/build/static/layout/Breadcrumb_cap_w.png

KACE Product Support Question


Browser user/pass popup when accessing K1000 box

05/04/2020 334 views

We recently updated our K1000 machine, and afterwards errors appeared when logging in with the browser. When using user or admin interface it failes and prompts with the following security question (in edge, chrome and firefox). 

wD09AYpYw7VZQAAAABJRU5ErkJggg==

The url has sso/index.php in it. When cancelling this box, the default kace login prompt is asked and when entering credentials we can login.

When testing the ldap settings, it is ok. 


When checking the logs i see in the server error logs:

[auth_vas4:error] [pid 97206:tid 34382624000] [client *******5:57486] initialize_user: Failed to initialize user for user@upn: No error message available


and in the user authenticated log:

[2020-05-04 12:03:31 +0200] AUTH [info] user - ******* - adminui - Default - LDAP - success

[2020-05-04 12:03:31 +0200] AUTH [info] user - ******* - adminui - Default - systemui Local Authentication - failed

I do not know if these messages has anything to do with it, but it shows the ldap authentication is working.


When i enter credentials in the popup of the browser, the page is not shown (This page can’t be displayed), when refreshing the page, the login page of the appliance is shown and we can login with ldap credentials.


Can you help to troubleshoot. 


Thanks in advance.

Answer Summary:
0 Comments   [ + ] Show comments

Comments


Answer Chosen by the Author

0

With the help of support we figured it out. We ended up in rejoining the machine into the AD, and adding a second serverprincipalname to the supportdesk-http account. After that the SSO was working. 

Thanks for your help! 

Answered 05/14/2020 by: bleeuwen
White Belt

All Answers

0

It appears that you may have SSO enabled in  Settings › Control Panel › Security Settings.

Have you verified the SSO settings or disabled SSO to see if the issue goes away?


Answered 05/04/2020 by: KevinG
7th Degree Black Belt

  • Thanks, but when i disable the settings here, i need to use local accounts. I do want to use Active directory accounts, so shouldn't i keep the single sign on enabled here?
  • SSO is now disabled and the errors is not there anymore. Only issue is that we do need to login now (better then a login popup or error)
0

We are trying to unjoin/join the domain again. But we are running into issues. The unjoin does not work and gives the following error: KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realm. Reason: unable to reach any KDC in realm ****


Network settings have been setup right and the server should be able to connect to the DC's (otherwise we can't use LDAP i guess). I can't find the machine in the domain. Is this because the machine unjoined but isn't aware of it?

Answered 05/06/2020 by: bleeuwen
White Belt

0

KRB5_KDC_UNREACH  May be a DNS issue.

You may want to verify that you are using the correct DNS server in your network setting in the appliance and that it is reachable from the SMA.

Answered 05/06/2020 by: KevinG
7th Degree Black Belt

  • They should be reachable, but how can i check this within the K1000? LDAP authorizations and other functions are working fine, therefore i recon the network should not be a problem.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ