Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationRoot Domain Users - Some can log in, some canRoot Domain Users - Some can log in, some can't; failures
Previous
 
Next
New Post
3/17/2011 8:30 AM
 
Jeff M.


Joined: 7/30/2009
Posts: 422
Hello..
We're having a VERY odd issue.  Some of our domain root users can't log in, while other's have no issues at all logging in.

Part of our security scheme, we have departmental AD Universal groups created with their respective DNN security role (intranet site; so they only see their departmental pages).  Multiple users are assigned to the same departmental AD Universal group, but even then some can login without any issues while other can't; login failures.

Our external server (Server 2008 SP-2) is on the DMZ and the firewall only allows for it communicate with one of our Domain Controllers for authentication.

Does the AD Authentication know of all the different root domain controllers and try to authenticate with each and every one of them?

But, I'm not sure because it seems like different times, days, computers and the same user still can't log into the site using AD Authentication.

Thanks.. -Jeff
 
New Post
3/17/2011 9:36 AM
 
Jeff M.


Joined: 7/30/2009
Posts: 422
Using TCP View, here are the connections which are being made for the failed logins and the successful logins. 1.1.1.2 is the DMZ IP address of our webserver and 10.10.10.2 is the IP address of our domain controller.

FAILED Attempt:
w3wp.exe:3040 TCP 1.1.1.2:51654 10.10.10.2:3268 CLOSE_WAIT
w3wp.exe:3040 TCP 1.1.1.2:54681 10.10.10.2:3268 LAST_ACK
w3wp.exe:3040 TCP 1.1.1.2:56813 10.10.10.2:3268 ESTABLISHED
w3wp.exe:3040 TCP 1.1.1.2:56814 10.10.10.2:3268 ESTABLISHED

Successful Login:
lsass.exe:672 TCP 1.1.1.2:56815 10.10.10.2:135 ESTABLISHED
lsass.exe:672 TCP 1.1.1.2:56816 10.10.10.2:1026 ESTABLISHED
lsass.exe:672 TCP 1.1.1.2:56818 10.10.10.2:1026 ESTABLISHED
w3wp.exe:3040 TCP 1.1.1.2:51654 10.10.10.2:3268 CLOSE_WAIT
w3wp.exe:3040 TCP 1.1.1.2:56813 10.10.10.2:3268 ESTABLISHED
[System Process]:0 TCP 1.1.1.2:56814 10.10.10.2:3268 TIME_WAIT
[System Process]:0 TCP 1.1.1.2:56817 10.10.10.2:3268 TIME_WAIT
 
New Post
3/17/2011 10:00 AM
 
Jeff M.


Joined: 7/30/2009
Posts: 422
I copied our live environment over to our development side of the house and the same thing is occurring; same users still can't log into the system using AD credentials.

UGH..
 
New Post
3/17/2011 12:24 PM
 
Jeff M.


Joined: 7/30/2009
Posts: 422
This is the error which is occurring in our event log:
__________________________
AssemblyVersion: 5.6.1
PortalID: 9
PortalName: Intranet Site
UserID: -1
UserName: 
ActiveTabID: 1214
ActiveTabName: Secure Login
RawURL: /intranet/Home/SecureLogin/tabid/1214/Default.aspx?returnurl=%2fintranet%2fhome.aspx
AbsoluteURL: /Default.aspx
AbsoluteURLReferrer: https://%DOMAIN%/intranet/Home/SecureLogin/tabid/1214/Default.aspx?returnurl=%2fintranet%2fhome.aspx
UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.6; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; .NET CLR 1.1.4322)
DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider
ExceptionGUID: 37350465-eabd-4f7d-ac28-15aec8d01c3d
InnerException: Object reference not set to an instance of an object.
FileName: 
FileLineNumber: 0
FileColumnNumber: 0
Method: DotNetNuke.Authentication.ActiveDirectory.ADSI.Utilities.AddADSIPath
StackTrace: 
Message: System.NullReferenceException: Object reference not set to an instance of an object. at DotNetNuke.Authentication.ActiveDirectory.ADSI.Utilities.AddADSIPath(String Path, Path ADSIPath) at DotNetNuke.Authentication.ActiveDirectory.ADSI.Utilities.GetDomainByBIOSName(String Name) at DotNetNuke.Authentication.ActiveDirectory.ADSI.Utilities.GetUserEntryByName(String Name) at DotNetNuke.Authentication.ActiveDirectory.ADSI.ADSIProvider.GetUser(String LoggedOnUserName, String LoggedOnPassword)
Source: 
Server Name: WEBSERVER
 
New Post
3/17/2011 12:42 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865
Is this happening on automatic logins, manual logins, or both? What if the AD group is Global rather than Universal? And it's a Security group not a Distribution group right?
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationRoot Domain Users - Some can log in, some canRoot Domain Users - Some can log in, some can't; failures


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out