Jump to content

Recommended Posts

Posted

ISSUE:

When attempting to log into Passwordstate, you may get an access denied message.  Or, when syncing security groups, it fails with a general error page. Upon further investigation, you find in the Error Console or the Application event logs on your Passwordstate web server an error which contains "Server not Operational".

 

Specific error messages could be:

 

- Failed to authenticate UserID of 'domain\user'. Error = The server is not operational.

- Failed 'Active Directory' login attempt for UserID 'domain\user' from the IP Address '172.18.37.55'. Possible incorrect Username or Password, or this could also be caused by restricted Logon Hours in Active Directory.

 

POSSIBLE FIXES:

We'll run through a few different possible fixes for this, as the error of “Server is not operational” means Passwordstate cannot communicated with your domain. This is the error that is returned from the .NET Framework, and it gives us no indication as to why, ie it's very generic.

 

TEST 1:

In you Passwordstate UI, go to Administration -> Active Directory Domains and check your domain details are still current:

2021-10-14_14-04-11.png

 

To Confirm if these values are correct:

 

  • Open a command prompt on your computer and type set userdomain, and then set userdnsdomain
  • The NetBIOS Name for your Active Directory settings should match the result of set userdomain
  • FQDN should match the result of set userdnsdomain
  • The LDAP Query String for your Active Directory settings should match the result of set userdnsdomain. e.g. dc=clickstudios,dc=com,dc=au for the domain clickstudios.com.au

 

 

 

TEST 2:

Whilst one the Same Screen, as a test, change the Protocol to LDAP, if you have it to LDAPS and save this change.  Does this fix the issue?

2021-10-14_14-04-12.png

 

 

 

TEST 3:

Whilst on the same screen, check to see if you have hardcoded a domain controller using the IP Address as per screenshot below.  Unfortunately you cannot use IP Addresses in this field, and will need to use a FQDN for yoru domain controller instead.  Either remove this server all together, or set the server in FQDN format and ensure that FQDN is resolvable when logged into your Passwordstate web server. 

2021-10-22_13-24-20.png

 

 

TEST 4:

Log into you Passwordstate web server, and do two open port tests to you domain.  Example of this in Powershell is:

 

LDAPS TEST:

test-netconnection <mydomain> -Port 636

 

LDAP TEST:

test-netconnection <mydomain> -Port 389

 

Depending on which protocol you have configured for your domain as per TEST 2 above, then this port should be open.  If it is closed, please investigate firewalls blocking access.

 

 

 

TEST 5:

If using LDAPS, ensure your CA Certificate on you Passwordstate web has not expired.  If your Passwordstate web server is not joined to your domain, then it's possible the domain certificate did not renew automatically.  A valid certificate is required to perform the handshake with the domain.

 

 

 

TEST 6:

Check the user account in Active Directory does not have specific logon hours set:

2021-10-14_14-18-37.png

 

 

Test 7:

Reboot your Passwordstate web server.  If there is a pending reboot for a Windows patch, this can cause issues connecting to your domain.  

 

 

If we find any other solutions/tests to this issue, we'll update this forum post.

 

Regards,

Support.

 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...