Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

"Failed to open session to passthru server" after upgrading to windows server 2019

Go to answer
hoomanv
Confirmed Champ
Confirmed Champ

‎04-29-2020 04:20 AM

Hello,

We have been using alfresco community 5.2 edition with passthru authentication (Single Sign On) via windows server 2008 R2 without any issues. After upgrading to windows server 2019, passthru authentication fails with this exception.

org.alfresco.repo.security.authentication.AuthenticationException: 03291074 Failed to open session to passthru server
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:810)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:570)
        at sun.reflect.GeneratedMethodAccessor635.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
        at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
        at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at com.sun.proxy.$Proxy132.authenticate(Unknown Source)
        at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType1(BaseNTLMAuthenticationFilter.java:401)
        at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:303)
        at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:195)
        at sun.reflect.GeneratedMethodAccessor633.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:119)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at com.sun.proxy.$Proxy218.doFilter(Unknown Source)
        at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:743)
        at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:410)
        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
        at org.apache.jsp.index_jsp._jspService(index_jsp.java:100)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
        at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2549)
        at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2538)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
hoomanv
Confirmed Champ
Confirmed Champ
In response to hoomanv

‎04-29-2020 09:17 AM

Fixed by installing SMB 1.0/CIFS File Sharing Support

View answer in original post

8 REPLIES 8

Go to answer
angelborroy
Community Manager Community Manager
Community Manager

‎04-29-2020 05:43 AM

Windows 2019 support is only available in Alfresco 6.2.

Hyland Developer Evangelist
0 Kudos

Go to answer
hoomanv
Confirmed Champ
Confirmed Champ
In response to angelborroy

‎04-29-2020 06:01 AM

Alfresco is setup up on a CentOs machine and is configured to use Passthru authentication with our windows domain.

Users can login to Alfresco web interface with their windows accounts, that means LDAP authentication is fine.

But mapped drives to AOS are broken since the upgrade from Windows server 2008 to 2019.

0 Kudos

Go to answer
hoomanv
Confirmed Champ
Confirmed Champ
In response to hoomanv

‎04-29-2020 06:07 AM

I have not touched anything in alfresco-global.properties. Here's the configuration that used to be working

cifs.enabled=false
cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.sessionPort=1139
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138

authentication.chain=passthru1:passthru,ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm

synchronization.autoCreatePeopleOnLogin=false

ntlm.authentication.sso.enabled=true
ntlm.authentication.mapUnknownUserToGuest=false

passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=dc1.mycompany.com,dc2.mycompany.com

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@mycompany.com
ldap.authentication.java.naming.provider.url=ldap://dc1.mycompany.com:389

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=ldap_user@mycompany.com
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupSearchBase=ou\=Users,dc\=mycompany,dc\=com
ldap.synchronization.userSearchBase=ou\=Users,dc\=mycompany,dc\=com
0 Kudos

Go to answer
hoomanv
Confirmed Champ
Confirmed Champ

‎04-29-2020 06:22 AM

Does it have to do anything with SMB 1.0/CIFS File Sharing Support? This feature is not installed by default on Windows server 2019

0 Kudos

Go to answer
EddieMay
World-Class Innovator
World-Class Innovator
In response to hoomanv

‎04-29-2020 06:45 AM

Hi @hoomanv,

Windows 2019 support in 6.2 is actually a work in progress. 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
0 Kudos

Go to answer
hoomanv
Confirmed Champ
Confirmed Champ
In response to EddieMay

‎04-29-2020 06:55 AM

Well I'm still on 5.2, not 6.2

I'm not sure if microsoft has decided to drop NTLMv1 authentication on Windows server 2019, otherwise there is nothing I can think of that is preventing NTLM/Passthru authentication to work

0 Kudos

Go to answer
hoomanv
Confirmed Champ
Confirmed Champ
In response to hoomanv

‎04-29-2020 09:17 AM

Fixed by installing SMB 1.0/CIFS File Sharing Support

Go to answer
EddieMay
World-Class Innovator
World-Class Innovator
In response to hoomanv

‎04-29-2020 09:47 AM

Hi @hoomanv,

Great news that you resolved it - & thanks for reporting how, very useful to other users.

Cheers, 

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC
Top