https://connect.hyland.com/t5/alfresco-archive/kerboros-ldap-lost-primordial-admin-account-access/m-p/284870#M238000 <HTML><HEAD></HEAD><BODY><SPAN>I've updated to 4.2.e and it has fixed the Kerberos SSO problems which is working fine now.&nbsp; However I've lost access to the built-in "admin" user. </SPAN><BR /><SPAN>I don't get a peep in the alfresco or share logs but this shows up in the catalina.out log.&nbsp;&nbsp;&nbsp; My authentication chain is now limited to kerberos and ldap, am I require to include something else for the built in account?&nbsp;&nbsp; I'm able to work around the problem by using a kerberos key which specifies admin users but would like to resolve this.&nbsp;&nbsp; I'm positive that I know the password,&nbsp; the alfresco_user_store.adminpassword key has the same value as my old 4.2d install so I would assume this verifies I do know the password.&nbsp; </SPAN><BR /><BR /><SPAN>Any ideas on what could be wrong.</SPAN><BR /><SPAN>&lt;code&gt;</SPAN><BR /><SPAN> Dec 23, 2013 11:44:13 AM org.apache.catalina.core.StandardWrapperValve invoke</SPAN><BR /><SPAN>SEVERE: Servlet.service() for servlet [wcapiServlet] in context with path [/alfresco] threw exception</SPAN><BR /><SPAN>java.lang.IllegalStateException: Cannot create a session after the response has been committed</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.connector.Request.doGetSession(Request.java:2886)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.connector.Request.getSession(Request.java:2316)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:898)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:910)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.web.app.servlet.AuthenticationHelper.setupThread(AuthenticationHelper.java:116)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.web.app.servlet.WebscriptCookieAuthenticationFilter.doFilter(WebscriptCookieAuthenticationFilter.java:56)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.GeneratedMethodAccessor454.invoke(Unknown Source)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.lang.reflect.Method.invoke(Method.java:606)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:125)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.proxy.$Proxy297.doFilter(Unknown Source)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1810)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.lang.Thread.run(Thread.java:724)</SPAN><BR /><SPAN>&lt;code&gt;</SPAN></BODY></HTML> Mon, 23 Dec 2013 18:00:55 GMT deisenlord 2013-12-23T18:00:55Z https://connect.hyland.com/t5/alfresco-archive/kerboros-ldap-lost-primordial-admin-account-access/m-p/284870#M238000 I've updated to 4.2.e and it has fixed the Kerberos SSO problems which is working fine now.&nbsp; However I've lost access to the built-in "admin" user. I don't get a peep in the alfresco or share logs but this shows up in the catalina.out log.&nbsp;&nbsp;&nbsp; My authentication chain is now limited to kerberos and ld Mon, 23 Dec 2013 18:00:55 GMT https://connect.hyland.com/t5/alfresco-archive/kerboros-ldap-lost-primordial-admin-account-access/m-p/284870#M238000 deisenlord 2013-12-23T18:00:55Z https://connect.hyland.com/t5/alfresco-archive/kerboros-ldap-lost-primordial-admin-account-access/m-p/284871#M238001 <HTML><HEAD></HEAD><BODY><SPAN>Simply adding AlfrescoNtlm back into my chain at the end resolved my problem.&nbsp; I assume this is by design?</SPAN></BODY></HTML> Mon, 23 Dec 2013 19:22:52 GMT https://connect.hyland.com/t5/alfresco-archive/kerboros-ldap-lost-primordial-admin-account-access/m-p/284871#M238001 deisenlord 2013-12-23T19:22:52Z https://connect.hyland.com/t5/alfresco-archive/kerboros-ldap-lost-primordial-admin-account-access/m-p/284872#M238002 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>Sorry to only drop by after your problem have already been solved.</SPAN><BR /><SPAN>And yes, you guessed right, it's by design.</SPAN><BR /><SPAN>AlfrescoNTLM is to handle some users locally in Alfresco. And the built-in admin user is one of them.</SPAN><BR /><SPAN>So if you take NTLM out of your chain, it will try to authenticate the "admin" user in your other systems but will never fallback to NTLM where the built-in admin user is stored.</SPAN></BODY></HTML> Thu, 02 Jan 2014 14:20:27 GMT https://connect.hyland.com/t5/alfresco-archive/kerboros-ldap-lost-primordial-admin-account-access/m-p/284872#M238002 scouil 2014-01-02T14:20:27Z