Highlighted
toomas_aas Absent Member.
Absent Member.
4009 views

Authentication failure for one user

Adding yet another thread about user authentication failing "because the server certificate or credentials are incorrect".

This problem affects only one user on one workstation (Win7 64bit) and it started a couple of days ago. The only thing that was done before the problem appeared was rebooting the primary server. Now, when this user logs in with Novell Client, the Zenworks login box appears. When entering the correct username and password, it is rejected with message "the server certificate or credentials are incorrect".

Another user (from the same container) can log in successfully on this workstation, as can all other users on other workstations, so this seems to be a problem with particular user account. I checked this account in eDirectory for login restrictions, and there appear to be none.

I created the ZENLGN.LOG for both successful and unsuccessful login attempts.

Successful attempt ends like this:

ZENLGN [18AC-1098] [16:37:44:712] Workstation is connected
ZENLGN [18AC-1098] [16:37:44:712] Server is Available
ZENLGN [18AC-1098] [16:37:44:712] About to call ZENLogin in agent service
ZENLGN [18AC-1098] [16:37:46:365] Returned from calling ZENLogin in agent service
ZENLGN [18AC-1098] [16:37:46:365] LgnSetZenUsernameHistory
ZENLGN [18AC-1098] [16:37:46:365] LgnSetRealmNameHistory
ZENLGN [18AC-1098] [16:37:46:365] CacheUsersZenName Entered
ZENLGN [18AC-1098] [16:37:46:365] CacheUsersZenName returning: 0
ZENLGN [18AC-1098] [16:37:46:365] ZenLgnLogin returning 0
ZENLGN [18AC-1098] [16:37:46:365] ZenLgnAttemptWithoutPrompt Returning 0...
ZENLGN [18AC-1098] [16:37:46:365] ZenLgnLoginUI exiting: 0


The same place in log of unsuccessful attempt looks like this:

ZENLGN [45C-51C] [15:36:54:747] Workstation is connected
ZENLGN [45C-51C] [15:36:54:747] Server is Available
ZENLGN [45C-51C] [15:36:54:747] About to call ZENLogin in agent service
ZENLGN [45C-51C] [15:36:55:621] Returned from calling ZENLogin in agent service
ZENLGN [45C-51C] [15:36:55:621] ZenLgnLogin returning 1244
ZENLGN [45C-51C] [15:36:55:621] ZenLgnAttemptWithoutPrompt Returning 1244...
ZENLGN [45C-51C] [15:36:55:621] Passive Login Failed: 0x000004DC


So... ZenLgnLogin returning 1244? What might this mean?
Labels (2)
0 Likes
23 Replies
toomas_aas Absent Member.
Absent Member.

Re: Authentication failure for one user

The problem was resolved in an interesting way.

Having ran out of other ideas, I told the user to change his password. The user accidentally changed not his eDirectory password but local Windows password. Then he tried to log in with this password, which of course failed. He logged in with his old eDir password, DLU policy as expected changed his Windows password back to match his eDir password, and after that the problem has not repeated.
0 Likes
utz1 Absent Member.
Absent Member.

Re: Authentication failure for one user

vatson;2089626 wrote:
The problem was resolved in an interesting way.

Having ran out of other ideas, I told the user to change his password. The user accidentally changed not his eDirectory password but local Windows password. Then he tried to log in with this password, which of course failed. He logged in with his old eDir password, DLU policy as expected changed his Windows password back to match his eDir password, and after that the problem has not repeated.


Thank you very much for presenting your solution. I'm facing similar problems and therefore will try your suggestion.

Regards
Wolfgang
0 Likes
floort Absent Member.
Absent Member.

Re: Authentication failure for one user

Same problem here.
It's not related to any user account. All users will fail on the machine and i see this very often on different machines.
Spontaneous broken agent. Also have the same 1244 error.

No solution yet!
0 Likes
nop19832 Absent Member.
Absent Member.

Re: Authentication failure for one user

Also the same problem here.

floort, did you get some kind of help this week?

-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
0 Likes
floort Absent Member.
Absent Member.

Re: Authentication failure for one user

I had a remote session the whole morning .
We have fixed it. But don't know which of our things did fix it.
we did:

- Repair casa msi (msiexec /fa casa.msi /qb)
- zac Unregister -f
- zac register

I think only the last one is enough. (unreg/reg)

But i think this is not a solution. It's a workaround. I want to know why my client are spontaneous unregistered. (while the device is still in zcc).



nop1983;2111975 wrote:
Also the same problem here.

floort, did you get some kind of help this week?
0 Likes
nop19832 Absent Member.
Absent Member.

Re: Authentication failure for one user

I'll try that. But yes, I am a little worried, this will not be a solution in our organisation. I need to know that there's a long term and working solution to this before I can implement ZCM 11 in the full scale.

-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
0 Likes
floort Absent Member.
Absent Member.

Re: Authentication failure for one user

Correct!

nop1983;2112208 wrote:
I'll try that. But yes, I am a little worried, this will not be a solution in our organisation. I need to know that there's a long term and working solution to this before I can implement ZCM 11 in the full scale.
0 Likes
nop19832 Absent Member.
Absent Member.

Re: Authentication failure for one user

floort;2112213 wrote:
Correct!


Hi

Did you ever get to the bottom of this?
Thanks.

-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
0 Likes
floort Absent Member.
Absent Member.

Re: Authentication failure for one user

nop1983;2113813 wrote:
Hi

Did you ever get to the bottom of this?
Thanks.


Niels,

Nope, I need to wait for the next broken machine.
Novell has all the log files with errors, but i think they are waiting for me when i reopen the SR for a new broken machine.
I think they can't put a finger on this problem, and maybe i only have a workaround (but i can test that on a new broken machine only). sad.
0 Likes
nop19832 Absent Member.
Absent Member.

Re: Authentication failure for one user

Hi

Okay, well it's more the rule than the execption in my case. When I reinstall a workstation and want to login, it always shows the certificate error. And yes I am able to login manually when first loged on to the workstation. But I stand before moving from zen 7 to this in August and I am not going to do this on 2700 laptops 😞

-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
0 Likes
floort Absent Member.
Absent Member.

Re: Authentication failure for one user

nop1983;2113826 wrote:
Hi

Okay, well it's more the rule than the execption in my case. When I reinstall a workstation and want to login, it always shows the certificate error. And yes I am able to login manually when first loged on to the workstation. But I stand before moving from zen 7 to this in August and I am not going to do this on 2700 laptops 😞


Have you created an SR with this errors? if it's structural , maybe there is something with the certificate.
0 Likes
nop19832 Absent Member.
Absent Member.

Re: Authentication failure for one user

floort;2113857 wrote:
Have you created an SR with this errors? if it's structural , maybe there is something with the certificate.


No, not yet, but perhaps I should dó that.
Not sure what's could be wrong with the certificate, but everything is in play to get it working.

-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
0 Likes
nop19832 Absent Member.
Absent Member.

Re: Authentication failure for one user

Just in case; this problem was fixed after deploying the CA Patch 2.

-- Niels I have always liked... Cowabunga! If you find this post helpful, please show your appreciation by clicking on the star below. A member must be logged in before s/he can assign reputation points.
0 Likes
floort Absent Member.
Absent Member.

Re: Authentication failure for one user

Nice, Do you know what was the problem, and what's fixed in CAP2 for that issue?

nop1983;2119976 wrote:
Just in case; this problem was fixed after deploying the CA Patch 2.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.