pbustin Outstanding Contributor.
Outstanding Contributor.
5833 views

Windows Challenge didn't work for some users

Jump to solution
Windows Challenge worked for a dozen or so users, but 4 saw a log screen and received an 'invalid' error if they entered their userid and pw.

After I switched the configurator back to LDAP, I tested deleting Internet files and connecting to Test for two of the users who couldn't connect to Production and Test, and that enabled them to connect to Test.

A third user was able to connect to Test without deleting Internet files. He tried to connect to Production after hours, when I reset the Configurator to NTCR, but that didn't work.

We're stuck in the water with this. Everyone whom I tested months ago was able to connect to Test.
Tags (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
pbustin Outstanding Contributor.
Outstanding Contributor.

Re: Windows Challenge didn't work for some users

Jump to solution
We found that the one user who could not connect after deleting Internet files had apparently saved the web page to Favorites with "cache" and an IP address in the URL. That explained why he was able to connect to Test and not Prod--his Test URL was always entered manually, and so was always correct. His Prod shortcut URL was then shortened to "http:/[servername]/tmtrack/tmtrack.dll?" and that solved the problem.

David: I don't recall seeing a "Log in again" link, but I suspect that for the 5 users (and presumably more to come)who had to delete Internet files, deleting Internet files was a necessary one-time action. We will examine all the users' shortcut URL's, or push out a new shortcut and request that the users delete any others.

View solution in original post

0 Likes
9 Replies
jdiegues Absent Member.
Absent Member.

Re: Windows Challenge didn't work for some users

Jump to solution
Which browser are you using? Could you check the IE settings?

This option is under Tools > Internet Options > Security > (Choose the correct zone) > Custom Level. At the very bottom is the User Authentication section. Choose either "Automatic logon only in Intranet zone" (if SBM is in the Intranet zone) or "Automatic logon with current user name and password" (if SBM is not in the Intranet zone).
lmattie Absent Member.
Absent Member.

Re: Windows Challenge didn't work for some users

Jump to solution
One other thing to check is to have the user who can't login try their credentials within the Tools->LDAP Setup & Tools window within the old SBM System Administrator interface. At the bottom of that window, they can enter their Login ID and Password and clicking the Authenticate button should let you know whether they are entering their credentials correctly or not. If these suggestions don't help, you should probably open a support case.
0 Likes
pbustin Outstanding Contributor.
Outstanding Contributor.

Re: Windows Challenge didn't work for some users

Jump to solution
Thank you. I have a support case open, of course, since Sunday. The user who could connect to Test with NTCR but not Production looked again at his Security > Intranet Zone > Custom Level > Authentication, and it was already set to Automatic login only in Intranet zone.

All users are authenticated right now in SBM with LDAP.

The only user who can try this is the Operations Manager and two other users who can VPN, after hours. The Operations Manager can already log onto Test, which is set for NTCR, so why not Production when I set it to NTCR after hours? During the day, I can't set Prod to NTCR because some people can't log on.

In Sys Admin > Tools > LDAP Setup and Tools > General, there's a grayed out authentication section into which I can put a user name, but no password. I think it's irrelevant, since the users who saw the login screen are authenticated many times each day when authentication is set to LDAP. Once again, when a couple of them deleted Internet files, they were able to connect to Test, which is set to NTCR.

One user can connect to Test but not to Prod when Prod is set to NTCR. I'll set up a test for the other two users tonight through VPN, and see if deleting Internet files works for them.
0 Likes
pbustin Outstanding Contributor.
Outstanding Contributor.

Re: Windows Challenge didn't work for some users

Jump to solution
I thought the IE Authentication setting was only for the little popup server window. What's appearing is the full SBM login window.

Deleting Internet files solved the problem for two users.

My task as I see it now is to find out why it didn't work for one user. I think it will work for most if not all the others. I'm testing two more during the day against Test, and again at night against Production.
lmattie Absent Member.
Absent Member.

Re: Windows Challenge didn't work for some users

Jump to solution
Deleting Internet files has lots of checkbox options within IE. Did you make sure the one user checked the same options as the successful users? Can you have that user try FireFox or Chrome browser? That would definitely tell you whether it is an IE problem or not.

Yes, the LDAP authentication will only be enabled when the authentication is set to LDAP, since those settings don't have to be set for NTCR. I assume NTCR is using the same LDAP that you had SBM using.
0 Likes
rjensen Absent Member.
Absent Member.

Re: Windows Challenge didn't work for some users

Jump to solution
If you're still experiencing issues check the Credentials Manager in Control Panel to see if the server has an entry in either Web or Windows Credentials.

Roger
0 Likes
pbustin Outstanding Contributor.
Outstanding Contributor.

Re: Windows Challenge didn't work for some users

Jump to solution
Lynn, yes, I made sure (verbally) all the boxes were checked, except the top and bottom. That worked for the other two users. We are restricted to IE by company policy.
0 Likes
dsheaffe Outstanding Contributor.
Outstanding Contributor.

Re: Windows Challenge didn't work for some users

Jump to solution
Not sure if this might help. But we use NTCR and if a user tries to access SBM before their account is setup they will get the login screen - and then they will continue to get prompted for a login even after their account has been created.

We have found that if they go to the logout screen (ie, /tmtrack/tmtrack.dll?LogoutPage) - then click the "Log in again" link then will get logged straight in without a problem.
0 Likes
Highlighted
pbustin Outstanding Contributor.
Outstanding Contributor.

Re: Windows Challenge didn't work for some users

Jump to solution
We found that the one user who could not connect after deleting Internet files had apparently saved the web page to Favorites with "cache" and an IP address in the URL. That explained why he was able to connect to Test and not Prod--his Test URL was always entered manually, and so was always correct. His Prod shortcut URL was then shortened to "http:/[servername]/tmtrack/tmtrack.dll?" and that solved the problem.

David: I don't recall seeing a "Log in again" link, but I suspect that for the 5 users (and presumably more to come)who had to delete Internet files, deleting Internet files was a necessary one-time action. We will examine all the users' shortcut URL's, or push out a new shortcut and request that the users delete any others.

View solution in original post

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.