomain() - Failed to intiliaze User Info
8324  49c   04/12 22:51:18 ### UMProviderDetail::UMProviderDetail() - Error returned by search Login In Domain [2]:[Failed to get properties for user [maciejpi].]
8324  49c   04/12 22:51:18 ### ::processAdUser() - The logon attempt failed

8324  49c   04/12 22:51:18 ### EvSecurityMgr::userLogin() - processAdUser returned [-1], "The logon attempt failed

"
8324  49c   04/12 22:51:18 ### EvSecurityMgr::userLogin() - Socket [0x00000000000009E4]: Database error [-1/].
8324  49c   04/12 22:51:18 ### ::sendResponse() - FAILED [DataBase Error.]
8324  49c   04/12 22:51:18 ### handleLoginOperations() -  Encrypted Login Failed.Browser Session Id [1]
8324  2fb4  04/12 22:53:25 ### TPool [WorkQueueAsyncTp]. Ser# [0] Tot [16], Pend [0], Comp [16], Max Par [11], Time (Serial) [16.071592]s, Time (Parallel) [3.343522]s, Wait [1.687217]s
8324  2fb4  04/12 22:53:25 ### TPool [IOCPServerPool]. Ser# [1] Tot [4], Pend [4], Comp [0], Max Par [4], Time (Serial) [0.000000]s, Time (Parallel) [0.000000]s, Wait [0.064637]s
8324  2fb4  04/12 22:53:25 ### TPool [IOCPServerAppPool]. Ser# [0] Tot [26], Pend [0], Comp [26], Max Par [4], Time (Serial) [0.046999]s, Time (Parallel) [0.034533]s, Wait [0.045775]s
8324  2fb4  04/12 22:53:25 ### TPool [IOCPServerAppPool]. Ser# [1] Tot [12], Pend [0], Comp [12], Max Par [1], Time (Serial) [0.770779]s, Time (Parallel) [0.770779]s, Wait [0.056316]s
8324  2fb4  04/12 22:53:25 ### TPool [EvMgrsSpooler]. Ser# [0] Tot [17], Pend [0], Comp [17], Max Par [1], Time (Serial) [0.000559]s, Time (Parallel) [0.000559]s, Wait [0.026847]s
8324  2fb4  04/12 22:53:25 ### TPool [EvMgrsProcessMessage]. Ser# [1] Tot [18], Pend [0], Comp [18], Max Par [1], Time (Serial) [0.005480]s, Time (Parallel) [0.005480]s, Wait [0.046354]s
8324  2fb4  04/12 22:53:25 ### TPool [EvMgrsLogin]. Ser# [1] Tot [11], Pend [0], Comp [11], Max Par [3], Time (Serial) [3.151119]s, Time (Parallel) [2.804148]s, Wait [0.311674]s
8324  2fb4  04/12 22:53:25 ### TPool [IOCPServerPool_BrowseRouter]. Ser# [1] Tot [4], Pend [4], Comp [0], Max Par [4], Time (Serial) [0.000000]s, Time (Parallel) [0.000000]s, Wait [0.673820]s
8324  2fec  04/12 22:53:58 ### EvAppPlan::PlanMaintenance() - Plan maintenance : clear stale plan association flags.
8324  2fec  04/12 22:53:59 ### EvAppPlan::PlanMaintenance() - Plan maintenance : clear stale plan association flags complete - 0 entries updated.
8324  2fec  04/12 22:53:59 ### EvAppPlan::ProcessDeletionPendingPlan() - Abandoned plan items deletion status: no abandoned entities found.
8324  e64   04/12 22:55:29 ### foreCastThread() - Failed to set failed job count for clients and media agents.


 

Login time: 22:50

Any ideas?

 

Rgds,

Kamil

Badge

Problem here is that the system is unable to connect to the domain AD server to validate the user.
Can you make sure that the service account is still valid?

It’s unusual that you’re not able to connect using the local admin account,  do you have another local account that you can try?

 


 

 

Userlevel 1
Badge +5

Hi John,

 

Thanks for your reply.

What do you mean ‘service account’? Do you mean Active Directory user that the Customer is trying to log in by?

I’ll ask the Customer to try to use another local user.

I’ll let you know ASAP.

 

Rgds,

Kamil

Userlevel 1
Badge +5

Oh, I think I know what you meant. The account that is set as an Active Directory Admin in Commcell Console. Is that correct?

 

Rgds,

Kamil

Userlevel 6
Badge +14

@Kamil W the account that you have set to authenticate to the AD service within the Commcell config.

Do you know which account they have set up?

Badge

Hi Kamil,

To add to the ongoing discussion and to recap a bit. The error is caused when the service account used to authenticate against AD fails to login. Most of the time this is caused by a change in the service account password.

In the GUI this account is found under Security > Domains and Organizations > YOUR DOMAIN > Right Click > Properties.

For example, here in our lab domain properties there is a service account listed “cvaccount”:
 

 

You can use the “Edit” button next to the account to update the password. Once updated you can use the “Validate” button next to it to ensure that the account can authenticate. Once validation passes, SSO should begin working again for domain accounts.

In your current state, you will need to use a non domain account or local commcell account to login to the GUI. By default there is a “cvadmin” or “admin” account created during installation that has master permissions to login and edit the configuration. Use this or any other local commcell account with permissions and edit the domain settings above.

 

Kind Regards,

Brian

 

 

Userlevel 1
Badge +5

Hi Guys,

All your clues were very helpful.

As I found out the AD Admin has deleted an account that was used as AD Service Account in Commvault configuration.

The Customer used local admin account to log in and set new a new service account.

We can close this topic.

Many thanks once again.

Rgds,

Kamil

 

Reply