/build/static/layout/Breadcrumb_cap_w.png
01/25/2019 295 views

We have an instance of KACE running on a K1000 that single sign on is no longer working on. We have the URL of the K1000 in the "Local Intranet" sites and have configured the Internet options to use the current credentials for login on Intranet sites. In the Advanced options, "Enable Integrated Windows Authentication" is checked.

On the KACE side, the K1000 has been joined to the domain and the single sign on option is set to "Active Directory". LDAP is connecting successfully as KACE is able to read the ~500 accounts located in the Base DN.

Any assistance on next steps would be extremely helpful.

3 Comments   [ + ] Show comments

Comments

  • Take some time to review this article:

    https://support.quest.com/kace-systems-management-appliance/kb/111863/troubleshooting-single-sign-on-sso-for-the-kace-sma
    • We have worked through this article and none of the suggestions worked for us
  • Was it working previously? Did anything change on k1 side?
    • SSO had been working previously for over a year at least. There has not been any changes on the k1000.
  • During low access time-frames, try to check the Access Logs, Settings > Appliance Logs, it should have info. about failed SSO.
    • While reviewing the access logs, I attempted SSO from my laptop and found the following log

      [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /userui/sso/index.php HTTP/1.1" 401 5705 649 6598 0
      • Here is the full logs from the failed SSO.

        [2019-01-28 08:57:39 -0500] 10.6.10.172 - "GET /adminui/settings_logs.php?AJAX=1 HTTP/1.1" 200 289331 1026 290461 0
        [2019-01-28 08:57:42 -0500] 10.6.10.172 - "GET /adminui/settings_logs.php?AJAX=1 HTTP/1.1" 200 289415 1026 290545 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET / HTTP/1.1" 200 311 275 1264 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /userui/welcome.php HTTP/1.1" 302 - 501 1044 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /userui/sso/index.php HTTP/1.1" 401 5705 649 6598 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /adminui/settings_logs.php?AJAX=1 HTTP/1.1" 200 289222 1026 290352 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /userui/sso/index.php HTTP/1.1" 401 5705 732 6569 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/css/minified/vendor/select2.css?build=9.0.270 HTTP/1.1" 200 2836 555 3708 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/css/minified/vendor/froala_style.css?build=9.0.270 HTTP/1.1" 200 1358 559 2231 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/kpolyfills.js?build=9.0.270 HTTP/1.1" 200 542 568 1427 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/css/minified/print.css?build=9.0.270 HTTP/1.1" 200 1218 545 2090 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/jquery.fixes.js?build=9.0.270 HTTP/1.1" 200 696 571 1580 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/jquery.js?build=9.0.270 HTTP/1.1" 200 31319 571 32208 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/jquery.cookie.js?build=9.0.270 HTTP/1.1" 200 399 579 1283 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/jquery.json.js?build=9.0.270 HTTP/1.1" 200 1229 577 2114 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/bootstrap.js?build=9.0.270 HTTP/1.1" 200 8336 575 9222 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/select2.js?build=9.0.270 HTTP/1.1" 200 18665 573 19553 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/jquery.form.js?build=9.0.270 HTTP/1.1" 200 6171 577 7057 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/jquery-ui.custom.js?build=9.0.270 HTTP/1.1" 200 39386 582 40274 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/jquery.wheelmouse.js?build=9.0.270 HTTP/1.1" 200 856 583 1740 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/bootbox.js?build=9.0.270 HTTP/1.1" 200 2569 573 3455 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/vendor/google.html-sanitizer.js?build=9.0.270 HTTP/1.1" 200 7509 587 8395 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/css/minified/kace-theme-light.css?build=9.0.270 HTTP/1.1" 200 71977 556 72926 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/nav.js?build=9.0.270 HTTP/1.1" 200 1418 562 2304 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/functions.js?build=9.0.270 HTTP/1.1" 200 15049 568 15936 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/minified/core.js?build=9.0.270 HTTP/1.1" 200 1767 563 2653 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/js/lang.php?locale=en&build=9.0.270 HTTP/1.1" 200 6732 565 7574 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/css/fonts/open-sans-v13-latin-regular.woff HTTP/1.1" 200 20248 587 21074 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/css/fonts/open-sans-v13-latin-300.woff HTTP/1.1" 200 20848 583 21674 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/images/icons/generated/status-error-red.svg HTTP/1.1" 200 990 601 1803 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/images/icons/generated/status-warning-darker-yellow.svg HTTP/1.1" 200 935 613 1748 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /common/images/icons/generated/status-done-green.svg HTTP/1.1" 200 848 602 1661 0
        [2019-01-28 08:57:46 -0500] 10.6.10.172 - "GET /common/images/icons/generated/status-info-blue.svg HTTP/1.1" 200 755 601 1568 0
        [2019-01-28 08:57:45 -0500] 10.6.10.172 - "GET /packages/partnerlogos/userportal_logo HTTP/1.1" 200 653377 588 654177 0
        [2019-01-28 08:57:46 -0500] 10.6.10.172 - "GET /favicon.ico HTTP/1.1" 200 34494 413 35309 0
      • Interesting, I don't see an issue there... normally SSO issues are caused by environmental factors outside the box, especially if LDAP is fine...

        But try to open a case with support, the could help you to narrow it down and determine if it's indeed something off with the KACE SMA.

        https://support.quest.com/create-service-request

There are no answers at this time