Hi @zlegault ,
Usually this error is indicative that there has been a typo in the password, or the username has been incorrectly set up with the domain.
If you have triple checked these are both correct the next thing would be to confirm that this service account has read access to the domain controller?
Hi @zlegault ,
Usually this error is indicative that there has been a typo in the password, or the username has been incorrectly set up with the domain.
If you have triple checked these are both correct the next thing would be to confirm that this service account has read access to the domain controller?
I've confirmed the username and password more times than I care to check but to be sure I just reset it, tested the creds, then updated the FME server console with no change. What kind of access does it need for "read access to domain controller"? This is a bit vague even in the KB linked below, as read access tends to be fairly granular. Does the account just need remote access? Does it need to have delegate access to the domain in ACUC?
https://docs.safe.com/fme/2020.0/html/FME_Server_Documentation/WebUI/Create-AD-Server-Connection.htm
Hi @zlegault ,
Typically the search user just need to be a Domain Users, but in some cases the organisation will alter the default security and additional group roles such as Account Operators may be needed. Beyond that I would make sure you have supplied your search account as the Domain\\Username and that you are connecting directly to a single Domain Controller.
Hi @zlegault ,
Typically the search user just need to be a Domain Users, but in some cases the organisation will alter the default security and additional group roles such as Account Operators may be needed. Beyond that I would make sure you have supplied your search account as the Domain\Username and that you are connecting directly to a single Domain Controller.
So we have a search user, it's creds are correct, and it's already input as domain\account. All our authenticate goes to the same DC I've put in the host server.
When I check the logs, again, it can hit the host server just fine.
Thu-20-Aug-2020 01:41:42.111 AM INFORM pool-5-thread-1 408040 : (Active Directory) Configured to use simple authentication.
Thu-20-Aug-2020 01:41:42.111 AM INFORM pool-5-thread-1 408007 : (Active Directory) Authenticating user "domain.local\username"...
Thu-20-Aug-2020 01:41:42.113 AM INFORM pool-5-thread-1 408060 : (Active Directory) Successfully connected to HOSTSERVER.DOMAIN.local.
Thu-20-Aug-2020 01:41:42.117 AM ERROR pool-5-thread-1 408071 : Unable to authenticate with directory server with given credentials (49)
Thu-20-Aug-2020 01:41:42.117 AM ERROR pool-5-thread-1 408010 : (Active Directory) Exception: "80090308: LdapErr: DSID-0C090442, comment: AcceptSecurityContext error, data 52e, v3839 "
The above logs have had our domain and username cut out for security purposes but otherwise this is all I can see for the error - I can't seem to find much on final error though.
