on 09-08-2008 9:54 AM
Hi All,
We have successfully installed XI 3.0 with Vintela SSO configured.
Most users cna access InfoView without any problem, however there are the few that can't. When accessing InfoView, all they get is the InfoView logo at the top of the page and where the content of InfoView is supposed to be it just displays as a grey block - nothing is visible.
I have added the site to the browser's secuity --> sites list for these uers, but still nothing. I ahace checked their profiles and nothing strange here...
Anyone seen or fixed this before.
Thanks
Jacques
hmmm, somehow I missed this post.
There are a few issues that could affect single clients
1) HTTP header if the users belong to a very large # of AD groups, (over 50). If this is the case you will need to increase from 16384
2) Microsoft patch that forces port # in client request (this is noted in our knowledge base)
3) cached usernames in the control panel\user accounts\advanced in XP.
If the client machines can login after locking\unlocking their desktop then it could be a microsoft SSO issue as well(also noted)
Regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tim,
Thanks for the reply...
1) The user belongs to 3 AD groups;
2) I set maxHttpHeaderSize="32768" in the server.xml file ???
3) No cached usernames ? I can't see any in this location exept for Administrator.
4) Nope, tried this, no luck
....problem still exists. When I login to XP on the same machine, everything is fine, thus I am thinking it must be related to that specific user or profile on that machine.
so if the workstation failed for all users it's usually - 1233673 - Vintela SSO Login Fails for one or more client machines
but in your case if other users can do SSO on the same computer it's usually the control panel options. controlpanel\user accounts\advanced\manage passwords
What if that user logs into another computer (known working) ok?
It's possible the user account is sensitive and cannot be delegated (can be verified in mmc)
Let us know...
Regards,
Tim
Hi Tim,
If the user logs onto another computer (using same case as the "broken" pc) then they are able to access InfoView correctly.
There are also no entries under "manage passwords" section you mention.
I suspect is it very specific to that computer and user when logged on - I also reset all the browser setting back to the defaults - never the less, I think it is now an IT Desktop Support issue...
Thus far I only 2 users (known) with this problem.
Thanks
Jacques
Yep that does sound weird, including the error. It's never been tried for this issue but you can try clearing the java cache in control panel/java. Have you tried multiple browsers (IE and firefox)?
To troubleshoot issues like this typically if you open a message with support we can packet scan the client. The entire SSO process (except the passwords which are RC4 or DES encrypted) can be read with microsoft netmon or 3rd party scanner like ethereal/wireshark. Search the logs for the username or follow the protocols (in this case a kerberos filter or http would most likely contain the problem).
Regards,
Tim
The user's profile was dropped and recreated on the XP machine. At login the new profile was created and the issue seems to be resolved.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the reply Jacques, I've run into that before a few times when we couldn't isolate the problem until we zapped a profile. This is not desired of course. Since the issue occurs on the client where no BO software is actually installed it must be a 100% Microsoft issue. I'm hoping someone will escalate to Microsoft some time so we can figure out what is causing it.
Alls well that ends well I guess,
-Tim
Hi Tim, I implemented SSO Vintela 1 1/2 years ago, and is BEEN going perfectly to function until two days ago. In fact during next week end we have had to do rendom of our domain: from simple label "domain" to specified label "domain.local.
I modified: keytab, using ktpass, krb5, and web.xml of Infoview, and it's all OK.
The only one thing not functionally is logon from prompt: I acces on Infoview in SSO, but when I click Disconnect form Infoview, e reinsert my credential fron prompt, i not be able to logon. Before rendom ( microsoft ) i hadn't this problem. I be able to logon from prompt also.
Have you an idea?
Thanks
User | Count |
---|---|
80 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.