0 votes

We have multiple secondary domains that are being managed by Adaxes. Everything seems to be working except self service portal login. We tested with our other secondary domains and those work. I don't see any errors other than sign failed. What else can I look at to figure this out?

by (2.3k points)
0

Hello,

Please, post here or send us (support[at]adaxes.com) a screenshot of the error.

Also, for troubleshooting purposes, you can enable tracing of Web Interface requests and send us the output file. To do so:

  1. Navigate to the folder where Adaxes Web Interface is installed. By default, the folder is C:\Program Files\Softerra\Adaxes 3\Web Interface.
  2. Open the App folder.
  3. Open the Web.config file with a text editor.
  4. Locate the configuration\adaxes.web.ui\trace XML element.
  5. Set the enabled attribute to TRUE.
  6. Specify the path to the file in the filePath attribute.
<adaxes.web.ui adaxesConfigurationSetId="">
   <trace enabled="true" filePath="C:\logs\adaxes.webui.trace.txt" data-tomark-pass />
</adaxes.web.ui>
  1. Save the file.
  2. Reproduce the issue and send us the log file.
0

Here is the error: image.png

I will turn on the tracing and get you that result shortly.

0

I uploaded the zip to the ftp site you sent. For some reason, I can't respond to the private message.

1 Answer

0 votes
by (216k points)

Hello Mark,

Thank you for the provided details. The "Unknown username, bad password or you are not allowed to log in" message appears when the When a login error occurs, do not show the reason and the number of login attempts left (checked) option is selected in the Sign In settings for the Web Interface. For details, see https://www.adaxes.com/tutorials_WebInterfaceCustomization_PreventBruteForceAttacks.htm. Please, disable the option and check whether the issue persists. If you get a different error message, please, post here or send us a screenshot.

0

Thank you for scheduling a session. I am central time zone. I have tomorrow (10/29) open from 1pm to 5pm. I have Monday (11/2) open from 10am to 11:30am or 1:30pm to 5pm. I have Tuesday (11/3) open from 10am to 3:00pm.

Yes my email address in my profile will work.

0

Hello Mark,

Thank you for specifying. We scheduled the WebEx meeting for Monday, November 2, at 10:00 AM CST (UTC -6). You should receive the invitation shortly.

0

Hello Mark,

This is a follow-up message to our WebEx meeting. Could you, please, clarify the functional level of the primary and secondary domains? Also, for troubleshooting purposes, you can allow only TLS 1.2 on the servers where your Adaxes services run and check whether the issue persists.

As the issue is related to Kerberos authentication, you can try to install another instance of Adaxes service in the secondary domain sharing common configuration with the existing ones and check whether the issue persists. Kerberos authentication within one domain should work just fine.

0

Primary and Secondary domain is Windows Server 2012 R2.

TLS 1.2 is enforced on both.

How would installing a service in the secondary domain work with our other domains? Can it manage just the one domain?

I am still trying to get a firewall resource to comb through the logs.

0

Hello Mark,

Primary and Secondary domain is Windows Server 2012 R2. TLS 1.2 is enforced on both.

Thank you for the provided details.

How would installing a service in the secondary domain work with our other domains? Can it manage just the one domain?

An instance of Adaxes service can be configured to manage only specific domains, but the approach will not work in your environment because of load balancing. The thing is that information about registered domains is replicated between the instances of Adaxes service that share common configuration and an instance of Adaxes Web Interface can connect to the service where the domain should not be managed. In this case, management of other domains will not be possible for the users who should be able to do it. On the other hand, if all your domains are managed via an instance of Adaxes service that shares common configuration with other ones and resides in the secondary domain, the domains management will be performed the same way as it works now. So, there is no reason to limit the domains managed via an instance of Adaxes service.

Before installing an instance of Adaxes service in the secondary domain, you can try to install only an instance of Adaxes Web Interface and check whether the issue persists.

Related questions

0 votes
1 answer

This is issue has been going on for awhile with worsening symptons. We opened up this ticket awhile back when it was just the web interface that wouldn't work and after ... to get to the bottom of this. Having a separate install is not a viable option.

asked Jul 1, 2021 by mark.it.admin (2.3k points)
0 votes
0 answers

Hi Evryone, I am trying to set up an external portal within a new webserver on dmz, and with only access to a webservice created from selfservice. The new webservice is only ... login, only reset password. What I am mising there that its not working? Thanks,

asked Nov 26, 2021 by yagoityd (20 points)
0 votes
1 answer

We are trialing Adaxes and are wondering the following two things are possible. Is it's possible to have the order of Authentication methods adjusted ? Is it possible to import an ... 't look to exist, but would it be viable to add them as feature requests ?

asked Jul 6, 2020 by dgrandja (70 points)
0 votes
1 answer

Hi! In 2019.2 new feature was introduced to use Microsoft Authenticator to validate the password self-service. Is it possible to connect it to existing MFA in ... Authenticator - one company account and another one generated by Adaxes after enrollment. Thanks!

asked Oct 30, 2019 by Dmytro.Rudyi (920 points)
0 votes
0 answers

We have followed your instructions to set up the password self service and we got it to work on windows 10 but the link does not show up on windows 11. is there something we can do to get the link to show up?

asked May 1 by rechevarria (40 points)
3,535 questions
3,225 answers
8,218 comments
547,712 users