cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I reset the password used for AD authentication?

Former Member

on ‎06-11-2012 6:59 PM

0 Kudos

Product: Crystal Server 2008.

I've had to reset the password for the account used for A/D authentication.

After a restart of the Server Intelligence Agent and WWW Publishing Service from the CCM console, I'm now receiving this message when I try to log on to the CMC:

The Active Directory Authentication plugin failed to verify the administration credentials for the user "administrator@mycompany.com". Please enter the user name as DomainName\UserName or UserName@DNS_DomainName, then try again.

There are no options to proceed past the error.

I have only one kind authentication allowed for the CMC: Enterprise, yet it still seems to be trying to do A/D authentication under the hood.

How to I change the password that the plug is using without the CMC?

Ken

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-11-2012 8:46 PM
0 Kudos

Additional info: I have not changed the service account password.

Show replies
Show replies
graham_sturmy
Active Participant
‎06-12-2012 11:15 AM
0 Kudos

Hi,

  Log into the CMC as the Administrator then go to Authentication.  Click the Windows AD tab and update the password here.  Ensure that the account within WinAD hasn't been disabled because of the login failures.

  I assume you do use WinAD logon for InfoView so you would still need it to be enabled (otherwise if you only ever use Enterprise for everything then you could just deselect the enable checkbox).

Regards,

Graham

Former Member
‎06-12-2012 2:19 PM
0 Kudos

That's what the documentation tells me to do -- I can't use the CMC -- that's where the message:

The Active Directory Authentication plugin failed to verify the administration credentials for the user "administrator@mycompany.com". Please enter the user name as DomainName\UserName or UserName@DNS_DomainName, then try again.

    

comes from. After issuing the message, the app stops.

I need a way to reset the data the plugin is using that doesn't involve the CMC.

All my reports have stopped running, so this is becoming urgent.

graham_sturmy
Active Participant
‎06-12-2012 2:29 PM
0 Kudos

Hi Ken,

  Got ya.  Usually you only get this error message when the user you are attempting to log into the CMC as has an AD alias associated with the Enterprise BOE user (even if you use Enterprise authentication).  Normally, if its a user that ONLY has an enterprise alias then it can log in.

  From the sounds of it you have tried the actual BOE Administrator user (rather than a user with Administrator rights) - normally that is the one I would suggest - do you have any other users with Administrator rights for the CMC that don't have an AD alias associated with them?

  Also do you know the previous password you had for the A/D authentication account.  Is is possible to set the AD password back to the original password or was it because the password was not known that it had to be changed? (not in BOE but actually for the Windows account)

Regards,

Graham

Former Member
‎06-12-2012 2:54 PM
0 Kudos

I have no other admin user -- just Administrator. It appears it's linked to our Domain Admin account -- that's the one where I just changed the password.

I've tried setting the password to what it was previously , then restarting the servers -- no go.

Do you know if there's any way to unlink the CE Administrator password from an A/D account (without using the CMC)?

K

graham_sturmy
Active Participant
‎06-12-2012 3:17 PM
0 Kudos

Hi Ken,

  I can't think of any straightforward way of doing this so my next reply is purely theory and you would need to ensure that you have a working backup of your CMS database before proceeding (taken with the CMS(s) stopped)

  The list of aliases is stored is stored in a table called cms_aliases6.  I would guess that if you removed references to the administrator user here then it would delink it from the ad alias.

  The ENTERPRISE Administrator user is always objectid 12 and in my (non AD configured) system I see an enter 'ObjectID'=12, AliasIsTruncated=0 and Alias='secenterprise#12.  So this is the normal one and you shouldn't delete it.

  Maybe there is another entry where the ObjectID=12 OR the alias is set as secenterprise#12 which is causing the administrator user to link to the an AD version of the user.  If you delete an entry from this table you should do it with the CMS stopped.

NOTE: I'm not 100% sure of the mechanism here so anything you do is at your own risk.  Under normal circumstances you should NEVER modify the CMS repository directly.  Finally I am not sure of the repercussions which is why the database backup is so important.

I would recommend that you open a message with support for proper troubleshooting of your problem.

Former Member
‎06-12-2012 5:36 PM
0 Kudos

No go with trying to remove rows from cms_aliases6. I removed the records for ObjectId=12, one at a time, each time stopping them and restarting the CMS server.

Will proceed to opening a case, but if anyone has any other thoughts, please join in !

Many thanks, Graham

Ken

Ask a Question