intersystem
Contributor
Contributor

FLR client not recognizing local admin account other than Administrator

Hi,

I have successfully deployed newest VDP appliance 5.8. It all works well. I can successfully manage vdp through Vcenter. All backup jobs are performed successfully.

The only problem we have is with FLR client login from Windows machines.. We are able to log in with local "Administrator" account but not with other local admin accounts.

I have created local account named vdp. Added this account to local administrators group. I was able to login to the workstation and have full admin privileges. I even removed the user from "users" group so it only belongs to "administrators" group on server. Basically it is all the same as Administrator account except the name.

Like I said before. I am able to log in to FLR client with local Administrator account credentials but we wanted to use another account if possible.

Below logs part from VDP logbundle:

2014-12-17 08:31:30,675 INFO  [http-nio-8543-exec-10]-common.GravityHelper: Gravity already initialized, skipping init.

2014-12-17 08:31:30,676 INFO  [http-nio-8543-exec-10]-i18n.LocalizationHelper: Unable to find a match for locale pl_PL, attempting next requested locale.

2014-12-17 08:31:30,677 INFO  [http-nio-8543-exec-10]-i18n.LocalizationHelper: Delivering locale 'en_US' and resource 'flr-flexclient-5.8.0-en_US.swf'

2014-12-17 08:31:32,078 INFO  [http-nio-8543-exec-17]-listeners.SessionListener: SESSION CREATED: 687A05A3C31568BEBFAF5FE7833B19EC

2014-12-17 08:31:32,079 INFO  [http-nio-8543-exec-17]-common.GravityHelper: Gravity already initialized, skipping init.

2014-12-17 08:31:39,304 INFO  [http-nio-8543-exec-12]-security.CustomSecurityService: Logging in via Custom Tomcat Security Service with charset UTF-8

2014-12-17 08:31:39,305 INFO  [http-nio-8543-exec-12]-common.AuthHelper: Initiating basic login.

2014-12-17 08:31:39,306 INFO  [http-nio-8543-exec-12]-common.AuthHelper: Attempting to login via client: [192.168.0.247]

2014-12-17 08:31:39,308 INFO  [http-nio-8543-exec-12]-adapter.AvCommonAdapter: Creating new web service connection for session Id: null

2014-12-17 08:31:39,337 INFO  [http-nio-8543-exec-12]-service.AdapterUtils: MCS Web Services URL: https://vdp.is.pl:9443/services/mcService  MCUserId="MCUser"

2014-12-17 08:31:39,383 INFO  [http-nio-8543-exec-12]-adapter.AvClientAdapter: Using vCenterClient cid: [a7a28b52a7aa38aac1d9b8dfc8caad4b26b85ecf] for vCenter: [vcenter.is.pl]

2014-12-17 08:31:39,403 INFO  [http-nio-8543-exec-12]-service.AdapterUtils: MCS Web Services URL: https://vdp.is.pl:9443/services/mcService  MCUserId="MCUser"

2014-12-17 08:31:39,537 INFO  [http-nio-8543-exec-12]-adapter.AvClientAdapter: Looking up loginClient by CID: [a7a28b52a7aa38aac1d9b8dfc8caad4b26b85ecf] and UUID: [50054b2a-6066-bf68-c015-d8569ef0c2ae]

2014-12-17 08:31:39,538 INFO  [http-nio-8543-exec-12]-adapter.AvCommonAdapter: Creating new web service connection for session Id: null

2014-12-17 08:31:39,560 INFO  [http-nio-8543-exec-12]-service.AdapterUtils: MCS Web Services URL: https://vdp.is.pl:9443/services/mcService  MCUserId="MCUser"

2014-12-17 08:31:39,968 INFO  [http-nio-8543-exec-12]-service.McsdkStubHandler: ServiceInstanceMoref desc=Service Id: urn:uuid:5BAA5CF7AC4E09BE981418801676606 name=urn:uuid:5BAA5CF7AC4E09BE981418801676606 value=SERVICE

2014-12-17 08:31:39,990 INFO  [http-nio-8543-exec-12]-adapter.AvClientAdapter: Using login client cid: fe12fcc09065bae51dbd6971adeac1b68ed1714b

2014-12-17 08:31:40,020 INFO  [http-nio-8543-exec-12]-common.AuthHelper: Authenticating client 192.168.0.247

2014-12-17 08:31:48,716 ERROR [http-nio-8543-exec-12]-common.AuthHelper: Unable to browse destination client /vcenter.is.pl/VirtualMachines/DB1 because :The username supplied is not a local administrator. Retrying ...

2014-12-17 08:31:58,363 ERROR [http-nio-8543-exec-12]-common.AuthHelper: Error while login The username supplied is not a local administrator

2014-12-17 08:31:58,364 WARN  [http-nio-8543-exec-12]-security.CustomSecurityService: FLR login attempt failed with error code: [invalid.credentials]

com.emc.flr.exceptions.LoginException

  at com.emc.flr.common.AuthHelper.doBasicLogin(AuthHelper.java:157)

  at com.emc.flr.security.CustomSecurityService.login(CustomSecurityService.java:67)

  at org.granite.messaging.amf.process.AMF3MessageProcessor.processCommandMessage(AMF3MessageProcessor.java:94)

  at org.granite.messaging.amf.process.AMF3MessageProcessor.process(AMF3MessageProcessor.java:61)

  at org.granite.messaging.amf.process.AMF0MessageProcessor.process(AMF0MessageProcessor.java:78)

  at org.granite.messaging.webapp.AMFMessageServlet.doPost(AMFMessageServlet.java:59)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)

  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

  at org.granite.messaging.webapp.AMFMessageFilter.doFilter(AMFMessageFilter.java:117)

  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:611)

  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

  at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)

  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

  at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)

  at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)

  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1686)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

  at java.lang.Thread.run(Unknown Source)

Logs states that user is not in local administrator group but it for 100% is as I have already checked that.

Any any thoughts?

Tags (3)
0 Kudos
7 Replies
inleo
Leadership
Leadership

Do You have VMware Tools installed at the machine in with You try to log in?

http://blog.inleo.pl @maciejlelusz
0 Kudos
intersystem
Contributor
Contributor

Yes we have. It all started after deploying newest 5.8 version of VDP. With the previous version all was working ok, but it's storage died so we had to deploy new instance of VDP. We have decided to move to 5.8 version and now only Administrator local account can login to FLR.

0 Kudos
v12n
Enthusiast
Enthusiast

I experienced the same problem today.

The local administrator account is default renamed to something else than Administrator. When  trying to login with this renamed local admin account, the error occurred.

The error message presented by the flr web page is: unable to authenticate client using provided local credentials

I renamed the local administrator account back to Administrator and everything started working.

I guess there is a bug somewhere in there VMware?

0 Kudos
intersystem
Contributor
Contributor

Hi, thanks for the hint Smiley Happy It's good to know that it is not only me experiencing this problem. I guess that this might be kind of bug - Looking for Administrator username instead of Administrators group. But someone from Vmware should speak. I also reported my problem to the support. They're investigating it. I will get back.

Milosz

0 Kudos
TomPreg
Contributor
Contributor

Jestem nieobecny w pracy do dnia 07-01-2015. Pilne sprawy proszę kierować na skrzynkę AdministratorzyNT.

Tomek Pręgowski

<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.pekao.com.pl&d=AwIFBA&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=WqnSQ812JDCBQNRS86muKhKGgk7sUIatqznZcqYQ0mU&m=GjLeX3l8nDi18Pgjv3B9FL31nMdmSXYVEe9_NFeeGso&s=OVYSGUJgwwsZy1-TN0K8stk-H5RCmDgyqWQwcdwkAdU&e= >

Bank Polska Kasa Opieki Spółka Akcyjna z siedzibą w Warszawie, ul. Grzybowska 53/57, 00-950 Warszawa, wpisany do rejestru przedsiębiorców w Sądzie Rejonowym dla m. st. Warszawy w Warszawie, XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS: 0000014843, NIP: 526-00-06-841, REGON: 000010205, wysokość kapitału zakładowego i kapitału wpłaconego: 262 470 034 zł. Niniejsza wiadomość jest przeznaczona wyłącznie dla wskazanego w niej odbiorcy i może zawierać informacje poufne. Jeśli nie są Państwo adresatem tej informacji prosimy o niezwłoczne poinformowanie o tym fakcie nadawcy pocztą elektroniczną pod adresem info@pekao.com.pl<mailto:info@pekao.com.pl> lub telefonicznie pod nr +48 22 656-00-00 oraz niekopiowanie i nieprzekazywanie tej wiadomości osobom nieupoważnionym. Dziękujemy.

Zanim wydrukujesz, pomyśl o środowisku

Bank Polska Kasa Opieki Spółka Akcyjna with its seat in Warsaw, at ul. Grzybowska 53/57, 00-950 Warsaw, entered in the register of entrepreneurs in the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, KRS: 0000014843, NIP: 526-00-06-841, REGON: 000010205, share capital (entirely paid) in the amount of PLN: 262 470 034. This e-mail message is intended only for the named recipient(s) above and may contain information that is privileged, attorney work product or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender by e-mail at info@pekao.com.pl<mailto:info@pekao.com.pl> or by telephone at +48 22 656-00-00 and refrain from copying or sending this message to unauthorized parties. Thank you.

Please, consider the environment before printing this e-mail

0 Kudos
Holge
Contributor
Contributor

please start your browser with "run as admin", than you can use your personal local admin credentials to login and restorer

0 Kudos
basteku73
Enthusiast
Enthusiast

Hi,

I think the problem is that "Administrator" account in Windows machines where UAC is enabled has higher priviliges. Try to disable UAC (restart is required). When it works in fact you dont have to disable UAC permanently, you can modify policy to give local administators more priviliges:

Local Security Policy --> Security Settings --> Local Policies --> Security Options

User Account Control: Run all administrators in Admin Approval Mode - set to Disabled.

Regards,

Sebastian

0 Kudos