Solved

Can't Login Web Interface After Changing FME Server Service Account

ronnie.blair
Rank
Badge +10

We are using a Fault Tolerant configuration with 2 servers. We had to change the FME service account because the previous one could not register the ArcGIS Pro License. After changing the account, the new service account can no longer access the FME Web Interface. It is not the password, I can still log in the server using the account just not the web interface; error received is "(Directory Server) Failed to authenticate user "CN=fmeserviceaccountname,OU=SV,DC=ADS,DC=COT." The new service account was added to the FME service using the directory server. The account has permissions to login in as a service and has permission for the shared resource, both server drives and is used for the FME services on both servers. I thought I saw something about deleting the logs if the service account is changed, but I can not find the documentation now.

 

I found an entry when I bekive the service account was changed to the new service account.

Change Servic Account to use FME2022adsvcacct 

Afterwards, I cound no longer log in the web interface using the new service account.

FME2022adsvcacct Web Interface Login Errors

icon

Best answer by ronnie.blair 19 May 2022, 22:58

View original

6 replies

hkingsbury
Rank
Userlevel 5
Badge +29

Is your new account visible under the Users tab in the web interface? If not, you'll need to manually import it.

 

To do this, go to the Directory Servers pageimage 

Then click Import Users and find it there

image

Check out the Abley FME Firesides on Youtube: https://www.youtube.com/@ableyltd
ronnie.blair
Rank
Badge +10

Hkingsbury,

Thnk you for responding. The account is an existing user; it was added via the Directory Servers as you suggested. I could log in the Web Interface via the service account until the FME services were changed to use this new service account. Previously, the service account did not exist on the network and was not a user; it was added because of a licensing issue with ArcGIS Pro which required changing the FME service account since both application must use the same service account. ArcGIS Pro was uninstalled and reinstalled using the new service account, but the FME Server was installed using a diffeent service account which is why the service account had to be changed for the FME server.

hkingsbury
Rank
Userlevel 5
Badge +29

Hkingsbury,

Thnk you for responding. The account is an existing user; it was added via the Directory Servers as you suggested. I could log in the Web Interface via the service account until the FME services were changed to use this new service account. Previously, the service account did not exist on the network and was not a user; it was added because of a licensing issue with ArcGIS Pro which required changing the FME service account since both application must use the same service account. ArcGIS Pro was uninstalled and reinstalled using the new service account, but the FME Server was installed using a diffeent service account which is why the service account had to be changed for the FME server.

Worth reaching out to support on this - the live chat will be online for another 3-4 hours

Check out the Abley FME Firesides on Youtube: https://www.youtube.com/@ableyltd
ronnie.blair
Rank
Badge +10

hkingsbury,

I have come to the same conclusion. Thank you for your time.

 

siennaatsafe
Rank
Badge +9

Just an update for anyone else viewing this thread. We believe this may be caused by Channel Binding being set to Always which we currently do not support. More information on this can be found here. The workaround is to change Channel Binding to "When Supported".

ronnie.blair
Rank
Badge +10

When this issue began, I asked the Security Group if there were any restrictions that would prevent the service account from logging into the Web Interface because I noticed that the service account had been changed a few days earlier. After the change, the service account could no longer log into the FME Web Interface. The Security Group stated that no restrictions should prevent the account from logging in the Web Interface; Incidentally, the account could still log into the FME servers with no issues. The Fault Tolerant and HTTPS configurations are in place for this FME server.

 

I opened a chat session with Safe Software Tech Support who suggested adding all domain controllers to the Server Directory (FME Web Interface). My team stated that this was not the solution since the other ad accounts are not having an issue logging in the FME Web Interface. I worked with my team yesterday morning (5/18/22); they concluded that the Security Group probably has a restriction on the service account which is preventing it from logging in the FME Web Interface since they saw no issues with the service account or the FME installation. Since the account had been changed, I updated the service account to use the new format which was changed from a domain\\account format to an account@domain format. And restarted the FME services on both servers. Unfortunately, the service account still failed with an authentication error trying to log into the FME Web Interface.

 

I opened a ticket with our Security Group requesting that all service account

restrictions be removed. If the account is then able to log in the Web

Interface, the restrictions will be added one by one until we determine which

restriction is preventing the service account from logging in the FME Web

Interface and making a connection with the FME server via a web connection from

FME Workbench, e.g. down load workspaces or publish a workspace.

Once

the restrictions were removed, I could log in the Web Interface with the service

account from pc and from the FME servers.

 

I am still having an issue connecting to the database servers, but this may be due to a missing entry in the firewall since the connection fails from FME Workbench on the FME server as well but runs successfully from FME Workbench on my pc.

 

Thank you to everyone who attempted to help. I really appreciate your time.

 

Reply


Community Stats

28,662
Posts
109,328
Replies
36,530
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.