Old Forums
Search:
Portal Engine Questions on portal engine and web parts.
Version 7.x > Portal Engine > Mixed Authentication Issues - Single user unable to login View modes: 
User avatar
Member
Member
kmiday-cuyahogalibrary - 4/9/2013 3:56:13 PM
   
Mixed Authentication Issues - Single user unable to login
Hi Everyone,

I've got an intranet site setup using mixed authentication. So far everyone has been able to login successfully except one user, and I can't figure out why.

We've checked settings in AD, reset user passwords, turned roles on, turned them off, added the user manually etc.

The event log doesn't provide much information, and I've tried without success to get the logon form to throw a more detailed error except the default "Your login attempt was not successful. Please try again."

If anyone has any idea of things to check, or a resource for me to reference it's greatly appreciated.

User avatar
Kentico Legend
Kentico Legend
Brenden Kehren - 4/9/2013 11:02:40 PM
   
RE:Mixed Authentication Issues - Single user unable to login
If the user is already a "form" user within Kentico then their AD authentication will not work. You will need to delete that user and let them authenticate again. I'm assuming this user is attempting to use AD authentication and not forms.

User avatar
Member
Member
kmiday-cuyahogalibrary - 4/10/2013 6:10:22 AM
   
RE:Mixed Authentication Issues - Single user unable to login
I double checked just in case, but the only users that existed when I setup mixed authentication were global admin and the dummy users that came with the site, and none of those shared the name of the person unable to log in.

I'm speculating that it might be a problem with something in the account in AD, some sort of setting or permission, since only this person is having trouble getting in, but I wouldn't even know where to begin looking. The only bad thing is the staff member who oversees AD, user accounts and email doesn't either.

Will Kentico lock out an AD user if they put their password in wrong too many times? I don't mean within AD, we checked that, but would the Kentico lock AD users out after X failed attempts when they are signing in the first time?

User avatar
Kentico Support
Kentico Support
kentico_radekm - 4/13/2013 4:02:52 AM
   
RE:Mixed Authentication Issues - Single user unable to login
Hello.

I would recommend checking that:

1. The user is imported in your KCMS DB via AD Import Toolkit: http://devnet.kentico.com/docs/devguide/ad_import_utility_overview.htm

2. The user is Enabled.

3. The user is marked as Is domain user.

4. They use correct credentials.

Does it help?

Best Regards,
Radek Macalik

User avatar
Member
Member
kmiday-cuyahogalibrary - 5/7/2013 12:41:42 PM
   
RE:Mixed Authentication Issues - Single user unable to login
Hi,

Apologies in the delay in the reply. The staff member I was working with was out of the office for quite a while so I couldn't test further, until today.

Today we just did a soft launch of the site, and it appears that more users than just the one above are having this issue. So far it's effecting 15-20 people.

Things I've done so far:

1. Run the AD Import Toolkit to import all appropriate users. (None of these users existed previously)
2. Checked that the users are enabled
3. Checked that they are domain users
4. The few I have talked to directly swear up and down they are using the correct password. To double check this I've had a couple of them change their passwords and try using their new ones.


They have been able to log into other services that use AD, but not the site. Thank you in advance for any insight!

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 5/8/2013 2:11:54 AM
   
RE:Mixed Authentication Issues - Single user unable to login
Hi,

What is the configuration for mixed mode? Is the LDAP connection string correct and the user account used there has appropriate permissions? From your description is not clear whether all AD users are having this issue or only some of them - this is very important to know. If only some users have issues and others can authenticate, there could be something wrong in the AD or, their AD names imported to Kentico are different than the actual user names in the AD.

Best regards,
Juraj Ondrus

User avatar
Member
Member
kmiday-cuyahogalibrary - 5/8/2013 7:36:05 AM
   
RE:Mixed Authentication Issues - Single user unable to login
Hi Juraj,

It only affected a handful of staff. We may have fixed that issue for the time being though. One of the other IT staff found an error message on one of the servers that stated something along the lines that the user didn't have access to the intranet server so he updated everyone's accounts to allow access and that fixed that problem.

We still have another problem that may or may not be unrelated to the other problem. After we fixed the problem above, there are a few other staff that are causing application errors when attempting to log in. I copied the stack trace below.

Deleting the users that are still having trouble and having them log in again appears to fix the problem, but I'm not sure how many staff this problem effects. The event log lists "public" as the username rather than the actual user attempting to log in.


Event ID: 53549
Event type: Error
Event time: 5/7/2013 6:05:34 PM
Source: Application_Error
Event code: EXCEPTION
User ID: 65
User name: public
IP address:
Node ID: 16
Document name: Logon

Description:
Message: Logon failure: unknown user name or bad password.

Stack Trace:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at CMS.MembershipProvider.CMSADRoleProvider.GetRolesForUser(String username)
at CMS.CMSHelper.AuthenticationHelper.AuthenticateUserAD(String username, String password, String siteName)
at CMS.MembershipProvider.CMSMembershipProvider.ValidateUser(String username, String password)
at System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e)
at System.Web.UI.WebControls.Login.AttemptLogin()
at System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e)
at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Site name: Intranet - Cuyahoga County Public Library

Machine name: INTRANET
Event URL: /Logon.aspx?ReturnUrl=%2f
URL referrer: http://intranet/Logon.aspx?ReturnUrl=/
User agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
User avatar
Member
Member
kmiday-cuyahogalibrary - 5/8/2013 8:58:39 AM
   
RE:Mixed Authentication Issues - Single user unable to login
I just found this forum post. I'm going to try modifying the web.config file, as our LDAP connection is correct. I'll post updates as to if it works or not.

I'm not entirely sure where to find the applicationName within a Kentico installation though, so I'm going to use my best guess to the name. If you have information where I might be able to find it that would be great!

Thanks.

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 5/9/2013 10:08:32 PM
   
RE:Mixed Authentication Issues - Single user unable to login
Hi,

Thank you for the update.

The application name is given by the web.config file key value:

<add key="CMSApplicationName" value="YourAppName" />

Best regards,
Juraj Ondrus

Top