Cannot login with AD credentials to portal

Showing results for 
Search instead for 
Do you mean 
Reply
Contributor I
Posts: 11
Registered: ‎04-24-2018
#1 of 4 841
Accepted Solution

Cannot login with AD credentials to portal

When trying to connect with any AD users to our portal we are denied access. This was working up until last Friday but as of Monday morning no one was able to log on. 

 

 snip_20180515145313.png

On the portal, it shows that out connectors are inactive. 

 

When I look on the connector I see that there is an error that it failed to connect to the Identity Platform because "The remote certificate is invaild according to the validation procedure."

snip_20180515145423.pngI have opened a support ticket and one of my co-workers has called on this issue and we have been given no options or suggestions. Any ideas on what could be causing this? 

 

Right now, no one in the company can login with AD, which is how all of the users are set up so we're dead in the water.

 

 

 

Centrify
Posts: 7
Registered: ‎07-06-2016
#2 of 4 833

Re: Cannot login with AD credentials to portal

[ Edited ]

Welcome back to the fourms! I would like to apologize in advance and I will be sure to raise the priority of the support issue your collegue as opened up. This is something we want to address quickly as the impact is large. 

 

Centrify is currently migrating the service the connector uses from Azure Service bus to TCPRelay. Have you already confirmed the neccessary ip's are allowed by your network for the connector to use the TCPRelay service. 

 

For reference:

https://centrify.force.com/support/Centrify_KB_ArtDetail?Id=kA0800000000Kp0CAE

 

Contributor I
Posts: 11
Registered: ‎04-24-2018
#3 of 4 827

Re: Cannot login with AD credentials to portal

Thank you for the response. 

 

The servers that the connectors are running on are Windows 2016. I didn't see any documentation about needing to enable TLS 1.1 and TLS 1.2 on those, only Windows 2008 and later.

 

I did add the rules for the TCPRelay US East IP addresses on our firewall, per the documentation, but the connectors are still receiving the error message and not active. I did not see any blocks on our firewall before or after adding the rules for that either.

 

Interestingly, since yesterday afternoon when I re-register the connector I see success for all checks (see attached picture). Up until yesterday afterrnoon the Certificate Check portion of the checks had a warning in the status.

 

 

Contributor I
Posts: 11
Registered: ‎04-24-2018
#4 of 4 826

Re: Cannot login with AD credentials to portal

Out connectors are both connecting now. There wasn't any changes made after the firewall changes. I was experiencing the issue until about five minutes ago when SSO logged me in with no issues.