JustenC
Enthusiast
Enthusiast

Active Directory auth not working

Jump to solution

Hi,

Wondering if someone can help? We recently added 2 nodes to our Log Insight 4.0 cluster, going from 3 to 5 nodes, and expanded disks on the initial nodes so they all matched. All nodes show green and connected however we are having problems logging in to the cluster VIP using AD accounts which worked fine before all this. Logging into the individual appliance seems OK, maybe a bit slower. I paused the nodes one by one which moved the VIP around with no change. Presently the Master and VIP roles are on the same appliance. Logging in with local default admin is fine via the VIP.

If there is anything I can look into or more info I can provide, let me know?

Thanks in advance for any suggestions.

Charlie Ferreira

1 Solution

Accepted Solutions
vmovsisyan
Enthusiast
Enthusiast

could you provide more details? like

- more context & log snippet for the "auth failed" you quoted; corresponding logs from AD side

- or open SR attaching support bundle, and AD logs

if confident/possible and have backups, maybe even try disconnect AD from li, clear AD users (pls have a look at https://kb.vmware.com/kb/2120135  for cql & tables), reconnect?

also worth checking if related to multiple AD servers (if applicable)

View solution in original post

0 Kudos
5 Replies
admin
Immortal
Immortal

Have you tried to reset all nodes and see if they are all able to see other nodes once they are back up? Would you rather we take a quick look over webex? If yes please send email so we can schedule a call.

Thanks.

0 Kudos
JustenC
Enthusiast
Enthusiast

Hi thanks for responding!

We built the 3 new ones then cycled the initial 2 to add storage. Should that have taken care of a reset or should we run another round of reboots to be sure? The cluster looks healthy from the cluster admin screen. We can set up a call if you want. If you'd like me to try a round of reboots first, we can do that also?

Charlie

0 Kudos
JustenC
Enthusiast
Enthusiast

I believe I have it figured out. The newer nodes don't, or didn't, replicate the AD auth password, Only the configuration and username. Re-enter the password on just the new nodes and seems to be working

Charlie

JustenC
Enthusiast
Enthusiast

It is still an issue.

Since this morning we are getting 'Active Directory Failure' emails from log insight. Active Directory failure, : Log Insight cannot connect to the Active Directory server. Error message: [ ]

They are all on the same subnet, so it's not a firewall. We are back to sometimes Log Insight lets you in and sometimes it does not. Local accounts work fine.

0 Kudos
vmovsisyan
Enthusiast
Enthusiast

could you provide more details? like

- more context & log snippet for the "auth failed" you quoted; corresponding logs from AD side

- or open SR attaching support bundle, and AD logs

if confident/possible and have backups, maybe even try disconnect AD from li, clear AD users (pls have a look at https://kb.vmware.com/kb/2120135  for cql & tables), reconnect?

also worth checking if related to multiple AD servers (if applicable)

0 Kudos