This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Directory authentication stops working at random times. AP server requires a restart to restore LDAP Enhanced functionality across two domains

Jay_MacVean
Star Collaborator
Star Collaborator

‎01-09-2019 08:11 AM

We have a situation where active directory authentication suddenly and randomly quits working on an AP server for a large customer base that has two domains.

This seemed to have started after a business merger when the second domain was added but it didn't show up right away. Occasionally in the middle of the day and without warning users are unable to login with NT credentials. Even logging in with a thick client on the AP server using the -AL switch can take many minutes or timeout and fail. Through trial and error we've found that an AP Server restart resolves the issue for a week or so and then the problem can reoccur.


We are looking for advice on how to troubleshoot the Active Directory login failure from the AP Server to the two domains. So far we've not uncovered any firewalls, blocked ports, KB updates that could trigger the problem. It seems to occur in the middle of the work day without regard to an external event.

Labels:
0 Kudos
3 REPLIES 3

Ryan_Wakefield
World-Class Innovator
World-Class Innovator

‎01-09-2019 08:18 AM

I'm not sure if this helps, but here is another forum post that sounds very similar to what you are experiencing. It might not be exact, but could help in guiding you to the right area.


https://community.hyland.com/forum/threads/63696-random-issue-causing-all-web-unity-client-logons-to...

0 Kudos

AdamShaneHyland
Employee
Employee

‎01-09-2019 09:12 AM

Hi Jay.

By restarting, I'm assuming you mean that you are restarting the server, not the Application Server Application Pool. My guess is that there is a domain controller issue at play here. This would be consistent with issues I have seen in the past. Essentially the domain controller which the Application Server is connecting to (or your workstation is connecting to which is why you are seeing the issue with the OnBase Thick Client) is not responding to requests successfully. You would likely be able to follow the traffic using Wireshark or a packet monitoring tool. Restarting the server will either establish a new connection to the domain controller OR connect to a different domain controller all together.

Further, if you wanted to watch the authentication process with the OnBase Thick Client, you could add the -V (SQL,T is not needed since we are not looking for SQL traffic) switch to the command line and then browse out to the temp parse directory (Start | Run | %temp%) to see the verbose log. With the Core, you can see these logs by enabling the LDAP mailslot in the Application Server web.config (or WAMCon). This would also require enabling the Diagnostics Console LDAP/NT tab or logging the Diagnostics Service to file.

Best wishes.

0 Kudos

AdamShaneHyland
Employee
Employee
In response to AdamShaneHyland

‎01-09-2019 09:17 AM

Also, the post which Ryan noted appears to come to the same conclusion.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC