Please note that VisualCron support is not actively monitoring this community forum. Please use our contact page for contacting the VisualCron support directly.


ddtisysadmin
2017-06-27T18:25:31Z
Due to a bug in setting the FTP file date on locally downloaded files, we had to upgrade to the test build, version 8.2.8. It successfully fixed the problem (thank you!) however, now Active Directory logins don't seem to be working correctly. And it gets a little weird.

AD login works the first time. However, after logging out, then back in, a message pops up saying "Login failed, reason: User does not exist in Active Directory. Contact support." This, despite the fact that the credentials were unchanged from the successful connection a few seconds ago.

From there, if we log in using the non-AD account, and delete the AD user information, it "resets" the account. Again, the first time, the login is successful, but upon disconnecting and reconnecting, the login fails again. The debug log throws this exception:

CheckLogin->Unhandled error when quering for user: username, domain: domainADServer: domain.com, error: System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): The user name or password is incorrect.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_Name()
   at VisualCronAPI.ActiveDirectoryAPI.GetUser(String strADServer, String strUserName, ADInfoClass& ADInfo, NetworkCredentialClass nc, String strCredentialId) in C:\sourcefiles\code\VisualCronAPI\APIPublic\apiActiveDirectory.vb:line 395
   at AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA(LoginClass  , String  ) in C:\sourcefiles\code\VisualCronService\apiPermissions.vb:line 1323


Note: I edited out our domain name, however, the lack of a space after "domain: domainADServer:" is not a typo. It is present in the debug log. I also replaced a string of characters in the bottom line with the character A, because I wasn't sure if the original value was possibly an obfuscated password.

Something we observed in troubleshooting is that the account that we're running the VisualCron service under is getting a password failure in Active Directory the second time we try to log in. (But not the first.) The actual AD account for the user is not getting a login failure, so it would appear that the failure is in the service account's inability to bind with the AD server.

As a final note, we have another VisualCron server running 8.2.7. It's using the same service account, and from what I can ascertain, it's using the same setup. It is working without a problem. Also, in the debug log, the same step shows "domain: domain" like above, but there is a space after "domain."

Was something changed in 8.2.8 that may have broken this?

Thanks in advance!
Sponsor
Forum information
ddtisysadmin
2017-06-27T20:11:23Z
Another piece to the puzzle:
We have two domains. There is a service account for the parent domain, used for AD binding, and a service account in the child domain, used for performing the job. (So, vcron.service@domain.com and vcron.service@child.domain.com.) Digging deep into the debug logs, it looked like VisualCron was having trouble discerning between those two accounts. So we renamed the child account to vcron.service.child@child.domain.com, which still didn't fix it. However, then we cloned the child service account, deleted the original, then renamed the clone to vcron.service.child@child.domain.com, and now everything is working just fine.

I'm not sure if it was renaming the account to something different, or if it was cloning the renamed account, but one of those two fixed the problem permanently. Since it's working, and it's probably a good practice anyway, we're going to leave the child domain account as its new name. It still seems like there's a bug there, but we're able to work around it for the time being.
Support
2017-06-29T08:57:52Z
We have not changed anything in 8.2.8 compared to 8.2.7. Please downgrade quickly and test on the same 8.2.8 server.
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
Support
2017-07-06T16:52:28Z
Please enable Extended debugging in Server settings and upgrade to latest build of 8.2.8. Try to logon. Then send log_serverDATE.txt to support@visualcron.com
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
Scroll to Top