Home Analyst Portal

Unable to log into portal on new install

Greg_TateGreg_Tate Customer IT Monkey ✭
edited July 2016 in Analyst Portal

After installing the portal I am unable to sign in.
Have tried forms-based authentication and windows integrated authentication.

CacheBuilder.log states that the analyst, knowledge manager, and asset manager groups are invalid.
Group names initially had spaces. I replaced the spaces with periods but still no dice.

WebConsole.log indicates the following:

"LoginAccessDenied Missing localization value for requested Key."

Do I need to introduce these groups as a user role in SCSM first?

Edit: found the verbose logging article here: https://support.cireson.com/KnowledgeBase/View/34#/

The log now indicates that my user name does not exist in the cache. Here's the message: "The user must be added to the SCSM DB and then synchronized to the cache via the cache builder service."

Going down this route now.

Edit: still stuck on this. Welcome any and all ideas!

Comments

  • Dakota_GreenDakota_Green Member Advanced IT Monkey ✭✭✭
    Greg,

    Can you perform the following:

    1. Re-run your AD Connector(s)
    2. Restart your Cache Builder service.
    3. If the above doesn't work, restart your Portal server (or the server that houses the Cache Builder)


  • Greg_TateGreg_Tate Customer IT Monkey ✭

    Thanks for the assist.

    I just inherited this environment and found out that the AD Connector wasn't syncing the objects in questions, particularly the newly-created groups for the portal access.

    I was able to resolve by adjusting the sync scope to include these objects.

  • Dakota_GreenDakota_Green Member Advanced IT Monkey ✭✭✭
    Hey Greg,

    Funny how things we less suspect is always the problem, right? But I'm glad you got this resolved.
  • Bernics_GaborBernics_Gabor Member IT Monkey ✭
    Hi,

    I have similar problem with a new instance of the latest Analyst Portal.

    I am trying run the AD connectors, restart CacheBuilder and server - not solved.

    User and groups are exits in CMDB, MS Self-Service Portal works fine.

    Have you any idea?

    Regards,
    Gabor

    CacheBuilder logs:

    2017-04-09 21:08:26,565, ERROR [   4]:  The analyst group is invalid (SCSM_ADMINS).

    2017-04-09 21:08:26,659, ERROR [   4]:  The knowledge manager group is invalid (SCSM_ADMINS).

    2017-04-09 21:08:26,659, ERROR [   4]:  The announce manager group is invalid (SCSM_ADMINS).

    2017-04-09 21:08:26,659, ERROR [   4]:  The asset manager group is invalid (SCSM_ADMINS).

    2017-04-09 21:08:26,659, ERROR [   4]:  The announcement manager group is invalid (SCSM_ADMINS).


    Portal logs:

    2017-04-09 21:46:56,742, DEBUG [  44]:  Checking the cache for the existence of user with username: Gabor.Bernics, and group: EVOSOFT

    2017-04-09 21:46:56,907, DEBUG [  44]:  Username 'Gabor.Bernics' does not exist in the cache.  The user must be added to the SCSM DB and then synchronized to the cache via the cache builder service.

    2017-04-09 21:46:56,908, DEBUG [  44]:  Database instance disposed 46950747

    2017-04-09 21:46:56,910, DEBUG [  44]:  Database instance created 42368433 EVOSOFT\Gabor.Bernics

    2017-04-09 21:46:56,910, DEBUG [  44]:  Retrieving ConsoleUser from datastore for windows auth EVOSOFT\Gabor.Bernics

    2017-04-09 21:46:56,911, DEBUG [  44]:  Unable to retrieve ConsoleUser from datastore for windows auth EVOSOFT\Gabor.Bernics

    2017-04-09 21:46:56,911, DEBUG [  44]:  Retrieving ConsoleUser from datastore for windows auth EVOSOFT\Gabor.Bernics

    2017-04-09 21:46:56,911, DEBUG [  44]:  Unable to retrieve ConsoleUser from datastore for windows auth EVOSOFT\Gabor.Bernics

    2017-04-09 21:46:56,911, DEBUG [  44]:  Console User not found in Custom Authorization Filter

    2017-04-09 21:46:56,912, DEBUG [  44]:  Database instance disposed 42368433 EVOSOFT\Gabor.Bernics

    2017-04-09 21:47:02,043, DEBUG [  49]:  Database instance created 39457272

    2017-04-09 21:47:02,044, DEBUG [  49]:  Checking the cache for the existence of user with username: Gabor.Bernics, and group: EVOSOFT

    2017-04-09 21:47:02,045, DEBUG [  49]:  Username 'Gabor.Bernics' does not exist in the cache.  The user must be added to the SCSM DB and then synchronized to the cache via the cache builder service.

    2017-04-09 21:47:02,046, DEBUG [  49]:  Database instance disposed 39457272

    2017-04-09 21:47:02,047, DEBUG [  49]:  Database instance created 12065861 EVOSOFT\Gabor.Bernics

    2017-04-09 21:47:02,047, DEBUG [  49]:  Retrieving ConsoleUser from datastore for windows auth EVOSOFT\Gabor.Bernics

    2017-04-09 21:47:02,047, DEBUG [  49]:  Unable to retrieve ConsoleUser from datastore for windows auth EVOSOFT\Gabor.Bernics

    2017-04-09 21:47:02,047, DEBUG [  49]:  Retrieving ConsoleUser from datastore for windows auth EVOSOFT\Gabor.Bernics

    2017-04-09 21:47:02,047, DEBUG [  49]:  Unable to retrieve ConsoleUser from datastore for windows auth EVOSOFT\Gabor.Bernics

    2017-04-09 21:47:02,047, DEBUG [  49]:  Console User not found in Custom Authorization Filter

    2017-04-09 21:47:02,048, DEBUG [  49]:  Database instance disposed 12065861 EVOSOFT\Gabor.Bernics



  • john_doylejohn_doyle Cireson Support Ninja IT Monkey ✭✭✭✭
    edited April 2017
    Hi Gabor,

    What results do you get from this query against the ServiceManager database?

    DECLARE @GroupName nvarchar(30) = 'SCSM_ADMINS';
    DECLARE @DomainName nvarchar(30)
    DECLARE @Sql nvarchar(MAX);
    DECLARE @UsernameColumnName nvarchar(100);
    SELECT @UsernameColumnName = COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
    WHERE TABLE_NAME = 'MT_System$Domain$User' AND TABLE_SCHEMA='dbo' AND COLUMN_NAME LIKE 'UserName%'
    
    DECLARE @DomainColumnName nvarchar(100);
    SELECT @DomainColumnName = COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
    WHERE TABLE_NAME = 'MT_System$Domain$User' AND TABLE_SCHEMA='dbo' AND COLUMN_NAME LIKE 'Domain%'
    
    SET @Sql = 'SELECT u.'+@UsernameColumnName+', ub.*, b.BaseManagedEntityId 
        FROM MT_Microsoft$AD$UserBase ub
        INNER JOIN BaseManagedEntity b ON b.BaseManagedEntityId = ub.BaseManagedEntityId
        INNER JOIN MT_Microsoft$AD$Group ad ON ad.BaseManagedEntityId = b.BaseManagedEntityId
        INNER JOIN MT_System$Domain$User u ON b.BaseManagedEntityId = u.BaseManagedEntityId
        WHERE b.IsDeleted = 0
        AND (
    		u.' + @UsernameColumnName + ' LIKE '''' + @GroupName + ''''
        )
    	AND (
    		u.' + @DomainColumnName + ' LIKE '''' + @DomainName + ''''
    		OR @DomainName = '''' OR @DomainName IS NULL
        )';
    
    EXEC sp_executesql @Sql, N'@GroupName nvarchar(100), @DomainName nvarchar(100)', @GroupName, @DomainName;

  • john_doylejohn_doyle Cireson Support Ninja IT Monkey ✭✭✭✭
    The above query is how we identify the group in the ServiceManager db. The query should only return one result. If it returns more than one you will have to clean up the entries in SCSM.
  • Bernics_GaborBernics_Gabor Member IT Monkey ✭
    Hi John,
    Thank you for your support!
    I answered in the offical case and I will share the solution in this topic.
  • Nathan_ErdmanNathan_Erdman Customer IT Monkey ✭
    Bernics_Gabor can you post the link to the solution? Having the same issue.
  • Ben_McGarryBen_McGarry Customer IT Monkey ✭
    Is there any chance the solution to this problem could be shared please?  Our users cannot access the live self-service portal and are being continuously prompted for a username and password.  The same errors as above are in the portal log: "DEBUG [  44]:  Unable to retrieve ConsoleUser from datastore for windows auth".  Thanks.
Sign In or Register to comment.