Solved

SSO issues on webconsole

  • 15 September 2021
  • 17 replies
  • 72 views

Userlevel 1
Badge +5

Hello,

 

I am facing an issue where SSO is not working for webconsole :|


Setup that I have: 2 commcells, 1 centralised webconsole/metrics host. Web console is attached to master commcell and 2nd commcell is a child commcell attached to webconsole.

So, if I am logging into webconsole server itself and to try open webconsole page - it is asking for credentials. I believe it should not due to the fact both commcells have the account in users. I am logging into commcell itself with that account and SSO with no issues.

So I was browsing logs on webconsole host and found this:
 


But within the commcel, SSO is enabled in domain controller settings:
 



Maybe someone knows the magic trick to fix this?

icon

Best answer by Benjis 16 September 2021, 12:53

Hi @Mike Struening 

 

It’s a very strange fix and I can’t yet understand is it a proper fix or a workaround, but why not - it works :)

So more detailed fix for the issue is:
1) Control Panel > Network and Internet > Internet Options
2) Select ‘Security’ tab
3) Click on ‘Trusted Sites’
4) Add your URL of your webconsole to the trusted sites
5) Set Security level of ‘Low’

 



You can mark this post as the answer :) 

View original

17 replies

Userlevel 3
Badge +5

Hi Benjis,

Have you used the LDAP Tool and you can connect and bind?

Or do you also get an error?

Best Regards,

Seb

Userlevel 1
Badge +5

Hi @Seb 

 

Yes, I’ve checked on ldp also. I can connect both on 389 and 636 ports. Bind also. 

 

Userlevel 6
Badge +13

Hi @Benjis 

I believe the Web Console itself needs to be in the same domain, or at least needs the ability to bind to the AD domain specified.

Have you tried running those LDP queries or connection attempts while logged on to Web Console server as a windows user?

Thanks,

Stuart

Userlevel 1
Badge +5

Hi @Stuart Painter 

Both commcells and web console are on same domain.. I use the same account to connect to commcells hosts/ java gui and to web console host. :?

Userlevel 3
Badge +5

Hi @Benjis 

Can you check Webserver.log and put the snippets here?

Best Regards,

Seb

 

Userlevel 1
Badge +5

Hi @Seb 

 

Are you looking into something particular in the log and want me to look for? 

Userlevel 3
Badge +5

Hi @Benjis 

Any errors just before or same that Date/Time below:

 

Userlevel 1
Badge +5

Hi @Seb 

There were no errors that I’ve seen just before the mentioned AD errors. I have taken a snippet here:

  1. Blue section is where I initially open the url and it should log me in automatically using SSO without asking credentials - but it does not happen (it asks creds, refer to screenshot in 1st post).
  2. Red section is that user which is being failed to log into using SSO. I am logged with that user directly in OS and launching console in browser - it should allow SSO log in for that user. 
     

     

Userlevel 3
Badge +5

HI @Benjis 

Which SP/HPK or FR/MR is this please?

Is the Web Server on the Commserve?

Have you tried to restart the Web Server?

Userlevel 1
Badge +5

Hi @Seb 

 

This is on V11SP20 HPK 55.

Web Server is not on Commserve. Web server is on the same host as the web console.
Web Server was restarted, all combos checked. CV and IIS service restart, whole server restart.

Userlevel 3
Badge +5

HI @Benjis,

I see "invalid token type to retrive sessionGuid" in your log, not sure 100% sure that’s the issue.

You can try to uninstall all the Web Server/Web Console and reinstall them on the Commserve.

Otherwise, just log a case with Commvault and they will check.

Best Regards,

Seb

Userlevel 1
Badge +5

Hi @Seb 

 

Having webserver/web console on commserve is not an option :) Thanks for trying to help out!

Userlevel 3
Badge +5

HI @Benjis,

Now I am confused, you already have a case :grinning:

I am sure he will be able to help you.

Best Regards,

Seb

Userlevel 7
Badge +19

@Benjis , can you share the case number so I can track accordingly?

Userlevel 7
Badge +19

@Benjis , I was able to find the case number 210907-423.

Looks like they resolved it for you (sharing the solution).

Feel free to share the case number going forward right in the first post.  The Support staff have access to the case notes and can perhaps find a solution faster rather than start from scratch :blush:   The faster we can help you, the better!

Resolution from case:

On WebEx session, we looked at the issue where one of his Commserve servers cannot access the metrics server via the web and SSO.

The main Commserve can access the metrics server via SSO but the child Commserve prompts for a login and SSO is not working.

Login window was from Internet Explorer and we were able to get the login to work by adjusting the security levels in IE.

Userlevel 1
Badge +5

Hi @Mike Struening 

 

It’s a very strange fix and I can’t yet understand is it a proper fix or a workaround, but why not - it works :)

So more detailed fix for the issue is:
1) Control Panel > Network and Internet > Internet Options
2) Select ‘Security’ tab
3) Click on ‘Trusted Sites’
4) Add your URL of your webconsole to the trusted sites
5) Set Security level of ‘Low’

 



You can mark this post as the answer :) 

Userlevel 7
Badge +19

Will do!

Reply