joebrug Trusted Contributor.
Trusted Contributor.
3136 views

Cant login to agent as user

I set up an LDAP User Source to my EDIR tree. All seemed to work well there. However, when I login to the workstation (via NWClient), a Zenworks Login window pops up right after, it says the Realm is "LAW" (My tree name) , I try all kinds of combos of username/password but none of them take. Here an excert from the ZENLGN.LOG file, any ideas?


[ZENLGN-270-274] Log file opened - 19OCT2007 09:51:50.539 - max log size 1048576KB (0x00100000KB, 1024MB)

ZENLGN [270-274] [09:51:50] ZenLgnLoginUI entered
ZENLGN [270-274] [09:51:50] It would appear that we have been called from the Winlogon process (NWGina.dll)
ZENLGN [270-274] [09:51:50] AUTHTOKENLoadDLL called!
ZENLGN [270-274] [09:51:50] MICASALoadDLL called!
ZENLGN [270-274] [09:51:50] WTSLoadDLL called!
ZENLGN [270-274] [09:51:50] WTSLoadDLL returning
ZENLGN [270-274] [09:51:50] RegQueryValueEx on value DisablePassiveModeLogin Failed: 2
ZENLGN [270-274] [09:51:50] CheckIfLoginAllowed Entered
ZENLGN [270-274] [09:51:50] Checking if this machine is an NT Server.
ZENLGN [270-274] [09:51:50] Microsoft Windows XP ZENLGN [270-274] [09:51:50] Professional
ZENLGN [270-274] [09:51:50] CheckIfLoginAllowed returning TRUE
ZENLGN [270-274] [09:51:50] IsWorkstationConnected entered
ZENLGN [270-274] [09:51:50] IsWorkstationConnected returning 0
ZENLGN [270-274] [09:51:50] Calling ZENGetAssociatedRealmNames
ZENLGN [270-274] [09:51:51] ZENGetAssociatedRealmNames returned
ZENLGN [270-274] [09:51:51] Found Realm : LAW
ZENLGN [270-274] [09:51:51] We found 1 realm(s).
ZENLGN [270-274] [09:51:51] bTryLoginWithoutPrompt is TRUE
ZENLGN [270-274] [09:51:51] LgnGetPassiveLoginRetryParameters entered
ZENLGN [270-274] [09:51:51] *pdwRetryCount = 0
ZENLGN [270-274] [09:51:51] *pdwRetryInterval = 15000
ZENLGN [270-274] [09:51:51] ZenLgnLogin entered
ZENLGN [270-274] [09:51:51] Calling ZenLgnSetCasaCredentials
ZENLGN [270-274] [09:51:51] ZenLgnSetCasaCredential entered
ZENLGN [270-274] [09:51:51] Username is: Admin
ZENLGN [270-274] [09:51:51] RealmName is: LAW
ZENLGN [270-274] [09:51:51] About to call miCasaSetCredential
ZENLGN [270-274] [09:51:51] Returned from calling miCasaSetCredential
ZENLGN [270-274] [09:51:51] miCASASetCredential successful for LAW!.
ZENLGN [270-274] [09:51:51] ZenLgnSetCasaCredential returning 0
ZENLGN [270-274] [09:51:51] ZenLgnSetCasaCredentials returned
ZENLGN [270-274] [09:51:51] Calling ZENGetHostNames
ZENLGN [270-274] [09:51:51] ZENGetHostNames returned
ZENLGN [270-274] [09:51:51] Retrieved host names are:
ZENLGN [270-274] [09:51:51] zcm
ZENLGN [270-274] [09:51:51] 172.16.1.44
ZENLGN [270-274] [09:51:51] About to call ObtainAuthToken with the following parameters
ZENLGN [270-274] [09:51:51] szServiceNameA is: com.novell.zenworks.LAW
ZENLGN [270-274] [09:51:51] szHostNameA is: zcm
ZENLGN [270-274] [09:51:51] dwAuthTokenSize is: 0
ZENLGN [270-274] [09:51:51] ObtainAuthToken Failed: 0xC7FF0023
ZENLGN [270-274] [09:51:51] About to call ObtainAuthToken with the following parameters
ZENLGN [270-274] [09:51:51] szServiceNameA is: com.novell.zenworks.LAW
ZENLGN [270-274] [09:51:51] szHostNameA is: 172.16.1.44
ZENLGN [270-274] [09:51:51] dwAuthTokenSize is: 0
ZENLGN [270-274] [09:51:51] ObtainAuthToken Failed: 0xC7FF0023
ZENLGN [270-274] [09:51:51] Calling ZenLgnDeleteCasaCredential
ZENLGN [270-274] [09:51:51] ZenLgnDeleteCasaCredential entered
ZENLGN [270-274] [09:51:51] RealmName is: LAW
ZENLGN [270-274] [09:51:51] About to call miCasaDeleteCredential
ZENLGN [270-274] [09:51:51] Returned from calling miCasaDeleteCredential
ZENLGN [270-274] [09:51:51] miCASADeleteCredential successful for LAW!.
ZENLGN [270-274] [09:51:51] ZenLgnDeleteCasaCredential returning 0
ZENLGN [270-274] [09:51:51] ZenLgnDeleteCasaCredential returned
ZENLGN [270-274] [09:51:51] Calling CleanUpAuthTokenCacheEx
ZENLGN [270-274] [09:51:51] CleanUpAuthTokenCacheEx returned
ZENLGN [270-274] [09:51:51] About to call ZENSetSessionAuthenticationState
ZENLGN [270-274] [09:51:51] Returned from calling ZENSetSessionAuthenticationState
ZENLGN [270-274] [09:51:51] ZenLgnLogin returning 1244
ZENLGN [270-274] [09:51:51] Passive Login Failed: 0x000004DC
ZENLGN [270-274] [09:51:51] RegQueryValueEx on value DisablePassiveModeLoginPrompt Failed: 2
ZENLGN [270-274] [09:51:51] Launching the ZEN login dialog prompt
ZENLGN [270-274] [09:51:51] ZenLgnLoginInitDialog entered
ZENLGN [270-274] [09:51:51] ZenLgnLoginInitDialog returning
ZENLGN [270-274] [09:51:54] Received window message - WM_COMMAND - OK button hit.
ZENLGN [270-274] [09:51:54] ZenLgnLogin entered
ZENLGN [270-274] [09:51:54] Calling ZenLgnSetCasaCredentials
ZENLGN [270-274] [09:51:54] ZenLgnSetCasaCredential entered
ZENLGN [270-274] [09:51:54] Username is: Admin
ZENLGN [270-274] [09:51:54] RealmName is: LAW
ZENLGN [270-274] [09:51:54] About to call miCasaSetCredential
ZENLGN [270-274] [09:51:54] Returned from calling miCasaSetCredential
ZENLGN [270-274] [09:51:54] miCASASetCredential successful for LAW!.
ZENLGN [270-274] [09:51:54] ZenLgnSetCasaCredential returning 0
ZENLGN [270-274] [09:51:54] ZenLgnSetCasaCredentials returned
ZENLGN [270-274] [09:51:54] Calling ZENGetHostNames
ZENLGN [270-274] [09:51:54] ZENGetHostNames returned
ZENLGN [270-274] [09:51:54] Retrieved host names are:
ZENLGN [270-274] [09:51:54] zcm
ZENLGN [270-274] [09:51:54] 172.16.1.44
ZENLGN [270-274] [09:51:54] About to call ObtainAuthToken with the following parameters
ZENLGN [270-274] [09:51:54] szServiceNameA is: com.novell.zenworks.LAW
ZENLGN [270-274] [09:51:54] szHostNameA is: zcm
ZENLGN [270-274] [09:51:54] dwAuthTokenSize is: 0
ZENLGN [270-274] [09:51:54] ObtainAuthToken Failed: 0xC7FF0023
ZENLGN [270-274] [09:51:54] About to call ObtainAuthToken with the following parameters
ZENLGN [270-274] [09:51:54] szServiceNameA is: com.novell.zenworks.LAW
ZENLGN [270-274] [09:51:54] szHostNameA is: 172.16.1.44
ZENLGN [270-274] [09:51:54] dwAuthTokenSize is: 0
ZENLGN [270-274] [09:51:54] ObtainAuthToken Failed: 0xC7FF0023
ZENLGN [270-274] [09:51:54] Calling ZenLgnDeleteCasaCredential
ZENLGN [270-274] [09:51:54] ZenLgnDeleteCasaCredential entered
ZENLGN [270-274] [09:51:54] RealmName is: LAW
ZENLGN [270-274] [09:51:54] About to call miCasaDeleteCredential
ZENLGN [270-274] [09:51:54] Returned from calling miCasaDeleteCredential
ZENLGN [270-274] [09:51:54] miCASADeleteCredential successful for LAW!.
ZENLGN [270-274] [09:51:54] ZenLgnDeleteCasaCredential returning 0
ZENLGN [270-274] [09:51:54] ZenLgnDeleteCasaCredential returned
ZENLGN [270-274] [09:51:54] Calling CleanUpAuthTokenCacheEx
ZENLGN [270-274] [09:51:54] CleanUpAuthTokenCacheEx returned
ZENLGN [270-274] [09:51:54] About to call ZENSetSessionAuthenticationState
ZENLGN [270-274] [09:51:54] Returned from calling ZENSetSessionAuthenticationState
ZENLGN [270-274] [09:51:54] ZenLgnLogin returning 1244
ZENLGN [270-274] [09:51:55] Window message - WM_COMMAND - OK button hit ending
ZENLGN [270-274] [09:51:58] Received window message - WM_COMMAND - OK button hit.
ZENLGN [270-274] [09:51:58] ZenLgnLogin entered
ZENLGN [270-274] [09:51:58] Calling ZenLgnSetCasaCredentials
ZENLGN [270-274] [09:51:58] ZenLgnSetCasaCredential entered
ZENLGN [270-274] [09:51:58] Username is: Admin
ZENLGN [270-274] [09:51:58] RealmName is: LAW
ZENLGN [270-274] [09:51:58] About to call miCasaSetCredential
ZENLGN [270-274] [09:51:58] Returned from calling miCasaSetCredential
ZENLGN [270-274] [09:51:58] miCASASetCredential successful for LAW!.
ZENLGN [270-274] [09:51:58] ZenLgnSetCasaCredential returning 0
ZENLGN [270-274] [09:51:58] ZenLgnSetCasaCredentials returned
ZENLGN [270-274] [09:51:58] Calling ZENGetHostNames
ZENLGN [270-274] [09:51:58] ZENGetHostNames returned
ZENLGN [270-274] [09:51:58] Retrieved host names are:
ZENLGN [270-274] [09:51:58] zcm
ZENLGN [270-274] [09:51:58] 172.16.1.44
ZENLGN [270-274] [09:51:58] About to call ObtainAuthToken with the following parameters
ZENLGN [270-274] [09:51:58] szServiceNameA is: com.novell.zenworks.LAW
ZENLGN [270-274] [09:51:58] szHostNameA is: zcm
ZENLGN [270-274] [09:51:58] dwAuthTokenSize is: 0
ZENLGN [270-274] [09:51:58] ObtainAuthToken Failed: 0xC7FF0023
ZENLGN [270-274] [09:51:58] About to call ObtainAuthToken with the following parameters
ZENLGN [270-274] [09:51:58] szServiceNameA is: com.novell.zenworks.LAW
ZENLGN [270-274] [09:51:58] szHostNameA is: 172.16.1.44
ZENLGN [270-274] [09:51:58] dwAuthTokenSize is: 0
ZENLGN [270-274] [09:51:58] ObtainAuthToken Failed: 0xC7FF0023
ZENLGN [270-274] [09:51:58] Calling ZenLgnDeleteCasaCredential
ZENLGN [270-274] [09:51:58] ZenLgnDeleteCasaCredential entered
ZENLGN [270-274] [09:51:58] RealmName is: LAW
ZENLGN [270-274] [09:51:58] About to call miCasaDeleteCredential
ZENLGN [270-274] [09:51:58] Returned from calling miCasaDeleteCredential
ZENLGN [270-274] [09:51:58] miCASADeleteCredential successful for LAW!.
ZENLGN [270-274] [09:51:58] ZenLgnDeleteCasaCredential returning 0
ZENLGN [270-274] [09:51:58] ZenLgnDeleteCasaCredential returned
ZENLGN [270-274] [09:51:58] Calling CleanUpAuthTokenCacheEx
ZENLGN [270-274] [09:51:58] CleanUpAuthTokenCacheEx returned
ZENLGN [270-274] [09:51:58] About to call ZENSetSessionAuthenticationState
ZENLGN [270-274] [09:51:58] Returned from calling ZENSetSessionAuthenticationState
ZENLGN [270-274] [09:51:58] ZenLgnLogin returning 1244
ZENLGN [270-274] [09:51:59] Calling EndDialog with 1244
ZENLGN [270-274] [09:51:59] Window message - WM_COMMAND - OK button hit ending
ZENLGN [270-274] [09:51:59] Received window message - WM_DESTROY
ZENLGN [270-274] [09:51:59] Window message - WM_DESTROY - ending
ZENLGN [270-274] [09:51:59] ZEN login dialog prompt returned failure - Login failed
ZENLGN [270-274] [09:51:59] ZenLgnLoginUI exiting: 1244

#novell on efnet
Labels (2)
0 Likes
7 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Cant login to agent as user

joebrug,

> ZENLGN [270-274] [09:51:51] ObtainAuthToken Failed: 0xC7FF0023


Please verify that the time for the ZCM server, ZCM workstation match
the AD source.

Also verify that the ZCM server and ZCM workstation point to the AD dns
server.

--
Jared Jennings - Data Technique, Inc.
Novell Support Forums Sysop
My Blog and Wiki with Tips, Tricks, and Tutorials
http://jaredjennings.org
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Cant login to agent as user

Do'h

The User Source is edir.

So this only sorta applies.

The error means CASA_STATUS_ERROR_INVALID_SERVER_CERTIFICATE

This could be caused by using 636 for eDir LDAP or because of time.
DNS must still be working for the user source.

> > ZENLGN [270-274] [09:51:51] ObtainAuthToken Failed: 0xC7FF0023

>
> Please verify that the time for the ZCM server, ZCM workstation match
> the AD source.
>
> Also verify that the ZCM server and ZCM workstation point to the AD
> dns server.




--
Jared Jennings - Data Technique, Inc.
Novell Support Forums Sysop
My Blog and Wiki with Tips, Tricks, and Tutorials
http://jaredjennings.org
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Cant login to agent as user

And forward and reverse lookup works for the ZCM server itself as well.
I've seen authentication issues when the ZCM server did not have DNS
correct.
It was for RC issues, not user logon, but I will toss that out.

--
Craig Wilson - MCNE, MCSE, CCNA
Novell Support Forums Volunteer Sysop

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

"Jared Jennings" <jaredljenningsNO@SPAMmyrealbox.com> wrote in message
news:9X5Si.16258$NG7.1545@kovat.provo.novell.com...
> Do'h
>
> The User Source is edir.
>
> So this only sorta applies.
>
> The error means CASA_STATUS_ERROR_INVALID_SERVER_CERTIFICATE
>
> This could be caused by using 636 for eDir LDAP or because of time.
> DNS must still be working for the user source.
>
>> > ZENLGN [270-274] [09:51:51] ObtainAuthToken Failed: 0xC7FF0023

>>
>> Please verify that the time for the ZCM server, ZCM workstation match
>> the AD source.
>>
>> Also verify that the ZCM server and ZCM workstation point to the AD
>> dns server.

>
>
>
> --
> Jared Jennings - Data Technique, Inc.
> Novell Support Forums Sysop
> My Blog and Wiki with Tips, Tricks, and Tutorials
> http://jaredjennings.org



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Cant login to agent as user

Craig Wilson,

> And forward and reverse lookup works for the ZCM server itself as
> well. I've seen authentication issues when the ZCM server did not
> have DNS correct. It was for RC issues, not user logon, but I will
> toss that out.


Well the error is somewhat tied the address of the ZCM server and not
the LDAP source.... I suppose if the problem was with the user source,
then that would be in the ZCM zcc.log.

It's possible that if the ZCM server address was changed that this
would happen.

> ZENLGN [270-274] [09:51:51] szHostNameA is: 172.16.1.44
> ZENLGN [270-274] [09:51:51] dwAuthTokenSize is: 0
> ZENLGN [270-274] [09:51:51] ObtainAuthToken Failed: 0xC7FF0023



--
Jared Jennings - Data Technique, Inc.
Novell Support Forums Sysop
My Blog and Wiki with Tips, Tricks, and Tutorials
http://jaredjennings.org
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Cant login to agent as user

If you guys find a way to regenerate the cert that ZCM is using, let me
know. I just realized that when I installed ZCM initially, it had an
ip address of 172.16.1.43. I then changed it to a private environment
in VM's for 192.168.x.x, then I just changed it 172.16.1.44 because
1.43 is now in use.

So.. I looked on one of the managed agents and it says the cert is from
172.16.1.43. obviously incorrect. Anyway to recreate the cert that ZCM
is using?
--
#novell on efnet
abend.org


Jared Jennings wrote:

> Craig Wilson,
>
> > And forward and reverse lookup works for the ZCM server itself as
> > well. I've seen authentication issues when the ZCM server did not
> > have DNS correct. It was for RC issues, not user logon, but I will
> > toss that out.

>
> Well the error is somewhat tied the address of the ZCM server and not
> the LDAP source.... I suppose if the problem was with the user source,
> then that would be in the ZCM zcc.log.
>
> It's possible that if the ZCM server address was changed that this
> would happen.
>
> > ZENLGN [270-274] [09:51:51] szHostNameA is: 172.16.1.44
> > ZENLGN [270-274] [09:51:51] dwAuthTokenSize is: 0
> > ZENLGN [270-274] [09:51:51] ObtainAuthToken Failed: 0xC7FF0023

0 Likes
joebrug Trusted Contributor.
Trusted Contributor.

Re: Cant login to agent as user

Probably has to do with me moving the ZCM server from a test environment (192.168.x.x) to a production environment (172.16.x.x). I didnt have any user sources set up in the test environment, only just created them when it could "see" my ldap servers. So could never test it before.. broken certs my guess

#novell on efnet
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Cant login to agent as user

joebrug,

> Probably has to do with me moving the ZCM server from a test
> environment (192.168.x.x) to a production environment (172.16.x.x).


Changing it back, should make things work. It will probably take two
full reboots though.

--
Jared Jennings - Data Technique, Inc.
Novell Support Forums Sysop
My Blog and Wiki with Tips, Tricks, and Tutorials
http://jaredjennings.org
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.