ClemClark Absent Member.
Absent Member.
4116 views

More Login Problems! Server certificate incorrect?

Hi all.

I know there are more than a few threads on here about passthrough authentication etc, but I haven't been able to find a solution so far for my similar problems. I hope someone can point me in the right direction!

Running ZCM 10.2.1.34693

So logging in does not do pass-through auth correctly - I am not logged in when I arrive at the desktop. If I right click and try to login, I am presented with the message: Unable to log into the network because the login credentials or the server certificate is incorrect.

I believe the certificate is correct as the ZMD-MESSAGES log file shows:
Found certs for host zen-dev1.devdomain.mydomain.com]
Subject in certificate is : CN=ZEN-DEV1.devdomain.mydomain.com, OU=ZENworks
Found certs for host 192.168.50.70
Subject in certificate is : CN=ZEN-DEV1.devdomain.mydomain.com, OU=ZENworks
Found certs for host zen-dev1
Subject in certificate is : CN=ZEN-DEV1.devdomain.mydomain.com, OU=ZENworks
Found certs for host zen-dev1.devdomain.mydomain.com
Subject in certificate is : CN=ZEN-DEV1.devdomain.mydomain.com, OU=ZENworks

ZENGetHostNames returning SUCCESS
Retrieved host names are:
https://ZEN-DEV1.devdomain.mydomain.com:443/
https://zen-dev1:443/
https://zen-dev1.devdomain.mydomain.com:443/
FindFirstContent
https://ZEN-DEV1.devdomain.mydomain.com:443/
Found host zen-dev1.devdomain.mydomain.com status: Good
Found location https://192.168.50.70/ status: Good
Using location https://192.168.50.70/ status: Good
FindFirstContent() returning https://192.168.50.70/
Found zone server https://ZEN-DEV1.devdomain.mydomain.com:443/ to be good, continuing
About to call ObtainAuthToken
ZENGetAuthToken entered. Host = zen-dev1.devdomain.mydomain.com
ObtainAuthToken using Luid value: 0:12028915
ZENGetAuthToken took exception: -939589605 System.Exception: -939589605
at Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid)
(obviously this is just a snippet)

ZenLGN log shows:

ZENLGN [10C-B6C] [14:53:22:969] ZenLgnLoginUI entered
ZENLGN [10C-B6C] [14:53:22:969] It would appear that we have been called from the ZenNotifyIcon process (ZenNotifyIcon.exe)
ZENLGN [10C-B6C] [14:53:23:000] WTSLoadDLL called!
ZENLGN [10C-B6C] [14:53:23:016] WTSLoadDLL returning
ZENLGN [10C-B6C] [14:53:23:078] IsWorkstationConnected entered
ZENLGN [10C-B6C] [14:53:23:109] IsWorkstationConnected returning 0
ZENLGN [10C-B6C] [14:53:23:109] Calling ZENGetAssociatedRealmNames
ZENLGN [10C-B6C] [14:53:23:125] ZENGetAssociatedRealmNames returned
ZENLGN [10C-B6C] [14:53:23:125] Found Realm : livedomain.mydomain.com
ZENLGN [10C-B6C] [14:53:23:125] Found Realm : ZENworks Zone
ZENLGN [10C-B6C] [14:53:23:125] We found 2 realm(s).
ZENLGN [10C-B6C] [14:53:23:125] Calling ZENIsServerAvailable
ZENLGN [10C-B6C] [14:53:23:172] Returned from ZENIsServerAvavilable
ZENLGN [10C-B6C] [14:53:23:172] RetrieveUsersCachedZenName Entered
ZENLGN [10C-B6C] [14:53:23:172] Create the value name
ZENLGN [10C-B6C] [14:53:23:172] szLocalUsername: john
, szLocalDomain: livedomain
ZENLGN [10C-B6C] [14:53:23:172] Read the path
ZENLGN [10C-B6C] [14:53:23:172] RetrieveUsersCachedZenName returning: 0
ZENLGN [10C-B6C] [14:53:23:172] Found a user cached Realm name: livedomain.mydomain.com
ZENLGN [10C-B6C] [14:53:23:172] Cached realm name is in the list of realms. Use it
ZENLGN [10C-B6C] [14:53:23:172] Passive Login Failed: 0x0000001F
ZENLGN [10C-B6C] [14:53:23:172] Launching the ZEN login dialog prompt
ZENLGN [10C-B6C] [14:53:23:172] ZenLgnLoginInitDialog entered
ZENLGN [10C-B6C] [14:53:23:187] ZenLgnLoginInitDialog returning
ZENLGN [10C-B6C] [14:53:26:312] Received window message - WM_COMMAND - OK button hit.
ZENLGN [10C-B6C] [14:53:26:312] ZenLgnLogin entered
ZENLGN [10C-B6C] [14:53:26:312] About to call ZENLogin in agent service
ZENLGN [10C-B6C] [14:53:29:594] Returned from calling ZENLogin in agent service
ZENLGN [10C-B6C] [14:53:29:594] ZenLgnLogin returning 1244



The user source has a green light in ZCC, and I have specified it at the top level (O=livedomain.mydomain.com).

I can ping the server using IP or FQDN, but have added the entry to hosts file just in case.


Any advice would be appreciated and I can post more logs if needed!
Thanks!
Labels (2)
0 Likes
6 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: More Login Problems! Server certificate incorrect?

ClemClark;1895622 wrote:
Hi all.

I know there are more than a few threads on here about passthrough authentication etc, but I haven't been able to find a solution so far for my similar problems. I hope someone can point me in the right direction!

Running ZCM 10.2.1.34693

So logging in does not do pass-through auth correctly - I am not logged in when I arrive at the desktop. If I right click and try to login, I am presented with the message: Unable to log into the network because the login credentials or the server certificate is incorrect.

I believe the certificate is correct as the ZMD-MESSAGES log file shows:
(obviously this is just a snippet)

ZenLGN log shows:



The user source has a green light in ZCC, and I have specified it at the top level (O=livedomain.mydomain.com).

I can ping the server using IP or FQDN, but have added the entry to hosts file just in case.


Any advice would be appreciated and I can post more logs if needed!
Thanks!


What OS are you running?

Thomas
0 Likes
gbarvang Absent Member.
Absent Member.

Re: More Login Problems! Server certificate incorrect?

move your user container one level down, this seems to be the same error I had.
don't set usercontainer to livedomain.mydomain.com but to ie: users.livedomain.mydomain.com.
0 Likes
ClemClark Absent Member.
Absent Member.

Re: More Login Problems! Server certificate incorrect?

What OS are you running?

Server is Windows 2003 R2 SP2
Client is Windows XP SP3

move your user container one level down, this seems to be the same error I had.
don't set usercontainer to livedomain.mydomain.com but to ie: users.livedomain.mydomain.com.

Thanks - this has halved my problem. .
Passthrough authentication is still not working, but I can now login from the Zicon without error. I had read in previous posts about passthrough auth problems to set the user source to 'O' level rather than an 'OU' (which conflicted to the Zen info to keep it as high as possible to stop searching).


So Passive login not working.
Current ZenLGN log:
ENLGN [10C-93C] [21:15:59:509] ZenLgnLoginUI entered
ZENLGN [10C-93C] [21:15:59:509] It would appear that we have been called from the ZenNotifyIcon process (ZenNotifyIcon.exe)
ZENLGN [10C-93C] [21:15:59:587] WTSLoadDLL called!
ZENLGN [10C-93C] [21:15:59:587] WTSLoadDLL returning
ZENLGN [10C-93C] [21:15:59:587] IsWorkstationConnected entered
ZENLGN [10C-93C] [21:15:59:603] IsWorkstationConnected returning 0
ZENLGN [10C-93C] [21:15:59:603] Calling ZENGetAssociatedRealmNames
ZENLGN [10C-93C] [21:15:59:603] ZENGetAssociatedRealmNames returned
ZENLGN [10C-93C] [21:15:59:603] Found Realm : livedomain.mydomain.com
ZENLGN [10C-93C] [21:15:59:603] Found Realm : ZENworks Zone
ZENLGN [10C-93C] [21:15:59:603] We found 2 realm(s).
ZENLGN [10C-93C] [21:15:59:603] Calling ZENIsServerAvailable
ZENLGN [10C-93C] [21:15:59:619] Returned from ZENIsServerAvavilable
ZENLGN [10C-93C] [21:15:59:619] RetrieveUsersCachedZenName Entered
ZENLGN [10C-93C] [21:15:59:619] Create the value name
ZENLGN [10C-93C] [21:15:59:619] szLocalUsername: john
, szLocalDomain: LIVEDOMAIN
ZENLGN [10C-93C] [21:15:59:619] Read the path
ZENLGN [10C-93C] [21:15:59:619] RetrieveUsersCachedZenName returning: 0
ZENLGN [10C-93C] [21:15:59:619] Found a user cached Realm name: livedomain.mydomain.com
ZENLGN [10C-93C] [21:15:59:619] Cached realm name is in the list of realms. Use it
ZENLGN [10C-93C] [21:15:59:619] Passive Login Failed: 0x0000001F
ZENLGN [10C-93C] [21:15:59:619] Launching the ZEN login dialog prompt
ZENLGN [10C-93C] [21:15:59:634] ZenLgnLoginInitDialog entered
ZENLGN [10C-93C] [21:15:59:634] ZenLgnLoginInitDialog returning
ZENLGN [10C-93C] [21:16:04:634] Received window message - WM_COMMAND - OK button hit.
ZENLGN [10C-93C] [21:16:04:634] ZenLgnLogin entered
ZENLGN [10C-93C] [21:16:04:634] About to call ZENLogin in agent service
ZENLGN [10C-93C] [21:16:09:900] Returned from calling ZENLogin in agent service
ZENLGN [10C-93C] [21:16:09:900] LgnSetZenUsernameHistory
ZENLGN [10C-93C] [21:16:09:900] LgnSetRealmNameHistory
ZENLGN [10C-93C] [21:16:09:900] CacheUsersZenName Entered
ZENLGN [10C-93C] [21:16:09:900] Create the value name
ZENLGN [10C-93C] [21:16:09:900] szLocalUsername: john
, szLocalDomain: LIVEDOMAIN
ZENLGN [10C-93C] [21:16:09:900] Now create the ZEN name
ZENLGN [10C-93C] [21:16:09:900] CacheUsersZenName returning: 0
ZENLGN [10C-93C] [21:16:09:900] ZenLgnLogin returning 0
ZENLGN [10C-93C] [21:16:09:900] Calling EndDialog with 0
ZENLGN [10C-93C] [21:16:09:915] Window message - WM_COMMAND - OK button hit ending
ZENLGN [10C-93C] [21:16:09:915] Received window message - WM_DESTROY
ZENLGN [10C-93C] [21:16:09:915] Window message - WM_DESTROY - ending
ZENLGN [10C-93C] [21:16:09:931] ZEN login dialog prompt returned success - Login succeeded
ZENLGN [10C-93C] [21:16:09:931] ZenLgnLoginUI exiting: 0


Any further suggestions?
Thanks for the help so far.
0 Likes
ClemClark Absent Member.
Absent Member.

Re: More Login Problems! Server certificate incorrect?

NWGINA.DLL Logging?
I can't seem to find a log file for it when debugging... is the logfile now elsewhere in this version?

I am gina chaining in this instance, which is supported it seems.
If I remove the appropriate key to chain to NWGina.dll, then still no zenworks login box appears when logging in...

Attached is the new zmd-messages.log, but I can't seem to see anything of importance (I'm not sure what to look for).
0 Likes
hannad3 Absent Member.
Absent Member.

Re: More Login Problems! Server certificate incorrect?

Same issue here
0 Likes
ClemClark Absent Member.
Absent Member.

Re: More Login Problems! Server certificate incorrect?

hannad3;1896419 wrote:
Same issue here


Hi,

My issue is now resolved.
The gina chaining was not happening correctly due to an incorrectly named chaining key (not value) in the registry. So I suppose the log files above would not have shown any gina login whatsoever.

This was also coupled with a reboot needed as it seems that changing the registry for gina will hold info in the winlogon memory or similar.

The chaining was in relation to VMware View (VDI).


Hannad3, what are you trying to chain to?

Thanks.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.