3 Replies Latest reply on Jun 8, 2012 8:22 AM by tremor

    Trouble using Windows authentication with ePO 4.5

      Good Afternoon,

       

      I've installed ePO 4.5.0 (build 937) and am attempting to test the use of Windows authenticated users with ePO. I've been able to sync my System Tree with the Active Directory server just fine. However, when I create a new user using "Windows authentication" I get this error when attempting to login to the eposerver console:

       

      "You provided invalid credentials."

       

      I know the user name and password I am using are correct. In the ...\Server\Logs\orion.log file I am seeing this error:

       

      "

      2012-06-04 16:03:31,451 WARN  [http-8443-Processor19] auth.DefaultRoleManager  - Unable to load roles for user: bwayne

      com.mcafee.orion.ldap.DomainEnumerationException: Unable to retrieve list of domain controllers for domain: hbss. Verify the server can resolve the domain.

                at com.mcafee.orion.ldap.internal.ActiveDirectoryConnectionImpl.getServerNames(Act iveDirectoryConnectionImpl.java:70)

                at com.mcafee.orion.ldap.internal.ActiveDirectoryConnectionImpl.connect(ActiveDire ctoryConnectionImpl.java:83)

                at com.mcafee.orion.ldap.internal.ActiveDirectoryConnectionImpl.<init>(ActiveDirec toryConnectionImpl.java:49)

                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

                at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessor Impl.java:39)

                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor AccessorImpl.java:27)

                at java.lang.reflect.Constructor.newInstance(Constructor.java:513)

                at com.mcafee.orion.ldap.internal.archetype.LdapArchetypeBase.getConnection(LdapAr chetypeBase.java:134)

                at com.mcafee.orion.ldap.LdapServerType.getConnection(LdapServerType.java:101)

                at com.mcafee.orion.ldap.internal.LdapServerServiceImpl.getLdapConnection(LdapServ erServiceImpl.java:237)

                at com.mcafee.orion.ldap.internal.LdapServerServiceImpl.getLdapConnectionForDomain (LdapServerServiceImpl.java:199)

                at com.mcafee.orion.ldap.internal.LdapServerServiceImpl.getLdapConnectionForDomain (LdapServerServiceImpl.java:184)

                at com.mcafee.orion.ldap.internal.LdapServerServiceImpl.getLdapConnectionForDomain OrThrow(LdapServerServiceImpl.java:130)

                at com.mcafee.orion.ldap.internal.NtlmRoleManager.getGroupsForUser(NtlmRoleManager .java:125)

                at com.mcafee.orion.ldap.internal.NtlmRoleManager.loadRoles(NtlmRoleManager.java:6 2)

                at com.mcafee.orion.core.auth.DefaultRoleManager.reload(DefaultRoleManager.java:16 0)

                at com.mcafee.orion.core.auth.CompositeRoleManager.reload(CompositeRoleManager.jav a:84)

                at com.mcafee.orion.core.auth.OrionUser.reloadRoles(OrionUser.java:284)

                at com.mcafee.orion.core.auth.DatabaseUserLoader.loadRoles(DatabaseUserLoader.java :156)

                at com.mcafee.orion.core.auth.DatabaseUserLoader.getById(DatabaseUserLoader.java:7 1)

                at com.mcafee.orion.console.ui.user.EditUser.execute(EditUser.java:138)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)

                at java.lang.reflect.Method.invoke(Method.java:597)

                at com.mcafee.orion.core.servlet.mvc.MvcActionFactoryBase.executeAction(MvcActionF actoryBase.java:60)

                at com.mcafee.orion.core.servlet.ControllerServlet.executeAction(ControllerServlet .java:247)

                at com.mcafee.orion.core.servlet.ControllerServlet.processRequest(ControllerServle t.java:132)

                at com.mcafee.orion.core.servlet.ControllerServlet.doGet(ControllerServlet.java:10 0)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:627)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:269)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:188)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 213)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java: 172)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.ja va:525)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)

                at org.apache.catalina.valves.FastCommonAccessLogValve.invoke(FastCommonAccessLogV alve.java:482)

                at com.mcafee.orion.core.server.AjaxValve.invoke(AjaxValve.java:88)

                at com.mcafee.orion.core.server.OrionUserSetupValve.invoke(OrionUserSetupValve.jav a:54)

                at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:420)

                at com.mcafee.orion.core.server.OrionSingleSignOn.invoke(OrionSingleSignOn.java:11 3)

                at com.mcafee.orion.core.server.ParameterEncodingValve.invoke(ParameterEncodingVal ve.java:37)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:10 8)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)

                at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConn ection(Http11BaseProtocol.java:665)

                at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:5 28)

                at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorke rThread.java:81)

                at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:6 89)

                at java.lang.Thread.run(Thread.java:619)

      "

       

      Any help is appreciated.

       

      /Tremor/

        • 1. Re: Trouble using Windows authentication with ePO 4.5

          Any thoughts folks? I could really use some assistance with this problem.

           

          /Tremor/

          • 2. Re: Trouble using Windows authentication with ePO 4.5
            Laszlo G

            Did you register the AD or LDAP server under Registered Servers before trying to add a new user?

            • 3. Re: Trouble using Windows authentication with ePO 4.5

              Ulyses31,

               

              Thank you for your reply. Though your suggestion did not fix the problem, I had already registered my domain controller under registered servers, it did give me some fresh encouragement to tackle the problem. Turns out reading the manual more thoroughly is a big help.

               

              In the McAfee ePolicy Orchestrator 4.5 Product Guide in the Configuring Windows Authentication section on pages 37 and 38 I found the solution.

              https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 21000/PD21812/en_US/epo_450_product_guide_en-us.pdf

               

              Configuring Windows authentication:

              Before you begin

              To access the Windows Authentication page in the server settings, you must stop the ePolicy

              Orchestrator application service using these steps:

              1. From the server console, click Start | Settings | Control Panel | Administrative Tools | Services. The Services window opens.
              2. Right-click McAfee ePolicy Orchestrator Applications Server and select Stop.
              3. Rename the WinAuth.dll file to WinAuth.bak. (NOTE: In default installations, this file's location is C:\Program Files\McAfee\ePolicy Orchestrator\Server\bin.)
              4. Restart the server.

               

              Task

              For option definitions, click ? in the interface.

              1. Click Menu | Configuration | Server Settings, then select Windows Authentication from the Settings Categories list.
              2. Click Edit. The Edit Windows Authentication page opens.
              3. Specify whether to use Domain controllers or WINS server, using the DNS host name. (NOTE: You can specify multiple domain controllers, but only one WINS server. Click + to add additional domain controllers to the list.)
              4. Click Save.

               

               

              I also had to assign a Permission set to my user(s) before access was granted.

               

              -Tremor